Enabling the Secured-Core Feature of Microsoft Windows Server 2022 and Azure Stack HCI on Lenovo ThinkSystem Servers

Secured-core is a new feature of Microsoft Windows Server 2022 and Microsoft Azure Stack HCI that brings powerful threat protections together to provide multi-layer security across hardware, firmware, and the operating system. It uses the Trusted Platform Module 2.0 and System Guard to boot up Windows Server securely and minimize risks from firmware vulnerabilities.

To be certified for Secured-core, new server firmware protection features are required. ThinkSystem servers with 3rd Gen or 4th Gen Intel Xeon Scalable processors and AMD EPYC 7003 or 7004 Series processors are certified.

This document introduces Secured-core feature, and shows users how to enable it on supported Lenovo® ThinkSystem servers. This paper is intended for IT specialists and IT administrators who are familiar with security features of Windows Server and want to enable Secured-core on applicable Lenovo servers running Windows Server 2022.

Introduction
Supported Lenovo servers
Enabling Secured-core in UEFI
Platform-specific driver installation in Windows Server 2022 for AMD-based system
Enabling Secured-core in Windows Server 2022
Confirming Secured-core is enabled
Enabling Secured-core in Azure Stack HCI
Resources
Author

To view the document, click the Download PDF button.

Changes in the November 2023 update:

• Added section “Enabling Secured-core in Azure Stack HCI” on page 17

Related product families

Product families related to this document are the following:

• Microsoft Alliance
• Microsoft Windows