Windows 11 22H2 is even more secure on Intel 12th Gen PCs

Since the release of Windows 11, Microsoft has pointed out that security is a crucial aspect of its latest OS. To explain the importance of features of TMP 2.0 and Core Isolation the company even demoed hacking attacks on mock systems.

In a blog post by Microsoft’s Jin Lin, a PM Manager at Azure and Windows OS platform, the company has confirmed new development and said that TME-MK is available on Intel’s 3rd Gen Xeon scalable Ice Lake and also on 12th Gen Alder Lake processors. A list of supported guest operating systems can be found here.

Below you may find the procedure on how to enable multi-key total memory encryption:

To boot a new Virtual Machine with TME-MK protection which assigns it a unique encryption key from other partitions we should use Powershell.

Open Powershell in elevated mode (run as admin)

type the following command:

Set-VMMemory -VMName -MemoryEncryptionPolicy EnabledIfSupported

In order to verify if a VM has enabled TME-MK for memory encryption the following command can be used:

Get-VmMemory -VmName | fl *

The output result should be like this:

MemoryEncryptionPolicy : EnabledIfSupported
MemoryEncryptionEnabled : True