Select Page

Shielded VM local mode and HGS mode

With the new capability in Windows 10, version 1709, Windows Client can host shielded VMs while using remote Host Guardian Service (HGS) attestation. This caused some confusion as people stated they have already been running shielded VMs on client. This ... continue reading

Migrating local VM owner certificates for VMs with vTPM

Whenever I want to replace or reinstall a system which is used to run virtual machines with a virtual trusted platform module (vTPM), I’ve been facing a challenge: For hosts that are not part of a guarded fabric, the new ... continue reading

Frequently Asked Questions About HGS Certificates

The Host Guardian Service uses public key cryptography extensively to protect shielded VMs from attackers. Any time certificates with public-private key pairs come into play, there are bound to be many questions about how to properly set up and protect ... continue reading

Microsoft BitLocker Administration and Monitoring (MBAM v2.5) Tips

The goal of this blog is to share some information learned (the hard way) from recent customer engagement. Hopefully these tips will save you time and accelerate future MBAM deployments. MBAM has dependencies on SQL Server, IIS web services and ... continue reading

Shielded VMs – additional considerations when running a guarded fabric

So you’ve deployed a guarded fabric and your VMs are running happily.  Having now reached that perfect steady state, let’s have a look at the operational and administrative differences relative to a regular fabric.  The purpose of this blog isn’t ... continue reading