You can enable Microsoft virtualization-based security (VBS) on existing virtual machines for supported Windows guest operating systems.


Enabling VBS is a process that involves first enabling VBS in the virtual machine then enabling VBS in the guest operating system.
Note: New virtual machines configured for Windows 10, Windows Server 2016, and Windows Server 2019 on hardware versions less than version 14 are created using Legacy BIOS by default. If you change the firmware type of a virtual machine from Legacy BIOS to UEFI, you must reinstall the guest operating system.

Intel hosts are recommended. See the vSphere Security documentation for information about acceptable CPUs and VBS best practices.

For more information about activating VBS on virtual machines on AMD platforms, see the VMware KB article at

The virtual machine must have been created using hardware version 14 or later, UEFI firmware, and one of the following supported guest operating systems:
  • Windows 10 (64) bit or later releases
  • Windows Server 2016 (64 bit) or later releases


  1. Click Virtual Machines in the VMware Host Client inventory.
  2. Right-click a virtual machine in the list and select Edit settings from the pop-up menu.
  3. On the VM Options tab, enable or disable VBS for the virtual machine.
    • Select the Enable Virtualization Based Security check box to enable VBS for the virtual machine.
    • Deselect the Enable Virtualization Based Security check box to disable VBS for the virtual machine.
    When you enable VBS, several options are automatically selected and become dimmed in the wizard.
  4. Click Save.