If a game tells you to enable IOMMU and VBS, it's asking for two hardware-security features that block DMA cheats — and turning them on is mostly a UEFI toggle plus a Windows setting. Fortnite now requires them for tournaments, FACEIT requires them for higher-Elo play, and more competitive titles are following. The good news: most Windows 11 PCs can enable both without new hardware.
This guide walks through what IOMMU and VBS do, how to turn them on safely, and what to check if Windows says the option isn't available.
Quick reference: what you're enabling
| Feature | What it does | Where you enable it |
|---|---|---|
| Hardware virtualization | Prerequisite for the rest | UEFI/BIOS (VT-x / SVM) |
| IOMMU | Hardware firewall for RAM vs DMA | UEFI/BIOS (VT-d / AMD-Vi) |
| VBS / Memory Integrity | Isolates kernel memory | Windows Security |
What IOMMU and VBS actually do
IOMMU acts like a hardware firewall for your RAM: it controls what a plugged-in device can read over the bus, which blocks DMA-card cheats from reading protected game memory. VBS — Virtualization-Based Security, paired with Memory Integrity (HVCI) — uses your CPU's virtualization to wall off critical parts of the system. Together they shut down a class of cheats that traditional anti-cheat struggled with, which is the whole reason games started requiring them. We cover the why in IOMMU and DMA cheats.
Step 1: enable virtualization and IOMMU in UEFI
These start in your motherboard firmware, so reboot into UEFI/BIOS (usually Del or F2 at startup).
- Enable hardware virtualization — Intel calls it VT-x, AMD calls it SVM Mode.
- Enable IOMMU — on Intel boards it's usually VT-d; on AMD it's IOMMU or AMD-Vi.
- While you're there, confirm Secure Boot and TPM are on, since the same games usually require them too — our guides on enabling TPM 2.0 and enabling Secure Boot cover those.
Menu names vary by manufacturer, so if you can't find a setting, search your exact motherboard model. Save and exit.
Step 2: turn on Memory Integrity in Windows
Back in Windows 11, open Windows Security, go to Device security, then Core isolation, and switch on Memory integrity. Reboot when prompted. That enables VBS with HVCI. On managed or edge-case systems you can also enable it through Local Group Policy (gpedit.msc) under Device Guard, but for most players the Windows Security toggle is all you need.
If the option is greyed out or missing
A "Core isolation not available" or greyed-out Memory Integrity toggle almost always means virtualization or IOMMU isn't enabled in UEFI yet, so revisit Step 1. Outdated or incompatible drivers can also block it — Windows will sometimes name the culprit. Make sure Windows is updated, since the same firmware-trust baseline is part of why Windows 10's end of life matters for anti-cheat.
A note before you flip settings
Enabling these is safe and expected — they're security features, not a ban risk. But two cautions: changing UEFI settings can affect boot order, and if BitLocker is active you may be prompted for your recovery key, so have it handy. None of this changes your hardware identity, by the way — it's the same firmware-anchored baseline that makes a hardware fingerprint reliable, just switched on.
FAQ
Do I need new hardware for IOMMU and VBS?
Usually not. Most Windows 11-capable PCs support both; you just enable them in UEFI and Windows.
Will enabling VBS hurt gaming performance?
On modern hardware the impact is small for most games. The security benefit is why competitive titles now require it.
Why is Memory Integrity greyed out?
Most often because virtualization or IOMMU isn't enabled in UEFI, or an incompatible driver is installed. Fix the UEFI settings first.
Does enabling these change my HWID?
No. They switch on platform security features; they don't alter your motherboard, TPM, or other firmware identifiers.
The takeaway
IOMMU and VBS are becoming table stakes for competitive play because they close the DMA-cheat door that anti-cheats couldn't. Enabling them is a two-part job — virtualization and IOMMU in UEFI, Memory Integrity in Windows — and if the toggle is greyed out, the fix is almost always back in the firmware. Turn them on knowingly, keep your BitLocker key nearby, and you'll meet the requirement most competitive games are now standardizing on.