Policy CSP - VirtualizationBasedTechnology

Artikel
2025-02-13

HypervisorEnforcedCodeIntegrity

Scope	Editions	Applicable OS
✅ Device ❌ User	✅ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC	✅ Windows 11, version 21H2 [10.0.22000] and later

Device

./Device/Vendor/MSFT/Policy/Config/VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity

Hypervisor-Protected Code Integrity: 0 - Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock, 1 - Turns on Hypervisor-Protected Code Integrity with UEFI lock, 2 - Turns on Hypervisor-Protected Code Integrity without UEFI lock.

Description framework properties:

Property name	Property value
Format	`int`
Access Type	Add, Delete, Get, Replace
Default Value	0

Allowed values:

Value	Description
0 (Default)	(Disabled) Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock.
1	(Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock.
2	(Enabled without lock) Turns on Hypervisor-Protected Code Integrity without UEFI lock.

Group policy mapping:

Name	Value
Name	VirtualizationBasedSecurity
Friendly Name	Turn On Virtualization Based Security
Element Name	Virtualization Based Protection of Code Integrity.
Location	Computer Configuration
Path	System > Device Guard
Registry Key Name	SOFTWARE\Policies\Microsoft\Windows\DeviceGuard
ADMX File Name	DeviceGuard.admx

RequireUEFIMemoryAttributesTable

Scope	Editions	Applicable OS
✅ Device ❌ User	✅ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC	✅ Windows 11, version 21H2 [10.0.22000] and later

Device

./Device/Vendor/MSFT/Policy/Config/VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable

Require UEFI Memory Attributes Table.

Description framework properties:

Property name	Property value
Format	`int`
Access Type	Add, Delete, Get, Replace
Default Value	0

Allowed values:

Value	Description
0 (Default)	Don't require UEFI Memory Attributes Table.
1	Require UEFI Memory Attributes Table.

Group policy mapping:

Name	Value
Name	VirtualizationBasedSecurity
Friendly Name	Turn On Virtualization Based Security
Element Name	Require UEFI Memory Attributes Table.
Location	Computer Configuration
Path	System > Device Guard
Registry Key Name	SOFTWARE\Policies\Microsoft\Windows\DeviceGuard
ADMX File Name	DeviceGuard.admx

Policy configuration service provider

Ytterligare resurser

Dokumentation

DeviceGuard Policy CSP

Learn more about the DeviceGuard Area in Policy CSP.

Utbildning

Modul

Examine and Configure Surface Security Options - Training

Learn about advanced firmware and security features of Microsoft Surface devices, Surface UEFI, Project Mu, configuring Virtualization-based Security and Memory Integrity in Windows, and Firmware Attack Surface Reduction.

Certifiering

Microsoft Certified: Azure Virtual Desktop Specialty - Certifications

Planera, leverera, hantera och övervaka virtuella skrivbordsupplevelser och fjärrappar på Microsoft Azure för alla enheter.

Dela via

Policy CSP - VirtualizationBasedTechnology

HypervisorEnforcedCodeIntegrity

RequireUEFIMemoryAttributesTable

Feedback

Ytterligare resurser

Dela via

Policy CSP - VirtualizationBasedTechnology

HypervisorEnforcedCodeIntegrity

RequireUEFIMemoryAttributesTable

Related articles

Feedback

Ytterligare resurser