Loading user information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading user information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

More on Processes and Features in Windows 10 Isolated User Mode with Dave Probert

15 minutes, 46 seconds


Right click “Save as…”

In this final video in the Windows 10 Isolated User mode series Dave takes us through several engineering aspects associated with trustlets. First he describes how lsass.exe (the Local Security Authority Subsystem Service responsible for enforcing security on Windows) now can have a companion process running in the Secure System (LsaIso.exe otherwise known as Credential Guard - tasked with protecting secrets). He then delves into more generic trustlet concerns and how the Secure Kernel in Isolated User Mode deals with these challenges.

Overall it was tremendously fascinating to learn some of the great innovations that are happening in the Windows 10 Operating System from the folks that are actually working on the code! I'm hoping to get a lot more content from this wonderful set of engineers and look forward to the great conversations we get to have.


Follow the discussion

  • Oops, something didn't work.

    Getting subscription
    Subscribe to this conversation
  • Jason FossenJason Fossen

    Great! Even more in-depth would be nicer. I hope Microsoft will soon release a whitepaper documenting all the details, requirements, limitations, third-party pentesting results, etc. Thanks!

  • Jeroen FrijtersJeroen Frijters

    It would be good to mention that Isolated User Mode is only available on Windows 10 Enterprise and on the Server SKUs.

  • Jonathan PosadowskiJonathan Posadowski

    Overall, it was brief but right to the point. Like Jason said it would be nice to be able to watch whitepaper documentation, or at least a more in depth look at all these function for the die hard fans. Perhaps for a low subscription fee of some sort.

  • Timmy Reilly timreilly LearnTeach​Repeat

    Are these in order?

    Part 1: Isolated User Mode

    Part 2: Isolated User Mode Processes and Features 

    Part 3: More on Process and Features (This Video)


    Really enjoying these videos!

  • @timreilly:Yep! Good catch - I am planning to do more of these with the Windows team (hopefully soon).

  • great series. more like this please.

  • Super-informative series.  (Far, far more informative than anything I've seen in writing anywhere.)  Thanks a lot.  Thought I pretty much understood the major security architecture changes that shipped in Windows 10; turns out my knowledge was barely scratching the surface.

    But one important question: when is the new hypervisor/secure silo architecture in general, and the Credential Guard feature in particular, coming to Windows clients that don't use Enterprise licensing and management?  Or maybe put another way, when is the capability to protect identity secrets other than domain identity credentials--like Microsoft Account authentication credentials, as the most obvious non-enterprise example-- going to be added to Windows 10?  (And made available at least to Pro edition users.) Also importantly, it sure would be really, really great to see a broadly available Credential Guard capability ability able to protect credentials used to access 3rd-party network/Internet services with high security requirements (medical records databases, payment processing systems, etc.)

    BTW, are any of these mechanisms the same as those that protect private key storage for the new Passport auth element in Windows 10?  Still a bit confused as to how all these pieces of the Windows 10 security story fit together, I guess. 

    Anyway, I'll just close by throwing out another friendly reminder to keep in mind the small businesses and others who don't have Enterprise domain systems but still have important stuff to protect.  :)  In any event, thanks for the series Ch. 9, and keep up the impressive work Kernel group.       

  • how about some configuration walkthroughs. . . .?????

Remove this comment

Remove this thread


Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.