Package version:
OptionalbitlockerWhen set to true, BitLocker XTS_AES 256-bit encryption is enabled for all data-at-rest on the OS volume of your Azure Stack HCI cluster. This setting is TPM-hardware dependent.
OptionalbitlockerWhen set to true, BitLocker XTS-AES 256-bit encryption is enabled for all data-at-rest on your Azure Stack HCI cluster shared volumes.
OptionalcredentialWhen set to true, Credential Guard is enabled.
OptionaldriftWhen set to true, the security baseline is re-applied regularly.
OptionaldrtmBy default, Secure Boot is enabled on your Azure HCI cluster. This setting is hardware dependent.
OptionalhvciBy default, Hypervisor-protected Code Integrity is enabled on your Azure HCI cluster.
OptionalsideWhen set to true, all the side channel mitigations are enabled
OptionalsmbWhen set to true, cluster east-west traffic is encrypted.
OptionalsmbWhen set to true, the SMB default instance requires sign in for the client and server services.
OptionalwdacWDAC is enabled by default and limits the applications and the code that you can run on your Azure Stack HCI cluster.
The SecuritySettings of AzureStackHCI Cluster.