Azure offerings
Virtual machines and containers
Azure provides the broadest support for hardened technologies such as AMD SEV-SNP, Intel TDX, and Intel SGX. All technologies meet our definition of confidential computing, helping organizations prevent unauthorized access or modification of code and data while in use.
Confidential VMs using AMD SEV-SNP. DCasv5 and ECasv5 enable lift-and-shift of existing workloads and helps protect data from the cloud operator with VM-level confidentiality. DCasv6 and ECasv6 confidential virtual machines based on 4th generation AMD EPYC processors are currently in gated preview and offer enhanced performance.
Confidential VMs using Intel Trust Domain eXtensions (TDX). DCesv5 and ECesv5 enable lift-and-shift of existing workloads and helps protect data from the cloud operator with VM-level confidentiality.
Confidential VMs with Graphical Processing Units (GPUs). NCCadsH100v5 confidential VMs come with a GPU help to ensure data security and privacy while boosting AI and machine learning tasks. These CVMs use linked CPU and GPU TEEs to protect sensitive data in CPU and a GPU to accelerate computations, making it ideal for organizations needing to protect data from the cloud operator and using high-performance computing.
VMs with Application Enclaves using Intel SGX. DCsv2, DCsv3, and DCdsv3 enable organizations to create hardware enclaves. These secure enclaves help protect from cloud operators, and your own VM admins.
Confidential VM AKS Worker Nodes allows lift-and-shift of containers to AKS clusters using worker nodes based on AMD SEV-SNP hardware and helps protect data from the cloud operator with worker-node level confidentiality with the configuration flexibility of Azure Kubernetes Service (AKS).
Confidential Containers on ACI allows lift-and-shift of containers to the serverless Azure Container Instances service running on AMD SEV-SNP hardware. Confidential containers support container-level integrity and attestation via confidential computing enforcement (CCE) policies that prescribe the components that are allowed to run within the container group, which the container runtime enforces. This helps protect data from the cloud operator and internal threat actors with container-level confidentiality.
App-enclave aware containers running on Azure Kubernetes Service (AKS). Confidential computing nodes on AKS use Intel SGX to create isolated enclave environments in the nodes between each container application.
Confidential services
Azure offers various PaaS, SaaS and VM capabilities supporting or built upon confidential computing, this includes:
Confidential inferencing with Azure OpenAI Whisper Azure Confidential Computing ensures data security and privacy through TEEs. It includes encrypted prompt protection, user anonymity, and transparency using OHTTP and Confidential GPU VMs.
Azure Databricks helps you bring more security and increased confidentiality to your Databricks Lakehouse using confidential VMs.
Azure Virtual Desktop ensures a user’s virtual desktop is encrypted in memory, protected in use, and backed by hardware root of trust.
Azure Key Vault Managed HSM, a fully managed, highly available, single-tenant, standards-compliant cloud service that enables you to safeguard cryptographic keys for your cloud applications, using FIPS 140-2 Level 3 validated Hardware Security Modules (HSM).
Microsoft Azure Attestation, a remote attestation service for validating the trustworthiness of multiple Trusted Execution Environments (TEEs) and verifying integrity of the binaries running inside the TEEs.
Azure Confidential Ledger. ACL is a tamper-proof register for storing sensitive data for record keeping and auditing or for data transparency in multi-party scenarios. It offers Write-Once-Read-Many guarantees, which make data non-erasable and non-modifiable. The service is built on Microsoft Research's Confidential Consortium Framework.
Always Encrypted with secure enclaves in Azure SQL. The confidentiality of sensitive data is protected from malware and high-privileged unauthorized users by running SQL queries directly inside a TEE.
And we are actively working on expanding this portfolio based on customer demand.
Supplementary offerings
Trusted Launch is available across all Generation 2 VMs bringing hardened security features – secure boot, virtual trusted platform module, and boot integrity monitoring – that protect against boot kits, rootkits, and kernel-level malware.
Azure Integrated HSM is currently in-development. Azure Integrated HSM is a dedicated hardware security module designed to meet FIPS 140-3 Level 3 security standards, providing robust key protection by enabling encryption and signing keys to remain within the HSM without incurring network access latency. It offers enhanced security with locally deployed HSM services, allowing cryptographic keys to remain isolated from software, including both guest and host software, and supports high volumes of cryptographic requests with minimum latency. Azure Integrated HSM will be installed in every new server in Microsoft's datacenters starting next year to increase protection across Azure's hardware fleet.
Trusted Hardware Identity Management, a service that handles cache management of certificates for all TEEs residing in Azure and provides trusted computing base (TCB) information to enforce a minimum baseline for attestation solutions.
Azure IoT Edge supports confidential applications that run within secure enclaves on an Internet of Things (IoT) device. IoT devices are often exposed to tampering and forgery because they're physically accessible by bad actors. Confidential IoT Edge devices add trust and integrity at the edge by protecting the access to data captured by and stored inside the device itself before streaming it to the cloud.
Confidential Inference ONNX Runtime, a Machine Learning (ML) inference server that restricts the ML hosting party from accessing both the inferencing request and its corresponding response.