I need help with Windows Defender System Guard

I need some help in my question to enable Windows System Guard in my environment. If you want to know what it is see:

Hardening the system and maintaining integrity with Windows Defender System Guard

and the Microsoft article is here:

Windows Defender System Guard: How a hardware-based root of trust helps protect Windows 10

and in summary Windows System Guard is:

Windows Defender System Guard reorganizes the existing Windows 10 system integrity features under one roof and sets up the next set of investments in Windows security. It’s designed to make these security guarantees:
– Protect and maintain the integrity of the system as it starts up
– Validate that system integrity has truly been maintained through local and remote attestation

I enabled it using the techniques in this article:

System Guard Secure Launch and SMM protection

To verify it is enabled 9according to the article) you check MSInfor32 and you should see:


i.e. Secure Launch appear in both:

1. Virtualization based Security Configured


2. Virtualization based security Services Running


However, in my case I don’t see it appear under Virtualization based security Services Running as you see above?

Now, the Microsoft article does say:


Credential Guard is definitely running per my MSInfo32


To check Virtualization Based Security I can run the command:

Get-CimInstance –ClassName Win32_DeviceGuard –Namespace root\Microsoft\Windows\DeviceGuard

and I see the following:


According to the documentation,


if VirtualizationBasedSecurityStatus = 2 then:

VBS is enabled and running

Now, if I look at the SecurityServicesRunning field I see:


only Credential Guard and HVCI running per:


i.e no System Guard Secure launch. This confirms what I see in MSInfo32.

Verifying Device Guard is where things get challenging, because this:

Why we no longer use the Device Guard brand

seems to indicated the device Guard is now Windows Defender Application Control (WDAC)??

However, there is this article:

Windows 10 Device Guard and Credential Guard Demystified

from early 2021 talking about Device Guard?? Here, Device Guard is:

Now that we have an understanding of Virtual Secure Mode, we can begin to discuss Device Guard. The most important thing to realize is that Device Guard is not a feature; rather it is a set of features designed to work together to prevent and eliminate untrusted code from running on a Windows 10 system

Device Guard consists of three primary components:

  • Configurable Code Integrity (CCI) – Ensures that only trusted code runs from the boot loader onwards.

  • VSM Protected Code Integrity – Moves Kernel Mode Code Integrity (KMCI) and Hypervisor Code Integrity (HVCI) components into VSM, hardening them from attack.

  • Platform and UEFI Secure Boot – Ensuring the boot binaries and UEFI firmware are signed and have not been tampered with.

According to that article the CCI is located at:

Computer Configuration \ Administrative Templates \ System \ Device Guard \ Deploy Code Integrity Policy


But I can’t see that on my machine as shown above??

I can’t see how to specifically enabled VSM Protected Code Integrity, I can only find:

Code Integrity

Finally, my machine does have UEFI and secure boot enabled:


The last piece of the puzzle is a service called Secure Launch:


which I have running and seems to be linked to System Guard but I can find no confirmation of what this service actually does??

In summary, I am at a loss to understand why my machine seems to not have System Guard enabled even though it is capable it seems. I feel confident that I do have all the requirements in place but the Configurable Code Integrity (CCI) may be the issue but I can’t find anything on how to configure that.

My ask then, is if you have any information on helping me get System Guard working on my machine or help me understand why it isn’t working I’d appreciate it as I have drawn a blank with all my other sources.

ANZAC Day 2021

Some events change us. Some events change our community. Some events change our nation and finally, some events change the world. We are perhaps living through one of those world changing events now. It won’t be the first and it won’t be the last such event, but it has pretty much impacted everything. Over one hundred years ago, you could contend, the First World War had a similar effect. It made us more aware of our place on the world stage and it brought terrible death and destruction. Perhaps most importantly, it changed our perception of what it means to be Australian.

During that war, some experienced that firsthand in far away countries, for reasons that were not easily understood. Some never returned from places they went so willingly but were completely unfamiliar with. In the end, they did what they thought was right. They did what they felt obligated to do. They did this for King and Country. It is therefore respectful for us to pause and remember that. To remember their sacrifice and remember those that never returned all those years ago.

In just about every town I’ve been through in Australia, here is some memorial to those that served in the Great War. They are the ones who gave birth to the ANZAC legend. That legacy continues today with the recognition and acknowledgement we provided all those that have served and are serving our country and our community. In the end, it comes down to real people, with real families who made such sacrifices and bear the burden. It is important for us not overlook such sacrifices and continue to celebrate this remarkable part of our heritage that plays such an important part in what we have become.

As many of these heroes did, let’s look to our ‘mates’ for support just as much as providing them support. We are all in this together and can achieve amazing results, as the ANZACs did all those years ago, if we follow their lead and simply try to help. Their courage and resolve was born from not want to ‘let their mates down’. So it should be for us. Like the deeds of the ANZACs all those years ago, it is through our deeds that our legacy will live on and be the foundation for future generations. Let us try and prove a foundation as good as what we have been given. That indeed, would be best way to honour our ANZAC heroes.

Lest We Forget

If you want to learn more about the ANZAC battlefields in northern France, visit my web site – www.anzacsinfrance.com.

Show ASR settings for device with PowerShell


I have just released a new script in my GitHub repository that will report on the local device Attack Surface Reduction settings (ASR) as shown above. You’ll find it here:


There no pre-requisites. Just run it on your Windows 10 devices to report.

If you are looking to change the ASR settings for your environment, I suggest you have a read of my previous article:

Attack surface reduction for Windows 10

I’d strongly encourage you to enable ASR across your Windows 10 fleet to reduce risks of attack.

Echoes of past–We remember

The 11th hour of the 11th day of 11th month is the anniversary of the end of the “The Great War” as it was known. At that time the world was also starting to be engulfed with what would become known as the Spanish Flu. Both of these tragedies killed millions of people worldwide and left an indelible mark on history.

Over one hundred years later, the world finds itself again in the midst of geopolitical friction and a global pandemic. If there is one thing we can take from history is that humanity came through these challenges and continued. It is therefore probably never more important than now to take a moment and remember all those who died. Some did so serving their country, like the ANZAC soldiers. Others did so serving humanity, the medical staff. Yet others were simply innocent victims of these major events.

In current times, probably the most challenging period in about one hundred years, we should pause, reflect and give thanks for what we have. We should give thanks for those who sacrificed for others. We should remember all those whose lives were changed forever in ways they probably had little control over. All that lived through the horror of one hundred years ago are now gone. Their legacy is merely our memory.

Our service to them should not only be to remember their deeds and circumstances but to learn from the lessons of history and ask what can in done, no matter how small, for others and greater good. Like it or not, we are all in this together and the way that out is always via a shared experience. If history teaches us anything, solutions to problems come via the application of shared humanity not individualism. There is never a better time than now to demonstrate this.

The cessation of World War One brought an end to savage fighting and unprecedented carnage wrought on an industrial scale never seen before. It was however a time when ANZAC troops distinguished themselves and both Australia and New Zealand probably ‘arrived’ on the world stage. Their legacy lives on. Their sacrifices are not forgotten. Their courage provides us strength to face, battle and defeat our own challenges in the modern experience.

Let us therefore take a moment to pause, remember, draw strength and work together, as they did, for a better world for all.

For those interested in the accomplishments of the ANZACs in Europe during World War One, please have a look at my web site – Australian Battlefields of World War I – France

Modern Device Management with Microsoft 365 Business Premium–Part 10

Previous parts in this series have been:

Office 365 Mobile MDM – Modern Device Management with Microsoft 365 Business Premium–Part 1

Intune MDM – Modern Device Management with Microsoft 365 Business Premium – Part 2

Intune MAM – Modern Device Management with Microsoft 365 Business premium – Part 3

Endpoint Manager – Modern Device Management with Microsoft 365 Business Premium – Part 4

Baselines – Modern Device Management with Microsoft 365 Business Premium – Part 5

Deployment – Modern Device Management with Microsoft 365 Business Premium – Part 6

Autopilot admin – Modern Device Management with Microsoft 365 Business Premium – Part 7

Autopilot endpoint – Modern Device Management with Microsoft 365 Business Premium – Part 8

Deploying applications – Modern device Management with Microsoft 365 Business Premium – Part 9

I’m going to wrap up this series with a range for helpful links that provide lots of help when troubleshooting issues with device management. I’ve covered a lot so far and figured that it is better to give you this one location to use for getting help with device management.

As I have noted elsewhere in this series, the best general best practice tips to help with troubleshooting I can give you are:

1. Maintain good documentation of your device management environment. The more complex it becomes, the more important good documentation becomes.

2. Maintain good naming conventions. With so many policies potentially in play with device management having a logical naming convention for make life a lot easier.

3. Start small and grow. Don’t implement everything at once. Start with one policy at a time, get that working and build on that. Doing too much too fast is a recipe for frustration.

Good troubleshooting links:

Intune troubleshooting 101 – https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Intune-Troubleshooting-101/ba-p/924827

Troubleshoot device enrollment in Microsoft Intune – https://docs.microsoft.com/en-gb/intune/enrollment/troubleshoot-device-enrollment-in-intune

Troubleshoot Windows device enrollment problems in Microsoft Intune – https://docs.microsoft.com/en-gb/intune/enrollment/troubleshoot-windows-enrollment-errors

Troubleshoot iOS device enrollment problems in Microsoft Intune – https://docs.microsoft.com/en-gb/intune/enrollment/troubleshoot-ios-enrollment-errors

Troubleshoot Android Enterprise device problems in Microsoft Intune – https://docs.microsoft.com/en-gb/mem/intune/enrollment/troubleshoot-android-enrollment

How to get support for Microsoft Intune – https://docs.microsoft.com/en-ca/intune/get-support

Intune app protection diagnostics and managed browser bookmarks – https://blogs.technet.microsoft.com/cbernier/2018/02/05/intune-app-protection-diagnostics-and-managed-browser-bookmarks/

Set the mobile device management authority – https://docs.microsoft.com/en-us/intune/mdm-authority-set

Troubleshooting devices using the dsregcmd command – https://docs.microsoft.com/en-us/azure/active-directory/devices/troubleshoot-device-dsregcmd

MDM Diagnostics Tool – Tips & Tricks – Windows Autopilot Troubleshooting – https://www.anoopcnair.com/mdm-diagnostics-tool-windows-autopilot/

Azure AD device registration error codes – https://s4erka.wordpress.com/2018/03/06/azure-ad-device-registration-error-codes/

Enroll devices by using a device enrollment manager account – https://docs.microsoft.com/en-us/intune/device-enrollment-manager-enroll

Manually sync your Windows device – https://docs.microsoft.com/en-us/intune-user-help/sync-your-device-manually-windows

How long does it take for devices to get a policy, profile or app after they are assigned? – https://docs.microsoft.com/en-us/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned

Common questions, issues, and resolutions with device policies and profiles in Microsoft Intune – https://docs.microsoft.com/en-us/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned

Send log data to storage, event hubs or log analytics in Intune – https://docs.microsoft.com/en-us/intune/fundamentals/review-logs-using-azure-monitor

Do not clone an Azure AD-joined or MDM-enrolled Windows 10 OS – https://oofhours.com/2020/06/07/do-not-clone-an-azure-ad-joined-or-mdm-enrolled-windows-10-os/

Diagnose MDM failures in Windows 10 – https://docs.microsoft.com/en-us/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10

Common error codes and descriptions in Microsoft Intune – https://docs.microsoft.com/en-us/mem/intune/fundamentals/troubleshoot-company-resource-access-problems

Hopefully, you’ll be able to solve any issue you come up against by consulting the list of above links. I know I have.

Microsoft 365 device management will continue to evolve over time and I’ll continue to update you here on my blog, so stay tuned for more articles on Microsoft 365 device management.

ANZAC Day 2020

The world of today is a very different place from what it was just a few months ago. A single event has changed everything to a new reality. This  means, we can never return to what it used to be like. We have experienced untold community and personal suffering. People have died and sadly, will continue to die for the foreseeable future. Yet, such times are not totally unprecedented in history. Humanity has experience even more challenging times and emerged triumphantly.

In these uncertain times we can look back in history for inspiration on how to deal with the challenges and the positives they can provide. On the 25th of April 1915 Australian and New Zealand troops (ANZACs) began their first engagement in what was euphuistically known as ‘the war to end all wars’. It wasn’t, and the senseless waste of life continues in conflicts to this day. However, if you look past the politics, if you look past the military decisions and implementations, you find individuals who lives that were utterly changed the day they stepped ashore in a foreign land to fight what they, rightly or wrongly, believed.

It wasn’t long before such innocence gave way to the stark realities and horrors of war. A war that would continue for three more years but yet see these ANZAC troops distinguish themselves in places like northern France and Belgium amongst unimaginable human carnage, death and devastation. Even when the horrors of the war ceased in November 1918, many faced the confrontation of the Spanish Flu pandemic that raged for an additional three years, encompassing the globe and taking more lives than the War had.

Few of us today can appreciate the experiences of fighting in a World War and then having to live through a global pandemic. Yet they did. Not all survived unscathed but those that did rebuilt the world that we enjoy today. Even with challenges of the day, we are lucky. Never forget that things could always be worse and be thankful for what you have rather than desiring what may no longer be possible. Remember many have given the ultimate sacrifice to provide the life you enjoy.

We pause and reflect on the sacrifices of those who serve. Not just those in the military past and present, but also first responders, doctors, nurses and others on the front line of the public medical battles we face today. Many of these are demonstrating the resolve, compassion and dedication evidenced by  previous generations, including the ANZAC forces.

For many, ANZAC day today is a new experience. Hopefully, it is something we will never have to experience again in our lifetime. Circumstances dictate that we need to largely remember as individuals rather than in groups. However, that should not diminish the hope that such remembrances provide. It should not diminish the resolution and focus on others that people like the ANZACs demonstrated during their many trials. In the end, they did what they did for their ‘mates’. That, should be our inspiration and take away from ANAZAC day 2020. Let’s honour our heroes but pulling together as a community and doing so for our ‘mates’. They did what they did for others, so should we.

Lest We Forget 

If you want to learn more about the ANZAC battlefields in northern France, visit my web site – www.anzacsinfrance.com.

Their sacrifice shall live on

We pause today to remember all of those who gave their lives in war. Soldiers, sailors, airmen, civilians and more. We pause to remember lives cut short. Today, at 11am on the 11th of November is the anniversary of end of World War One in 1918. An anniversary of the first conflict where war truly became industrialised. Where weapons more than men had the advantage on the battlefield and a few could now kill so many thanks to the power of modern weapons.

The Australian landings at Gallipoli in 1915 are largely credited with giving ‘birth’ to Australia as a nation. They marked the beginning of a commitment of 313,814 Australians to the war of which around 53,000 died in France and Belgium alone. 152,171 were also wounded in this theatre as well, so the impacts on a young nation were marked.

It is not only the past the we remember today, it is also the ongoing service of those that protect us today. Not just soldier, sailor and airmen but emergency workers and more. Their service, like their forbearers, stands as a shining beacon of what can be achieved with the service to others. We don’t honour the methods or the reasons, we honour those that chose to serve. Those that put themselves in harms way for others. Those who were asked to perform a duty for others and did so without question, with many paying the ultimate price.

This is why we remember them. This is why we today pause and say:

Lest We Forget

for there would be nothing more tragic or disrespectful than to neglect to say ‘thank you’ to those that made our world a better place to be and gave us the opportunity to enjoy it. If nothing else, we owe them that. So today, take a moment to pause, reflect, say thank you and hopefully ask how you can make the world a better place in some small way as a way of honouring those who did not return because, sadly, there are still those suffering.

For more information on the Australian battlefields of World War One wish my website www.anzacsinfrance.com.

CIAOPS Need to Know Microsoft 365 Webinar–July


It’s been a long time between drinks but the free CIAOPS Need to Know webinars are back. I’ve done a technology refresh, which means I’ll be attempting to use Microsoft Teams Live Events now. Given this is the first public attempt at this I welcome you to come along and watch all the stuff ups and gaffs that are no doubt going to plague me as I try and get the technology to work. It’ll be fun. Come join me and make this rebirth memorable.

You’ll also notice that I’ve re-branded the webinars to Microsoft 365, which means I’ll be looking deeper into this “new” service from Microsoft.

You can register for the regular monthly webinar here:

July Webinar Registrations

The details are:

CIAOPS Need to Know Webinar – July 2019
Thursday 26th of July  2019
11am – 12am Sydney Time

All sessions are recorded and posted to the CIAOPS Academy.

There of course will also be open Q and A so make sure you bring your questions for me and I’ll do my best to answer them.

The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:


or purchase them individually at:


Also feel free at any stage to email me directly via director@ciaops.com with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session and I look forward to seeing you there.