Windows Server vNext LTSC base Requirements changes related to Security

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

In the next Long-Term Servicing Channel release of Windows Server [aka ‘vNext’], the base level Compatibility Requirements for system-level certification for Windows Server will be changed to include;

  • UEFI 2.3.1c or later support
  • If the Windows Server vNext operating system is pre-installed, Secure Boot must be enabled by default
  • Inclusion and default enablement of TPM version 2.0, either discrete or firmware-based


These requirements apply to servers where Windows Server vNext will run, including bare metal or virtual machines (guests) running on Hyper-V, and on the physical systems upon which third party hypervisors approved through the Server Virtualization Validation Program (SVVP) will run.


The enforcement of these requirements will be applied to new server platforms introduced to market after 1/1/2021.  Existing server platforms will include “Additional Qualification” to help customers identify systems that meet these requirements, similar to the current “Assurance AQ” for Windows Server 2019 today.


See the following links for more information;

UEFI 2.3.1c,

TPM 2.0,


For more information on the reasons for these changes, see

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.