Error applying VBS and HVCI security baselines via endpoint/intune

Question

Receiving the following errors when attempting to apply the security baselines to some machines via intune

I can see both services are already running on the machine (which rules out hardware support, configuration etc)

I can see this error (amongst a few others) in event viewer

MDM PolicyManager: Policy is rejected by licensing, Policy: (EnableVirtualizationBasedSecurity), Area: (DeviceGuard), Result:(0x82B00006) Unknown Win32 Error code: 0x82b00006.

Which implies a licensing problem, however it's Windows 11 Business so should have support

Answer 1

@Ben Johnston, Thanks for posting in Q&A. Based on my researching, for the two settings, they support on Pro, Enterprise, Education and IoT Enterprise / IoT Enterprise LTSC edition. For Windows 11 Business, it is not supported. Therefore, we will get licensing error. Please upgrade to the supported edition to fix the issue.

https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deviceguard#enablevirtualizationbasedsecurity

https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology#hypervisorenforcedcodeintegrity

Hope the above information can help.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.