What is the status of Credential Guard on Nutanix VMs? I have created a new VM with UEFI, Secure boot and Credential Guard enabled, but I can’t get it to work. Credential Guard is enabled with GPO, but still will not run. When I look at device security, it says “Standard hardware security not supported” and there is no compatible TPM shown in tpm.msc.
Hi stevecharon and
Support of Windows Defender Credential Guard is definitely coming. I am not able to disclose the details right now. All I can say is soon.
I would like to also encourage you to look at the document that is the most relevant to the version you are running on.
UEFI guest VMs have been supported since 5.11. AHV Administration Guide 5.15: UEFI Support for VM.
No feed back from anyone?
Apparently VMware is supporting this too:
So, has anyone put this to work on AHV?
https://portal.nutanix.com/#/page/docs/details?targetId=AMF_Guide-Acr_v4_6:vm__vm_driver_types_r.html
"SSH into Nutanix Acropolis and run the following command: acli vm.update uefi_boot=True."
https://docs.citrix.com/en-us/provisioning/current-release/citrix-provisioning-1909.pdf
https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-requirements
Hardware and software requirements
To provide basic protections against OS level attempts to read Credential Manager domain credentials, NTLM and Kerberos derived credentials, Windows Defender Credential Guard uses:- Support for Virtualization-based security (required)
- Secure boot (required)
- TPM 1.2 or 2.0, either discrete or firmware (preferred - provides binding to hardware)
- UEFI lock (preferred - prevents attacker from disabling with a simple registry key change)
https://portal.nutanix.com/#/page/docs/details?targetId=AHV-Admin-Guide-v51:vmm-vm-driver-types-r.html
Unified Extensible Firmware Interface (UEFI) Support for Guest VMs
AHV does not support VMs created in UEFI mode.Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.