Verify domain-joined systems have a TPM enabled and ready for use.For standalone systems, this is NA.Virtualization-based security, including Credential Guard, currently cannot be implemented in virtual desktop implementations (VDI) due to specific supporting requirements including a TPM, UEFI with Secure Boot, and the capability to run the Hyper-V feature within the virtual desktop.For VDIs where the virtual desktop instance is deleted or refreshed upon logoff, this is NA.Verify the system has a TPM and is ready for use.Run "tpm.msc".Review the sections in the center pane."Status" must indicate it has been configured with a message such as "The TPM is ready for use" or "The TPM is on and ownership has been taken".TPM Manufacturer Information - Specific Version = 2.0If a TPM is not found or is not ready for use, this is a finding.

For standalone systems, this is NA.Virtualization-based security, including Credential Guard, currently cannot be implemented in virtual desktop implementations (VDI) due to specific supporting requirements including a TPM, UEFI with Secure Boot, and the capability to run the Hyper-V feature within the virtual desktop.For VDIs where the virtual desktop instance is deleted or refreshed upon logoff, this is NA.Ensure domain-joined systems must have a TPM that is configured for use. (Versions 2.0 support Credential Guard.)The TPM must be enabled in the firmware.Run "tpm.msc" for configuration options in Windows.