Definition

Microsoft Hyper-V Shielded VM

Tom Walat

By

Tom Walat, Site Editor

A Microsoft Hyper-V Shielded VM is a security feature of Windows Server 2016 that protects a Hyper-V second-generation virtual machine (VM) from access or tampering by using a combination of Secure Boot, BitLocker encryption, virtual Trusted Platform Module (TPM) and the Host Guardian Service.

A shielded VM requires Windows server 2012 or Windows 8 or a higher operating system. When created, the shielded VM has a virtual TPM assigned and BitLocker encryption applied to allow only designated owners to access the VM. The shielded VM will not run unless the Hyper-V host is on the Host Guardian Service. Secure Boot prevents access to the shielded VM on boot.

An administrator without full rights to the shielded VM can power it on and power it off but cannot alter its settings or view the contents. BitLocker encryption protects the shielded VM's data at rest and when the VM is moving across the network during a Live Migration.

This was last updated in February 2016

Continue Reading About Microsoft Hyper-V Shielded VM

Deploy a shielded VM using SCVMM templates

Enable virtual TPM for your Hyper-V VMs using PowerShell

Sifting through Hyper-V's VM isolation choices

ollow these steps to create and configure a Hyper-V shielded VM

Dig Deeper on IT operations and infrastructure management

Cloud Computing

Why should I use Docker containers vs. VMs for my cloud apps?
Containers and VMs have their own use cases, but one takes the lead in efficiency. Compare the two options, and see how Docker ...
Optimize Amazon Athena performance with these 5 tuning tips
Amazon Athena can provide an efficient, cost-effective method of data analysis. But did you properly optimize Athena performance ...
How to secure Azure Functions with Entra ID
Centralized identity management is vital to the protection of your organization's resources. Do you know how to secure Azure ...

Enterprise Desktop

Understanding how GPOs and Intune interact
Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...
Comparing MSI vs. MSIX
While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...
How to install MSIX and msixbundle
IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Virtual Desktop

Learning the features and limitations of MSIX app attach
With MSIX app attach, IT can deploy and perform various management tasks for Windows applications. Despite new features, this ...
6 steps for when remote desktop credentials are not working
Without a solid connection, remote desktops simply cannot function. When there are remote desktop connection issues, IT ...
By acquiring Cameyo, Google fully commits to enterprise EUC
With the acquisition of Cameyo, Google puts ChromeOS into consideration in enterprises alongside thin clients, repurposed PCs or ...

Close