Windows 11: Security-feature VBS Enclaves is being deprecated on some systems
Microsoft announced the deprecation of the security feature VBS Enclaves today for earlier versions of Windows 11 and Windows Server. Based on VBS, Virtualized-Based Security, VBS Enclaves were formally introduced by Microsoft in Windows Server 2019. Microsoft improved the feature ever since, for instance by opening it up for third-party apps last year.
The deprecation announcement offers no explanation why the feature is being removed from older versions of Windows 11 and Windows Server.
The details:
- VBS Enclaves continue to be supported in Windows 11, version 24H2 and later, or Windows Server 2025 and later.
- The feature is deprecated on Windows 11, version 23H2 and earlier, and Windows Server 2022 and earlier.
Note: This has nothing to do with VBScript, which Microsoft deprecated in 2023.
VBS Enclaves explained
VBS Enclaves provide isolated, secure environments for sensitive data on Windows systems. Only a few Microsoft and Windows-specific programs are confirmed to use the feature at the time of writing. Besides Microsoft Azure SQL Database, it is Windows 11's Recall feature and Credential Guard that are making use of it as well.
One advantage of VBS Enclaves is that they do not have hardware dependencies. As long as the VBS Enclaves feature is enabled on a supported Windows PC, it should work fine.
What deprecation means
Deprecation does not mean that the feature is going to be removed immediately. It means that a specific feature will be removed in a future version of the operating system. Or, in this case, in a future update for the affected operating systems. In fact, most home users may not be impacted by this at all. Here is why.
Windows 11, version 23H2 reaches end of support this November. All previous versions of Windows 11 are no longer supported for consumers. Means, Microsoft would have to remove the feature between April 2025 and November 2025 to affect home users. It seems unlikely that this is going to be the case.
Microsoft does not give a reason for the removal, which makes it all the more puzzling. Since the removal does not affect most home users, it is likely business and Enterprise customers that Microsoft is aiming at with the notice of deprecation.
One possible explanation is found on the Secure Enclaves documentation on Microsoft's Windows App Development website. There, Microsoft has added the following note: "Using these APIs for a VBS Enclave requires Windows 11 Build 26100.2314 or later or Windows Server 2025 or later."
It is possible that the deprecation affects third-party apps and they access to the API only and not first-party apps. We asked Microsoft about this but have not heard back at this point. We will update the article when we receive an answer.
@ jim:
Hello possible M$ employee, I hope you are well. Just kidding on that last part.
“The number of highly successful “FOSS” or “open source” projects is quite small.”
Only if your head is in the sand and you don’t use them. I like how you posted a few days after the original post, probably in the hopes no one would reply by then, right? Am I right? LOL!
“It’s essentially communism vs capitalism.”
No it is not, and you know better. ^_^
“When the bottom line is money and profits, you have no choice but to make a competent, functional product, (usually nice looking, with a functional UI) otherwise your product will be edged out by those that are better.”
I like your use of “edged” there. LOL! Look, even Gates himself said you need to create a need for people to need you. That is a loose quote from what he has said. Also, they would rather have you pirate their software, which is another loose quote. Windows is not by any measure, nor has it ever been, a “competent” “functional product”. It is a kingdom of rootkits and other exploits which is shoveled to you by a corrupt convicted monopoly which seeks to rule but cannot because FOSS keeps them in check.
When you worship money and are greedy, you are blinded by it all and willing to know no bounds. You’re not developing for the people, you’re developing for profit. Obviously you weren’t around during the years of Windows 95/98 where blue screens were abundant. Why do you think so many, which knew of no Windows alternative and mostly still don’t, were surprised and happy with XP/7? Partly because they weren’t blue screening all of the time.
This is what M$ brought to the table:
“”An Open Letter to Hobbyists” is a 1976 open letter written by Bill Gates, the co-founder of Microsoft, to early personal computer hobbyists, in which Gates expresses dismay at the widespread duplication of software taking place in the hobbyist community, particularly with regard to his company’s software.”
https://en.wikipedia.org/wiki/An_Open_Letter_to_Hobbyists
So you see, Free and Open Source Software was under attack from the very beginning and remains so. If M$ could they would crush Linux, but they cannot. It isn’t for a lack of trying.
FWIW:
https://en.wikipedia.org/wiki/Halloween_documents
“When the motivation is: “we just want to like, make an open source library anyone can use like, we care about the world man!” or other such hippy nonsense – sure, good projects will arise,”
First, framing the philosophy and purposes of Free and Open Source Software (and hardware!) as “hippy nonsense” is an easy out, and incorrect. It is about philosophy, for example:
https://www.gnu.org/philosophy/
“such as ffmpeg, but their development will be slower, because everything is done on the whim of essentially freelance hobbyists, or a proximate equivalent.”
With FOSS, anyone can contribute. But people have to eat and live to work rather than work to live. Time is of the essence. Sure, if FOSS had the marketing and funding of a corporation like M$, obviously there would be more people developing/contributing to FOSS.
But look what we get for all of the billions at Microsoft. We get buggy proprietary code with more remote exploits in the history of all Windows incarnations than any other OS combined! We get software outside of our control, we cannot audit it like FOSS nor can we make reproducible builds.
If you really want to keep up with REAL news regarding M$, be sure to visit:
https://techrights.org
A voice in the wilderness. The guy behind it all, devoting his precious time and effort to exposing M$ evil, has faced serious persecution from M$ and their minions. If you explore the man’s website in full, you would come away with a different perspective. But only if you’re not on the M$ payroll, which I can smell a mile away. I know attack dogs when I read from them. They send differing levels of mutts against FOSS advocates depending on how serious/informed the FOSS advocate is.
FOSS is changing the world, while fighting against being rubbed out by a mammoth who doesn’t know they died a long time ago, and in reality are on life support as they bleed profits and people.
FOSS will win in the end. Because it’s community that brings us together, it’s people, rather than corrupt businesses who avoid being broken up (justice failed us) yet support other “monopolies” being broken up because they are blinded by greed and are hypocrites.
How many chairs did Ballmer throw and what did he say about killing Google again? Look no further than NOVELL to see how far a M$ “partnership” goes.
“Microsoft does not give a reason for the removal, which makes it all the more puzzling.”
Microsoft, a convicted monpoly, is not to be trusted. Why should they give you a reason? They own you and your data, THEY OWN YOU AND YOUR DATA. Get that through your head!
M$ acts like a monarchy and rules your system with greed and lust.
Switch to another OS today, maybe Linux, maybe BSD, maybe … who knows! Find something you like that is open source and free and escape the land of M$ rootkits.
The number of highly successful “FOSS” or “open source” projects is quite small. It’s essentially communism vs capitalism. When the bottom line is money and profits, you have no choice but to make a competent, functional product, (usually nice looking, with a functional UI) otherwise your product will be edged out by those that are better.
When the motivation is: “we just want to like, make an open source library anyone can use like, we care about the world man!” or other such hippy nonsense – sure, good projects will arise, such as ffmpeg, but their development will be slower, because everything is done on the whim of essentially freelance hobbyists, or a proximate equivalent.