You can enable Microsoft virtualization-based security (VBS) for supported Windows guest operating systems.

You enable VBS from within the Windows Guest OS. Windows configures and enforces VBS through a Group Policy Object (GPO). The GPO gives you the ability to turn off and on the various services, such as Secure Boot, Device Guard, and Credential Guard, that VBS offers. Certain Windows versions also require you to perform the additional step of enabling the Hyper-V platform.

See Microsoft's documentation about deploying Device Guard to enable virtualization-based security for details.

Prerequisites

  • Ensure that virtualization-based security has been enabled on the virtual machine.

Procedure

  1. In Microsoft Windows, edit the group policy to turn on VBS and choose other VBS-related security options.
  2. (Optional) For Microsoft Windows versions less than Redstone 4, in the Windows Features control panel, enable the Hyper-V platform.
  3. Reboot the guest operating system.