Microsoft has announced it will phase out Virtualization-based Security (VBS) enclaves in versions of Windows 11 up to 23H2, as well as in earlier editions of Windows Server 2022. This decision, while surprising given the feature was introduced only in July 2024, reflects a shift in the company’s approach to security and application development within Windows.
VBS enclaves, which formed part of the security upgrades touted by Microsoft, allow developers to create trusted execution environments that run inside applications, offering enhanced protection against threats. Operating in a secure virtual environment using Microsoft’s Hyper-V, these enclaves provide a secure memory space that is more privileged than the underlying operating system.
Despite the initial promotion, the technology is now on the chopping block, with Microsoft indicating that support for VBS enclaves will only continue in Windows Server 2025 and newer versions. The rapid development cycle of Windows, including annual major updates and frequent changes, is likely a factor in the decision. Microsoft typically deprecates features when they cease to align with the ongoing development of the Windows code, although deprecated features often remain functional for a while.
As Microsoft prepares to end support for Windows 11 23H2 in November, users—particularly enterprises relying on VBS enclaves—might encounter substantial disruptions. However, it’s anticipated that most users will have already transitioned to newer releases by that time.
For further details on deprecated features, visit Microsoft’s documentation.