Security that is incorporated into the design is a key tenet of Microsoft Azure Stack Hub. Security features enabled for the solution include:
- Firmware
- TPM 2.0 and SecureBoot are enabled.
- All firmware and driver update packages are signed.
- The firmware update is secured and uses Windows Cryptograms implementations.
- Software
- BitLocker is enabled on all hard drives.
- Defense Information System Agency (DISA) Security Technical Implementation Guide (STIG) class security policies are applied and enabled.
- Device guard and credential guard are enabled.
- Allowlisting is enabled to ensure that unknown software cannot be run on host systems.
- Defender is enabled on the HLH host for anti-malware.
- Federal Information Processing Standards (FIPS) 140-2 compliant crypto algorithms are used for internal stack communication.
- Network traffic
- The network is encrypted.