Enable or Disable Virtualization-based Security on an Existing VM in the Host Client

You can change the level of security of a virtual machine by enabling or disabling Microsoft virtualization-based security (VBS) on existing virtual machines for supported Windows guest operating systems.

Prerequisites

Using Intel CPUs for VBS requires vSphere 6.7 or later. The virtual machine must have been created using hardware version 14 or later and one of the following supported guest operating systems:

Windows 10 (64 bit)
Windows Server 2016 (64 bit)
Windows Server 2019 (64 bit)

Using AMD CPUs for VBS requires vSphere 7.0 Update 2 or later. The virtual machine must have been created using hardware version 18 or later and one of the following supported guest operating systems:

Windows 10 (64 bit), version 1809
Windows Server 2019 (64 bit)

Ensure that you install the latest patches for Windows 10, version 1809, and Windows Server 2019, before enabling VBS.

Procedure

Click Virtual Machines in the VMware Host Client inventory.
Right-click a virtual machine in the list and select Edit settings from the pop-up menu.
On the VM Options tab, enable or disable VBS for the virtual machine.
- To enable VBS for the virtual machine, select the Enable Virtualization Based Security check box.
- To disable VBS for the virtual machine, deselect the Enable Virtualization Based Security check box.
When you enable VBS, several options are automatically selected and become dimmed in the wizard.
Click Save to close the wizard.