used to encrypt the drive. The BitLocker feature must be enabled within the server OS
to use BitLocker. Once the BitLocker encryption has completed, it can be considered
shielded.
Install-WindowsFeature BitLocker
If the properties of a shielded VM under Security are examined, the TPM will be
enabled, state and migration traffic will be encrypted, and the VM will have shielding
enabled, as shown in Figure 5.24. Because the policy is applied in a guarded fabric, the
virtualization administrator cannot change any of the configuration, and the VHD(x)
files are encrypted because BitLocker was used inside the VM, making them
unreadable. Any attempt to use console access or PowerShell Direct will fail, as shown
in Figure 5.25. If using SCVMM, a Security Summary tab can be added to the VM view
that will show the VM as Shielded.
Figure 5.24 Properties for a shielded VM