When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Microsoft offers new guidelines for a "highly secure" Windows 10 device

Microsoft tries hard to keep its devices and the Windows 10 operating system safe from outside attacks. But devices using Windows 10 still face threats if not properly secured. To that end, Microsoft has published a document aimed at helping users "highly secure" their electronics running the Fall Creators Update version 1709.

The document, aimed at "general purpose desktops, laptops, tablets, 2-in-1’s, mobile workstations, and desktops," covers topics on processors, process, and virtualization under hardware, while addressing things like code integrity, secure boot, and how the system components update themselves under firmware. While some items require extra explanation, the easiest are a minimum of 8GB of RAM, and using a processor that supports 64-bit instructions.

Among some of the key standards laid out in the document for hardware:

  • Processors: Devices must have the latest certified silicon chip that supports the OS. This includes Intel 7th generation processors Core M3-7xxx and Xeon E3-xxxx, as well as Atom, Celeron, and Pentium. On the AMD side, its 7th generation as well: A Series Ax-9xxx, E-Series Ex-9xxx, and FX-9xxx.
  • Trusted Platform Module (TPM): Version 2.0, including Intel (PTT), AMD, or discrete TPM from Infineon, STMicroelectronics, Nuvoton.
  • Platform Boot: Cryptographically verified, namely Intel Boot Guard in Verified Boot mode, AMD Hardware Verified Boot, or an OEM equivalent mode with similar functionality.

What's interesting is that some of Microsoft's own devices don't follow these guidelines. The Surface Pro 4, for example, was released in 2015 and runs on a 6th generation Intel Skylake i7, not a 7th-gen Kaby Lake.

For firmware:

  • Standard and Class: Unified Extension Firmware Interface (UEFI) version 2.4 or later, and Class 2 or Class 3.
  • Drivers: Must be Hypervisor-based Code Integrity (HVCI) compliant.
  • UEFI Secure Boot: Must be enabled by default.
  • Update Mechanism: Must support the Windows UEFI Firmware Capsule Update specification

While hackers will always try to find ways to get into your system, Microsoft obviously feels that fulfilling these guidelines, coupled with the security built into the latest Fall Creators Update, will give users the best shot at fending off any attacks.

Report a problem with article
Next Article

SteelSeries debuts Arctis 3 Bluetooth

Previous Article

The iPhone X fails average height drop test

Join the conversation!

Login or Sign Up to read and post a comment.

52 Comments - Add comment