From 218d92239ff5bd8229c33952bbcaa373cdb2eed6 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Thu, 25 Nov 2021 17:35:28 +0530
Subject: [PATCH 1/3] Added new VirtualizationBasedTechnology.md for policies

Added new file: VirtualizationBasedTechnology.md to include missing policies:

-
VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity
- VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable
---
 .../policy-configuration-service-provider.md  |  11 ++
 ...olicy-csp-virtualizationbasedtechnology.md | 181 ++++++++++++++++++
 windows/client-management/mdm/toc.yml         |   2 +
 3 files changed, 194 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md

diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index bbd3101f94..b95d387e6b 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -8797,6 +8797,17 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
+### VirtualizationBasedTechnology policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-virtualizationbasedtechnology.md#virtualizationbasedtechnology-hypervisorenforcedcodeintegrity" id="virtualizationbasedtechnology-hypervisorenforcedcodeintegrity">VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-virtualizationbasedtechnology.md#virtualizationbasedtechnology-requireuefimemoryattributestable" id="virtualizationbasedtechnology-requireuefimemoryattributestable">VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable</a>
+  </dd>
+</dl>
+
 ### Wifi policies
 
 <dl>
diff --git a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
new file mode 100644
index 0000000000..0640cb8d99
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
@@ -0,0 +1,181 @@
+---
+title: Policy CSP - VirtualizationBasedTechnology
+description: Learn to use the Policy CSP - VirtualizationBasedTechnology setting to control the state of Hypervisor-protected Code Integrity (HVCI) on devices.
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: aljupudi
+ms.localizationpriority: medium
+ms.date: 11/25/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - VirtualizationBasedTechnology
+
+<hr/>
+
+<!--Policies-->
+## VirtualizationBasedTechnology policies
+
+<dl>
+  <dd>
+    <a href="#virtualizationbasedtechnology-hypervisorenforcedcodeintegrity">VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity</a>
+  </dd>
+  <dd>
+    <a href="#virtualizationbasedtechnology-requireuefimemoryattributestable">VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="virtualizationbasedtechnology-hypervisorenforcedcodeintegrity"></a>**VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Allows the IT admin to control the state of Hypervisor-protected Code Integrity (HVCI) on devices. HVCI is a feature within Virtualization Based Security, and is frequently referred to as Memory integrity. Learn more [here](/windows-hardware/design/device-experiences/oem-vbs).
+
+>[!NOTE]
+>After the policy is pushed, a system reboot will be required to change the state of HVCI.
+
+<!--/Description-->
+<!--SupportedValues-->
+The following are the supported values:
+
+- 0: (Disabled) Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock
+- 1: (Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock
+- 2: (Enabled without lock) Turns on Hypervisor-Protected Code Integrity without UEFI lock
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="virtualizationbasedtechnology-requireuefimemoryattributestable"></a>**VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Allows the IT admin to control the state of Hypervisor-protected Code Integrity (HVCI) on devices. HVCI is a feature within Virtualization Based Security, and is frequently referred to as Memory integrity. Learn more [here](/windows-hardware/design/device-experiences/oem-vbs).
+
+>[!NOTE]
+>After the policy is pushed, a system reboot will be required to change the state of HVCI.
+
+<!--/Description-->
+<!--SupportedValues-->
+
+The following are the supported values:
+
+- 0: (Disabled) Do not require UEFI Memory Attributes Table
+- 1: (Enabled) Require UEFI Memory Attributes Table
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+<hr/>
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 7a1fa1b52f..6ac4cc4a3d 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -831,6 +831,8 @@ items:
               href: policy-csp-update.md
             - name: UserRights
               href: policy-csp-userrights.md
+            - name: VirtualizationBasedTechnology
+              href: policy-csp-virtualizationbasedtechnology.md
             - name: Wifi
               href: policy-csp-wifi.md
             - name: WindowsConnectionManager

From cfbd96d72542491d2145dbcdaa80f1253238456f Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Fri, 26 Nov 2021 11:47:25 +0530
Subject: [PATCH 2/3] author name fix

---
 .../mdm/policy-csp-virtualizationbasedtechnology.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
index 0640cb8d99..be76aebb53 100644
--- a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
+++ b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: aljupudi
+author: alekyaj
 ms.localizationpriority: medium
 ms.date: 11/25/2021
 ms.reviewer: 

From aa4250bac339d6023354a0e8164ccfab4ffcf64b Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Wed, 8 Dec 2021 14:21:05 +0530
Subject: [PATCH 3/3] Update policy-csp-virtualizationbasedtechnology.md

---
 ...olicy-csp-virtualizationbasedtechnology.md | 80 ++++---------------
 1 file changed, 16 insertions(+), 64 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
index be76aebb53..2ca5d714a9 100644
--- a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
+++ b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
@@ -35,38 +35,14 @@ manager: dansimp
 <a href="" id="virtualizationbasedtechnology-hypervisorenforcedcodeintegrity"></a>**VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity**  
 
 <!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Edition</th>
-    <th>Windows 10</th>
-    <th>Windows 11</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-</table>
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 <!--/SupportedSKUs-->
 <hr/>
@@ -108,38 +84,14 @@ The following are the supported values:
 <a href="" id="virtualizationbasedtechnology-requireuefimemoryattributestable"></a>**VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable**  
 
 <!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Edition</th>
-    <th>Windows 10</th>
-    <th>Windows 11</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-</table>
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 <!--/SupportedSKUs-->
 <hr/>