I'm using Credential Guard *and* the ASR rule to block credential theft. Having the defense in depth doesn't affect performance meaningfully and helps keep desktops covered in the event of TPM failure.
www.000webhost.com