deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
Vinay Pamnani 87de711c17 Updated all policy area CSPs
2023-01-09 17:52:22 -05:00

6.3 KiB
Raw Blame History

title, description, author, manager, ms.author, ms.date, ms.localizationpriority, ms.prod, ms.technology, ms.topic
title description author manager ms.author ms.date ms.localizationpriority ms.prod ms.technology ms.topic
VirtualizationBasedTechnology Policy CSP Learn more about the VirtualizationBasedTechnology Area in Policy CSP. vinaypamnani-msft aaroncz vinpa 01/09/2023 medium windows-client itpro-manage reference

Policy CSP - VirtualizationBasedTechnology

HypervisorEnforcedCodeIntegrity

Scope Editions Applicable OS
✔️ Device
User		 Home
✔️ Pro
✔️ Enterprise
✔️ Education
Windows SE		 ✔️ Windows 11, version 21H2 [10.0.22000] and later 
./Device/Vendor/MSFT/Policy/Config/VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity

Hypervisor-Protected Code Integrity: 0 - Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock, 1 - Turns on Hypervisor-Protected Code Integrity with UEFI lock, 2 - Turns on Hypervisor-Protected Code Integrity without UEFI lock.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) (Disabled) Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock.
1 (Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock.
2 (Enabled without lock) Turns on Hypervisor-Protected Code Integrity without UEFI lock.

Group policy mapping:

Name Value
Name VirtualizationBasedSecurity
Friendly Name Turn On Virtualization Based Security
Element Name Virtualization Based Protection of Code Integrity
Location Computer Configuration
Path System > Device Guard
Registry Key Name SOFTWARE\Policies\Microsoft\Windows\DeviceGuard
ADMX File Name DeviceGuard.admx

RequireUEFIMemoryAttributesTable

Scope Editions Applicable OS
✔️ Device
User		 Home
✔️ Pro
✔️ Enterprise
✔️ Education
Windows SE		 ✔️ Windows 11, version 21H2 [10.0.22000] and later 
./Device/Vendor/MSFT/Policy/Config/VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable

Require UEFI Memory Attributes Table

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) Do not require UEFI Memory Attributes Table.
1 Require UEFI Memory Attributes Table.

Group policy mapping:

Name Value
Name VirtualizationBasedSecurity
Friendly Name Turn On Virtualization Based Security
Element Name Require UEFI Memory Attributes Table
Location Computer Configuration
Path System > Device Guard
Registry Key Name SOFTWARE\Policies\Microsoft\Windows\DeviceGuard
ADMX File Name DeviceGuard.admx

Related articles

Policy configuration service provider