![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 50%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFM%3C/text%3E%3C/svg%3E)
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,321 questions
The security control you mentioned, "Protective Process Light for LSASS should be enabled with a UEFI lock," is a best practice for securing Windows servers. It is recommended to enable this security control to protect against credential theft attacks.
Regarding your question, enabling UEFI lock on your Azure Windows Server 2019 VMs should not cause any issues as long as the VMs are compatible with UEFI. Gen2 Azure VMs support UEFI boot mode, so you should be able to enable UEFI lock without any issues.
However, before enabling UEFI lock, I would recommend you to check if your VMs are compatible with UEFI and if there are any specific requirements for enabling UEFI lock on Azure VMs. You can refer to the document "Secure the Windows 10 boot process with Secure Boot and UEFI" for more information on how to enable UEFI lock on Windows servers.
Additionally, you should also test the UEFI lock after enabling it to ensure that the VMs are booting up properly and there are no issues.
I hope this helps you to make an informed decision on enabling UEFI lock on your Azure Windows Server 2019 VMs.
<If this does answer your question, please accept it as the answer as a token of appreciation.>