With the proper operation of guarded fabric, the Host Guardian Service and shielded VMs, you can use encryption to enhance Hyper-V security and limit the effects of an attack.
As virtualization technology advances, the need to protect and authenticate the validity of VMs increases. Microsoft introduced a new security model in Windows Server 2016 to help protect hosts and guest VMs against malicious activity. This model is called a guarded fabric, and it uses a Host Guardian Service (HGS) to manage and operate shielded VMs.
The general idea behind a guarded fabric is that VMs are little more than data files, such as virtual hard disk files. Anything that can expose or corrupt the file poses a security risk. A guarded fabric can continue to operate conventional, unprotected VMs that don't require additional security. Guarded fabric can also operate an encrypted VM, which can help guard the VM file at rest and in flight, as well as shielded VMs that rely on attestation to validate the underlying platform.
The Host Guardian Service is a new server role in Windows Server 2016. The role uses attestation to ensure that the Hyper-V hosts are running trusted software. An attestation service runs in conjunction with an encryption key protection service. Together, these services validate the identity and configuration of the Hyper-V host. That host then receives the keys necessary to decrypt and run shielded VMs. If the Hyper-V host isn't validated in this way, it can't decrypt and run shielded VMs.
The Host Guardian Service supports administrative attestation and hardware-based attestation. Administrative attestation uses Active Directory to validate the Hyper-V host. By comparison, hardware-based attestation requires the server to provide a minimum of Trusted Platform Module (TPM) 2.0 and Unified Extensible Firmware Interface 2.3.1 with Linux Secure Boot functionality enabled. Hardware-based attestation is the strongest protection for shielded VMs.
BitLocker Drive Encryption and a virtual TPM can create shielded VMs. Consequently, shielded VMs can only operate on healthy Hyper-V hosts that have first passed attestation. This means the Hyper-V host must be running the HGS, and the host must be validated before it receives the keys to decrypt shielded VMs. Otherwise, the Hyper-V host can't operate shielded VMs -- though unshielded and unencrypted VMs should work normally.
In practical terms, shielded VMs are encrypted, so it's not as dangerous if attackers steal, copy or intercept them. Host systems must be authorized and trusted before they can operate shielded VMs, so the VMs can't move to other unknown or untrusted hosts. This substantially limits the number of host platforms capable of running shielded VMs.