Learn about securing Hyper-V workloads in Windows Server, installing and configuring the Host Guardian Service (HGS), the attestation modes available with the HGS, and the creation and deployment of shielded virtual machines (VMs).


Contoso, Ltd. is a financial services company in Seattle with major offices located throughout the world. Most of its compute environment runs on-premises on Windows Server. This includes virtualized workloads on Windows Server 2016 hosts.

Contoso IT staff are migrating Contoso on-premises servers to Windows Server 2025. As part of the migration, Contoso plans to expand into additional sites and use virtualization to help expedite bringing a new site online. Contoso plans to increase the use of virtualization in general across its organization to optimize its computing environment because many physical servers are underutilized.

As a new Windows Server administrator, you need to ensure all virtualized workloads meet compliance standards. As a result, it is necessary that you run encrypted VMs on a protected virtualization fabric in your environment. To meet this requirement, you need to determine what options are available for running secure virtualized workloads in Hyper-V on Windows Server and how they can be utilized. After completing this module, you’ll understand how to accomplish this task.

Learning objectives

After completing this module, you'll be able to:

  • Describe the features and functionality of the HGS in Windows Server.
  • Describe the attestation options available with the HGS.
  • Describe shielded VMs, their creation, and their deployment.


To get the best learning experience from this module, you should have knowledge and experience of:

  • Windows Server.
  • Working with virtualization technologies.
  • Encryption technologies and concepts.