You can create a virtual machine in vSphere to use Virtualization-based security (VBS). Using a virtual machine enabled with VBS provides better protection from vulnerabilities within and malicious exploits to the operating system.
Prerequisites
- Microsoft Windows 10 (64-bit) or Windows Server 2016 (64-bit) or later operating system.
- Familiarize yourself with the custom configuration parameters for virtual machines. See Virtual Machine Custom Configuration Parameters.
Note: VBS is not supported for vGPU enabled virtual machines. URL Content Redirection and scanner redirection might not work properly with VBS enabled.
Procedure
- Log in to vSphere Client.
- Right-click any inventory object that is a valid parent object of a virtual machine, such as a data center, folder, cluster, resource pool, or host, and select New Virtual Machine.
- Select Create a new virtual machine and click Next.
- Follow the prompts to specify the virtual machine custom options.
- On the Select a guest OS page, select Windows as the guest OS and select Microsoft Windows 10 (64-bit) as the guest OS version. Then, select Enable Windows Virtualization Based Security.
- To deploy automated desktop pools that contain full virtual machines or instant clones, on the Customize hardware page, verify that you do not add any Trusted Platform Module (vTPM) device. Connection Server adds a vTPM device to each virtual machine during the desktop pool creation process.
- Follow the prompts to complete the virtual machine setup and click Finish to create the virtual machine.
What to do next
- Install the Windows 10 (64-bit) or Windows Server 2016 (64-bit) or later operating system on the virtual machine.
- On Windows 10, enable the VBS group policy. For more information, consult the article "Enable virtualization-based protection of code integrity" in the Microsoft documentation. Then reboot the virtual machine.
- On Windows Server 2016 and later builds, enable the VBS group policy, install the Hyper-V role and reboot the virtual machine.