Credential Guard
Aug 14th, 2017 by Jesper Kråkhede
One of the best things with working at Microsoft is all the things you get to know and one of the worst things is all the things you are not allowed to tell (yet).
Still I took a look at Credential Guard today to understand how it works and I found this document that describes it on a bit more technical level.
Looking at it from a more architectural point of view it enables us to put a bit more trust into the clients. The viewpoint until now is that the client devices are unsecure by default and sensitive information should not be allowed to be stored on the clients. Not even with encryption software installed. Now there is a possibility that we could revisit that as Credential Guard protects the user credentials from being access by malware hence blocking possible lateral movement.