Windows 11 22H2 gets multi-key encryption on Intel 12th Gen PCs

Reading time icon 3 min. read


Readers help support Windows Report. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help Windows Report effortlessly and without spending any money. Read more

Key notes

  • Windows 11 version 22H2 just received a new huge security upgrade, according to Redmond.
  • Intel’s Total Memory Encryption Multi-Key (TME-MK) is now available on Windows 11 22H2.
  • TME-MK is available on Intel’s 3rd Gen Xeon scalable Ice Lake CPUs, and Intel 12th Gen Alder Lake.
w11 intel

Ever since Windows 11 was released, back in October 2021, Microsoft made it clear that security was a big aspect of the new operating system, thus enforcing strict system requirements

The Redmond tech company explained why features like TPM 2.0 and Virtualization-based Security (Core Isolation) play a key role on Windows 11 and also demoed hacking attacks on mock systems.

In case you were wondering why, know that with the launch of Windows 11 version 22H2, Microsoft detailed the security features users can expect in the new feature update.

Windows 11 version 22H2 is now more secure on Intel CPUs

The buggy 2022 update has now received a security upgrade as Microsoft announced that Intel’s Total Memory Encryption – Multi-Key (TME-MK) is now available on Windows 11 22H2 as well.

In a brand new blog post, the PM Manager at Azure and Windows OS Platform confirmed this new development.

Hardware-wise, TME-MK is available on Intel’s 3rd Gen Xeon scalable Ice Lake CPUs, and Intel 12th Gen Alder Lake processors on the client side.

Keep in mind that TME-MK is available in Intel 3rd Generation Xeon server processors and Intel 12th Generation Core client processors.

That being said, Azure, Azure Stack HCI, and now Windows 11 22H2 operating systems also take advantage of this new generation hardware feature.

Another important detail here is that TME-MK is compatible with Gen 2 VM version 10 and newer. You can check out the list of Guest OS’s supported in Gen 2, right here.

thumbnail image 1 of blog post titled 
	
	
	 
	
	
	
				
		
			
				
						
							Multi-Key Total Memory Encryption on Windows 11 22H2

How can I enable multi-key total memory encryption?

If you want to boot a new VM with TME-MK protection, assigning it a unique encryption key from other partitions, use the following PowerShell cmdlet:

Set-VMMemory -VMName -MemoryEncryptionPolicy EnabledIfSupported

Now, in order to verify a running VM is enabled and using TME-MK for memory encryption, you can use the following Powershell cmdlet:

Get-VmMemory -VmName | fl *

Please keep in mind that the following return value would describe a TME-MK protected VM:

MemoryEncryptionPolicy : EnabledIfSupported

MemoryEncryptionEnabled : True

If you need more information on the matter, be sure to check the official blog post we linked above and take your time when going through the process.

Microsoft said that Windows will continue to evolve and adopt modern defense-in-depth capabilities to continue protecting users.

Truth be told, Windows 11 did come a long way since its beginnings and we are all eager to see what the future has in store for us.

Have you tried this new security capability on your Windows 11 22H2 machine? Share your experience with us in the comments section below.

More about the topics: Windows 11 Software & Apps