Device Guard and Credential Guard

Device Guard is one of Windows security features that is a combination of enterprise-related hardware, firmware, and software security features. When configured together, it will lock down a device so that it can only run trusted applications.

Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them.

Device Guard and Credential Guard are optional features, that when implemented and enabled, reduce the exposed attack surface to malware by requiring additional protectors be enabled on the device.

Device Guard deployment guide

Driver compatibility requirements

What's new in Credential Guard?

Hypervisor Code Integrity Readiness Test

Driver compatibility with Device Guard in Windows 10