%3CLINGO-SUB%20id%3D%22lingo-sub-1478023%22%20slang%3D%22en-US%22%3EWindows%20Server%20vNext%20LTSC%20base%20Requirements%20changes%20related%20to%20Security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1478023%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20the%20next%20Long-Term%20Servicing%20Channel%20release%20of%20Windows%20Server%20%5Baka%20%E2%80%98vNext%E2%80%99%5D%2C%20the%20base%20level%20Compatibility%20Requirements%20for%20system-level%20certification%20for%20Windows%20Server%20will%20be%20changed%20to%20include%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EUEFI%202.3.1c%20or%20later%20support%3C%2FLI%3E%0A%3CLI%3EIf%20the%20Windows%20Server%20vNext%20operating%20system%20is%20pre-installed%2C%20Secure%20Boot%20must%20be%20enabled%20by%20default%3C%2FLI%3E%0A%3CLI%3EInclusion%20and%20default%20enablement%20of%20TPM%20version%202.0%2C%20either%20discrete%20or%20firmware-based%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThese%20requirements%20apply%20to%20servers%20where%20Windows%20Server%20vNext%20will%20run%2C%20including%20bare%20metal%20or%20virtual%20machines%20(guests)%20running%20on%20Hyper-V%2C%20and%20on%20the%20physical%20systems%20upon%20which%20third%20party%20hypervisors%20approved%20through%20the%20Server%20Virtualization%20Validation%20Program%20(SVVP)%20will%20run.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20enforcement%20of%20these%20requirements%20will%20be%20applied%20to%20new%20server%20platforms%20introduced%20to%20market%20after%201%2F1%2F2021.%26nbsp%3B%20Existing%20server%20platforms%20will%20include%20%E2%80%9CAdditional%20Qualification%E2%80%9D%20to%20help%20customers%20identify%20systems%20that%20meet%20these%20requirements%2C%20similar%20to%20the%20current%20%E2%80%9CAssurance%20AQ%E2%80%9D%20for%20Windows%20Server%202019%20today.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESee%20the%20following%20links%20for%20more%20information%3B%3C%2FP%3E%0A%3CP%3EUEFI%202.3.1c%2C%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-hardware%2Fdesign%2Fdevice-experiences%2Foem-uefi%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-hardware%2Fdesign%2Fdevice-experiences%2Foem-uefi%3C%2FA%3E%3C%2FP%3E%0A%3CP%3ETPM%202.0%2C%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-hardware%2Fdesign%2Fdevice-experiences%2Foem-tpm%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-hardware%2Fdesign%2Fdevice-experiences%2Foem-tpm%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20more%20information%20on%20the%20reasons%20for%20these%20changes%2C%20see%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fcloudblogs.microsoft.com%252Fwindowsserver%252F2020%252F06%252F11%252Fmicrosoft-raises-the-security-standard-for-next-major-windows-server-release%252F%26amp%3Bdata%3D04%257C01%257Csandyar%2540microsoft.com%257C7c14b5ceae08460f247d08d811c3b653%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637278879593493401%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C-1%26amp%3Bsdata%3Duw6PPlj7jo3Cdk%252FGA8jAh%252Bo1VzYV%252B8BYsMT%252BmIlGMTQ%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fcloudblogs.microsoft.com%2Fwindowsserver%2F2020%2F06%2F11%2Fmicrosoft-raises-the-security-standard-for-next-major-windows-server-release%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1478023%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20Requirements%20related%20to%20Trusted%20Platform%20Module%2C%20UEFI%20and%20Secure%20Boot%2C%20needed%20for%20certification%20of%20systems%20for%26nbsp%3BWindows%20Server%20vNext%20LTSC%2C%20are%20changing%20to%20improve%20system%20security.%3C%2FP%3E%3C%2FLINGO-TEASER%3E
Microsoft

In the next Long-Term Servicing Channel release of Windows Server [aka ‘vNext’], the base level Compatibility Requirements for system-level certification for Windows Server will be changed to include;

  • UEFI 2.3.1c or later support
  • If the Windows Server vNext operating system is pre-installed, Secure Boot must be enabled by default
  • Inclusion and default enablement of TPM version 2.0, either discrete or firmware-based

 

These requirements apply to servers where Windows Server vNext will run, including bare metal or virtual machines (guests) running on Hyper-V, and on the physical systems upon which third party hypervisors approved through the Server Virtualization Validation Program (SVVP) will run.

 

The enforcement of these requirements will be applied to new server platforms introduced to market after 1/1/2021.  Existing server platforms will include “Additional Qualification” to help customers identify systems that meet these requirements, similar to the current “Assurance AQ” for Windows Server 2019 today.

 

See the following links for more information;

UEFI 2.3.1c, https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-uefi

TPM 2.0, https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-tpm

 

For more information on the reasons for these changes, see

https://cloudblogs.microsoft.com/windowsserver/2020/06/11/microsoft-raises-the-security-standard-for...