Windows 10 Devices

Microsoft has been working very hard in making sure to keep all of its devices and Windows 10 Operating System as safe as possible from cyber attacks. To make sure that users with Windows 10 device are secured, the company has laid out some new guidelines to keep the devices highly secured.

The guidelines are specifically laid out for devices running the company’s Latest Operating System, Windows 10 Fall Creators Update version 1709. The documents relates to general purpose desktops, laptops, tablets, 2-in-1’s, mobile workstations, and desktops.

The company says that the Operating System is at its best secured when users follow the below guidelines laid down by the company which are specifically pertaining to the Hardware and Firmware.

Hardware

Feature Requirement Details
Processor generation Systems must be on the latest, certified silicon chip for the current release of Windows
  • Intel through 7th generation Processors (Intel i3/i5/i7/i9-7x), Core M3-7xxx and Xeon E3-xxxx and current Intel Atom, Celeron and Pentium Processors
  • AMD through the 7th generation processors (A Series Ax-9xxx, E-Series Ex-9xxx, FX-9xxx)
Process architecture Systems must have a processor that supports 64-bit instructions Virtualization-based security (VBS) features require the Windows hypervisor, which is only supported on 64-bit IA processors, or ARM v8.2 CPUs
Virtualization
  • Systems must have a processor that supports Input-Output Memory Management Unit (IOMMU) device virtualization and all I/O devices must be protected by IOMMU/SMMU
  • Systems must also have virtual machine extensions with second level address translation (SLAT)
  • The presence of these hardware virtualization features must be unmasked and reported as supported by the system firmware, and these features must be available for the operating system to use
  • For IOMMU, the system must have Intel VT-d, AMD-Vi, or ARM64 SMMUs
  • For SLAT, the system must have Intel Vt-x with Extended Page Tables (EPT), or AMD-v with Rapid Virtualization Indexing (RVI)
Trusted Platform Module (TPM) Systems must have a Trusted Platform Module (TPM), version 2.0, and meet the latest Microsoft requirements for the Trustworthy Computing Group(TCG) specification Intel (PTT), AMD, or discrete TPM from Infineon, STMicroelectronics, Nuvoton
Platform boot verification Systems must implement cryptographically verified platform boot Intel Boot Guard in Verified Boot mode, or AMD Hardware Verified Boot, or an OEM equivalent mode with similar functionality
RAM Systems must have 8 gigabytes or more of system RAM

 

Firmware

Feature Requirement Details
Standard Systems must have firmware that implements Unified Extension Firmware Interface (UEFI) version 2.4 or later For more information, see United Extensible Firmware Interface (UEFI) firmware requirements and Unified Extensible Firmware Interface Forum specifications
Class Systems must have firmware that implements UEFI Class 2 or UEFI Class 3 For more information, see Unified Extensible Firmware Interface Forum specifications
Code integrity All drivers shipped inbox must be Hypervisor-based Code Integrity (HVCI) compliant For more information, see the Enable virtualization-based isolation for Code Integrity section of Driver compatibility with Device Guard in Windows 10
Secure boot System’s firmware must support UEFI Secure Boot and must have UEFI Secure Boot enabled by default For more informaion, see UEFI firmware requirements and Secure Boot
Secure MOR System’s firmware must implement Secure MOR revision 2 For more information, see Secure MOR implementation
Update mechanism Systems must support the Windows UEFI Firmware Capsule Update specification For more information, see Windows UEFI firmware update platform

With the new guidelines and the inbuilt security in Windows 10 Fall Creators Update, the company feels that users will be able to keep their devices more securely and away from any sort of security threats.

About The Author

Akshay Waghray

Akshay Waghray, who holds a degree in Computer Science, was a former technology news reporter for Windows Latest and his area of expertise include Windows. Articles contributed by Akshay have been referred by big publications such as TechRadar, XDA Developers, Future Inc, Purge, and others over the years. At Windows Latest, Akshay has written and edited thousands of articles using his decades long experience with Windows Server and Windows Update for Business.