You can enable Microsoft virtualization-based security (VBS) for supported Windows guest operating systems at the same time you create a virtual machine.

Enabling VBS is a process that involves first enabling VBS in the virtual machine then enabling VBS in the Windows guest OS.


Intel hosts are recommended. See Virtualization-based Security Best Practices for acceptable CPUs.

Create a virtual machine that uses hardware version 14 or later and one of the following supported guest operating systems:

  • Windows 10 (64 bit)

  • Windows Server 2016 (64 bit)


  1. Connect to vCenter Server by using the vSphere Client.
  2. Select an object in the inventory that is a valid parent object of a virtual machine, for example, an ESXi host or a cluster.
  3. Right-click the object, select New Virtual Machine, and follow the prompts to create a virtual machine.



    Select a creation type

    Create a virtual machine.

    Select a name and folder

    Specify a name and target location.

    Select a compute resource

    Specify an object for which you have privileges to create virtual machines.

    Select storage

    In the VM storage policy, select the storage policy. Select a compatible datastore.

    Select compatibility

    Ensure that ESXi 6.7 and later is selected.

    Select a guest OS

    Select either Windows 10 (64-bit) or Windows Server 2016 (64 bit). Select the Enable Windows Virtualization Based Security check box.

    Customize hardware

    Customize the hardware, for example, by changing disk size or CPU.

    Ready to complete

    Review the information and click Finish.


Once the virtual machine is created, confirm that its Summary tab displays "VBS true" in the Guest OS description.

What to do next

See Enable Virtualization-based Security on the Guest Operating System.