Select Page

What is new in Windows 10 1803 for PAW?

In this blog post, I’ll walk you through the new features which are relevant to the PAW solution in the latest Windows 10 1803 release. Offline HGS Prior to 1803 release, to start a shielded VM, the host must connect ... continue reading
PAW deployment guide

PAW deployment guide

After running the PAW TAP program on the solution explained in this blogpost, I received tons of interests and great feedback. While the team is investigating on a plan, a lot of customers are asking how they can deploy PAW ... continue reading

Apply Code Integrity Policy without reboot

There is a new Code Integrity policy option introduced in Windows 10, and it is available in Windows Server 2019 insider build “Update Policy No Reboot”. I got numerous questions around how to use this option, and here is the ... continue reading
Single Host Shielded VMs Lab/PoC

Single Host Shielded VMs Lab/PoC

Hi, Matthew Walker again. Virtualization and High Availability PFE. Recently I worked with a few of my co-workers to present a lab on building out Shielded VMs and I thought this would be useful for those of you out there ... continue reading

Shielded VM local mode and HGS mode

With the new capability in Windows 10, version 1709, Windows Client can host shielded VMs while using remote Host Guardian Service (HGS) attestation. This caused some confusion as people stated they have already been running shielded VMs on client. This ... continue reading

In practice: How customers are using Shielded Virtual Machines to secure data

You’ve read and heard a lot from Microsoft about the unprecedented security provided by Shielded Virtual Machines in Windows Server 2016, but how is this feature being used by real customers? We decided to round up a few customer stories ... continue reading
Why use shielded VMs for your privileged access workstation (PAW) solution?

Why use shielded VMs for your privileged access workstation (PAW) solution?

It’s great to see customers trying out PAWs and it’s generating a lot of great questions. Many questions are related to shielded VMs so I’d like to focus this blog post on sharing our reasoning for building the PAW solution ... continue reading
Branch office HGS configuration diagram

Improved branch office support for shielded VMs in Windows Server, version 1709

Companies with large branch offices often must make a tradeoff between user experience and security. To increase employee productivity, it may make sense to deploy replicas of certain applications like Active Directory Domain Controllers or file servers in a branch ... continue reading

How to create a VM template for PAW

Continuing with the PAW series, after you followed the previous blog to build the PAW device, you can now deploy PAW VMs on it. There are two types of VMs you can create: Desktop VM: this is a standard VM, ... continue reading