PAW deployment guide

After running the PAW TAP program on the solution explained in this blogpost, I received tons of interests and great feedback. While the team is investigating on a plan, a lot of customers are asking how they can deploy PAW in their datacenter. This blogpost is dedicated on this topic. To put the solution into…


Apply Code Integrity Policy without reboot

There is a new Code Integrity policy option introduced in Windows 10, and it is available in Windows Server 2019 insider build “Update Policy No Reboot”. I got numerous questions around how to use this option, and here is the blogpost to answer it. What is this option? After the Windows Server 2016 release, we…


Connect to Virtual Machines (VMs) on PAW

Continuing the PAW series, this blog post discusses the options to connect to the VMs running on the PAW device. In Windows, you can connect to a locally running VM using: VMConnect (basic mode or enhanced mode) RDP using mstsc.exe (classic RDP client) RDP using the Remote Desktop app from Store (modern RDP client) RDP…


Default Code Integrity policy for Windows Server

After Windows Defender Application Control (WDAC, formerly known as Code Integrity) was released in Windows Server 2016, I wrote a blog post on it, it was a very effective way to do application whitelisting, and get secure! When engaging with customers to get their feedback and help deploy WDAC, the consistent feedback has been “it’s…


Shielded VM local mode and HGS mode

With the new capability in Windows 10, version 1709, Windows Client can host shielded VMs while using remote Host Guardian Service (HGS) attestation. This caused some confusion as people stated they have already been running shielded VMs on client. This blog post is intended to clarify things and explain how to run them side by…