Microsoft Announces Secured-Core Hardware for Windows Server 2022 and Azure Stack HCI

Earlier this year, Microsoft unveiled its plans to expand the Secured-Core initiative to its server products to help protect organizations from firmware attacks. The company has recently unveiled its plans to expand the Secured-Core initiative are now available for enterprise customers.

“Partnering with leading original equipment manufacturers (OEMs) and silicon vendors, Secured-core servers use industry-standard hardware-based root of trust coupled with security capabilities built into today’s modern central processing units (CPUs). Secured-core servers use the Trusted Platform Module 2.0 and Secure boot to ensure that only trusted components load in the boot path,” the company explained in a blog post.

Microsoft noted that enterprise customers can now search for Secured-Core servers in the Windows Server and Azure Stack HCI online catalog lists. Currently, there are only four all-HPE products based on Azure Stack HCI and a bunch of products that support the Windows Server specifications.

Configure and manage Secured-Core servers using Windows Admin Center

Meanwhile, IT Admins will need to head to the Windows Admin Center in order to manage the Secure-Core servers’ configuration and status. The new Windows Admin Center UI makes it easier for IT Admins to configure the following Secured-Core features without running any complex commands in PowerShell:

• Virtualization-based security (VBS) — VBS leverages the power of Hyper-V and the virtualization features of the hardware to virtually isolate a specific memory segment from the OS. It helps to secure Windows 10 and Windows 11 PCs from security threats.
• Hypervisor-Protected Code Integrity (HVCI) — It is a virtualization-based security (VBS) feature in Windows that helps to prevent any modifications in Control Flow Guard (CFG) as well as validate device drivers’ certificates.
• Boot direct memory access (DMA) protection — The feature offers protection against “malicious and unintended Direct Memory Access (DMA)” attacks that target high-speed ports.
• System Guard — Windows Defender System Guard helps to protect the system and Windows 10 from boot-level malware attacks.
• Secure Boot — The security feature is designed to prevent malicious software from taking over Windows PCs at boot time
• TPM 2.0 — The latest version of the Trusted Platform Module (TPM) that secures the system via an integrated cryptographic key and prevents malicious attacks on the boot process and computer hardware.

Microsoft says that the new Secured-Core server specification provides “exceptional host security,” which should make it harder for attackers to target the enterprise networks. “Continuing to raise the security bar for critical infrastructure against attackers makes it easier for organizations to meet that higher bar, which is an important priority for both customers and Microsoft,” Microsoft noted.

You can head over to the dedicated page here to find out about Microsoft Security solutions.