Activate Virtualization-based Security on the Guest Operating System

You can activate Microsoft virtualization-based security (VBS) for supported Windows guest operating systems.

You activate VBS from within the Windows Guest OS. Windows configures and enforces VBS through a Group Policy Object (GPO). The GPO gives you the ability to turn off and on the various services, such as Secure Boot, Device Guard, and Credential Guard, that VBS offers. Certain Windows versions also require you to perform the additional step of enabling the Hyper-V platform.

See Microsoft's documentation about deploying Device Guard to activate virtualization-based security for details.

Prerequisites

Ensure that virtualization-based security has been activated on the virtual machine.

Procedure

In Microsoft Windows, edit the group policy to turn on VBS and choose other VBS-related security options.
(Optional) For Microsoft Windows versions less than Redstone 4, in the Windows Features control panel, enable the Hyper-V platform.
Reboot the guest operating system.