Forum Discussion
Guidance on Domain Controller Virtualization Based Security and Defender Antivirus Baselines
Am I correct in assuming the 1909 - Domain Controller Virtualization Based Security should be targeting <only> my Domain Controllers running as Virtual Machines?
Is the 1909 Defender Antivirus baseline only applicable for those companies using Windows/Microsoft Defender (and not a third party AV/Endpoint solution) or does it apply and play nicely with third party AV/Endpoint solutions?
8 Replies
The 'Domain Controller Virtualization Based Security' baseline should be applied to physical and virtual domain controllers. It relates to virtualising security features within the OS rather than the virtualisation of the OS itself, e.g. HVCI. The reason there is a difference in the DC baseline is because 'credential in memory' protection is of no value on a DC when the entire Active Directory database is sat right there on the file system.
I can't comment on 3rd party AV/Endpoint solutions but I will recommend using Defender as your antimalware solution as part of your defence in depth. Used with other protections like VBS, ATP, ISG and HVCI will provide you with the strongest and most reliable solution.
Regards,
Steve
Steve Norton I am noticing an issue when applying the Domain Controller Virtualization Based Security policy to my vDC. Once applied, on the next reboot they fail to boot. Hypervisor reports a Triple Fault error. I can get to recovery and safe mode/safe mode with networking. I'm probably doing something wrong, but even with a new VM config on Server 2019 Hypervisor with clean Windows 2019 Server OS vm it's repeatable. I've not dug into it beyond that at this time. Maybe there's another resource I'm overlooking when setting this up?
Hi awolf13,
Does your vDC boot successfully with 'Enable Secure Boot' and 'Enable Trusted Platform Module' enabled on the host?
Regards,
Steve
