Support Additional LSA Protection
The LSA, which includes the Local Security Authority Server Service (LSASS) process, validates users for local and remote sign-ins and enforces local security policies.
LSA can be configured to run as a protected process, to make attacks such as pass-the-hash more difficult. For more information on running enabling additional LSA protection:
KACE looks to implement an LSA plug-in (KaceCredentialProvider.dll), which would need to support running LSA in this way.
Support case SR4837981 confirmed this isn't something Quest currently supports.