This recipe covers how to protect Hyper-V shielded VMs with SCDPM.
To protect Hyper-V shielded virtual machines, you need to make sure that your servers support Trusted Platform Modules (TPM). A TPM is a chip in the motherboard of computers that helps integrate cryptographic keys. These keys are used by BitLocker to protect the computer even if it is stolen. Virtual TPM (vTPM) is a new feature introduced in Windows Server 2016 Hyper-V and enhanced in Windows Server 2019 Hyper-V. With vTPM, you can use BitLocker and a virtual TPM chip to encrypt an entire VM, thereby protecting the VM. These VMs, called shielded VMs, can only be run on healthy and approved guarded hosts by the host guardian service in the fabric.