Virtualization based security

Question

Virtualization based security

leli eee 0

Hello,

I would like to get the maximum security possible on my laptop. Can someone help configure the virtualization based security group policy for the best security?

Thank you for your help.

1 answer

Your answer

Answer 1

Hello,

Enabling and configuring Virtualization-Based Security (VBS) on your laptop can significantly enhance its security by isolating critical parts of the OS, using hardware virtualization features. Here are the steps to configure it through Group Policy:

Verify Hardware Requirements: Ensure your laptop supports VBS. It usually requires the following:
- 64-bit processor with Second Level Address Translation (SLAT)
- CPU virtualization extensions (Intel VT-x/AMD-V)
- TPM version 2.0
- UEFI firmware with Secure Boot enabled
Enable Hardware Virtualization:
- Restart your laptop and enter the BIOS/UEFI settings (typically by pressing a key like F2, Del, or Esc during startup).
- Find and enable Intel VT-x or AMD-V and Secure Boot.
Enable VBS and Credential Guard via Group Policy:
- Open the Group Policy Editor by typing gpedit.msc in the Start Menu and pressing Enter.
- Navigate to Computer Configuration -> Administrative Templates -> System -> Device Guard.
- Double-click on "Turn on Virtualization Based Security".
- Set it to "Enabled". Then select the following:
  - Platform Security Level: “Secure Boot and DMA Protection”.
  - Virtualization Based Protection of Code Integrity: “Enabled with UEFI lock”.
- Next, go to Computer Configuration -> Administrative Templates -> System -> Device Guard -> Credential Guard.
- Double-click on "Turn on Credential Guard".
- Set it to "Enabled with UEFI lock".
Verify VBS is Enabled:
- After configuring, restart your laptop.
- Open System Information by typing msinfo32 in the Start Menu.
- Check under "Virtualization-based security" to see if it is running.

Best Regards,

Yanhong Liu

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.

leli eee 0 Reputation points

2024-10-22T11:56:21.47+00:00

How can I check if my CPU has virtualization turned on?
Yanhong Liu 14,195 Reputation points Microsoft External Staff

2024-10-23T02:03:49.8866667+00:00

Hello,

To check if CPU virtualization is enabled, you can follow these steps:

Right-click on the taskbar and select "Task Manager."

Go to the "Performance" tab.

Click on "CPU" in the left-hand pane.

Look for "Virtualization" on the right-hand side. It should say "Enabled" if virtualization is turned on.

Best Regards,

Yanhong Liu

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
leli eee 0 Reputation points

2024-10-24T05:54:32.4933333+00:00

So if I see enabled I just follow the instructions you provided and enable vbs? Can I use vbs and run VMs in hyper v or VMware?
Also, I dont see the credential guard section, does it appear after I turn on vbs?

Share via

Virtualization based security

1 answer

Your answer