You can activate Microsoft virtualization-based security (VBS) on existing virtual machines for supported Windows guest operating systems.

Configuring VBS is a process that involves first activating VBS in the virtual machine then activating VBS in the guest OS.

Note: New virtual machines configured for Windows 10, Windows Server 2016, and Windows Server 2019 on hardware versions less than version 14 are created using Legacy BIOS by default. If you change the virtual machine's firmware type from Legacy BIOS to UEFI, you must reinstall the guest operating system.

Prerequisites

See vSphere Virtualization-based Security Best Practices for acceptable CPUs.

Using Intel CPUs for VBS requires vSphere 6.7 or later. The virtual machine must have been created using hardware version 14 or later and one of the following supported guest operating systems:

  • Windows 10 (64 bit) or later releases
  • Windows Server 2016 (64 bit) or later releases

Using AMD CPUs for VBS requires vSphere 7.0 Update 2 or later. The virtual machine must have been created using hardware version 19 or later and one of the following supported guest operating systems:

  • Windows 10 (64 bit), version 1809 or later releases
  • Windows Server 2019 (64 bit) or later releases

Ensure that you install the latest patches for Windows 10, version 1809, and Windows Server 2019, before activating VBS.

For more information about activating VBS on virtual machines on AMD platforms, see the VMware KB article at https://kb.vmware.com/s/article/89880.

Procedure

  1. In the vSphere Client, browse to the virtual machine.
  2. Right-click the virtual machine and select Edit Settings.
  3. Click the VM Options tab.
  4. Select the Enable check box for Virtualization Based Security.
  5. Click OK.

Results

The Virtual Machine Details tile under the Summary tab displays "Virtualization Based Security - Enable".

What to do next

See Activate Virtualization-based Security on the Guest Operating System.