Devices with critical credentials should be protected by Credential Guard.

Why This Matters

Credential theft is a leading attack vector, with attackers frequently targeting memory-based credentials like NTLM hashes and Kerberos tickets. Without Credential Guard, critical credentials stored in Local Security Authority (LSA) process memory are vulnerable to extraction via pass-the-hash or pass-the-ticket attacks. Protecting devices with Credential Guard significantly reduces the attack surface by isolating secrets in a virtualized environment.

What Aether365 Checks

This check verifies that devices holding critical credentials in your Microsoft 365 environment are enabled with Credential Guard. It appears in the Aether365 dashboard under microsoft-365 checks.