Let’s learn how to enable memory integrity using group policy. Memory integrity is a feature of Windows security that is sometimes referred to as hypervisor-protected code integrity (HVCI) or hypervisor-enforced code integrity.
Core isolation provides added protection against malware and other attacks by isolating computer processes from your operating system and device. It’s an important module in Windows security. Memory integrity is a feature of core isolation, and you can turn it on or off based on your requirements.
Memory integrity is enabled by default in Windows 11 and 10. However, if you install Windows 11 on a virtual machine, you may find that this feature is disabled. Microsoft recommends various methods to turn on the memory integrity feature in Intune, SCCM, Group Policy, and the Windows registry.
The GPO can help you enable the memory integrity feature on multiple Windows computers that are part of an active directory domain. You can apply the GPO to an OU consisting of Windows devices that require turning on the memory integrity feature.
Steps to Enable memory integrity using Group Policy
Perform the following steps to turn on the virtualization based security on Windows 11 and 10 using group policy:
- Launch the Group Policy Editor (gpedit.msc) to either edit an existing GPO or create a new one.
- Navigate to Computer Configuration > Administrative Templates > System > Device Guard.
- Double-click on Turn on Virtualization Based Security.
- Select Enabled to activate this policy setting.
- Under Virtualization Based Protection of Code Integrity, select Enabled with UEFI lock.
- Once enabled with UEFI lock, you must have access to the UEFI BIOS menu to turn off Secure Boot if you want to turn off memory integrity.
Manually Turn on Memory Integrity in Windows Security
If you don’t want to use a GPO to activate the memory integrity feature, you can manually enable it from Windows Security.
Click the Start button and type “Core isolation“. Select the Core Isolation system settings from the search results to open the Windows security app. On the Core isolation page, you’ll find memory integrity along with the toggle. Move the toggle to the right to enable it.
After you enable memory integrity, you will need to restart the system.