In the simplest terms, Credential Guard is a new Windows 10 optional feature that controls access credentials stored in memory.

windows-device-guard-vsm-computer-stackWindows Credential Guard requires Virtual Secure Mode (VSM) which turns on core HyperV components to allow Windows to isolate each application’s memory.  The graphic to the right mentions Device Guard but operates the same for Credential Guard.

VSM (and therefore Credential Guard) needs a CPU that supports virtualization which are nearly all corporate grade CPU’s produced since 2010.

From the meetings I have attended and the articles I have read I think the best way to describe Virtual Secure Mode is to think of it as a much more powerful HAL (Hardware Abstraction Layer).

You can see if Credential Guard is running by launching MSINFO.EXE and looking for the DEVICE GUARD SERVICES RUNNING = CREDENTIAL MANAGER as show in the screen shot to the

If you are interested in Credential Guard be sure to read our very short description of its sister technology Device Guard.  Credential Guard and Device Guard are independent features but both use VSM so you are should at least consider both features before implementation.

For all the details on Device Guard and Credential Guard and how to implement them, see this very nicely written Microsoft article.


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *