--- title: VirtualizationBasedTechnology Policy CSP description: Learn more about the VirtualizationBasedTechnology Area in Policy CSP. ms.date: 01/18/2024 --- # Policy CSP - VirtualizationBasedTechnology ## HypervisorEnforcedCodeIntegrity | Scope | Editions | Applicable OS | |:--|:--|:--| | ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later | ```Device ./Device/Vendor/MSFT/Policy/Config/VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity ``` Hypervisor-Protected Code Integrity: 0 - Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock, 1 - Turns on Hypervisor-Protected Code Integrity with UEFI lock, 2 - Turns on Hypervisor-Protected Code Integrity without UEFI lock. **Description framework properties**: | Property name | Property value | |:--|:--| | Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | **Allowed values**: | Value | Description | |:--|:--| | 0 (Default) | (Disabled) Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock. | | 1 | (Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock. | | 2 | (Enabled without lock) Turns on Hypervisor-Protected Code Integrity without UEFI lock. | **Group policy mapping**: | Name | Value | |:--|:--| | Name | VirtualizationBasedSecurity | | Friendly Name | Turn On Virtualization Based Security | | Element Name | Virtualization Based Protection of Code Integrity. | | Location | Computer Configuration | | Path | System > Device Guard | | Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\DeviceGuard | | ADMX File Name | DeviceGuard.admx | ## RequireUEFIMemoryAttributesTable | Scope | Editions | Applicable OS | |:--|:--|:--| | ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later | ```Device ./Device/Vendor/MSFT/Policy/Config/VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable ``` Require UEFI Memory Attributes Table. **Description framework properties**: | Property name | Property value | |:--|:--| | Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | **Allowed values**: | Value | Description | |:--|:--| | 0 (Default) | Don't require UEFI Memory Attributes Table. | | 1 | Require UEFI Memory Attributes Table. | **Group policy mapping**: | Name | Value | |:--|:--| | Name | VirtualizationBasedSecurity | | Friendly Name | Turn On Virtualization Based Security | | Element Name | Require UEFI Memory Attributes Table. | | Location | Computer Configuration | | Path | System > Device Guard | | Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\DeviceGuard | | ADMX File Name | DeviceGuard.admx | ## Related articles [Policy configuration service provider](policy-configuration-service-provider.md)