How to Enable Windows Defender Credential Guard for Enhanced Security

by

Windows Defender Credential Guard is a security feature that helps protect your computer from credential theft attacks. By isolating and securing your login credentials, it enhances the overall security of your Windows system. Enabling Credential Guard is especially important for enterprise environments but can also benefit individual users seeking extra protection.

Prerequisites for Enabling Credential Guard

  • Windows 10 Enterprise or Windows 11 Enterprise edition
  • UEFI firmware with Secure Boot enabled
  • Hardware virtualization support (Intel VT-x or AMD-V)
  • Hardware-based security features like TPM 2.0

Steps to Enable Credential Guard

1. Verify Hardware Compatibility

Ensure your device supports hardware virtualization and has Secure Boot enabled in the BIOS/UEFI settings. You can check virtualization support by opening Task Manager, navigating to the Performance tab, and verifying the ‘Virtualization’ status.

2. Enable Virtualization and Secure Boot

Restart your computer and enter BIOS/UEFI settings. Enable virtualization (Intel VT-x or AMD-V) and Secure Boot. Save changes and exit.

3. Enable Credential Guard via Group Policy

Press Windows key + R, type gpedit.msc, and press Enter to open the Group Policy Editor. Navigate to:

Computer Configuration > Administrative Templates > System > Device Guard

Double-click on Turn On Virtualization Based Security. Set it to Enabled. Under Options, check Credential Guard and select Enabled with UEFI lock. Click Apply and OK.

Final Steps and Verification

Restart your computer to apply the changes. To verify Credential Guard is active, open Command Prompt as administrator and run:

systeminfo

Look for the line that says Device Guard and Credential Guard supported and check if Credential Guard is running.

Additional Tips

  • Keep your system updated with the latest Windows updates.
  • Ensure your device’s firmware is up-to-date.
  • Regularly review security settings to maintain protection.

Enabling Windows Defender Credential Guard adds a significant layer of security, helping protect your credentials from theft and misuse. Follow these steps carefully to ensure your system is properly configured.