raphaelmsx
Member
- Local time
- 10:07 AM
- Posts
- 2
- OS
- Windows 11
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
This has been a problem for months now. Microsoft added the LSA protection toggle to Device Security, just to later remove it. Now the error is still there even tough the option to enable LSA is not present. You can manually enable LSA by editing the registry through regedit. There are tutorials on how to do this, Enable or Disable Local Security Authority (LSA) Protection in Windows 11 Tutorial for example.Hello everyone. I have the same problem as raphaelmsx. I did what is says here: Configuring Additional LSA Protection and couldn't find any event like that. So it means that LSA is indeed off.
I appreciate your advice, Brink, but I don't feel comfortable to change the registry until an official Microsoft fix doesn't appear. What if I do the registry change, and when the official fix comes it isn't compatible with the workaround I did? I just hope Microsoft is aware of these problems.
To tell you some of the story: Since about 4th of May, Windows Security has started to warn me that Local Security Authority protection is off. When I enter Device Security, in Core Isolation, simply there is no option to turn LSA on or off... As you can see in the screenshot also. I don't think I had this problem before 4th of May. Coincidentally or not, on 4th of May, before the problem started (most probably), the Windows Security antimalware platform update has been installed (KB5007651, Version 1.0.2303.28002) through automatic updates on my computer. So I think maybe the update and the problem are connected?
I even reinstalled Windows, hoping this problem would go away, but some time after the reinstallation the same warning appeared. It appeared after I turned on Memory integrity (it wasn't turned on by default after the install), so maybe it is connected with this?
I have written in the Feedback Hub also. Apparently there are others there who have this problem also, there is a collection of topics with this problem that has 520 upvotes.
View attachment 61108 View attachment 61106
Also, maybe you can please help me with the following question? Why does it say "Standard hardware security not supported"? You can check my specs, are they not good enough?
Thank you!
Well, the portion of Secure Boot is missing from your Device Security screenshot. Secure Boot must be enabled to show up in Device Security, otherwise it will give you that error of Standard security not met. See my attachment.Hellon Yeahoww. From what is says here, on a Microsoft official site: Device protection in Windows Security - Microsoft Support
Standard hardware security not supported - This means that your device does not meet at least one of the requirements of standard hardware security. The list of requirements is given a bit earlier on that site:
My laptop has TPM 2.0 enabled. I verified it. So my device has at least one of the requirements. Then, either that Microsoft article has errors, or there is some bug in my system.
- TPM 2.0 (also referred to as your security processor)
- Secure boot enabled
- DEP
- UEFI MAT
As for the LSA problem, thanks for confirming the bug. About the fix you suggested, as I said I don't feel comfortable changing the registry before an official fix comes. It may cause problems for when the fix comes.
I reiterate that according to that Microsoft article, my device should not receive the "Standard hardware security not supported" message since it meets at least one requirement (TPM 2.0).Well, the portion of Secure Boot is missing from your Device Security screenshot. Secure Boot must be enabled to show up in Device Security, otherwise it will give you that error of Standard security not met. See my attachment.
What motherboard do you have? ASUS laptop? See the instructions on this site: [Motherboard] How to enable or disable Secure Boot ? | Official Support | ASUS Global
I bet that OS type is set to "Other" instead of "Windows UEFI mode".
To my experience atleast TPM and Secure boot needs to be enabled to get Standard security. If you enable Memory Integrity you get the message enhanced security.I reiterate that according to that Microsoft article, my device should not receive the "Standard hardware security not supported" message since it meets at least one requirement (TPM 2.0).
But thank you for your suggestion, I will enable Secure Boot at some point and test if I still get the message.