Starting with vSphere 6.7, you can enable Microsoft virtualization-based security (VBS) on supported Windows guest operating systems.
Microsoft VBS, a feature of Windows 10 and Windows Server 2016 operating systems, uses hardware and software virtualization to enhance system security by creating an isolated, hypervisor-restricted, specialized subsystem.
VBS permits you to use the following Windows security features to harden your system and isolate key system and user secrets from being compromised:
- Credential Guard: Aims to isolate and harden key system and user secrets against compromise.
- Device Guard: Provides a set of features designed to work together to prevent and eliminate malware from running on a Windows system.
- Configurable Code Integrity: Ensures that only trusted code runs from the boot loader onwards.
See the topic on virtualization-based security in the Microsoft documentation for more information.
After you enable VBS for a virtual machine through vCenter Server, you enable VBS within the Windows guest operating system.