Enable memory integrity using Group Policy

PrajwalLast Updated: February 14, 2024
2,151

Let’s learn how to enable memory integrity using group policy. Memory integrity is a feature of Windows security that is sometimes referred to as hypervisor-protected code integrity (HVCI) or hypervisor-enforced code integrity.

Core isolation provides added protection against malware and other attacks by isolating computer processes from your operating system and device. It’s an important module in the Windows security. Memory integrity is a feature of core isolation and you can turn it on or off based on your requirements.

By default, the memory integrity is enabled on Windows 11 and Windows 10. However if you install Windows 11 on a VM, you may notice that this feature is disabled. Microsoft recommends various methods to turn on the memory integrity feature which in Intune, SCCM, Group Policy, and Windows registry.

The GPO can help you enable the memory integrity feature on multiple Windows computers that are part of active directory domain. You can apply the GPO to an OU consisting of Windows devices that require turning on the memory integrity feature.

Enable memory integrity using Group Policy

Perform the following steps to turn on the memory integrity feature using group policy:

  • Launch the Group Policy Editor (gpedit.msc) to either edit an existing GPO or create a new one.
  • Navigate to Computer Configuration > Administrative Templates > System > Device Guard.
  • Double-click Turn on Virtualization Based Security.
  • Select Enabled to activate this policy setting.
    • Under Virtualization Based Protection of Code Integrity, select Enabled with UEFI lock.
    • Once enabled with UEFI lock, you must have access to the UEFI BIOS menu to turn off Secure Boot if you want to turn off memory integrity.
Enable memory integrity using Group Policy
Enable memory integrity using Group Policy

Manually Turn on Memory Integrity in Windows Security

If you don’t want to use a GPO to active the memory integrity feature, you can manually enable it from Windows Security.

Click the Start button and type “Core isolation“. Select the Core Isolation system settings from the search results to open the Windows security app. On the Core isolation page, you’ll find Memory integrity along with the toggle. Move the toggle to the right to enable it.

After you enable the memory integrity, you will need to restart the system.

Manually turn on Memory Integrity in Windows Security
Manually turn on Memory Integrity in Windows Security
PrajwalLast Updated: February 14, 2024
2,151
Photo of Prajwal

Prajwal

Description

Related Articles

unintall wds ftimg

Uninstall or Remove Windows Deployment Services Role

February 14, 2024
SCOM 2019 Upgrade Paths ftimg

SCOM 2019 Upgrade Paths and New Features

February 14, 2024
SCOM 2022 Upgrade Paths

SCOM 2022 Upgrade Paths | Operations Manager 2022

February 14, 2024
Disable Internet Explorer using DISM

How To Disable Internet Explorer using DISM

February 14, 2024
Back to top button