By design, DFCI management requires external attestation of the device's commercial acquisition through an OEM or a Microsoft CSP partner registration to Windows Autopilot. The device must be registered for Windows Autopilot by a Microsoft Cloud Solution Provider (CSP) partner, or registered directly by the OEM.ĭevices manually registered for Autopilot, such as imported from a csv file, aren't allowed to use DFCI. Work with your device vendors to determine the manufacturers that support DFCI, or the firmware version needed to use DFCI.
#ZYXEL FIRMWARE UPGRADE CONFIGURATION UPDATE#
The device manufacturer must have DFCI added to their UEFI firmware in the manufacturing process, or as a firmware update you install. This layer of security blocks local users from accessing managed settings from the device's UEFI (BIOS) menus. DFCI's trust chain uses public key cryptography, and doesn't depend on local UEFI (BIOS) password security. This feature can prevent malware from communicating with OS processes, including elevated OS processes.
#ZYXEL FIRMWARE UPGRADE CONFIGURATION INSTALL#
When you reinstall an older Windows version, install a separate OS, or format the hard drive, you can't override DFCI management. In another example, lock down the boot options to prevent users from booting up another OS, or an older version of Windows that doesn't have the same security features. Reinstalling the OS or wiping the computer won't turn the camera back on. You can disable the camera at the firmware-layer, so it doesn't matter what the end user does.
0 kommentar(er)
