Windows 11 22H2 gets multi-key encryption on Intel 12th Gen PCs

by Alexandru Poloboc
Alexandru Poloboc
Alexandru Poloboc
News Editor
With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor,... read more
Affiliate Disclosure
  • Windows 11 version 22H2 just received a new huge security upgrade, according to Redmond.
  • Intel’s Total Memory Encryption Multi-Key (TME-MK) is now available on Windows 11 22H2.
  • TME-MK is available on Intel’s 3rd Gen Xeon scalable Ice Lake CPUs, and Intel 12th Gen Alder Lake.
w11 intel

Ever since Windows 11 was released, back in October 2021, Microsoft made it clear that security was a big aspect of the new operating system, thus enforcing strict system requirements

The Redmond tech company explained why features like TPM 2.0 and Virtualization-based Security (Core Isolation) play a key role on Windows 11 and also demoed hacking attacks on mock systems.

In case you were wondering why, know that with the launch of Windows 11 version 22H2, Microsoft detailed the security features users can expect in the new feature update.

Windows 11 version 22H2 is now more secure on Intel CPUs

The buggy 2022 update has now received a security upgrade as Microsoft announced that Intel’s Total Memory Encryption – Multi-Key (TME-MK) is now available on Windows 11 22H2 as well.

In a brand new blog post, the PM Manager at Azure and Windows OS Platform confirmed this new development.

Hardware-wise, TME-MK is available on Intel’s 3rd Gen Xeon scalable Ice Lake CPUs, and Intel 12th Gen Alder Lake processors on the client side.

Keep in mind that TME-MK is available in Intel 3rd Generation Xeon server processors and Intel 12th Generation Core client processors.

That being said, Azure, Azure Stack HCI, and now Windows 11 22H2 operating systems also take advantage of this new generation hardware feature.

Another important detail here is that TME-MK is compatible with Gen 2 VM version 10 and newer. You can check out the list of Guest OS’s supported in Gen 2, right here.

thumbnail image 1 of blog post titled 
							Multi-Key Total Memory Encryption on Windows 11 22H2

How can I enable multi-key total memory encryption?

If you want to boot a new VM with TME-MK protection, assigning it a unique encryption key from other partitions, use the following PowerShell cmdlet:

Set-VMMemory -VMName -MemoryEncryptionPolicy EnabledIfSupported

Now, in order to verify a running VM is enabled and using TME-MK for memory encryption, you can use the following Powershell cmdlet:

Get-VmMemory -VmName | fl *

Please keep in mind that the following return value would describe a TME-MK protected VM:

MemoryEncryptionPolicy : EnabledIfSupported

MemoryEncryptionEnabled : True

If you need more information on the matter, be sure to check the official blog post we linked above and take your time when going through the process.

Microsoft said that Windows will continue to evolve and adopt modern defense-in-depth capabilities to continue protecting users.

Truth be told, Windows 11 did come a long way since its beginnings and we are all eager to see what the future has in store for us.

Have you tried this new security capability on your Windows 11 22H2 machine? Share your experience with us in the comments section below.

Still having issues? Fix them with this tool:


If the advices above haven't solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on to easily address them. After installation, simply click the Start Scan button and then press on Repair All.

This article covers:Topics: