Windows Server 2022 domain-joined systems must have a Trusted Platform Module (TPM) enabled and ready for use.
An XCCDF Rule
Description
Credential Guard uses virtualization-based security to protect data that could be used in credential theft attacks if compromised. A number of system requirements must be met in order for Credential Guard to be configured and enabled properly. Without a TPM enabled and ready for use, Credential Guard keys are stored in a less secure method using software.
- ID
- SV-254246r991589_rule
- Version
- WN22-00-000090
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Ensure domain-joined systems have a TPM that is configured for use. (Versions 2.0 or 1.2 support Credential Guard.)
The TPM must be enabled in the firmware.
Run "tpm.msc" for configuration options in Windows.