Enabling Windows Server 2016 and Hyper-V virtualization based security features on other platforms

This post was authored by Mike Schutz, General Manager, Cloud Platform.

Security is a top-of-mind topic for every organization. This is why Microsoft is investing deeply to provide advanced security across our technology portfolio. With the launch of Windows Server 2016 this week, we introduced new advanced multi-layer security capabilities to provide additional ways to safeguard infrastructure.

Windows Server 2016 helps prevent attacks and detect suspicious activity with new features to control privileged access, help protect virtual machines, and harden the platform against emerging threats. Some of the notable advancements include:

• Protect administrator credentials: Helping guard administrator credentials from Pass-the-Hash attacks by using Credential Guard and Remote Credential Guard. Limiting administrator privileges with Just-In-Time Administration and Just Enough Administration.
• Protect applications at the operating system layer: Helping ensure only trusted software runs on the operating system with Device Guard. Helping protect against memory corruption attacks with Control Flow Guard. Helping protect against known malware with Windows Defender optimized for server roles.

Some of these new capabilities utilize Hyper-V to reproduce the hardware-rooted security capabilities of physical servers (also known as virtualization-based security features). Hyper-V is a fantastic solution for virtualization, but we know customers use lots of different virtualization technology. We want to ensure all our customers have the best possible experience with Windows Server no matter what virtualization technology they choose. Microsoft’s commitment to openness and collaboration alongside industry partners around the world is a core tenet of the way we do business.

To enable more customers to take advantage of Windows Server’s security capabilities on other virtualization platforms, we intend to extend the Server Virtualization Validation Program (SVVP) with a new Additional Qualification (AQ) for third party virtualization solutions that are capable of supporting some of the Windows Server virtualization-based security features. We invite interested partners and customers to reach out to us at svvpfb@microsoft.com. We will provide further details as our planning progresses.