You can activate Microsoft virtualization-based security (VBS) for supported Windows guest operating systems at the same time you create a virtual machine.

Configuring VBS is a process that involves first activating VBS in the virtual machine then activating VBS in the Windows guest OS.

Prerequisites

See vSphere Virtualization-based Security Best Practices for acceptable CPUs.

Using Intel CPUs for VBS requires vSphere 6.7 or later. Create a virtual machine that uses hardware version 14 or later and one of the following supported guest operating systems:

  • Windows 10 (64 bit) or later releases
  • Windows Server 2016 (64 bit) or later releases

Using AMD CPUs for VBS requires vSphere 7.0 Update 2 or later. Create a virtual machine that uses hardware version 19 or later and one of the following supported guest operating systems:

  • Windows 10 (64 bit), version 1809 or later releases
  • Windows Server 2019 (64 bit) or later releases

Ensure that you install the latest patches for Windows 10, version 1809, and Windows Server 2019, before activating VBS.

For more information about activating VBS on virtual machines on AMD platforms, see the VMware KB article at https://kb.vmware.com/s/article/89880.

Procedure

  1. Connect to vCenter Server by using the vSphere Client.
  2. Select an object in the inventory that is a valid parent object of a virtual machine, for example, an ESXi host or a cluster.
  3. Right-click the object, select New Virtual Machine, and follow the prompts to create a virtual machine.
    Option Action
    Select a creation type Create a virtual machine.
    Select a name and folder Specify a name and target location.
    Select a compute resource Specify an object for which you have privileges to create virtual machines.
    Select storage In the VM storage policy, select the storage policy. Select a compatible datastore.
    Select compatibility Intel CPU: Ensure that ESXi 6.7 and later is selected.

    AMD CPU: Ensure that ESXi 7.0 U2 and later is selected.
    Select a guest OS Select the Windows guest operating system option that best corresponds to operating system release.

    Select the Enable Windows Virtualization Based Security check box.
    Customize hardware Customize the hardware, for example, by changing disk size or CPU.
    Ready to complete Review the information and click Finish.

Results

The Virtual Machine Details tile under the Summary tab displays "Virtualization Based Security - Enable".

What to do next

See Activate Virtualization-based Security on the Guest Operating System.