You can enable Microsoft virtualization-based security (VBS) for supported Windows guest operating systems at the same time you create a virtual machine.

Enabling VBS is a process that involves first enabling VBS in the virtual machine then enabling VBS in the Windows guest OS.


Intel hosts are recommended. See Virtualization-based Security Best Practices for acceptable CPUs.

Create a virtual machine that uses hardware version 14 or later and one of the following supported guest operating systems:

  • Windows 10 (64 bit) or later releases
  • Windows Server 2016 (64 bit) or later releases


  1. Connect to vCenter Server by using the vSphere Client.
  2. Select an object in the inventory that is a valid parent object of a virtual machine, for example, an ESXi host or a cluster.
  3. Right-click the object, select New Virtual Machine, and follow the prompts to create a virtual machine.
    Option Action
    Select a creation type Create a virtual machine.
    Select a name and folder Specify a name and target location.
    Select a compute resource Specify an object for which you have privileges to create virtual machines.
    Select storage In the VM storage policy, select the storage policy. Select a compatible datastore.
    Select compatibility Ensure that ESXi 6.7 and later is selected.
    Select a guest OS Select the Windows guest operating system option that best corresponds to operating system release.

    Select the Enable Windows Virtualization Based Security check box.

    Customize hardware Customize the hardware, for example, by changing disk size or CPU.
    Ready to complete Review the information and click Finish.


Once the virtual machine is created, confirm that its Summary tab displays "VBS true" in the Guest OS description.

What to do next

See Enable Virtualization-based Security on the Guest Operating System.