Threat Protection and Confidential VMs

Application control and VM hardening

Windows Defender Application Control (WDAC)

What WDAC does

WDAC is an allowlist-based application control technology. Instead of trying to block known malware (blocklist approach), WDAC only allows applications that are explicitly trusted. Everything else is blocked.

WDAC enforces code integrity policies at the kernel level. This means:

• Only signed, trusted drivers can load
• Only approved applications can execute
• Unsigned scripts and executables are blocked by default
• Policies survive reboots because they are enforced before user-mode code runs

WDAC vs AppLocker

Both control which applications can run, but they operate very differently.

WDAC vs AppLocker

Capability	WDAC	AppLocker
Enforcement level	Kernel mode — enforced before user code runs	User mode — enforced by a Windows service
Bypass resistance	Very hard to bypass (kernel-level)	Easier to bypass (service can be stopped by admin)
Policy scope	Per-device (applies to all users)	Per-user or per-group via GPO
Driver control	Yes — controls which drivers can load	No — cannot control drivers
Management	WDAC policies (XML/binary), Intune, or MECM	Group Policy or Intune AppLocker CSP
Audit mode	Yes — log without blocking	Yes — audit only mode
Recommended by Microsoft	Yes — preferred for new deployments	Legacy — still supported but WDAC preferred
Best for AVD	Pooled hosts with a defined app set	Quick rules when WDAC is too complex

WDAC for AVD session hosts

On pooled session hosts, WDAC is particularly effective because:

• The application set is well-defined (golden image has all approved apps)
• Users cannot install software (no admin rights)
• New apps are added through image updates, not user installs
• The policy can be baked into the golden image

Implementation approach:

1. Deploy a session host with all required applications
2. Run the WDAC policy wizard in audit mode to generate a baseline policy
3. Review the audit logs to ensure all legitimate applications are allowed
4. Switch to enforce mode and test with pilot users
5. Bake the WDAC policy into the golden image

🏢 Raj at TerraStack rolled out WDAC in phases: “We started with audit mode for two weeks. The logs showed us every application that would have been blocked. We found three legitimate tools we had missed — added them to the policy, then enforced. Our pooled hosts now only run exactly what we approved. Any random executable a user tries to download? Blocked.”

💡 Exam tip: WDAC audit mode before enforce

The exam often presents a scenario where WDAC is blocking a legitimate application after being deployed. The recommended approach is ALWAYS to start with audit mode, review logs, refine the policy, then switch to enforce mode. If a question asks about deploying WDAC with minimal disruption, the answer involves audit mode first.

Controlled Folder Access

What it does

Controlled Folder Access is a ransomware protection feature in Defender Antivirus. It protects specific folders from unauthorised changes — even if malware is running on the system.

Protected folders by default:

• Documents, Desktop, Pictures, Videos, Music, Favourites
• Public folders

How it works:

• Only trusted applications can write to protected folders
• Microsoft-signed apps are trusted automatically
• You can add custom trusted applications
• Untrusted applications that try to modify protected files are blocked and logged

Controlled Folder Access on AVD

For AVD session hosts, Controlled Folder Access protects user data in redirected folders. This is especially important when:

• Users save files to their Desktop or Documents (which may be in the FSLogix profile container)
• The session host has internet access (potential malware vector)
• The organisation must comply with data protection regulations

Configuration via Intune or Group Policy:

• Enable Controlled Folder Access
• Add FSLogix processes to the allowed applications list (frxsvc.exe, frxccds.exe)
• Add any line-of-business applications that need to write to protected folders

🎧 Mia at Horizons Health enables Controlled Folder Access on all clinical session hosts: “Our radiology department saves DICOM images to the Documents folder. If ransomware got onto a session host, it could encrypt patient imaging data. Controlled Folder Access means only our approved PACS viewer and FSLogix can write to those folders.”

ℹ️ Deep dive: Controlled Folder Access and FSLogix interaction

FSLogix processes MUST be added to the Controlled Folder Access allowed list. Without this, FSLogix cannot write to protected folders inside the profile container, causing profile load failures. This is similar to the antivirus exclusion requirement but applies to folder access specifically.

The processes to allow are the same as the antivirus exclusions: frxsvc.exe, frxccds.exe, and frxccd.exe. If users report that their Desktop or Documents folder is read-only after enabling Controlled Folder Access, check that FSLogix processes are on the allowed list.

Trusted Launch for AVD

What Trusted Launch protects against

Trusted Launch protects session hosts from boot-level attacks — malware that infects the boot process before the OS or antivirus loads. These attacks include:

• Rootkits — malware that hides in the boot loader and is invisible to the running OS
• Bootkits — malware that replaces the boot loader entirely
• Firmware attacks — malware that persists in VM firmware

Trusted Launch components

Component	What It Does
Secure Boot	Ensures only signed, trusted boot loaders and OS kernels can load. Blocks unsigned or tampered boot code.
vTPM (virtual Trusted Platform Module)	A virtualised TPM 2.0 chip that stores cryptographic keys and measurements. Used for BitLocker, measured boot, and attestation.
Measured Boot	Records every component loaded during boot into the vTPM. Azure can verify these measurements to detect tampering (boot integrity monitoring).

Enabling Trusted Launch

Trusted Launch is a VM creation setting — you enable it when creating the session host VM. It cannot be added to an existing VM without redeployment.

Requirements:

• Supported VM sizes (most general-purpose and compute-optimised sizes support it)
• Generation 2 VM (not Generation 1)
• Supported OS images (Windows 11, Windows Server 2022, and most current images)
• Must be selected at VM creation time

🏛️ JC requires Trusted Launch on all government session hosts: “Director Walsh mandates that every VM in our environment uses Trusted Launch. Measured boot gives us attestation evidence that no session host has been tampered with. Our security auditor Aisha reviews the boot integrity reports monthly.”

Azure Confidential VMs

Beyond Trusted Launch

While Trusted Launch protects the boot process, confidential VMs protect the entire VM while it is running — including the data in memory.

How confidential VMs work

Confidential VMs use AMD SEV-SNP (Secure Encrypted Virtualisation - Secure Nested Paging) technology:

• Memory encryption — the VM’s memory is encrypted with a key that only the VM has access to. Even the hypervisor cannot read the VM’s memory.
• Hardware-based isolation — the CPU enforces isolation between the VM and the host, preventing side-channel attacks
• Attestation — the VM can cryptographically prove to remote parties that it is running in a genuine confidential environment

When to use confidential VMs for AVD

Confidential VMs are for scenarios where even the cloud provider should not be able to access the data:

• Processing classified government data
• Healthcare data that requires the highest isolation
• Financial data subject to strict regulatory requirements
• Intellectual property that must be protected from all parties

Trusted Launch vs Confidential VMs

Aspect	Trusted Launch	Confidential VMs
Protection scope	Boot process (secure boot, measured boot)	Boot process + runtime (memory encryption)
Memory encryption	No	Yes — AMD SEV-SNP encrypts VM memory
Hypervisor access	Hypervisor can access VM memory	Hypervisor CANNOT access VM memory
Attestation	Boot integrity only	Full runtime attestation
vTPM	Yes (virtualised)	Yes (hardware-backed)
Cost	No additional cost over standard VMs	Premium pricing (10-30 percent more)
VM size availability	Broad — most sizes supported	Limited — specific DCas_v5 and ECas_v5 sizes
Performance impact	Minimal	Slight overhead from memory encryption
OS disk encryption	Standard Azure disk encryption	Confidential OS disk encryption (encrypted by VM, not platform)
Best for	General security hardening (recommended for all VMs)	Highly sensitive workloads requiring maximum isolation

Cost and performance considerations

Factor	Impact
VM pricing	Confidential VM sizes (DCas_v5, ECas_v5) cost 10-30 percent more than equivalent standard sizes
Size availability	Limited to specific SKUs — fewer size options than standard VMs
Region availability	Not available in all Azure regions
Performance	Memory encryption adds slight CPU overhead (typically 2-5 percent)
Compatibility	Some extensions and features may not be supported on confidential VMs

🏛️ JC uses confidential VMs for the classified workload: “Most of our 3,000 session hosts use Trusted Launch — it is free and covers boot protection. But our 50 classified workstations use confidential VMs. The data those analysts process cannot be visible to anyone — not even Azure infrastructure. The cost premium is justified for that tier.”

💡 Exam tip: Trusted Launch is the default recommendation

Unless the scenario explicitly mentions requirements like “data must be protected from the cloud provider” or “memory-level encryption required,” the answer is Trusted Launch, not confidential VMs. Trusted Launch is free, widely supported, and recommended for all AVD session hosts. Confidential VMs are the answer only when the scenario demands protection beyond boot integrity — specifically runtime memory isolation.

Layered threat protection summary

Layer	Technology	Protects Against
Application	WDAC	Unauthorised applications, unsigned code
Application	Controlled Folder Access	Ransomware writing to protected folders
Boot	Trusted Launch (Secure Boot + vTPM)	Rootkits, bootkits, firmware attacks
Runtime	Confidential VMs (SEV-SNP)	Memory-level attacks, hypervisor access

Question

What is the key difference between WDAC and AppLocker?

Click or press Enter to reveal answer

Answer

WDAC enforces at the kernel level (very hard to bypass), while AppLocker enforces at the user level via a Windows service (can be bypassed by stopping the service). Microsoft recommends WDAC for new deployments.

Click to flip back

Question

What does Controlled Folder Access protect against?

Click or press Enter to reveal answer

Answer

Ransomware and unauthorised modifications to protected folders (Documents, Desktop, Pictures, etc.). Only trusted applications can write to these folders. FSLogix processes must be added to the allowed list.

Click to flip back

Question

What three components make up Trusted Launch?

Click or press Enter to reveal answer

Answer

1. Secure Boot (only signed boot loaders can load), 2. vTPM (virtual TPM for key storage and measurements), 3. Measured Boot (records boot components for integrity verification).

Click to flip back

Question

When should you choose confidential VMs over Trusted Launch for AVD?

Click or press Enter to reveal answer

Answer

When the scenario requires runtime memory encryption — protecting data from even the cloud provider/hypervisor. Typical triggers: classified data, regulatory requirements for hardware-level isolation, or scenarios stating data must be 'protected from all parties including the cloud provider.'

Click to flip back

Question

Can Trusted Launch be added to an existing AVD session host VM?

Click or press Enter to reveal answer

Answer

No. Trusted Launch must be enabled at VM creation time. To add it to existing session hosts, you must redeploy them with Trusted Launch enabled. This means creating a new image or updating the host pool template.

Click to flip back

Knowledge Check

Raj is deploying WDAC on TerraStack's pooled AVD session hosts. After switching from audit mode to enforce mode, several users report that a legitimate accounting application is blocked. What is the best course of action?

ADisable WDAC entirely and use AppLocker insteadBSwitch WDAC back to audit mode, add the accounting application to the policy, then re-enforceCGive users local admin rights so they can approve the applicationDUninstall WDAC from the golden image and redeploy

Check Answer

Knowledge Check

JC needs session hosts that protect classified data from all parties, including the Azure hypervisor. The VMs must encrypt data in memory during processing. Which technology should JC use?

ATrusted Launch with Secure Boot and vTPMBAzure Disk Encryption with customer-managed keysCAzure confidential VMs with AMD SEV-SNPDBitLocker encryption managed by Intune

Check Answer

Knowledge Check

Mia wants to protect patient data folders on clinical session hosts from ransomware. The session hosts use FSLogix for profile management. After enabling Controlled Folder Access, users report they cannot save files to their Documents folder. What is the fix?

ADisable Controlled Folder Access — it is not compatible with FSLogixBAdd FSLogix processes (frxsvc.exe, frxccds.exe) to the Controlled Folder Access allowed applications listCMove user Documents to a network share that is not protected by Controlled Folder AccessDSwitch from FSLogix to local profiles

Check Answer

🎬 Video coming soon

Threat Protection and Confidential VMs

---

Next up: FSLogix Profile Containers — moving into Domain 3, we explore how FSLogix attaches user profiles as virtual disks, configuration options, and storage backend choices.