Event details
Hotpatching should be for specific use-case devices, not everything.
Additionally, regarding VBS being a pre-req, any device that has been installed with Win11 22H2 or later has HVCI and VBS enabled by default. You can also enable VBS via the Settings Catalog in Intune, and it's really poor that option wasn't shown in the video at all. Just don't assign it to devices or you'll get a reboot during Autopilot.
New Windows 11, version 24H2 PCs will have VBS enabled by default. A PC upgraded to Windows 11 24H2 will maintain the older OS's VBS config state. So be sure to check VBS status on upgraded machines or anytime you expect the device to receive the hotpatch update but it doesn't. Great feedback on using Intune to set the OS configuration settings.
So we can not use Hotpatching for example Citrix VMs, because it is not supported by Citrix Hypervisor (VBS requires nested virtualization support).
Right?- VishalBajaj
Microsoft
VBS does not require nested virtualization support. It can work in Guest mode too. But you will need a hypervisor that can
1) Expose Virtual Trust Levels (VTLs) interfaces (which do not exist other than HyperV) OR
2) Create a VM with nested virtualization support
There is no need to create a nested VM in the VM
Okay. For Example:
VMware ESXi 8.0 Hypervisor >> Win11 VMs >> Citrix 7 VDA LTSR >> GPO "Turn On VBS" = EnabledWith this configuration, we get the following error during gpupdate:
{F312195E-3D9D-447A-A3F5-08DFFA24735E} failed due to the error listed below.
A hypervisor feature is not available to the user.Why do we get this error?
Is it because the option "Virtualization Based Security" = Disabled in vSphere?
