Starting with vSphere 6.7, you can enable Microsoft virtualization-based security (VBS) on supported Windows guest operating systems.

Microsoft VBS, a feature of Windows 10 and Windows Server 2016 operating systems, uses hardware and software virtualization to enhance system security by creating an isolated, hypervisor-restricted, specialized subsystem.

VBS permits you to use the following Windows security features to harden your system and isolate key system and user secrets from being compromised:

  • Credential Guard: Aims to isolate and harden key system and user secrets against compromise.
  • Device Guard: Provides a set of features designed to work together to prevent and eliminate malware from running on a Windows system.
  • Configurable Code Integrity: Ensures that only trusted code runs from the boot loader onwards.

See the topic on virtualization-based security in the Microsoft documentation for more information.

After you enable VBS for a virtual machine through vCenter Server, you enable VBS within the Windows guest operating system.