Q. I receive an error trying to start a Shielded VM that User Mode host isolation is off. How can I fix this?
A. Shielded VMs requires User Mode isolation to help elements of the security. To enable User Mode host isolation the machine must be configured with Secure Boot and the required policy should be set as follows:
- Open local or group policy object that applies to the machine
- Navigate to Computer Configuration - Administrative Templates - System - Device Guard
- Double click Turn on Virtualization Based Security
- Set the policy to Enabled
- Set the Select Platform Security Level to Secure Boot and the two other options as Disabled (Virtualization Based Protection of Code Integrity and Credential Guard Configuration)
- Click OK