News

Certified Secured-Core Server Products Now Available for Azure Stack HCI and Windows Server 2022

Microsoft announced on Tuesday that certified Secured-core server hardware products are now available for running Azure Stack HCI and Windows Server 2022 software implementations.

The announcement pointed to Hewlett Packard Enterprise Gen 10 Plus server hardware with Secured-core server support for Azure Stack HCI. On the Windows Server 2022 side, Secured-core server products are available from Dell, Hewlett Packard Enterprise, NEC and Lenovo, per this Windows Server Catalog page. Windows Server 2022 reached "general availability" (commercial release) status back in September.

Microsoft touted its browser-based Windows Admin Center as enabling easy management of various Secured-core server capabilities.

"The Windows Admin Center UI allows you to easily configure the six features that encompass Secured-core server: Hypervisor Enforced Code Integrity, Boot Direct Memory Access (DMA) Protection, System Guard, Secure Boot, Virtualization-based security, and Trusted Platform Module 2.0."

Microsoft began requiring the use of Trusted Platform Module 2.0 chips and Secure Boot protections in new Windows Server hardware in 2021, as announced a year-and-a-half ago. Secure boot and TPM 2.0 chips ensure that boot loaders are properly signed via a hardware root of trust.

However, in late 2018, researchers found that Secure Boot alone wasn't wholly adequate, which led to the Secured-core products. Secured-core systems add other protections on top of Secure Boot.

Secured-core products add Dynamic Root of Trust for Measurement, which is software that assures that the boot process hasn't been tampered with. Also added is Kernel Direct Memory Access, which ensures memory isolation is supported by PCI devices before running them. The addition of Virtualization-Based Security protects credentials by creating a secure memory region away from the operating system. Also, Hypervisor-Based Code Integrity in Secured-core systems works with Virtualization-Based Security to "check the integrity of kernel mode drivers and binaries before they are started," explained Sonia Cuff of Microsoft, in this "Introduction to Secured-core computing" post.

Secured-core PC products also exist. They've been available for a couple of years.

Windows 11 ups the processor requirements for secured-core machines.  Microsoft's rationale for making that change can be found in this talk between Scott Hanselman, partner program manager at Microsoft, and David Weston, director of enterprise and OS security for Windows at Microsoft.

Back in March, Weston indicated that the certified Secured-core approach would also be coming for edge devices or Internet of Things machines at some point.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Offers Support Extensions for Exchange 2016 and 2019

    Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Notebook

    Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

    Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

  • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

    As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.