Does it though? The point of MS's security requirements is to prevent malware from affecting the PC at boot time. Well, we're talking about VMs here, which does not have the same risk associated with it. By definition, the VM is separated from the hardware boot BIOS/firmware, right? It's one of the reasons to run a VM: to separate the OS from the hardware layer.