#VCP VBS uses hard and software features to enhance security on windows based systems. It creates a specialized subsystem which contains sensitive data like cached credentials and is isolated from the rest of the Windows system. It utilizes a Hyper-V role to create and manage this subsystem. ![[_media/vSphere - Microsoft virtualization-based security (VBS|vSphere - Microsoft virtualization-based security (VBS|[VBS)2024-07-20.png]]2024-07-20.png]]2024-07-20.png) ## Requirements/Restrictions - Windows 10/Server 2016 or later - VM vHW 14 or later - IOMMU exposed to VM - Secure boot enabled - EFI firmware - 64bit CPU - Intel VT-d or AMD-Vi - TPM 2.0 - VMware Fault Tolerance is not compatible - vSphere PCI passthrough is not compatible - vSphere hot add for CPU/Memory is not compatible ## Setup Setup is done inside the vSphere client 1. shut down VM 2. Configure VM 3. check the box under VM options - Virtulization Based Security 4. acitvate the Windows feature Hyper-V with appwiz.cpl 1. alternatively under Windows server, add the role under Server administration. 5. reboot the VM 6. open gpedit.msc 7. Computer Configuration > Administrative Templates > System > Device Guard > Turn On Virtualization Based Security 1. enable ![[_media/vSphere - Microsoft virtualization-based security (VBS|vSphere - Microsoft virtualization-based security (VBS|[VBS)2024-07-20-1.png]]2024-07-20-1.png]]2024-07-20-1.png) ## 🔗Resources