- Intel chipset driver version 10.1.18793.8276 and above should be installed for AX-650 and AX-750xd.
- AMD chipset driver version 22.214.171.124 and above should be installed for AX-7525.
- OS Settings can be enabled by manually modifying the registry settings or by leveraging the WAC Security Extension.
- Using registry settings
- Run the following commands on each server in a cluster:
reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 1 /f
reg add “HKLM\System\CurrentControlSet\Control\DeviceGuard\Scenarios\SystemGuard” /v “Enabled” /t REG_DWORD /d 1 /fNote: After you run these commands, restart the servers one at a time, see Restarting a cluster node or taking a cluster node offline.
- Using Windows Admin Center Security extension:
- Log in to Windows Admin Center and connect to the cluster.
- In the Extensions, click Security.
- In the Security page, click Secured-Core.
- Select Hyper Hypervisor Enforced Code Integrity (HVCI) and System Guard, then click Enable. Note: After you run these commands, restart the servers one at a time, see Restarting a cluster node or taking a cluster node offline.
- After the settings are enabled and each server is restarted, the Secured-Core section on each server must show all features with the On status.
- The BIOS and OS settings can be verified using OMIMSWAC.
- Select Secured Core. . From the drop-down menu, select
Dell Technologies and Microsoft recommends enabling Secured Core for Azure Stack HCI 22H2, and Windows Server 2022 that includes both the Infrastructure and Microsoft Operating System features to protect the infrastructure from external threats.