Enable Virtualization Based Security / Credential Guard for Guest VMs

[Marco Zimmermann]

Hi,

we need to enable Virtualization Based Security / Credential Guard for our Guest VMs.

As it uses nested VM feature (Hyper V) I found no information that this is actual supported.

 

I tried to eneble Nested HV via 

xe vm-param-set uuid=xxx platform:exp-nested-hvm=true

however the Virtualization Based Security status keeps displaying "Enabled but not running".

For a test I could enable Hyper-V Role manually, however the service fails to start with 

"Hypervisor launch failed, Processor does not support the minimum features.."

 

Is anyone using it? Is it on the road map?

 

vSphere supports this since 2018 with one checkbox to enable when creating the VM.

 

Thanks for any information.

Marco

 

[Tobias Kreidl]

Could only find this, but maybe it's not of much help: https://docs.citrix.com/en-us/citrix-endpoint-management/policies/device-guard-policy.html

[Mark Syms]

Both of those features require virtualisation support in the operating system and as this is a VM that means nested virtualisation support in the hypervisor. This is not a feature supported by Citrix Hypervisor and it is not on any roadmap although it is something that both the product and engineering teams are aware of being necessary for supporting certain features of Windows.