![Working with WDAC Policies in Azure Stack HCI 23H2](http://localhost:1313/2024/07/09/wdac-supplemental-policy.html/header.png)
Working with WDAC Policies in Azure Stack HCI 23H2
One of the great steps forward for Azure Stack HCI 23H2 is its secure by design approach, and (optional) enforcement of a whole host of security baseline defaults out of the box.
These include a bunch of best practice security settings, including HVCI, Boot DMA protection, and a bunch more noted in the screenshot below.
Security Defaults There are also over 300 additional baseline settings deployed and enforced by default, which are documented in GitHub here .