Select Page

Step by step – Creating Shielded VMs without VMM

First published on TECHNET on Jun 06, 2016 Hi, I’m Jane, one of the newest members of the Windows Server Security Product Team. My very first hands-on experience is to deploy Shielded VMs with the minimum amount of hardware. It ... continue reading

What is new in Windows 10 1803 for PAW?

In this blog post, I’ll walk you through the new features which are relevant to the PAW solution in the latest Windows 10 1803 release. Offline HGS Prior to 1803 release, to start a shielded VM, the host must connect ... continue reading
PAW deployment guide

PAW deployment guide

After running the PAW TAP program on the solution explained in this blogpost, I received tons of interests and great feedback. While the team is investigating on a plan, a lot of customers are asking how they can deploy PAW ... continue reading

Apply Code Integrity Policy without reboot

There is a new Code Integrity policy option introduced in Windows 10, and it is available in Windows Server 2019 insider build “Update Policy No Reboot”. I got numerous questions around how to use this option, and here is the ... continue reading

Connect to Virtual Machines (VMs) on PAW

Continuing the PAW series, this blog post discusses the options to connect to the VMs running on the PAW device. In Windows, you can connect to a locally running VM using: VMConnect (basic mode or enhanced mode) RDP using mstsc.exe ... continue reading

Default Code Integrity policy for Windows Server

After Windows Defender Application Control (WDAC, formerly known as Code Integrity) was released in Windows Server 2016, I wrote a blog post on it, it was a very effective way to do application whitelisting, and get secure! When engaging with ... continue reading

Shielded VM local mode and HGS mode

With the new capability in Windows 10, version 1709, Windows Client can host shielded VMs while using remote Host Guardian Service (HGS) attestation. This caused some confusion as people stated they have already been running shielded VMs on client. This ... continue reading

Building VM template using Assigned Access

Since it took me a couple of attempts to create VM templates for Azure portal management and Remote Desktop (in order to make them available for the TAP evaluation), I thought it best to share the process, so you can ... continue reading
Why use shielded VMs for your privileged access workstation (PAW) solution?

Why use shielded VMs for your privileged access workstation (PAW) solution?

It’s great to see customers trying out PAWs and it’s generating a lot of great questions. Many questions are related to shielded VMs so I’d like to focus this blog post on sharing our reasoning for building the PAW solution ... continue reading

How to create a VM template for PAW

Continuing with the PAW series, after you followed the previous blog to build the PAW device, you can now deploy PAW VMs on it. There are two types of VMs you can create: Desktop VM: this is a standard VM, ... continue reading