Allowing other operating systems to run on a secure system may allow users to circumvent security. For Hyper-V, preventing unauthorized users from being assigned to the Hyper-V Administrators group will prevent them from accessing or creating virtual machines on the system. The Hyper-V Hypervisor is used by Virtualization Based Security features such as Credential Guard on Windows 10; however, it is not the full Hyper-V installation. NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
For Hyper-V, remove any unauthorized groups or user accounts from the 'Hyper-V Administrators' group. For hosted hypervisors other than Hyper-V, restrict access to create or run virtual machines to authorized user accounts only.