Enabling VBS and vTPM for an Instant-Clone Desktop Pool

You can enable Microsoft VBS and add a Virtual Trusted Platform Module (vTPM) device to instant-clone desktop pools.

To set up the Key Management Server cluster, which is a prerequisite, see "Set up the Key Management Server Cluster" in the vSphere Security document in the vSphere documentation..

For compatibility requirements, see "Securing Virtual Machines with Virtual Trusted Platform Module" in the vSphere Security document in the vSphere documentation.

The golden image used for vTPM instant-clone desktop pools must have VBS enabled when creating the VM and the local security policy set to enable VBS inside the guest operating system.

You can also select or deselect the option to add or remove a vTPM during a push-image operation.

Note: Horizon does not use Smart Provisioning on instant clones configured with vTPM.

Caution: Instant Clone Sysprep customization does not support adding vTPM device for clones. Enabling this option leads to unpredictable behavior.