Microsoft is deprecating a ‘revolutionary’ virtualization-based security feature for older versions of Windows 11

Microsoft’s Latest Deprecation Raises Questions About Windows Security Features

In a notable shift within its Windows ecosystem, Microsoft has announced the deprecation of Virtualization-based Security (VBS) enclaves, a feature it introduced less than a year ago. This decision has sparked curiosity regarding the trajectory of Windows development and the potential impact on its user base.

VBS enclaves, which were rolled out in July 2024, were heralded as a significant advancement in Windows security. They transformed the operating system into a virtual machine environment, leveraging Microsoft’s Hyper-V hypervisor to create secure memory spaces that operate with elevated privileges compared to the main OS. This innovation allowed developers to establish software-based trusted execution environments within host applications, enhancing the security of specific application components through the use of Dynamic Link Library files.

However, Microsoft has now decided to phase out VBS enclaves in Windows 11 23H2 and earlier versions, as well as in Windows Server 2022 and its predecessors. The company has assured users that support for this feature will persist in Windows Server 2025 and future iterations, indicating a strategic shift in focus.

Typically, Microsoft deprecates features when they cease to be actively developed, although such features often remain functional until they are completely removed from the system. The decision to discontinue VBS enclaves may be influenced by the accelerated development cycle of Windows 11, which now sees major releases annually and frequent updates that can disrupt user experience. According to Microsoft’s documentation, VBS enclaves, along with Intel Software Guard Extension APIs, necessitate Windows 11 Build 26100.2314 or newer, suggesting that the company may be intentionally excluding older builds to mitigate compatibility and reliability challenges.

As Microsoft prepares to end support for Windows 11 23H2 this November, the majority of users are expected to transition to newer releases. However, enterprise customers who have come to rely on VBS enclaves may encounter disruptions if the feature is entirely removed from their systems. This development raises important questions about the future of Windows security features and how Microsoft plans to balance innovation with user needs.

Winsage
Microsoft is deprecating a 'revolutionary' virtualization-based security feature for older versions of Windows 11