Checklist: Select the Most Secure Hardware to Use with Windows 10

If your organization wants to take advantage of the enterprise level security features in Windows 10, then you must consider purchasing hardware that meets the standards in this checklist.

Richard Hay, Senior Content Producer

November 8, 2017

3 Min Read
Computer Security Hero

Over the last two and a half years during the development of Windows 10, Microsoft has continuously added and upgraded security features of the operating system as they have released each new feature update.

While these features benefit consumers with a system that is less vulnerable to attacks such as WannaCry and Petya, enterprise customers have seen even more in depth features added to secure the operating system and the data stored on these devices.

However, some of these new security features require certain types of hardware to fully take advantage of the capabilities.

Using this document at the Microsoft Hardware Development Center, here is a checklist of these key hardware specifications that will allow your business to fully use the security that is a standard part of Windows 10. 

Note: These standards apply to the latest feature update for Windows 10, the Fall Creators Update, and the security features that are integrated into this release.

Central Processing Unit (CPU)

Intel (Through 7th Generation Processors)

  • Intel i3/i5/i7/i9-7x

  • Core M3-7xxx

  • Xeon E3-xxxx

  • Atom, Celeron, Pentium (Current)

AMD (Through 7th Generation Processors)

  • A Series Ax-9xxx

  • E Series Ex-9xxx

  • FX Series (FX-9xxx)

Process Architecture

  • Virtualization based security requires Windows Hypervisor and that is only supported on 64-bit IA processors or ARM v8.2 CPUs

Virtualization

  • System Processors have to support Input-Output Memory Management Unit (IOMMU) virtualization with all I/O devices protected by IOMMU/SMMU. Systems must have Intel VT-d, AMD-Vi, or ARM64 SMMUs.

  • Must have virtual machine extensions with Second Level Address Translation (SLAT). Systems must have Intel Vt-x with Extended Page Tables (EPT), or AMD-v with Rapid Virtualization Indexing (RVI).

  • These hardware virtualization features must be available to the operating system and reported to system firmware.

Trusted Platform Module (TPM)

  • Systems must have TPM version 2.0 or higher. This includes Intel (PTT), AMD, or discrete TPM from Infineon, STMicroelectronics, and Nuvoton.

  • The hardware must also comply with the Trustworthy Computing Group specification.

Platform Boot Verification

  • Must utilize cryptographically verified platform boot. This includes Intel Boot Guard in Verified Boot mode, AMD Hardware Verified Boot, and any OEM equivalent mode with same functionality.

Random Access Memory (RAM)

  • Minimum of 8 GB or higher required.

Firmware

There are six areas that a systems firmware must comply to meet these security specifications and take advantage of the enhanced security features in the Windows 10 Fall Creators Update:

Just to clarify, these specifications go above and beyond the minimum hardware requirements to run the Windows 10 Fall Creators Update. 

By insuring your new hardware has the above security specifications you will be able to implement the following security features as part of the Fall Creators Update:

  • Windows Defender Application Control

  • Windows Defender Antivirus

  • Windows Defender Exploit Guard

  • Windows Defender Application Guard

  • Windows Defender System Guard

  • Windows Defender Advanced Threat Protection

  • Windows Defender Credential Guard

  • Windows Defender Device Guard

  • Windows Information Protection

  • Windows Hello

  • BitLocker and BitLocker To Go

You can learn more about the enterprise and business related security features for Windows 10 over at the Windows Security Center.

But, wait...there's probably more so be sure to follow me on Twitter and Google+.

About the Author

Richard Hay

Richard Hay

Senior Content Producer, IT Pro Today (Informa Tech)

I served for 29 plus years in the U.S. Navy and retired as a Master Chief Petty Officer in November 2011. My work background in the Navy was telecommunications related so my hobby of computers fit well with what I did for the Navy. I consider myself a tech geek and enjoy most things in that arena.

My first website – AnotherWin95.com – came online in 1995. Back then I used GeoCities Web Hosting for it and WindowsObserver.com is the result of the work I have done on that site since 1995.

In January 2010 my community contributions were recognized by Microsoft when I received my first Most Valuable Professional (MVP) Award for the Windows Operating System. Since then I have been renewed as a Microsoft MVP each subsequent year since that initial award. I am also a member of the inaugural group of Windows Insider MVPs which began in 2016.

I previously hosted the Observed Tech PODCAST for 10 years and 317 episodes and now host a new podcast called Faith, Tech, and Space. 

I began contributing to Penton Technology websites in January 2015 and in April 2017 I was hired as the Senior Content Producer for Penton Technology which is now Informa Tech. In that role, I contribute to ITPro Today and cover operating systems, enterprise technology, and productivity.

https://twitter.com/winobs

See more from Richard Hay
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

the interface of the PowerShell search tool with a hand holding a magnifying glass on a background of a blue sky and clouds in the shape of gears
PowerShell
How I Built My Own PowerShell Multi-File Search Tool
How I Built My Own PowerShell Multi-File Search Tool

Oct 22, 2024

burnout gif featuring a mannequin surrounded by office technology on fire
Career Tips
Am I Burned Out? How To Identify and Address Burnout in IT
Am I Burned Out? How To Identify and Address Burnout in IT

Oct 24, 2024

MLOps
Ops and More
Choosing Between Cloud and On-Prem MLOps: What's Best for Your Needs?
Choosing Between Cloud and On-Prem MLOps: What's Best for Your Needs?

Oct 23, 2024

Exclusive ITPro Resources
See all ITPro Resources

Featured Technical Explainers

AI chip
Cloud Computing
Cloud vs. On-Prem AI Accelerators: Choosing the Best Fit for Your AI Workloads
Cloud vs. On-Prem AI Accelerators: Choosing the Best Fit for Your AI Workloads
SaaS concept on a tablet
Cloud Computing
Why SaaS Backup Matters: Protecting Data Beyond Vendor Guarantees
Why SaaS Backup Matters: Protecting Data Beyond Vendor Guarantees
DevOps logo on top of code
DevOps
DevOps: Key to Faster, More Efficient Government Software Development
DevOps: Key to Faster, More Efficient Government Software Development
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

Recent What Is

cartoon shows a person next to a checklist and several icons that represent disaster scenarios
Disaster Recovery
BCDR Basics: A Quick Reference Guide for Business Continuity & Disaster RecoveryBCDR Basics: A Quick Reference Guide for IT Pros
technology interface with a person's hand drawing gears and cogs
PowerShell
Introduction To PowerShell Environment VariablesIntroduction To PowerShell Environment Variables