Select Page

Matt Lee

Windows virtual machine-

To enable windows virtual machine go to settings>apps>programs and features> turn on and off windows features> enable windows virtual machine. With this you can create a full desktop virtualization in your Azure subscription. You can either have a full desktop for users, or a screen with apps that allows users to work remotely from any device, it does not have to be windows. This feature allows for more security because all information is saved on the cloud and not on the user’s personal device. You also have the ability to assign what users can gain access to information and only they can view their own information and other information provided by the company. The only worry a user has is that they need a secure connection to internet in order to access the information provided by the company. The best feature is that IOS, MAC, Web, and Android devices are all supported, so a user can work from a MacBook at home or even their cell phone as long as they have a secure internet connection. It also allows for lower costs on pooled multi session resources, with the new windows 10 multi session capability.

System guard-

System guard is a feature that checks the trustworthiness of a computers hardware and firmware. This is so that the single sign in token, biometric sign in, and virtual machine sign ins are all secure. It is guaranteed to protect and maintain the integrity of the system as it initials boots up. As well as validate the system integrity through local and remote attestation.  They initially saw this issue within windows 7 where a malicious software was installed once the initial boot of the system occurred, which then leaked information of that user to the attacker. Since windows 10 runs on more secure hardware, they designed a security precaution that can check the integrity of the systems hardware and software, so that this issue that occurred in windows 7 would not with windows 10. This was initially brought with windows update 1809, and it allows a computer to initially boot in untrusted code, but shortly launches the system into a trusted sate. They do this by taking control of all CPUs and forcing them down a well-known and measured code path. System Management Mode (SMM) is a special-purpose CPU mode in x86 microcontrollers that handles power management, hardware configuration, thermal monitoring, and anything else the manufacturer deems useful. After the system boots, Windows Defender System Guard signs and seals these measurements using the TPM.

Windows sandbox-

Settings > Apps > Apps & Features > Programs and Features > Turn Windows Features on or off, and then select Enable Windows Sandbox. Windows sandbox is a virtual machine built into the windows system. This allows for a “safe zone” for users who want to configure drives and mess with other settings that take no effect to the user’s actual hardware. Some issues that they have encountered and are working to fix include: Initial launch of sandbox triggers significant CPU and disk activity for a minute or two, It does take some time to initially launch, the time zone is not synchronized, dose not support installers, Microsoft store is not supported within windows sandbox, it does not support high dpi displays very well, and windows sandbox does not fully support multi monitor configurations. Windows sandbox includes the following properties: everything required for sandbox is included with windows 10 enterprise and windows 10 pro, every new session has a clean new installation of windows, once the application is closed all data is then disposed of, the program isolates itself from the host so that no changes take effect on the users account. It uses the integrated kernel scheduler, smart memory management and virtual GPU. The new features in build 18305 allow for a more simplified start layout. It is a sleek one column design to reduce top level tiles. Since this feature is new and still in the works, they say that there still are bugs that they are currently working on fixing. This is included in the windows 10 1909 update, but only for windows 10 pro and windows 10 enterprise.