Microsoft Discontinues Virtualization-Based Security Enclaves in Older Windows Versions

Microsoft has announced the removal of certain functions associated with older Windows operating systems, specifically targeting virtualization-based security enclaves (VBS) and Windows UWP Map Controls along with their related APIs. These features, primarily used by developers rather than end-users, are now slated for discontinuation.

On its official website dedicated to deprecated Windows features, Microsoft highlighted that the virtualization-based security enclaves provide a software-based Trusted Execution Environment (TEE), which helps isolate code and data from the standard program and kernel code. This technology is often utilized for encryption functions and can deliver Trusted Platform Module (TPM) functionalities. Such isolated environments are typically enabled by processors and operating systems, a feature also supported by Microsoft.

The discontinuation will affect Windows 11 version 23H2 and all previous versions, as well as Windows Server 2022 and its older iterations. However, these features will remain available in Windows 11 version 24H2 and Windows Server 2025, along with future releases. Developers relying on these functionalities will need to update their software development kits (SDKs) and Visual Studio to the latest versions. Users operating on legacy Windows versions and dependent on these tools must plan to upgrade their systems soon.

Additionally, two weeks prior to this announcement, Microsoft had already declared the phasing out of the Microsoft UWP Map Control and Windows Maps Platform APIs, which support various mapping applications. Microsoft intends to consolidate these services under the Azure Maps platform, replacing the older technologies. Developers employing the Windows UWP Map Control in their applications are advised to transition to Azure Maps within the next year. The company has provided guidance, code examples, and relevant resources for this migration on its replacement resources webpage.

Interestingly, not all announcements regarding deprecated functions have remained unchanged. Earlier in April, Microsoft indicated that the planned discontinuation of Driver Synchronization in Windows Server Update Services (WSUS) on April 18 would be postponed. Feedback from users highlighted the importance of this feature, especially for isolated networks, such as those utilized in maritime operations, where it remains essential.