Ensure ‘Allow auditing events in Windows Defender Application Guard’ is set to ‘Enabled’
Details This policy setting allows you to decide whether auditing events can be collected from Windows Defender Application Guard (Application...
- Home
- Security Hardening
- CIS Microsoft Windows 10 Enterprise Release 1709 V1.4.0 Next Generation Windows Security
CIS Microsoft Windows 10 Enterprise Release 1709 V1.4.0 Next Generation Windows Security
Ensure ‘Allow data persistence for Windows Defender Application Guard’ is set to ‘Disabled’
Details This policy setting allows you to decide whether data should persist across different sessions in Windows Defender Application Guard...Ensure ‘Configure Windows Defender Application Guard clipboard settings: Clipboard behavior setting’ is set
Details 18.9.77.3 Ensure ‘Configure Windows Defender Application Guard clipboard settings: Clipboard behavior setting’ is set to ‘Enabled: Enable clipboard operation...Ensure ‘Turn On Virtualization Based Security: Credential Guard Configuration’ is set to ‘Enabled with UEFI lock’
Details This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials. The ‘Enabled with UEFI...Ensure ‘Turn On Virtualization Based Security’ is set to ‘Enabled’
Details This policy setting specifies whether Virtualization Based Security is enabled. Virtualization Based Security uses the Windows Hypervisor to provide...Ensure ‘Turn On Virtualization Based Security: Require UEFI Memory Attributes Table’ is set to ‘True (checked)’
Details This option will only enable Virtualization Based Protection of Code Integrity on devices with UEFI firmware support for the...Ensure ‘Turn On Virtualization Based Security: Select Platform Security Level’ is set to ‘Secure Boot and DMA Protection’
Details This policy setting specifies whether Virtualization Based Security is enabled. Virtualization Based Security uses the Windows Hypervisor to provide...Ensure ‘Turn On Virtualization Based Security: Virtualization Based Protection of Code Integrity’ is set to Enabled with UEFI lock
Details 18.8.5.3 Ensure ‘Turn On Virtualization Based Security: Virtualization Based Protection of Code Integrity’ is set to ‘Enabled with UEFI...Ensure ‘Turn on Windows Defender Application Guard in Enterprise Mode’ is set to ‘Enabled’
Details This policy setting enables application isolation through Windows Defender Application Guard (Application Guard). The recommended state for this setting...