Are you looking to boost your PC’s security and harden your system against kernel-level attacks? If you’re running Windows 11, then enabling the Memory Integrity feature is a smart move. In this step-by-step guide, we’ll walk you through exactly how to turn on Memory Integrity, why it matters, what prerequisites you need, and how to troubleshoot if it won’t enable.
In this how-to-turn-on-memory-integrity-in-windows-11-a-step-by-step-guide, you’ll learn what Memory Integrity is, why it’s important, how to check compatibility, and how to activate it using the Settings app — plus alternate methods for power users. No fluff, no guesswork — just clear action.
✅ What Is Memory Integrity?
Before we dive into the how-to, let’s clarify what this setting does — so you know why you’re doing it.
-
Memory Integrity is a feature of the Core Isolation component in Windows 11’s security infrastructure.
-
Also known in some technical contexts as Hypervisor-Protected Code Integrity (HVCI) or Hypervisor-Enforced Code Integrity.
-
At a high level: It uses virtualization-based security (VBS) to isolate the Windows kernel and ensure only trusted, signed code runs at that high level. Microsoft Learn
-
In simpler language: It’s like putting a protective glass around your PC’s core processes — making it far harder for malicious code to tamper with the kernel.
Why should you care? Because attackers that achieve kernel-mode access (sadly, not unheard of) can compromise your system at the deepest levels. Memory Integrity helps raise that bar significantly.
🧐 Why You Should Turn on Memory Integrity
Here are the key benefits:
-
Stronger protection: It prevents untrusted drivers or kernel-mode code from loading and possibly hijacking core system processes.
-
Modern threat defence: With more sophisticated malware, having virtualization-based security on makes a real difference.
-
Built into Windows 11: You don’t need third-party tools — just hardware and software support.
-
Peace of mind: If you’re handling sensitive data or just want a more secure PC, this is a good step.
That said, it isn’t a fix-all. Compatibility (especially older drivers) and performance considerations are real. We’ll cover those later.
🔍 Prerequisites: What Your PC Must Support
Before you can turn on Memory Integrity, make sure your system meets the requirements — or you might hit issues or find the toggle greyed out.
| Requirement | Details |
|---|---|
| Hardware virtualization support | Your CPU must support virtualization features (for example Intel VT-x/VT-d, AMD SVM) and VBS. |
| Secure Boot enabled | To ensure the boot chain is secure and VBS can work properly. |
| Compatible drivers | Outdated or incompatible kernel drivers may prevent Memory Integrity from enabling. |
| Windows 11 version | While the feature exists in older Windows, Windows 11 brings certain enhancements and alerts if it’s off. |
If any of these aren’t met, you may find the toggle in Windows Security greyed-out or switching it on fails.
🧾 Step-by-Step: How to Turn on Memory Integrity via Windows Security
This is the easiest and most straightforward method — perfect if you’re a regular Windows user.
Step 1: Open Windows Security
-
Press Start, type Windows Security, and open the app.
-
Alternatively: Settings → Privacy & security → Windows Security.
Step 2: Navigate to Device Security
-
In the left-menu, click Device security.
-
If you don’t see it, your PC might not support the features or virtualization is disabled in BIOS.
Step 3: Click “Core isolation details”
-
Under the heading Core isolation, click Core isolation details.
Step 4: Toggle on Memory integrity
-
Locate the Memory integrity toggle switch.
-
Flip it to On.
-
Windows may show a message about incompatible drivers or that a restart is required.
Step 5: Restart your PC
-
To apply the change, a reboot is required. After restart, the setting should remain On and you’ll have Memory Integrity enabled.
🎉 Done! Your system is now using a virtualization-based security layer to protect its core.
❗ What to Do If “Toggle is Greyed Out” or It Won’t Stay On
Sometimes things don’t go smoothly. Here’s how to troubleshoot if you can’t enable Memory Integrity.
Common issue: “This setting is managed by your administrator”
-
This message often appears when the Registry setting has been locked or overridden via Group Policy.
Step A: Check for incompatible drivers
-
After you attempt to toggle on Memory Integrity, Windows may list incompatible drivers in red.
-
Use a tool like Autoruns (from Sysinternals) and check the Drivers tab for drivers that are disabled/red. Update or uninstall those drivers, then reboot and try again.
Step B: Enable virtualization in BIOS/UEFI
-
Ensure Virtualization Technology and Secure Boot are enabled in your system firmware.
-
If disabled, Memory Integrity will fail to switch on.
Step C: Modify Registry manually (advanced)
Warning: Both steps touch the registry — be cautious and backup your system first.
-
Open Regedit.
-
Navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity -
Double-click Enabled and set value to 1 to turn on.
-
Restart the PC.
-
Note: After this, the toggle in Windows Security may be greyed out (managed by admin).
-
If you later want to control via UI again, set the value to 0.
Step D: Use PowerShell (for advanced users)
This command enables Memory Integrity via registry.
🧰 Alternate Methods: Intune, Group Policy & Enterprise Scenarios
If you’re administering multiple computers or using Windows 11 Pro/Enterprise, you might prefer centralized methods.
-
Group Policy (GPO): Navigate to Computer Configuration → Administrative Templates → System → Device Guard. Enable “Turn on Virtualization Based Security” and set “Virtualization Based Protection of Code Integrity” to Enabled with UEFI lock.
-
Microsoft Intune / MDM: Use the Settings catalog to apply the “Hypervisor Enforced Code Integrity” setting, choose Enabled with UEFI lock.
These methods ensure consistent configuration across devices.
🛡️ Performance Considerations & Compatibility
Before you enable Memory Integrity, you should know:
-
Older hardware or incompatible drivers may prevent using this feature or reduce performance. For example, users report older PCs struggle:
“If you’re running Windows 11 on an older, incompatible PC … I recommend leaving it disabled to avoid slow downs.”
-
Certain virtualization software (VMware, VirtualBox) may conflict with VBS/Mem Integrity.
-
If you’re gaming and you hit performance issues, you may need to evaluate whether to leave it enabled — but balance security vs performance.
Generally, on modern hardware (8th-gen Intel or newer, AMD Zen 2 or newer) you should see minimal performance impact. Microsoft Learn
🧾 Summary Table: How to Turn on Memory Integrity
| Step | Action | Notes |
|---|---|---|
| 1 | Open Windows Security → Device Security | Admin rights required |
| 2 | Click Core isolation details | Found under Device Security |
| 3 | Toggle Memory integrity to On | May show warning about drivers |
| 4 | Restart PC | Changes applied after reboot |
| 5 | If greyed out → troubleshoot drivers/BIOs/registry | See advanced section above |
✅ Final Thoughts and Best Practices
You’ve now seen exactly how to turn on Memory Integrity in Windows 11, why it matters, and how to overcome common obstacles. To recap:
-
Memory Integrity is a powerful layer of protection using virtualization-based security.
-
It helps guard your system against kernel-mode attacks and untrusted drivers.
-
Compatibility is key — ensure hardware virtualization and supported drivers.
-
Use the Settings method for simplicity; use Registry/GPO/Intune for advanced deployment.
-
Balance security and performance based on your hardware and use-case (gaming vs security-first).
If you haven’t enabled it yet, take five minutes and flip that switch — your system will thank you.
❓ FAQs: How to Turn on Memory Integrity in Windows 11
Q1: Is Memory Integrity on by default in Windows 11?
Yes — it should be enabled by default on many Windows 11 devices, but sometimes it isn’t due to driver or hardware compatibility.
Q2: What happens if I can’t turn it on?
Usually an incompatible driver or BIOS setting is blocking it. Check for red-flagged drivers, enable virtualization & Secure Boot, then retry.
Q3: Will enabling Memory Integrity slow down my PC?
On modern hardware, the impact is negligible. On older devices or with incompatible drivers, there may be a performance hit.
Q4: Can I disable Memory Integrity if it causes issues?
Yes — toggle the setting off in the same “Core isolation details” screen, then reboot.
Q5: Is this enough security on its own?
No — while Memory Integrity is important, it’s one layer of many. Keep your drivers updated, use antivirus, enable other protections (e.g., Secure Boot, TPM) and practise good security hygiene.
📌 Key Takeaways
-
Memory Integrity (aka HVCI) adds strong kernel-level protection via virtualization.
-
Compatible hardware, Secure Boot and updated drivers are required.
-
Use Windows Security → Device Security → Core isolation to enable it.
-
If the toggle is greyed out: troubleshoot drivers, BIOS settings or use registry/GPO.
-
On modern systems, turn it on unless you have a specific reason (legacy hardware/gaming) not to.