![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 78%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBA%3C/text%3E%3C/svg%3E)
1,853 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 57.99999999999999%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Dear Baz
Of course. Here are the answers to your questions about those specific registry keys.
Control\Session Manager\Configuration Manager\VirtualizationEnabled
This registry key controls aspects of virtualization-based security (VBS) features in Windows. The values for VirtualizationEnabled determine the operational state of these security features:
- 0: Disables virtualization-based security.
- 1: Enables virtualization-based security. This is the standard setting for features like Hypervisor-Enforced Code Integrity (HVCI).
- 2: Enables VBS with a higher level of security, often including DMA (Direct Memory Access) protection with input/output memory management unit (IOMMU).
Control\Lsa\FipsAlgorithmPolicy
This key manages the settings for the Federal Information Processing Standard (FIPS), which dictates the cryptographic algorithms that are approved for use in federal government computer systems.
-
Enabled(0): A value of 0 means that the FIPS-compliant algorithm policy is disabled. The operating system will use its standard cryptographic algorithms, which may not all be FIPS-validated. If this were set to 1, it would enforce the use of FIPS-validated algorithms only. -
MDMEnabled: This value relates to Mobile Device Management (MDM) policies. It determines whether FIPS policy can be configured by an MDM service, like Microsoft Intune. A value of 0 (disabled) would mean that MDM cannot control the FIPS setting. -
STE: This likely refers to Secure Telemetry. This value would control whether the telemetry data sent by the system must adhere to FIPS-compliant encryption standards. A value of 0 would indicate that this is not enforced.Of course. Here are the answers to your questions about those specific registry keys.Control\Session Manager\Configuration Manager\VirtualizationEnabledThis registry key controls aspects of virtualization-based security (VBS) features in Windows. The values forVirtualizationEnableddetermine the operational state of these security features:- 0: Disables virtualization-based security.
- 1: Enables virtualization-based security. This is the standard setting for features like Hypervisor-Enforced Code Integrity (HVCI).
- 2: Enables VBS with a higher level of security, often including DMA (Direct Memory Access) protection with input/output memory management unit (IOMMU).
Control\Lsa\FipsAlgorithmPolicyThis key manages the settings for the Federal Information Processing Standard (FIPS), which dictates the cryptographic algorithms that are approved for use in federal government computer systems.-
Enabled(0): A value of 0 means that the FIPS-compliant algorithm policy is disabled. The operating system will use its standard cryptographic algorithms, which may not all be FIPS-validated. If this were set to 1, it would enforce the use of FIPS-validated algorithms only. -
MDMEnabled: This value relates to Mobile Device Management (MDM) policies. It determines whether FIPS policy can be configured by an MDM service, like Microsoft Intune. A value of 0 (disabled) would mean that MDM cannot control the FIPS setting. -
STE: This likely refers to Secure Telemetry. This value would control whether the telemetry data sent by the system must adhere to FIPS-compliant encryption standards. A value of 0 would indicate that this is not enforced.
Best Regards,