Security overview
Security that is incorporated into the design is a key tenet of
Microsoft Azure Stack Hub. Security features enabled for the solution include:
-
Firmware
- TPM 2.0 and SecureBoot
are enabled.
- All firmware and driver
update packages are signed.
- The firmware update is
secured and uses Windows Cryptograms implementations.
-
Software
- BitLocker is enabled on
all hard drives.
- Defense Information
System Agency (DISA) Security Technical Implementation Guide (STIG) class
security policies are applied and enabled.
- Device guard and
credential guard are enabled.
- Allowlisting is enabled
to ensure that unknown software cannot be run on host systems.
- Defender is enabled on
the HLH host for anti-malware.
- Federal Information
Processing Standards (FIPS) 140-2 compliant crypto algorithms are used for
internal stack communication.
-
Network traffic
- The network is
encrypted.
Data is not available for the Topic