Device Guard is a security feature for Windows devices designed to protect user devices from credential theft and exploits during system startup, and disabling the operating system with registry key change that could compromise the system.
You can configure the Device Guard for the following parameters:
Device Guard focuses on preventing malicious code from executing by ensuring only authorized programs are executed and notifying you of the events.
| Profile Specification | Description |
|---|---|
| System Guard | System Guard can be configured with Secure Launch for quicker deployment of updates, to ensure the system integrity is intact during the boot-up process. |
| Credential Guard | Credential Guard can be configured with/without Unified Extensible Firmware Interface (UEFI) lock, thus protecting the system credentials against attacks and theft. |
| Virtualization-based Security | Virtualization-based security creates an isolated virtual environment that isolates the processes, thus protecting the operating system from malware and other attacks. |
