Windows 11: Security-feature VBS Enclaves is being deprecated on some systems
Windows 11: Security-feature VBS Enclaves is being deprecated on some systems
Microsoft announced the deprecation of the security feature VBS Enclaves today for earlier versions of Windows 11 and Windows Server. Based on VBS, Virtualized-Based Security, VBS Enclaves were formally introduced by Microsoft in Windows Server 2019. Microsoft improved the feature ever since, for instance by opening it up for third-party apps last year.
The deprecation announcement offers no explanation why the feature is being removed from older versions of Windows 11 and Windows Server.
The details:
- VBS Enclaves continue to be supported in Windows 11, version 24H2 and later, or Windows Server 2025 and later.
- The feature is deprecated on Windows 11, version 23H2 and earlier, and Windows Server 2022 and earlier.
Note: This has nothing to do with VBScript, which Microsoft deprecated in 2023.
VBS Enclaves explained
VBS Enclaves provide isolated, secure environments for sensitive data on Windows systems. Only a few Microsoft and Windows-specific programs are confirmed to use the feature at the time of writing. Besides Microsoft Azure SQL Database, it is Windows 11's Recall feature and Credential Guard that are making use of it as well.
One advantage of VBS Enclaves is that they do not have hardware dependencies. As long as the VBS Enclaves feature is enabled on a supported Windows PC, it should work fine.
What deprecation means
Deprecation does not mean that the feature is going to be removed immediately. It means that a specific feature will be removed in a future version of the operating system. Or, in this case, in a future update for the affected operating systems. In fact, most home users may not be impacted by this at all. Here is why.
Windows 11, version 23H2 reaches end of support this November. All previous versions of Windows 11 are no longer supported for consumers. Means, Microsoft would have to remove the feature between April 2025 and November 2025 to affect home users. It seems unlikely that this is going to be the case.
Microsoft does not give a reason for the removal, which makes it all the more puzzling. Since the removal does not affect most home users, it is likely business and Enterprise customers that Microsoft is aiming at with the notice of deprecation.
One possible explanation is found on the Secure Enclaves documentation on Microsoft's Windows App Development website. There, Microsoft has added the following note: "Using these APIs for a VBS Enclave requires Windows 11 Build 26100.2314 or later or Windows Server 2025 or later."
It is possible that the deprecation affects third-party apps and they access to the API only and not first-party apps. We asked Microsoft about this but have not heard back at this point. We will update the article when we receive an answer.
More like this
-
Canonical: up to 12 years of support for Ubuntu 24.04 LTS
Canonical: up to 12 years of support for Ubuntu 24.04 LTSRead more -
Netflix launches cheaper extra members subscription with a catch
Netflix launches cheaper extra members subscription with a catchRead more
-
WinScript: open-source tool to configure and debloat Windows
WinScript: open-source tool to configure and debloat WindowsRead more
-
OpenAI's latest AI models are generating alarming levels of misinformation
OpenAI's latest AI models are generating alarming levels of misinformationRead more
-
Paradox Interactive unveils its next grand strategy game, Europa Universalis 5
Paradox Interactive unveils its next grand strategy game, Europa Universalis 5Read more
