News

Certified Secured-Core Server Products Now Available for Azure Stack HCI and Windows Server 2022

Microsoft announced on Tuesday that certified Secured-core server hardware products are now available for running Azure Stack HCI and Windows Server 2022 software implementations.

The announcement pointed to Hewlett Packard Enterprise Gen 10 Plus server hardware with Secured-core server support for Azure Stack HCI. On the Windows Server 2022 side, Secured-core server products are available from Dell, Hewlett Packard Enterprise, NEC and Lenovo, per this Windows Server Catalog page. Windows Server 2022 reached "general availability" (commercial release) status back in September.

Microsoft touted its browser-based Windows Admin Center as enabling easy management of various Secured-core server capabilities.

"The Windows Admin Center UI allows you to easily configure the six features that encompass Secured-core server: Hypervisor Enforced Code Integrity, Boot Direct Memory Access (DMA) Protection, System Guard, Secure Boot, Virtualization-based security, and Trusted Platform Module 2.0."

Microsoft began requiring the use of Trusted Platform Module 2.0 chips and Secure Boot protections in new Windows Server hardware in 2021, as announced a year-and-a-half ago. Secure boot and TPM 2.0 chips ensure that boot loaders are properly signed via a hardware root of trust.

However, in late 2018, researchers found that Secure Boot alone wasn't wholly adequate, which led to the Secured-core products. Secured-core systems add other protections on top of Secure Boot.

Secured-core products add Dynamic Root of Trust for Measurement, which is software that assures that the boot process hasn't been tampered with. Also added is Kernel Direct Memory Access, which ensures memory isolation is supported by PCI devices before running them. The addition of Virtualization-Based Security protects credentials by creating a secure memory region away from the operating system. Also, Hypervisor-Based Code Integrity in Secured-core systems works with Virtualization-Based Security to "check the integrity of kernel mode drivers and binaries before they are started," explained Sonia Cuff of Microsoft, in this "Introduction to Secured-core computing" post.

Secured-core PC products also exist. They've been available for a couple of years.

Windows 11 ups the processor requirements for secured-core machines.  Microsoft's rationale for making that change can be found in this talk between Scott Hanselman, partner program manager at Microsoft, and David Weston, director of enterprise and OS security for Windows at Microsoft.

Back in March, Weston indicated that the certified Secured-core approach would also be coming for edge devices or Internet of Things machines at some point.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Salesforce To Acquire Informatica in $8 Billion Deal

    Salesforce announced on Tuesday it plans to acquire data management firm Informatica for $8 billion.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Microsoft Gives Orgs More Power to 'Tune' AI Agents

    At its Build 2025 conference this week, Microsoft unveiled significant advancements aimed at empowering enterprises to create more sophisticated AI agents.

  • Build 2025: Microsoft Charts Wider Path for AI Agents

    At Build 2025, Microsoft unveiled its strategic vision for the future of AI agents, emphasizing the development of autonomous systems capable of performing complex tasks across various applications.