• vSphere 6.7 introduces support for the entire range of Microsoft virtualization-based security technologies introduced in Windows 10 and Windows Server 2016. This is a result of close collaboration between VMware and Microsoft to ensure that Windows VMs on vSphere systems support in-guest security features while continuing to be performance and secure on the vSphere platform.

NOTE: To build Windows 10 or Windows Server 2016 VMs today, we recommend building them with EFI firmware enabled. Moving from traditional BIOS/MBR to EFI (UEFI) firmware after the fact introduces some challenges late

• When selecting a guest operating system, BIOS or Extensible Firmware Interface (EFI) is selected by default, depending on the firmware supported by the operating system. Mac OS X Server guest operating systems support only EFI. If the operating system supports BIOS and EFI, change the Firmware - Boot options value from the VM Options tab of the Edit Settings dialog after creating the virtual machine and before installing the guest operating system. If EFI firmware version is selected, the VM cannot boot in to the operating system that supports only BIOS, and the same is application vice versa.

Important
Do not change the firmware after the guest operating system is installed. The guest operating system installer partitions the disk in a particular format, depending on which firmware the installer was booted from. If the firmware is changed, the VM will not be able to boot in to the guest operating system.

• When creating a virtual machine that is Windows 10 or Windows Server 2016 and later, choose it be compatible with ESXi 6.7 and later, 

• The default boot options are EFI firmware and secure boot
  
  

For more information, refer the release notes: VMware vSphere 6.7 Release Notes