Today, Microsoft unveiled its decision to deprecate the VBS Enclaves security feature in previous versions of Windows 11 and Windows Server. Initially rolled out in Windows Server 2019, VBS Enclaves, rooted in Virtualized-Based Security (VBS), have seen enhancements, including support for third-party applications introduced last year.
The official deprecation announcement provides limited insight into the motives behind this removal for older versions of the operating systems.
Key Details Regarding VBS Enclaves
- Support for VBS Enclaves will continue in Windows 11, version 24H2 and subsequent releases, as well as Windows Server 2025 and later.
- The feature is officially deprecated in Windows 11, version 23H2 and earlier versions, as well as in Windows Server 2022 and prior releases.
Understanding VBS Enclaves
VBS Enclaves create secure, isolated environments to protect sensitive data on Windows systems. Currently, only a select few Microsoft programs utilize this feature, including Microsoft Azure SQL Database, the Recall feature in Windows 11, and Credential Guard.
A notable advantage of VBS Enclaves is their lack of hardware dependencies. Provided that the feature is activated on a compatible Windows PC, it operates seamlessly.
What Does Deprecation Signify?
It’s crucial to understand that deprecation does not imply an immediate removal of the feature. Rather, it indicates that the feature will likely be removed in a future OS version or update. For the average home user, the impact may be minimal. Here’s why:
Windows 11, version 23H2 is set to reach its end of support this November. All older versions of Windows 11 are currently unsupported for consumer use, meaning Microsoft would have to eliminate the feature between April 2025 and November 2025 to affect home users. This scenario appears improbable.
Given that Microsoft has not clarified the rationale for this feature’s removal, it raises questions. The primary audience appears to be business and enterprise clients impacted by this announcement.
A potential clue can be found within the Secure Enclaves documentation on Microsoft’s Windows App Development site. The note states: “Using these APIs for a VBS Enclave requires Windows 11 Build 26100.2314 or later or Windows Server 2025 or later.” This suggests that the deprecation may more so target third-party applications and their access to the API rather than first-party applications.
We have reached out to Microsoft for clarification on this matter and will update our findings accordingly.
Frequently Asked Questions
1. Why is Microsoft deprecating VBS Enclaves?
Microsoft has yet to provide a clear explanation for the deprecation of VBS Enclaves, which raises speculation that the decision could be aimed at optimizing performance or due to shifts in their security focus towards business and enterprise customers.
2. How will I know if VBS Enclaves is still supported on my system?
To check VBS Enclaves support, you should verify your Windows version. The feature remains available in Windows 11 version 24H2 and later, as well as Windows Server 2025. If you’re using an earlier version, the feature is deprecated.
3. What are the implications of this deprecation for third-party applications?
The deprecation primarily affects third-party application access to the VBS Enclaves API, potentially limiting their functionalities in future operating environments. However, first-party applications from Microsoft are expected to continue to operate unaffected.
Leave a Reply