Here’s How To Make Sure Your Windows 10 PC Is ‘Highly Secure,’ According To Microsoft
Microsoft just published a document chock full of recommendations users must follow to make sure their Windows 10 devices — desktops, laptops, tablets, 2-in-1's, and mobile workstations — are "highly secure."
Sixth-generation Intel processors apparently just won't cut it. So those who have machines packing that processor won't meet the company's security standards. Microsoft recommends devices to at least have seventh-generation Intel processors.
Microsoft Security Standards: Processors
Microsoft's new standards require "the latest, certified silicon chip for the current release of Windows."
All seventh-generation Intel chips, in addition to Core M3, Xeon E3, Celeron, Pentium, and Atom, are supported. AMD's seventh-generation A-Series, E-Series, and FX-9 processors are also supported.
Microsoft Security Standards: Process Architecture
Sorry, 32-bit users: Microsoft says systems need a processor that supports 64-bit instructions, as Windows 10's virtualization-based security features require Windows hypervisor, which works exclusively on either 64-bit or ARM v8.2 CPUs.
Some of the most important Windows security features — Windows Defender Credential Guard/Device Guard and Hypervisor-Enforced Code Integrity — rely on virtualization-based security.
Microsoft Security Standards: Virtualization
Microsoft also laid out minimum virtualization requirements. The processor must at least have Intel VT-d, AMD-Vi or ARM64 SMMUs to handle Input-Output Memory Management Unit device virtualization, and the system must also have virtual machine extensions with second level address translation.
Microsoft Security Standards: Trusted Platform Module
Microsoft demands systems to at least have version 2.0 of a Trusted Platform Module — Intel (PTT), AMD, or discrete TPM from Infineon, STMicroelectronics, and Nuvoton — that meets Microsoft's requirements for TCG, or the Trustworthy Computing Group.
Microsoft Security Standards: Platform Boot Verification
Microsoft says that systems must implement cryptographically verified platform boot, which requires Intel Boot Guard or an equivalent mode with a similar functionality from another chip manufacturer.
Microsoft Security Standards: RAM
Microsoft also demands systems to have at least 8 GB of RAM, though a little more RAM wouldn't hurt, of course.
There's a lot more Microsoft demands, especially on the firmware side of things. Windows 10 users should check out the new security standards on Microsoft's website to make sure their system passes them all.
There are plenty of laptops that meet every single one of those standards, as Bleepingcomputer notes, and some of them aren't that expensive. For starters, a standard Asus P-Series model that retails for $500 has Microsoft's requirements pretty much locked down. Still, many laptops and desktops out there likely won't meet them, at least not all.
Keep in mind that the new standards are only applicable to those with machines running Windows 10 version 1709, or the Fall Creators Update. Security standards for machines running older versions of Windows have yet to be specified.
Does your PC meet Microsoft's security standards? Feel free to sound off in the comments section below!