Shielded VMs

Shielded VMs, or Shielded Virtual Machines, are a security feature introduced in Windows Server 2016 for protecting Hyper-V Generation 2 virtual machines (VMs) from unauthorized access or tampering.

Hyper-V Shielded VMs are protected through a combination of Secure Boot, BitLocker encryption, Virtual Trusted Platform Module (TPM) and the Host Guardian Service.

How Hyper-V Shielded VMs Work

Shielded VMs boot from a virtual Unified Extensible Firmware Interface (UEFI) as opposed to a traditional BIOS, providing Secure Boot protection and enabling BitLocker disk encryption inside the VM’s virtual disks. The BitLocker encryption handles protecting the data both at rest and when being transmitted across the network during Live Migrations.

The Host Guardian Service, a new role in Windows Server 2016, enables shielded virtual machines, protecting them from unauthorized access by Hyper-V host administrators. As a result, any administrator without full rights to a Shielded VM will be able to power it on or off, but they won’t be able to alter its settings or view the contents of the VM in any way.

Shielded VMs require Windows Server 2012 or Windows 8 or later, and they will not run unless the Hyper-V host is on the Host Guardian Service. New Shielded Virtual Machines can be created within the Azure Pack management portal, and existing VMs can be converted to shielded VMs.

Forrest Stroud
Forrest Stroud
Forrest is a writer for Webopedia. Experienced, entrepreneurial, and well-rounded, he has 15+ years covering technology, business software, website design, programming, and more.

Top Articles

List of Windows Operating System Versions & History [In Order]

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

What are the Five Generations of Computers? (1st to 5th)

Reviewed by Web Webster Each generation of computer has brought significant advances in speed and power to computing tasks. Learn about each of the...

Hotmail [Outlook] Email Accounts

Launched in 1996, Hotmail was one of the first public webmail services that could be accessed from any web browser. At its peak in...

SHA-256

SHA-256 is an algorithm used for hash functions and is a vital component...

Document Management System

A document management system is an automated software solution businesses and organizations use...

Conti Ransomware

Conti ransomware first emerged in 2020. It uses a ransomware as a service...