To fix this configure the policy value for:
Computer Configuration
|_ Administrative Templates
|_ System
|_ Device Guard
|_ Turn On Virtualization Based Security to "Enabled" with "Secure Boot" or "Secure Boot and DMA Protection" selected.

A Microsoft TechNet article on Credential Guard, including system requirement details, can be found at the following link:

https://technet.microsoft.com/itpro/windows/keep-secure/credential-guard

STIG:
Server 2022: https://www.stigviewer.com/stig/microsoft_windows_server_2022/2022-08-25/finding/V-254343
Server 2019: https://www.stigviewer.com/stig/windows_server_2019/2020-06-15/finding/V-93245 / https://www.stigviewer.com/stig/windows_server_2019/2020-06-15/finding/V-93245
Server 2016: https://www.stigviewer.com/stig/microsoft_windows_server_2016/2021-09-29/finding/V-224923 / https://www.stigviewer.com/stig/windows_server_2016/2020-06-16/finding/V-73513

Desktop:
W10: https://www.stigviewer.com/stig/microsoft_windows_10/2022-04-08/finding/V-220811 / https://www.stigviewer.com/stig/windows_10/2021-08-18/finding/V-220811
W11: https://www.stigviewer.com/stig/microsoft_windows_11/2022-06-24/finding/V-253369

NOTE: The policy settings referenced in the Fix section will configure the registry values. However, due to hardware requirements, the registry values alone do not ensure proper function.

NOTE 2: If this GPO is enabled but the secure boot is not when applying the GPO changes an error GPO error message applying settings for {F312195E-3D9D-447A-A3F5-08DFFA24735E} could be shown, indicating that secure boot is not enabled so this policy can't be applied.