Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Endpoint Security

Microsoft Publishes Standards for “Highly Secure” Windows 10 Devices

Microsoft this week published information on the standards a Windows 10 device is required to meet to be considered highly secure.

Microsoft this week published information on the standards a Windows 10 device is required to meet to be considered highly secure.

The company has provided details on both hardware and firmware requirements that these devices should meet, including information regarding processor type, amount of required RAM, virtualization support, support for specific UEFI versions, secure boot support, and more.

In Microsoft’s vision, only devices with an Intel CPU through 7th generation processors (Intel i3/i5/i7/i9-7x), Core M3-7xxx and Xeon E3-xxxx and current Intel Atom, Celeron and Pentium processors, along with those featuring AMD through the 7th generation processors (A Series Ax-9xxx, E-Series Ex-9xxx, FX-9xxx) can be considered highly secure.

The systems must include a processor that supports 64-bit instructions, and should also support Input-Output Memory Management Unit (IOMMU) device virtualization, must have virtual machine extensions with second level address translation (SLAT), and should not mask the presence of these hardware virtualization features, but be available for the operating system to use.

A Trusted Platform Module (TPM) version 2.0 is also needed, along with a cryptographically verified platform boot (Intel Boot Guard in Verified Boot mode, or AMD Hardware Verified Boot, or an OEM equivalent mode with similar functionality). The system must also meet the latest Microsoft requirements for the Trustworthy Computing Group (TCG) specification.

On the firmware side, Unified Extension Firmware Interface (UEFI) version 2.4 or later is a must, as well as firmware that implements UEFI Class 2 or UEFI Class 3. According to Microsoft, only devices that ship with Hypervisor-based Code Integrity (HVCI) compliant drivers can be considered highly secure.

The tech company also notes that a system’s firmware must support UEFI Secure Boot and must have UEFI Secure Boot enabled by default to meet the requirements for highly secure Windows 10 devices. Secure MOR revision 2 is also required, along with support for the Windows UEFI Firmware Capsule Update specification.

Advertisement. Scroll to continue reading.

The publishing of these standards appears yet another step Microsoft is taking toward providing users with increased security and privacy when using Windows 10 devices. Last year, the company announced that all new platform installations would require signed kernel mode drivers, while this year it revealed Windows 10 protections against various threats, including code injection attacks, PowerShell attacks, and zero day exploits.

Related: Windows 10 Exploit Guard Boosts Endpoint Defenses

Related: Windows 10 Can Detect PowerShell Attacks: Microsoft

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

The Zero Day Dilemma

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Endpoint Security

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...