Weird OS: Microsoft regularly deprecates features in Windows, typically replacing them with improved alternatives or streamlining development. That's why its decision to drop a relatively new security feature – one it promoted less than a year ago – raises questions about how Windows is evolving and which users might be left behind.
Microsoft has quietly added another entry to its ever-growing list of deprecated Windows features. The company is phasing out Virtualization-based Security (VBS) enclaves in Windows 11 23H2 and earlier, as well as Windows Server 2022 and earlier releases. However, support will continue in Windows Server 2025 and beyond.
The Redmond tech giant introduced VBS enclaves in July 2024, touting them as a significant step forward for Windows security, turning the OS into a virtual machine of sorts, running atop Microsoft's Hyper-V hypervisor.
Thanks to VBS enclaves, developers can now create software-based trusted execution environments within host applications. In simpler terms, a VBS enclave is a secure memory space with higher privileges than the operating system, running in a virtual machine atop Hyper-V. Using Dynamic Link Library files, developers can protect specific parts of their applications, which any Windows program can load.
Microsoft described VBS enclaves as a meaningful improvement in software security for virtualized Windows instances. Still, the company is removing the feature from Windows 11 23H2. Microsoft typically deprecates a feature once it stops developing it alongside the rest of the Windows code, though the feature usually continues to work until developers completely remove it.
A possible explanation for Microsoft phasing out VBS enclaves is Windows 11's accelerated development cycle, which now delivers new major releases every year and frequent, often disruptive monthly updates. According to Microsoft's documentation, VBS enclaves and Intel Software Guard Extension APIs require Windows 11 Build 26100.2314 or newer. Microsoft may be deliberately excluding older builds to avoid compatibility and reliability issues.
Microsoft ends support for Windows 11 23H2 this November, but most users will likely have upgraded to a newer release by then. If Microsoft removes VBS enclaves entirely from 23H2, enterprise customers still relying on the feature could face disruptions.
