Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Azure confidential computing offerings include virtual machines (VMs) and containers, services, and supplemental offerings.
Virtual machines and containers
Azure provides the broadest support for hardened technologies such as AMD SEV-SNP, Intel Trust Domain Extensions (TDX), and Intel Software Guard Extensions (SGX). All technologies meet our definition of confidential computing, which is to help organizations prevent unauthorized access or modification of code and data while in use.
- Confidential VMs that use AMD SEV-SNP. DCasv5 and ECasv5 enable rehosting of existing workloads and help to protect data from cloud operators with VM-level confidentiality. DCasv6 and ECasv6 confidential VMs based on fourth-generation AMD EPYC processors are currently in gated preview and offer enhanced performance.
- Confidential VMs that use Intel TDX. DCesv5 and ECesv5 enable rehosting of existing workloads and help to protect data from cloud operators with VM-level confidentiality.
- Confidential VMs with graphics processing units (GPUs). NCCadsH100v5 confidential VMs come with a GPU and help to ensure data security and privacy while boosting AI and machine learning tasks. These confidential VMs use linked CPU and GPU Trusted Execution Environments (TEEs) to protect sensitive data in the CPU and a GPU to accelerate computations. They're ideal for organizations that need to protect data from cloud operators and use high-performance computing.
- VMs with application enclaves that use Intel SGX. DCsv2, DCsv3, and DCdsv3 enable organizations to create hardware enclaves. These secure enclaves help to protect VMs from cloud operators and an organization's own VM admins.
- Confidential VM Azure Kubernetes Service (AKS) worker nodes that allow rehosting of containers to AKS clusters. Worker nodes based on AMD SEV-SNP hardware help to protect data from cloud operators with worker-node level confidentiality and provide the configuration flexibility of AKS.
- Confidential containers on Azure Container Instances that allow rehosting of containers to the serverless container instances that run on AMD SEV-SNP hardware. Confidential containers support container-level integrity and attestation via confidential computing enforcement (CCE) policies. These policies prescribe the components that are allowed to run within the container group. The container runtime enforces the policy. This policy helps to protect data from the cloud operator and internal threat actors with container-level confidentiality.
- App enclave-aware containers that run on AKS. Confidential computing nodes on AKS use Intel SGX to create isolated enclave environments in the nodes between each container application.
Confidential services
Azure offers various platform as a service (PaaS), software as a service (SaaS), and VM capabilities that support or are built on confidential computing:
- Confidential inferencing with the Azure OpenAI Whisper model. Azure confidential computing ensures data security and privacy through TEEs. It includes encrypted prompt protection, user anonymity, and transparency by using OHTTP and confidential GPU VMs.
- Azure Databricks helps you bring more security and increased confidentiality to your Databricks lakehouse by using confidential VMs.
- Azure Virtual Desktop ensures that a user's virtual desktop is encrypted in memory, protected in use, and backed by hardware root of trust.
- Azure Key Vault Managed HSM is fully managed and highly available. Use this single-tenant, standards-compliant cloud service to safeguard cryptographic keys for your cloud applications by using FIPS 140-2 Level 3 validated hardware security modules (HSMs).
- Azure Attestation is a remote attestation service for validating the trustworthiness of multiple TEEs and verifying the integrity of the binaries that run inside the TEEs.
- Azure confidential ledger is a tamper-proof register for storing sensitive data for record keeping and auditing or for data transparency in multiparty scenarios. It offers Write-Once-Read-Many guarantees, which make data nonerasable and nonmodifiable. The service is built on the Microsoft Research Confidential Consortium Framework.
- Always Encrypted with secure enclaves in Azure SQL. The confidentiality of sensitive data is protected from malware and high-privileged unauthorized users by running SQL queries directly inside a TEE.
This portfolio expands based on customer demand.
Supplementary offerings
- Trusted Launch is available across all Generation 2 VMs. It brings hardened security features such as secure boot, virtual trusted platform module, and boot integrity monitoring. These security features protect against boot kits, rootkits, and kernel-level malware.
- Azure Integrated HSM is currently in development. Azure Integrated HSM is a dedicated HSM that meets FIPS 140-3 Level 3 security standards. It provides robust key protection by enabling encryption and signing keys to remain within the HSM without incurring network access latency. Azure Integrated HSM offers enhanced security with locally deployed HSM services. It allows cryptographic keys to remain isolated from guest and host software. It supports high volumes of cryptographic requests with minimum latency. Azure Integrated HSM will be installed in every new server in Microsoft's datacenters starting next year to increase protection across Azure's hardware fleet.
- Trusted Hardware Identity Management is a service that handles cache management of certificates for all TEEs that reside in Azure. It provides trusted computing base information to enforce a minimum baseline for attestation solutions.
- Azure IoT Edge supports confidential applications that run within secure enclaves on an Internet of Things (IoT) device. IoT devices are often exposed to tampering and forgery because they're physically accessible by bad actors. Confidential IoT Edge devices add trust and integrity at the edge. They protect access to data captured by and stored inside the device itself before streaming it to the cloud.
- Confidential Inference ONNX Runtime is a machine learning inference server that restricts the machine learning hosting party from accessing the inferencing request and its corresponding response.