deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
Vinay Pamnani (from Dev Box) aeb8f2bbd5 Remove Windows SE from CSP applicability
2025-03-12 10:39:50 -06:00

6.1 KiB
Raw Blame History

title, description, ms.date, ms.topic
title description ms.date ms.topic
VirtualizationBasedTechnology Policy CSP Learn more about the VirtualizationBasedTechnology Area in Policy CSP. 03/12/2025 generated-reference

Policy CSP - VirtualizationBasedTechnology

HypervisorEnforcedCodeIntegrity

Scope Editions Applicable OS
Device
User		 Pro
Enterprise
Education
IoT Enterprise / IoT Enterprise LTSC		 Windows 11, version 21H2 [10.0.22000] and later 
./Device/Vendor/MSFT/Policy/Config/VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity

Hypervisor-Protected Code Integrity: 0 - Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock, 1 - Turns on Hypervisor-Protected Code Integrity with UEFI lock, 2 - Turns on Hypervisor-Protected Code Integrity without UEFI lock.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) (Disabled) Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock.
1 (Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock.
2 (Enabled without lock) Turns on Hypervisor-Protected Code Integrity without UEFI lock.

Group policy mapping:

Name Value
Name VirtualizationBasedSecurity
Friendly Name Turn On Virtualization Based Security
Element Name Virtualization Based Protection of Code Integrity.
Location Computer Configuration
Path System > Device Guard
Registry Key Name SOFTWARE\Policies\Microsoft\Windows\DeviceGuard
ADMX File Name DeviceGuard.admx

RequireUEFIMemoryAttributesTable

Scope Editions Applicable OS
Device
User		 Pro
Enterprise
Education
IoT Enterprise / IoT Enterprise LTSC		 Windows 11, version 21H2 [10.0.22000] and later 
./Device/Vendor/MSFT/Policy/Config/VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable

Require UEFI Memory Attributes Table.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) Don't require UEFI Memory Attributes Table.
1 Require UEFI Memory Attributes Table.

Group policy mapping:

Name Value
Name VirtualizationBasedSecurity
Friendly Name Turn On Virtualization Based Security
Element Name Require UEFI Memory Attributes Table.
Location Computer Configuration
Path System > Device Guard
Registry Key Name SOFTWARE\Policies\Microsoft\Windows\DeviceGuard
ADMX File Name DeviceGuard.admx

Related articles

Policy configuration service provider