Microsoft Pluton Is Getting Hammered By Intel vPro

Only Lenovo offers the security solution developed with Intel, AMD and Qualcomm; other PC makers seem perfectly content with existing in-house or Intel-based vPro solutions; and one solution provider says his clients have ‘never even heard of Pluton.’

Microsoft Pluton, the hardware-driven security solution once touted by the software giant as the future of PC security, is getting its clock cleaned by Intel’s popular vPro security solution, partners told CRN.

Pluton is receiving the cold shoulder from PC makers who have adopted vPro as part and parcel of the chip maker’s processors over the course of the last nine years.

Dell Technologies is the latest to break the news that it would not include the technology in its upcoming commercial PCs.

Lenovo, for its part, offers Pluton only in ThinkPads with AMD Ryzen 6000 and Qualcomm’s Snapdragon 8cx Gen 3 chips. But the world’s largest PC manufacturer disables the feature by default.

HP, Acer and Asus, meanwhile, did not comment on whether they are supporting Pluton.

Partners told CRN they see Pluton as a no show in the battle to deliver security features in silicon.

“I don’t know why anyone would choose (Pluton) over Intel vPro,” said Joshua Boyd, president and CEO of Nashville, Tenn.-based Computer Pros. “Intel is a lot more trusted when it comes to privacy. Most of the clients I’ve worked with have never even heard of Pluton.”

Pluton was supposed to be “the next big thing,” but it simply has not gotten traction with PC OEMs, said Bob Venero, CEO of Fort Lauderdale, Fla.-based Future Tech Enterprises.“It makes sense as a concept,” he said. “But it’s going to come down to whether OEMs are going to buy in.”

It wouldn’t be the first time that Microsoft made a play outside its wheelhouse that didn’t work out, Venero noted. “They have a history of starts and stops,” he said. “Just think of the Windows Phone. Microsoft is a software company. But they are tightly integrated into what’s going on, so who knows?”

Intel, which helped develop the hardware-level technology along with AMD and Qualcomm, has not included Pluton in its 12th Gen Intel Core “Alder Lake” processors, all but assuring its absence in many 2022 PC releases. And with Intel pushing its own vPro security products, it seems an unlikely future prospect.

Intel told CRN that it has offered “equivalent” security capabilities for the past 9 years with its Intel Platform Trust Technology (PTT). Clearly, the company is pushing its own technology in favor of Pluton.

Intel said it offers security “based on trusted hardware that has been established in the PC market for years with billions of users… we have long offered the equivalent of Microsoft Pluton.”

That said, Intel insisted it “remains committed to working with Microsoft to further advance security for the modern PC,” a company spokesperson said in a statement to CRN.

Earlier this month, Stephanie Hallford, the head of Intel’s vPro business told CRN that the company would be expanding its vPro security solution to small- to medium-sized businesses. Of Pluton, Hallford said, “I think it’s important that the whole industry continues to raise the bar by utilizing different security. But… this is something that we’re true, tried and experienced with… we’ve been doing this in the PC industry for years with hundreds of millions (of devices), it‘s really no competition there.”

Searching for the ‘on’ switch

Pluton uses similar technology that secured 2013 Xbox One units, adding a co-processor in silicon to secure stored encryption keys and other sensitive information. The thinking is that keeping that info stored close to the CPU cores would foil efforts to extract the info from less secure areas. Microsoft calls Pluton “chip-to-cloud” security, using a chip built into the CPU to “eliminate entire vectors of attack.” The security solution was introduced in a blog post in November 2020.

A Microsoft spokesperson said in a statement that Pluton offers this flexibility by design. “Pluton can be configured by OEMs or the end customer in several ways: as the Trusted Platform Module (TPM) 2.0 for the system; as a CPU embedded security processor used for non-TPM scenarios such as platform resiliency; or they can choose to turn one or both of these capabilities off.”

A spokesperson for Dell told CRN that commercial buyers shouldn’t expect to see Pluton protection in their PCs anytime soon. “Pluton architecture depends on support within the SoC – versus a separate “chip” – and is a different approach to hardware capabilities,” Dell said in a statement. “At this time, Pluton does not align with our hardware security approach in our commercial PCs… But with all new technologies, we will continue to evaluate Pluton to see how it compares against existing TPM implementations in the future.”

Dell says it has made many investments over the last decade in security. “When it comes to endpoint security, our holistic approach includes both software-based, “above the OS” protections and hardware-based, “below the OS” capabilities to protect against traditional/emerging attacks and threats at the deepest levels of a device.”

Microsoft doesn’t seem concerned by the slow rollout. “As with any novel hardware technology, adoption is based on roadmap, supply chain and unique customer needs so implementation takes time… Microsoft is committed to working with partners and customers in the coming months to continue to bolster security with Pluton.”

Several channel partners contacted said they didn’t know enough about Pluton to comment. Computer Pros’ Boyd said that might be part of the problem. “(Microsoft’s marketing team) just haven’t been there with the marketing,” he said.