This site may earn affiliate commissions from the links on this page. Terms of use.

Security is important to everyone on Windows, but what if security is the most important affair? Microsoft has released a document detailing what you should practise to create the most secure Windows ten PC possible. Information technology covers everything from what sort of hardware y'all should have to making sure your bootup process is locked down. Not all systems we think of as "secure" will exist up to Microsoft's standards, but you might be close as long every bit you've got newer hardware.

Right at the top of the list, Microsoft says the most secure PCs must run the latest generation Intel and AMD processors. That means the 7th generation Core chips from Intel and AMD'due south 7th gen Athlon and Ryzen chips. That probably sounds a little weird, simply the silicon does matter in terms of security. For example, seventh generation CPUs support Manner Based Execution Command (MBEC), which is important for VBS, or Virtualization-Based Security. Microsoft also demands 8GB of RAM, only the reason for that isn't equally clear.

Microsoft too says systems must have 64-scrap instruction set support, simply good luck buying a CPU that doesn't have 64-bit support anymore. Again, this is necessary for VBS. Virtualization is an important part of Windows 10 security. Microsoft says systems should have virtualization enabled via Intel VT-d, AMD-Vi, or ARM64 SMMUs.

TPM_Asus

A secure system should too accept a Trusted Platform Module (TPM) that conforms to the v2.0 standards. A TPM acts every bit a secure cryptoprocessor for treatment encryption keys. Most systems have support for a TPM either via a motherboard plug or integrated with the circuit board. Nevertheless, it's not always enabled.

The drivers shipping on a secure computer should all be Hypervisor-based Code Integrity (HVCI) compliant, co-ordinate to Microsoft. The document also says secure kicking must be turned on. This is the default on virtually all systems that prevents a PC from booting unauthorized software like rootkits and other malware. This is a feature of UEFI, which has replaced traditional BIOS systems. Microsoft notes that a computer's UEFI should be at least version 2.4 with support for Secure MOR revision 2.

The biggest piece of this is just having a newer organisation. Microsoft requires many of these firmware features to be supported before granting a Windows certification. Simply having the latest generation silicon from Intel or AMD also gets y'all most of the way to having the most secure Windows arrangement possible.

Now read: Windows ten: The Best Hidden Features, Tips, and Tricks