Credential Guard is a virtualization-based security (VBS) feature that isolates the Local Security Authority (LSA) subsystem process, storing cached domain credentials and secrets in a protected virtualized container inaccessible to the rest of the operating system. By leveraging the hypervisor to create a secure memory enclave, it prevents malware running with SYSTEM privileges from extracting hashed credentials or Kerberos tickets.
Glossary
Credential Guard

What is Credential Guard?
Credential Guard is a Windows security feature that uses virtualization-based security (VBS) to isolate and protect user login credentials, preventing common credential theft attacks.
This protection directly mitigates Pass-the-Hash (PtH) and Pass-the-Ticket attacks by ensuring that even if an attacker compromises the kernel, they cannot dump the NT hash or TGT session key from the isolated LSAIso.exe process. Credential Guard requires hardware support including a 64-bit CPU with virtualization extensions, SLAT, and a TPM 2.0 for secure key protection.
Key Features of Credential Guard
Credential Guard leverages hardware virtualization and Virtualization-Based Security (VBS) to isolate secrets, preventing the most common credential theft attack vectors.
Hardware-Isolated LSA Protection
Credential Guard moves the Local Security Authority (LSA) process into a separate, isolated virtual machine called the Isolated LSA (LSAIso). This prevents malware running with SYSTEM privileges in the host OS from reading process memory or injecting code to dump hashes. The isolated environment is protected by Second Level Address Translation (SLAT) and I/O MMU virtualization extensions.
Kerberos Ticket Shielding
All Kerberos ticket-granting tickets (TGTs) and NTLM hashes are stored exclusively within the isolated LSAIso process. Even if an attacker compromises the host kernel, they cannot extract these secrets because the isolated environment does not share memory pages with the normal operating system. This directly defeats Pass-the-Hash (PtH) and Pass-the-Ticket attacks.
Trustlet Execution Model
The isolated LSA runs as a trustlet—a small, purpose-built binary executing in Virtual Secure Mode (VSM). Trustlets have a minimal attack surface and communicate with the host OS only through a strictly defined, cryptographically secured RPC channel. This architecture prevents unauthorized code execution within the secure boundary.
Secrets Unsealing via TPM
Credentials stored by Credential Guard are encrypted and sealed to the identity of the machine using the Trusted Platform Module (TPM). The TPM measures the boot chain integrity into Platform Configuration Registers (PCRs). If the boot process is tampered with, the PCR values change, and the TPM refuses to unseal the decryption keys, rendering stolen vault files useless offline.
Defense Against Mimikatz & DCSync
Credential Guard blocks the primary techniques used by tools like Mimikatz to extract credentials. It prevents reading the LSASS process memory, blocks the WDigest protocol from storing plaintext passwords, and restricts the MSV1_0 authentication package. It also mitigates DCSync attacks by protecting domain controller replication secrets when enabled on domain controllers.
Hypervisor-Enforced Code Integrity (HVCI)
Credential Guard is often deployed alongside HVCI, also known as Memory Integrity. HVCI runs inside the same VSM environment and validates that all kernel-mode drivers and binaries are signed and have not been tampered with before allowing them to execute. This prevents rootkits and kernel exploits from disabling Credential Guard's protections.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Frequently Asked Questions
Explore the most common questions about Windows Credential Guard, its architecture, and how it defends against credential theft attacks in enterprise environments.
Credential Guard is a Virtualization-Based Security (VBS) feature introduced in Windows 10 Enterprise and Windows Server 2016 that isolates user credentials in a protected virtualized environment, preventing credential theft attacks like Pass-the-Hash (PtH) and Kerberoasting. It works by leveraging Hyper-V hypervisor technology to create a separate, isolated kernel mode that hosts the Local Security Authority (LSA) process, known as LSAIso. When a user authenticates, the credentials are stored in this isolated vault rather than in the main operating system's memory. Even if an attacker gains SYSTEM-level privileges on the host OS, they cannot access the isolated memory region because the hypervisor enforces strict memory access boundaries. Credential Guard specifically protects NTLM password hashes, Kerberos Ticket Granting Tickets (TGTs), and credentials stored by applications as domain credentials. The feature requires hardware support including Intel VT-x or AMD-V virtualization extensions, Second Level Address Translation (SLAT), and Trusted Platform Module (TPM) 2.0 for optimal security posture.
Related Terms
Credential Guard operates within a broader security architecture. These related concepts form the defense-in-depth strategy required to protect identity in modern Windows and hybrid environments.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us