Policy CSP - VirtualizationBasedTechnology

HypervisorEnforcedCodeIntegrity

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 11, version 21H2 [10.0.22000] and later
./Device/Vendor/MSFT/Policy/Config/VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity

Hypervisor-Protected Code Integrity: 0 - Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock, 1 - Turns on Hypervisor-Protected Code Integrity with UEFI lock, 2 - Turns on Hypervisor-Protected Code Integrity without UEFI lock.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) (Disabled) Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock.
1 (Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock.
2 (Enabled without lock) Turns on Hypervisor-Protected Code Integrity without UEFI lock.

Group policy mapping:

Name Value
Name VirtualizationBasedSecurity
Friendly Name Turn On Virtualization Based Security
Element Name Virtualization Based Protection of Code Integrity.
Location Computer Configuration
Path System > Device Guard
Registry Key Name SOFTWARE\Policies\Microsoft\Windows\DeviceGuard
ADMX File Name DeviceGuard.admx

RequireUEFIMemoryAttributesTable

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 11, version 21H2 [10.0.22000] and later
./Device/Vendor/MSFT/Policy/Config/VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable

Require UEFI Memory Attributes Table.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) Don't require UEFI Memory Attributes Table.
1 Require UEFI Memory Attributes Table.

Group policy mapping:

Name Value
Name VirtualizationBasedSecurity
Friendly Name Turn On Virtualization Based Security
Element Name Require UEFI Memory Attributes Table.
Location Computer Configuration
Path System > Device Guard
Registry Key Name SOFTWARE\Policies\Microsoft\Windows\DeviceGuard
ADMX File Name DeviceGuard.admx

Policy configuration service provider