You can enable Microsoft VBS and add a Virtual Trusted Platform Module (vTPM) device to instant-clone desktop pools.

To set up the Key Management Server cluster, which is a prerequisite, see "Set up the Key Management Server Cluster" in the vSphere Security document in the vSphere documentation..

For compatibility requirements, see "Securing Virtual Machines with Virtual Trusted Platform Module" in the vSphere Security document in the vSphere documentation.

The golden image used for vTPM instant-clone desktop pools must have VBS enabled when creating the VM and the local security policy set to enable VBS inside the guest operating system.

You can also select or deselect the option to add or remove a vTPM during a push-image operation.