Awareness: Update HGS policies after installing the February 2020 security update
Users of the Host Guardian Service (HGS) for shielded VMs or SQL Server Always Encrypted with Secure Enclaves should be aware that the February 2020 Security Update (KB4524244) for Windows 10 and Windows Server may cause your guarded hosts or ... continue reading
Allowing an additional host to run a VM with virtual TPM
First published on TECHNET on Oct 25, 2016 Recently a colleague got a new PC and asked me how he could migrate his existing virtual machines to his new system. Because he had enabled a virtual Trusted Platform Module (TPM) ... continue reading
How to deploy a VM template for PAW
First published on TECHNET on Nov 01, 2017 Continuing with the PAW series, after you followed the previous blog to build the PAW device, you can now deploy PAW VMs on it. There are two types of VMs you can ... continue reading
Privileged Access Workstation(PAW)
First published on TECHNET on Oct 13, 2017 At Ignite conference last month, Dean and I presented a session on PAW. Originally we were planning to just talk about the concept of PAW and how it is deployed in Microsoft ... continue reading
Shielded VMs – additional considerations when running a guarded fabric
First published on TECHNET on Apr 21, 2017 So you’ve deployed a guarded fabric and your VMs are running happily. Having now reached that perfect steady state, let's have a look at the operational and administrative differences relative to a ... continue reading
Shielded VMs: A conceptual review of the components and steps necessary to deploy a guarded fabric
First published on TECHNET on Mar 14, 2017 [This post was authored by Dean Wells, Principal Program Manager on the Windows Server team] If you're anything like me, you probably find it immensely helpful having an end-to-end conceptual view of ... continue reading
Join Host Guardian Servers to an existing bastion forest
First published on TECHNET on Mar 07, 2017 Shielded VM prevents unauthorized access from the host. To achieve this security assurance, there must be a role separation between the fabric admins (who manage the Guarded Hosts) and the HGS admins ... continue reading
Host Guardian Service – AD-based vs. TPM-based attestation
First published on TECHNET on Aug 16, 2016 [This post is authored by Dean Wells, Principal Program Manager for the Windows Server Security Product Team] Overview The Host Guardian Service (HGS) is a new role in Windows Server 2016 that ... continue reading
Step-by-step: Quick reference guide to deploying guarded hosts
First published on TECHNET on Jun 08, 2016 My original blog post on the topic of deploying Shielded VMs without VMM included the instructions to deploy guarded hosts. Based on feedback around keeping the blog posts short and scenario-focused, I ... continue reading
Step by step – Creating Shielded VMs without VMM
First published on TECHNET on Jun 06, 2016 Hi, I’m Jane, one of the newest members of the Windows Server Security Product Team. My very first hands-on experience is to deploy Shielded VMs with the minimum amount of hardware. It ... continue reading
