mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00

Liz Long f7c65cd27b meta client management 8

2022-10-24 19:01:48 -04:00

3.6 KiB

Raw Blame History

title, description, ms.author, ms.topic, ms.prod, ms.technology, author, ms.localizationpriority, ms.date, ms.reviewer, manager

title	description	ms.author	ms.topic	ms.prod	ms.technology	author	ms.localizationpriority	ms.date	ms.reviewer	manager
Policy CSP - VirtualizationBasedTechnology	Learn to use the Policy CSP - VirtualizationBasedTechnology setting to control the state of Hypervisor-protected Code Integrity (HVCI) on devices.	vinpa	article	windows-client	itpro-manage	vinaypamnani-msft	medium	11/25/2021		aaroncz

Policy CSP - VirtualizationBasedTechnology

VirtualizationBasedTechnology policies

VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity

VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable

VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity

The table below shows the applicability of Windows:

Edition	Windows 10	Windows 11
Home	Yes	Yes
Pro	Yes	Yes
Windows SE	No	Yes
Business	Yes	Yes
Enterprise	Yes	Yes
Education	Yes	Yes

Scope:

[!div class = "checklist"]

Device

Allows the IT admin to control the state of Hypervisor-Protected Code Integrity (HVCI) on devices. HVCI is a feature within Virtualization Based Security, and is frequently referred to as Memory integrity. Learn more here.

Note

After the policy is pushed, a system reboot will be required to change the state of HVCI.

The following are the supported values:

0: (Disabled) Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock.
1: (Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock.
2: (Enabled without lock) Turns on Hypervisor-Protected Code Integrity without UEFI lock.

VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable