Credential Guard uses virtualization-based security to protect information that could be used in credential theft attacks if compromised. This authentication information, which was stored in the Local Security Authority (LSA) in previous versions of Windows, is isolated from the rest of operating system and can only be accessed by privileged system software.
Check
Confirm Credential Guard is running.
Run "PowerShell" with elevated privileges (run as administrator).
If "SecurityServicesRunning" does not include a value of "1" (e.g., "{1, 2}"), this is a finding.
Alternately:
Run "System Information".
Under "System Summary", verify the following:
If "virtualization-based Services Running" does not list "Credential Guard", this is a finding.
The policy settings referenced in the Fix section will configure the following registry value. However, due to hardware requirements, the registry value alone does not ensure proper function.
Value Name: LsaCfgFlags Value Type: REG_DWORD Value: 0x00000001 (1) (Enabled with UEFI lock)
Fix
Configure the policy value for Computer Configuration >> Administrative Templates >> System >> Device Guard >> "Turn On virtualization-based Security" to "Enabled" with "Enabled with UEFI lock" selected for "Credential Guard Configuration:".
A Microsoft TechNet article on Credential Guard, including system requirement details, can be found at the following link: