Here in this post, we will see how to set a Turn On Virtualization Based Security Policy Using Intune. We will accomplish the task of setting up this policy using Intune’s Configuration Profiles. The main purpose here is to get hands-on experience in configuring Turn On Virtualization Based Security Policy Using Intune.
The Turn On Virtualization Based Security Policy is a setting within the Windows operating system that enables or disables a security feature known as Virtualization Based Security (VBS). VBS utilizes hardware virtualization features to enhance the security of the Windows kernel and protect sensitive processes and data from various types of attacks.
When you turn on Virtualization Based Security, it typically involves using technologies like Hyper-V and the Virtual Secure Mode (VSM) to create an isolated environment, also known as the Virtual Secure Mode, where critical security processes can run. This isolated environment provides additional protection against certain types of attacks, such as credential theft and kernel-level malware.
Enabling the “Turn On Virtualization Based Security” policy is often a requirement for utilizing these security features. It’s important to note that the availability of this policy may depend on the edition and version of Windows you are using, as well as the hardware capabilities of your system.
Additionally, enabling Virtualization Based Security may impact the performance of certain applications or features, so it’s essential to consider the specific requirements and implications for your use case before enabling this policy.
- Disable Turn Off Background Refresh of Group Policy using Intune
- Easy Method to Disable Password Reveal Button Policy using Intune
Windows CSP Details EnableVirtualizationBasedSecurity
We will see Windows CSP Details for this Policy setting EnableVirtualizationBasedSecurity. The “Turn On Virtualization Based Security” policy is a pivotal step in leveraging advanced security features within Windows, utilizing virtualization to create a secure enclave for critical security processes and data. It represents a proactive approach to enhancing the resilience of the operating system against various cyber threats.
CSP URI – ./Device/Vendor/MSFT/Policy/Config/DeviceGuard/EnableVirtualizationBasedSecurity
Turn On Virtualization Based Security Policy using Intune
To set Turn On Virtualization Based Security Policy Using Intune, follow the steps stated below:
- Sign in to the Intune Admin Center portal https://intune.microsoft.com/.
- Select Devices > Windows > Configuration profiles > Create a profile.
In Create Profile, Select Windows 10 and later in Platform, and Select Profile Type as Settings catalog. Click on the Create button.
| Platform | Profile Type |
|---|---|
| Windows 10 and later | Settings Catalog |
On the Basics tab pane, provide a name for the policy as “Turn On Virtualization Based Security Policy.” Optionally, you can enter a policy description and proceed by selecting “Next.“
Now in Configuration Settings, click Add Settings to browse or search the catalog for the settings you want to configure.
In the Settings Picker windows, search by the keyword Virtualization, you’ll get the category Device Guard, and select this.
When you select the option stated above, you will see one option: Enable Virtualization Based Security. After selecting your setting, click the cross mark at the right-hand corner, as shown below in the image.
In the Administrative Templates, we now have to set Turn On Virtualization Based Security to enable virtualization based security.
Using Scope tags, you can assign a tag to filter the profile to specific IT groups. One can add scope tags (if required) and click Next to continue. Now in Assignments, in Included Groups, you need to click on Add Groups, choose Select Groups to include one or more groups, and click Next to continue.
In the Review + Create tab, you need to review your settings. After clicking on Create, your changes are saved, and the profile is assigned.
Upon successfully creating the “Turn On Virtualization Based Security Policy,” notification will appear in the top right-hand corner, confirming the action. You can also verify the policy’s existence by navigating to the Configuration Profiles list, where it will be prominently displayed.
Your groups will receive your profile settings when the devices check in with the Intune service. The Policy applies to the device.
Intune Report for Turn On Virtualization Based Security Policy
From Intune Portal, you can view the Intune settings catalog profile report, which provides an overview of device configuration policies and deployment status.
To monitor the implementation of the policy, you must choose the appropriate policy from the Configuration Profiles list. Here I choose Turn On Virtualization Based Security Policy from the list. By examining the status of device and user check-ins, you can ascertain the successful application of the policy. If you need more comprehensive details, you can click the “View Report” option to access supplementary insights. As you can see, it is successfully implemented on the targeted device.
Registry-Key Verification for EnableVirtualizationBasedSecurity
To access the registry settings that hold the group policy configurations on a specific computer, you can execute “REGEDIT.exe” on the target computer and navigate to the precise registry path mentioned below where these settings are stored.
- Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\providers\5B88AEF1-09E8-43BB-B144-7254ACBBDFF3E\default\Device\EnableVirtualizationBasedSecurity
When you navigate the above path in the Registry Editor, you will find the registry key EnableVirtualizationBasedSecurity. Refer to the table and image below.
| Registry Name | Data |
|---|---|
| EnableVirtualizationBasedSecurity | Enabled |
As you can confirm from the above image, the Registry key has been created, and we can confirm that the policy has been implemented on the target device successfully.
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here – HTMD WhatsApp.
Author
Abhinav Rana is working as an SCCM Admin. He loves to help the community by sharing his knowledge. He is a B.Tech graduate in Information Technology.