As Windows 10 was being prepared for release, Microsoft presented many new security features (and we've written about
some) to be included in the new version of the popular OS.
With a technical guide published last week, the company has offered more details about a particular security feature introduced in the enterprise version: Device Guard.
Device Guard allows admins to protect users by blocking the execution of all software that is not digitally signed by Microsoft or a trusted vendor, and it's meant to block zero-day exploits. It's also meant to be employed alongside other Windows threat mitigation features such as AppLocker and Credential Guard.
"Device Guard's features revolutionize the Windows operating system’s security by taking advantage of new virtualization-based security (VBS) options and the trust-nothing mobile device operating system model, which makes its defenses much more difficult for malware to penetrate. By using configurable code integrity policies, organizations are able to choose exactly which applications are allowed to run in their environment," Microsoft explained in the document.
