In November 2020, Microsoft took the wraps off its Pluton security chip, with the goal of bringing it to all Windows 10 PCs. It wasn’t until today, January 4, that any of Microsoft’s OEMs announced their first Pluton-powered PCs.
At CES, Lenovo unveiled its Ryzen-6000-based ThinkPad Z series laptops running Windows 11, which will integrate the Microsoft Pluton processor. The coming ThinkPad Z series laptops will begin shipping in May 2022. Thanks to Pluton, these devices will be able to receive updated firmware using Windows Update. In the ThinkPad Z13 and Z16, Pluton will help protect Windows Hello credentials, according to Microsoft, by further isolating them from attackers. These new ThinkPads will use Pluton as their TPMs to protect encryption keys from physical attacks, Microsoft officials said.
Microsoft pioneered Pluton first in Azure Sphere, its Linux-based microcontroller, and in Xbox. In a January 4 blog post, Microsoft officials noted that Pluton can be configured in three ways: As the Trusted Platform Module (TPM); as a security processor for non-TPM scenarios like platform resiliency; or inside a device where OEMs have opted to ship with the chip turned off.
Windows will be able to use Pluton to securely integrate with other hardware security components in a way that gives Windows users and IT admins resiliency signals that can be used for zero-trust conditional access, officials added. At some point in the future, these signals will be reported to services like Intune through the Azure Attestation service, officials said.
Microsoft’s blog post said that “in the future” there will be additional support from OEM partners for Pluton.