I would disagree with that. If you are undertaking a Windows 10 deployment, you should be doing everything in your power to get to UEFI, and turning on Credential Guard. (And using LAPS).
Those two items will provide you with protection against Pass the Hash / Pass the Ticket attacks, which are used in almost all / most reported breaches. Especially with the MGR2GPT tool in Win 10 1703, getting to UEFI is even easier as you can do it along with In Place upgrades. I think the biggest reason to upgrade to Win10 is security, and why would you upgrade to Win10, and leave it just as open to attack as Win 7? Device Guard is a different topic. Very secure, but at a cost of administrative overhead that I haven’t seen many take on yet. Chris Barnes MCSE: Private Cloud|MCSE: Cloud Platform & Infrastructure Coretek Services | Microsoft Delivery Manager • 248.767.4415 cell • chris.bar...@coretekservices.com • http://www.coretekservices.com<http://www.coretekservices.com/> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Adam Juelich Sent: Tuesday, March 21, 2017 8:57 AM To: mssms@lists.myitforum.com Subject: Re: [mssms] UEFI transfering You do not NEED to move to UEFI at this point. You DO however if you want to leverage things like Device Guard and Credential Guard. That is up to your organization to decide. If some of those secure things aren't a priority or necessity I would start leveraging UEFI for newer machines and support Legacy BIOS on your old machines until they are refreshed. Just my opinion, as every industry is different and has different priorities. On Mon, Mar 20, 2017 at 3:46 PM, Kevin Ray <kevinalive...@gmail.com<mailto:kevinalive...@gmail.com>> wrote: Hi All, I don't have knowledge on Bios upgrades. I would like to get more understanding on UEFI. So if a company wants to migrate windows 10 .. Do i need to check their machines current BIOS Setting related to UEFI ..What kind of instruction i need to check related to BIOS
