You can enable Microsoft virtualization-based security (VBS) on existing virtual machines for supported Windows guest operating systems.

Enabling VBS is a process that involves first enabling VBS in the virtual machine then enabling VBS in the guest OS.

Note: New virtual machines configured for Windows 10, Windows Server 2016, and Windows Server 2019 on hardware versions less than version 14 are created using Legacy BIOS by default. If you change the virtual machine's firmware type from Legacy BIOS to UEFI, you must reinstall the guest operating system.


Intel hosts are recommended. See Virtualization-based Security Best Practices for acceptable CPUs.

The virtual machine must have been created using hardware version 14 or later, UEFI firmware, and one of the following supported guest operating systems:

  • Windows 10 (64 bit) or later releases
  • Windows Server 2016 (64 bit) or later releases


  1. In the vSphere Client, browse to the virtual machine.
  2. Right-click the virtual machine and select Edit Settings.
  3. Click the VM Options tab.
  4. Check the Enable check box for Virtualization Based Security.
  5. Click OK.


Confirm that the virtual machine's Summary tab displays "VBS true" in the Guest OS description.

What to do next

See Enable Virtualization-based Security on the Guest Operating System.