Virtualization-based security (VBS) enclaves

Applies to: ✅ Windows 11 Build 26100.2314 or later ✅ Windows Server 2025 or later

A Virtualization-based security (VBS) Enclave is a software-based trusted execution environment inside the address space of a host application. VBS Enclaves leverage underlying VBS technology to isolate the sensitive portion of an application in a secure partition of memory. VBS Enclaves enable isolation of sensitive workloads from both the host application and the rest of the system.

By planning ahead and isolating the sensitive part of your workload, you can isolate it in a VBS Enclave, as illustrated in the following diagram:

Diagram of the VBS Enclaves trusted execution environment

Device requirements

The following are required to run VBS Enclaves:

Development prerequisites

In addition to the device requirements, the following are required to develop VBS Enclaves: