Troy Martin’s Windows Device Guard trilogy

Troy Martin of 1E has written the final of this 3-part blog posts on Device Guard, a new feature of Windows 10, targetting enterprise sysadmins.

[…]
Welcome to the third and final blog in the series on Device Guard!!
Device Guard hardens various attack surfaces on an endpoint creating a “chain of trust” from the hardware through to the Windows OS kernel and to software running in Windows.
Device Guard components run in isolation from the Windows kernel and is secured by a Windows Hyper-V container called Virtual Secure Mode (VSM).
It is evident that Device Guard provides revolutionary endpoint security in Windows 10; a formidable opponent and offense against viruses, malware, bad actors and other modern day threats. Time to start taking advantage of it and securing the enterprise!!
[…]