News

Certified Secured-Core Server Products Now Available for Azure Stack HCI and Windows Server 2022

Microsoft announced on Tuesday that certified Secured-core server hardware products are now available for running Azure Stack HCI and Windows Server 2022 software implementations.

The announcement pointed to Hewlett Packard Enterprise Gen 10 Plus server hardware with Secured-core server support for Azure Stack HCI. On the Windows Server 2022 side, Secured-core server products are available from Dell, Hewlett Packard Enterprise, NEC and Lenovo, per this Windows Server Catalog page. Windows Server 2022 reached "general availability" (commercial release) status back in September.

Microsoft touted its browser-based Windows Admin Center as enabling easy management of various Secured-core server capabilities.

"The Windows Admin Center UI allows you to easily configure the six features that encompass Secured-core server: Hypervisor Enforced Code Integrity, Boot Direct Memory Access (DMA) Protection, System Guard, Secure Boot, Virtualization-based security, and Trusted Platform Module 2.0."

Microsoft began requiring the use of Trusted Platform Module 2.0 chips and Secure Boot protections in new Windows Server hardware in 2021, as announced a year-and-a-half ago. Secure boot and TPM 2.0 chips ensure that boot loaders are properly signed via a hardware root of trust.

However, in late 2018, researchers found that Secure Boot alone wasn't wholly adequate, which led to the Secured-core products. Secured-core systems add other protections on top of Secure Boot.

Secured-core products add Dynamic Root of Trust for Measurement, which is software that assures that the boot process hasn't been tampered with. Also added is Kernel Direct Memory Access, which ensures memory isolation is supported by PCI devices before running them. The addition of Virtualization-Based Security protects credentials by creating a secure memory region away from the operating system. Also, Hypervisor-Based Code Integrity in Secured-core systems works with Virtualization-Based Security to "check the integrity of kernel mode drivers and binaries before they are started," explained Sonia Cuff of Microsoft, in this "Introduction to Secured-core computing" post.

Secured-core PC products also exist. They've been available for a couple of years.

Windows 11 ups the processor requirements for secured-core machines.  Microsoft's rationale for making that change can be found in this talk between Scott Hanselman, partner program manager at Microsoft, and David Weston, director of enterprise and OS security for Windows at Microsoft.

Back in March, Weston indicated that the certified Secured-core approach would also be coming for edge devices or Internet of Things machines at some point.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Hands-On AI Skills Now Outshine Certs in Salary Stakes

    For AI-related roles, employers are prioritizing verifiable, hands-on abilities over framed certificates -- and they're paying a premium for it.

  • Roadblocks in Enterprise AI: Data and Skills Shortfalls Could Cost Millions

    Businesses risk losing up to $87 million a year if they fail to catch up with AI innovation, according to the Couchbase FY 2026 CIO AI Survey released this month.

  • Microsoft Cuts Windows 11 Recovery Time with New Update

    Microsoft has introduced two key enhancements to Windows 11 aimed at minimizing downtime and streamlining error resolution.

  • Microsoft Offers Support Extensions for Exchange 2016 and 2019

    Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.