Device Guard relies on Windows 10’s virtualization-based security to allow only trusted applications to run on devices.
Microsoft Device Guard is a feature set that consists of both hardware and software system integrity hardening features that revolutionize the Windows operating system’s security. Windows 10 employs Device Guard as well as code integrity and advanced hardware features such as CPU virtualization extensions, Trusted Platform Module, and second-level address translation to offer comprehensive modern security to its users.
You can learn more about this feature here
Credential Guard protects corporate identities by isolating them in a hardware-based virtual environment. Microsoft isolates critical Windows services in the virtual machine to block attackers from tampering with the kernel and other sensitive processes. The new features rely on the same hypervisor technology already used by Hyper-V.
Credential Guard offers the following features and solutions:
Using hardware-based virtualization to extend whitelisting and protecting credentials. Hardware-Based security has the advantage of platform security features, such as Secure Boot and virtualization to increase security
Microsoft has also fixed the issue that could result in to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket, with, Credential Guard. This new technology uses virtualization-based security to isolate secrets so that only privileged system software can access them when they are stored on disk or in memory.
You can learn more about Credential Guard here
Windows Hello is a more personal, more secure way to get instant access to your Windows 10 devices using fingerprint, face, or eye recognition. Most PCs with fingerprint readers are ready to use Windows Hello now, and more devices that can recognize your face and iris are coming soon. For face recognition you will need a special camera like the Intel® RealSense™ .
You can learn more about Hello here