Event banner
Event details
52 Comments
- Heather_Poulsen
Community Manager
For easy reference, here is a list of the links from this session:
- Heather_Poulsen
How did we do on our Technical Takeoff Day 1 sessions? Please take this 2-minute survey and let us know your thoughts on this event.
My Win 11 22H2 laptop seems to have ten 6155 events during each startup, e.g.
Log Name: System
Source: LsaSrv
Date: 24/10/2022 12.48.30
Event ID: 6155
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: NNN
Description:
LSA package is not signed as expected. This can cause unexpected behavior with Credential Guard.PackageName: kerberos
Same warnings also for negoexts, kerberos, msv1_0 (twice), tspkg, pku2u, cloudap, wdigest, schannel and sfapm
What I should do to stop these events from occurring?
jirenugoMicrosoft
This is a known bug and will be fixed in a future update. There is nothing wrong with the packages.
- Is there an Intune Settings Catalog option for enabling LSA protection for Windows 10 systems?
- Matthew_PalkoLSA Protection currently does not have an Intune Settings Catalog option.
- I was hoping to get some information on Smart App Control. Will there be any Takeoff session where this is covered?
- The concept of Smart App is very interesting. Currently once set to on or off the settings cant be modified further and will require a system reinstall. After turning it on using a test system I noticed several applications being limited to partial functionality only. I would recommend leaving it in default evaluation mode for the time being.
- I wonder for how long it will be under my control. The documentation says: "If you are a good candidate for Smart App Control, then it will automatically be turned on. If not, it'll be turned off.". That sounds scarry to me since I don't see a management option - or did I miss something?
- With MDM do you have filter recommendations to send them out to specific machines?
- Will the MDM policies for LSA and Credential Guard tattoo?
- Be very careful with the UEFI lock options. If you use those, you must physically touch the PCs to turn off the setting. It cannot be done remotely.
- Heather_Poulsen
We’re happy you joined us at the Microsoft Technical Takeoff! Whether you are attending one session or many, please take this 2-minute survey and let us know your thoughts on this event.
- To use this with MDM do you need both of those CSP?
- jirenugoYou need only the respective CSP(Device Guard for Credential Guard and Local Security Authority for LSA protection) if you want to change the default setting.
- Is there a recommended method for creating filters in Intune or collections in ConfigMgr that can contain only PCs that include all the hardware requirements for enabling HVCI? I got bit several years ago where we enabled HVCI with UEFI lock on many PCs that didn't support it and it caused severe performance issues.
- jirenugo
We don't have any recommendations right now. Thanks for the feedback! We will look into documenting the hardware requirements or providing a scripted mechanism to identify devices that can support VBS features. This is a good place to start Virtualization-based Security (VBS) | Microsoft Learn
- Follow-up. Is there a way for companies to implement these settings in a scripted way that does the same checks that a fresh install of W11 22H2 does? It would be great if the product team could provide that.
