Policy CSP - VirtualizationBasedTechnology

2025-03-12

HypervisorEnforcedCodeIntegrity

Scope	Editions	Applicable OS
✅ Device ❌ User	✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC	✅ Windows 11, version 21H2 [10.0.22000] and later

./Device/Vendor/MSFT/Policy/Config/VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity

Hypervisor-Protected Code Integrity: 0 - Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock, 1 - Turns on Hypervisor-Protected Code Integrity with UEFI lock, 2 - Turns on Hypervisor-Protected Code Integrity without UEFI lock.

Description framework properties:

Property name	Property value
Format	`int`
Access Type	Add, Delete, Get, Replace
Default Value	0

Allowed values:

Value	Description
0 (Default)	(Disabled) Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock.
1	(Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock.
2	(Enabled without lock) Turns on Hypervisor-Protected Code Integrity without UEFI lock.

Group policy mapping:

Name	Value
Name	VirtualizationBasedSecurity
Friendly Name	Turn On Virtualization Based Security
Element Name	Virtualization Based Protection of Code Integrity.
Location	Computer Configuration
Path	System > Device Guard
Registry Key Name	SOFTWARE\Policies\Microsoft\Windows\DeviceGuard
ADMX File Name	DeviceGuard.admx

RequireUEFIMemoryAttributesTable

Scope	Editions	Applicable OS
✅ Device ❌ User	✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC	✅ Windows 11, version 21H2 [10.0.22000] and later

./Device/Vendor/MSFT/Policy/Config/VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable

Require UEFI Memory Attributes Table.

Description framework properties:

Property name	Property value
Format	`int`
Access Type	Add, Delete, Get, Replace
Default Value	0

Allowed values:

Value	Description
0 (Default)	Don't require UEFI Memory Attributes Table.
1	Require UEFI Memory Attributes Table.

Group policy mapping:

Name	Value
Name	VirtualizationBasedSecurity
Friendly Name	Turn On Virtualization Based Security
Element Name	Require UEFI Memory Attributes Table.
Location	Computer Configuration
Path	System > Device Guard
Registry Key Name	SOFTWARE\Policies\Microsoft\Windows\DeviceGuard
ADMX File Name	DeviceGuard.admx

Policy configuration service provider

Feedback

Was this page helpful?

Share via

Policy CSP - VirtualizationBasedTechnology

HypervisorEnforcedCodeIntegrity

RequireUEFIMemoryAttributesTable

Related articles

Feedback

Additional resources