Skip to content

Latest commit

 

History

History
152 lines (117 loc) · 6.08 KB

policy-csp-virtualizationbasedtechnology.md

File metadata and controls

152 lines (117 loc) · 6.08 KB

untracked files:

title: VirtualizationBasedTechnology Policy CSP description: Learn more about the VirtualizationBasedTechnology Area in Policy CSP. ms.date: 2025-02-04

Policy CSP - VirtualizationBasedTechnology

HypervisorEnforcedCodeIntegrity

Scope Editions Applicable OS
✅ Device
❌ User		 ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC		 ✅ Windows 11, version 21H2 [10.0.22000] and later 
./Device/Vendor/MSFT/Policy/Config/VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity

Hypervisor-Protected Code Integrity: 0 - Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock, 1 - Turns on Hypervisor-Protected Code Integrity with UEFI lock, 2 - Turns on Hypervisor-Protected Code Integrity without UEFI lock.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) (Disabled) Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock.
1 (Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock.
2 (Enabled without lock) Turns on Hypervisor-Protected Code Integrity without UEFI lock.

Group policy mapping:

Name Value
Name VirtualizationBasedSecurity
Friendly Name Turn On Virtualization Based Security
Element Name Virtualization Based Protection of Code Integrity.
Location Computer Configuration
Path System > Device Guard
Registry Key Name SOFTWARE\Policies\Microsoft\Windows\DeviceGuard
ADMX File Name DeviceGuard.admx

RequireUEFIMemoryAttributesTable

Scope Editions Applicable OS
✅ Device
❌ User		 ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC		 ✅ Windows 11, version 21H2 [10.0.22000] and later 
./Device/Vendor/MSFT/Policy/Config/VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable

Require UEFI Memory Attributes Table.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) Don't require UEFI Memory Attributes Table.
1 Require UEFI Memory Attributes Table.

Group policy mapping:

Name Value
Name VirtualizationBasedSecurity
Friendly Name Turn On Virtualization Based Security
Element Name Require UEFI Memory Attributes Table.
Location Computer Configuration
Path System > Device Guard
Registry Key Name SOFTWARE\Policies\Microsoft\Windows\DeviceGuard
ADMX File Name DeviceGuard.admx

Related articles

Policy configuration service provider