Issue link: http://hub-nl.insight.com/i/692748
111 C H A P T E R 5 | Security Secure firmware update process To verify that the firmware complies with the secure firmware update process, you can validate it against the System.Fundamentals.Firmware.UEFISecureBoot Windows Hardware Compatibility Program requirement. The firmware is updated for Secure MOR implementation Credential Guard requires the secure MOR bit to help prevent certain memory attacks. Physical PC For PCs running Windows 10, you cannot run Credential Guard on a VM. The simplest way to get Credential Guard implemented for your organization is to turn it on via Group Policy and designate the machines in your enterprise for which you want to apply it. From the Group Policy Management Console, create a new group policy or edit an existing one. Then, go to Computer Configuration > Administrative Templates > System > Device Guard. Double-click Turn On Virtualization Based Security, and then, in the dialog box that opens (see Figure 5-2), select the Enabled option. In the Select Platform Security Level list box, choose Secure Boot or Secure Boot And DMA Protection. In the Credential Guard Configuration list box, select Enabled With UEFI lock, and then click OK. If you want to be able to turn off Credential Guard remotely, choose Enabled Without Lock from the Credential Guard Configuration list box instead of Enabled With UEFI lock. Figure 5-2: Group Policy options for Credential Guard More info For further information, go to https://technet.microsoft.com/library/mt483740(v=vs.85).aspx.