Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies to: ✅ Windows 11 Build 26100.2314 or later ✅ Windows Server 2025 or later
A Virtualization-based security (VBS) Enclave is a software-based trusted execution environment inside the address space of a host application. VBS Enclaves leverage underlying VBS technology to isolate the sensitive portion of an application in a secure partition of memory. VBS Enclaves enable isolation of sensitive workloads from both the host application and the rest of the system.
By planning ahead and isolating the sensitive part of your workload, you can isolate it in a VBS Enclave, as illustrated in the following diagram:
Device requirements
The following are required to run VBS Enclaves:
- VBS/HVCI must be enabled. This should be enabled on Windows 11 or later by default. See Enable virtualization-based protection of code integrity for more information.
- Windows 11 Build 26100.2314 or later or Windows Server 2025 or later.
Warning
Ensure you have reviewed the OS support for VBS enclaves above, as support has recently changed.
Development prerequisites
In addition to the device requirements, the following are required to develop VBS Enclaves:
- Visual Studio 2022 version 17.9 or later - The Microsoft Visual C++ compiler (MSVC) is required. Installing Visual Studio simplifies this.
- The Windows Software Development Kit (SDK) version 10.0.22621.3233 or later, which provides
veiid.exe(the VBS Enclave import ID binding utility) andsigntool.exe. - A Trusted Signing account.
Development resources
The following tools, information, and samples are available to help you develop VBS Enclaves:
| Resource | Description |
|---|---|
| VBS Enclaves development guide | A guide to get started developing VBS Enclaves. |
| VBS Enclaves tooling | The repo that contains the VBS Enclaves SDK - a set of libraries and tools to help you develop VBS Enclaves. |
| Code Generation for VBS Enclaves | Learn about the code generation process for VBS Enclaves. |
| Vbs Enclaves code generator usage in Visual Studio | Learn how to use the VBS Enclaves code generator (edlcodegen.exe) in Visual Studio. |
| What are edl files | Learn about .edl files and how the VBS Enclaves SDK uses them. |
| Hello World VBS Enclave SDK Walkthrough | A walkthrough to get started with VBS Enclaves and the new tooling for Visual Studio. |
Related content
- APIs available in VBS enclaves
- Securing your sensitive workloads with VBS Enclaves
- Secure Enclaves (Trusted Execution) overview
- Always Encrypted with secure enclaves documentation
- Virtualization-based Security (VBS) | Windows Hardware Developer
- New Windows 11 features strengthen security to address evolving cyberthreat landscape