Working with WDAC Policies in Azure Stack HCI 23H2
One of the great steps forward for Azure Stack HCI 23H2 is its secure by design approach, and (optional) enforcement of a whole host of security baseline defaults out of the box.
These include a bunch of best practice security settings, including HVCI, Boot DMA protection, and a bunch more noted in the screenshot below.
Security Defaults There are also over 300 additional baseline settings deployed and enforced by default, which are documented in GitHub here .