Overview

Azure Confidential Virtual Machines (CVMs) provide hardware-enforced protection for sensitive workloads by encrypting data in use using AMD SEV-SNP technology.

In enterprise environments, organizations typically need to:

• Create hardened golden images
• Standardize baseline configurations
• Support both Platform Managed Keys (PMK) and Customer Managed Keys (CMK)
• Version and replicate images across regions

This guide walks through the correct and production-supported approach for building reusable custom images for Confidential VMs using:

• PowerShell (Az module)
• Azure Portal
• Disk Encryption Sets (CMK)
• Azure Compute Gallery

Key Design Principles

Before diving into implementation steps, it is important to clarify that during real-world implementations, two important architectural truths become clear:

✅1️⃣ The Same Image Supports PMK and CMK

The encryption model (PMK vs CMK) is not embedded in the image.

Encryption is applied:

• At VM deployment time
• Through disk configuration (default PMK or Disk Encryption Set for CMK)

This means:

1. You build one golden image.
2. You deploy it using PMK or CMK depending on compliance requirements.

This simplifies lifecycle management significantly.

✅2️⃣ Confidential VM Image Versions Must Use Source VHD

When publishing to Azure Compute Gallery:

• Confidential VMs require Source VHD (Mandatory Requirement)

This is a platform requirement for Confidential Security Type support.

Therefore, the correct workflow is:

1. Deploy base Confidential VM
2. Harden and configure
3. Generalize
4. Export OS disk as VHD
5. Upload to storage
6. Publish to Azure Compute Gallery
7. Deploy using PMK or CMK

Security Stack Breakdown

Implementation Steps

🖥️ Step 1 – Deploy a Base Windows Confidential VM

This VM will serve as the image builder.

Key Requirements

• Gen2 Image
• Confidential SKUs (similar to DCasv5 or ECasv5 series)
• SecurityType = ConfidentialVM
• Secure Boot enabled
• vTPM enabled
• Confidential OS Encryption enabled

Reference Code Snippets (PowerShell)

$rg = "rg-cvm-gi-pr-sbx-01"
$location = "NorthEurope"
$vmName = "cvmwingiprsbx01"

New-AzResourceGroup -Name $rg -Location $location

$cred = Get-Credential

$vmConfig = New-AzVMConfig `
    -VMName $vmName `
    -VMSize "Standard_DC2as_v5" `
    -SecurityType "ConfidentialVM"

$vmConfig = Set-AzVMOperatingSystem `
    -VM $vmConfig `
    -Windows `
    -ComputerName $vmName `
    -Credential $cred

$vmConfig = Set-AzVMSourceImage `
    -VM $vmConfig `
    -PublisherName "MicrosoftWindowsServer" `
    -Offer "WindowsServer" `
    -Skus "2022-datacenter-azure-edition" `
    -Version "latest"

$vmConfig = Set-AzVMOSDisk `
    -VM $vmConfig `
    -CreateOption FromImage `
    -SecurityEncryptionType "ConfidentialVM_DiskEncryptedWithPlatformKey"

New-AzVM -ResourceGroupName $rg -Location $location -VM $vmConfig

📸 Reference Screenshots

Fig 1: VM Overview showing Confidential VM security type enabledFig 2: VM OS Disk showing Confidential Disk Encryption

🔧 Step 2 – Harden and Customize the OS

This is where you:

• Install monitoring agents
• Install Defender for Endpoint
• Apply CIS baseline
• Install security agents
• Remove unwanted services
• Install application dependencies

This is your enterprise golden baseline depending on the individual organizational requirements.

🔄 Step 3 – Generalize the Windows Confidential VM (Production-Ready Method)

Confidential VMs often enable BitLocker automatically.
Improper Sysprep handling can cause failures.

Generalizing a Windows Confidential VM properly is critical to avoid:

• Sysprep failures
• BitLocker conflicts
• Image corruption
• Deployment errors later

Follow these steps carefully inside the VM and later through Azure PowerShell.

1. Remove Panther Folder

The Panther folder stores logs from previous Sysprep operations. If leftover logs exist, Sysprep can fail.

This safely removes old Sysprep metadata.

rd /s /q C:\Windows\Panther

✔ This step prevents common “Sysprep was not able to validate your Windows installation” errors.

2. Run Sysprep

Navigate to Sysprep directory and run sysprep command:

cd %windir%\system32\sysprep
sysprep.exe /generalize /shutdown

Parameters explained:

⚠️ Handling BitLocker Issues (Common in Confidential VMs):

• Confidential VMs may automatically enable BitLocker.
• If Sysprep fails due to encryption, follow the next steps to resolve the issue and execute sysprep again.

3. Check BitLocker Status & Turn Off BitLocker

manage-bde -status

If Protection Status is 'Protection On':

manage-bde -off C:

Wait for decryption to complete fully.

⚠️ Do not run Sysprep again until decryption reaches 100%.

4. Reboot and Run Sysprep Again

After decryption completes:

1. Reboot the VM
2. Open Command Prompt as Administrator
3. Navigate to Sysprep folder and run sysprep command:

cd %windir%\system32\sysprep
sysprep.exe /generalize /shutdown

✔ VM will shut down automatically.

5. Mark VM as Generalized in Azure

Now switch to Azure PowerShell:

Stop-AzVM -Name $vmName -ResourceGroupName $rg -Force
Set-AzVM -Name $vmName -ResourceGroupName $rg -Generalized

✔ This marks the VM as ready for image capture.

🧠 Why These Extra Steps Matter in Confidential VMs

Confidential VMs differ from standard VMs because:

• They use vTPM
• They may auto-enable BitLocker
• They enforce Secure Boot
• They use Gen2 images

Improper handling can cause:

• Sysprep failures
• Image capture errors
• Deployment failures from image
• “VM provisioning failed” issues

These cleanup steps dramatically increase success rate.

💾 Step 4 – Export OS Disk as VHD

Azure Gallery Image Definitions with Security Type as 'TrustedLaunchAndConfidentialVmSupported' require Source VHD as the support for Source Image VM is not available.

1. Generate the SAS URL for OS Disk of the Virtual Machine.
2. Copy to Storage Account as a .vhd file.
3. Use Get-AzStorageBlobCopyState to validate the copy status and wait for completion.

$vm = Get-AzVM -Name $vmName -ResourceGroupName $rg
$osDiskName = $vm.StorageProfile.OsDisk.Name

$sas = Grant-AzDiskAccess ` -ResourceGroupName $rg `
    -DiskName $osDiskName `
    -Access Read `
    -DurationInSecond 3600

$storageAccountName = "stcvmgiprsbx01"
$storageContainerName = "images"
$destinationVHDFileName = "cvmwingiprsbx01-OsDisk-VHD.vhd"

$destinationContext = New-AzStorageContext -StorageAccountName $storageAccountName

Start-AzStorageBlobCopy -AbsoluteUri $sas.AccessSAS -DestContainer $storageContainerName -DestContext $destinationContext -DestBlob $destinationVHDFileName

Get-AzStorageBlobCopyState -Blob $destinationVHDFileName -Container $storageContainerName -Context $destContext

🏢 Step 5 – Create Azure Compute Gallery & Image Version

Instead of creating a standalone managed image, we will:

1. Create an Azure Compute Gallery
2. Create an Image Definition
3. Publish a Gallery Image Version from the generalized Confidential VM

This enables:

• Versioning
• Regional replication
• Staged rollouts
• Enterprise image lifecycle management

1. Create Azure Compute Gallery

$galleryName = "cvmImageGallery"

New-AzGallery `
    -GalleryName $galleryName `
    -ResourceGroupName $rg `
    -Location $location `
    -Description "Confidential VM Image Gallery"

2. Create Image Definition for Windows Confidential VM

Important settings:

• OS State = Generalized
• OS Type = Windows
• HyperV Generation = V2
• Security Type = TrustedLaunchAndConfidentialVmSupported

$imageDefName = "img-win-cvm-gi-pr-sbx-01"
$ConfidentialVMSupported = @{Name='SecurityType';Value='TrustedLaunchAndConfidentialVmSupported'}
$Features = @($ConfidentialVMSupported)

New-AzGalleryImageDefinition `
    -GalleryName $galleryName `
    -ResourceGroupName $rg `
    -Location $location `
    -Name $imageDefName `
    -OsState Generalized `
    -OsType Windows `
    -Publisher "prImages" `
    -Offer "WindowsServerCVM" `
    -Sku "2022-dc-azure-edition" `
    -HyperVGeneration V2 `
    -Feature $features

✔ HyperVGeneration must be V2 for Confidential VMs.

📸 Reference Screenshot

Fig 3: Image Definition page showing Security Type as Confidential VM supported

3. Create Gallery Image Version from Generalized VM

Now publish version 1.0.0 from the generalized VM OS Disk VHD to the Image Definition:

• There is no support for performing this step using Azure PowerShell, hence the Azure Portal needs to be used
• Ensure the right network and RBAC access on the storage account is in place
• Replication can be enabled on the Image Version to multiple regions for enterprises

Fig 4: Image Version Creation using VHD Storage blob option as a Source

✅ Why Azure Compute Gallery is the Right Choice

For enterprise confidential workloads, Azure Compute Gallery is strongly recommended.

🚀 Step 6 – Deploy Confidential VM from Gallery Image

🔹 Using PMK (Default)

If you do not specify a Disk Encryption Set, Azure uses Platform Managed Keys automatically.

$imageId = (Get-AzGalleryImageVersion `
    -GalleryName $galleryName `
    -GalleryImageDefinitionName $imageDefName `
    -ResourceGroupName $rg `
    -Name "1.0.0").Id

$vmConfig = New-AzVMConfig `
    -VMName "cvmwingiprsbx02" `
    -VMSize "Standard_DC2as_v5" `
    -SecurityType "ConfidentialVM"

$vmConfig = Set-AzVMOSDisk `
    -VM $vmConfig `
    -CreateOption FromImage `
    -SecurityEncryptionType "ConfidentialVM_DiskEncryptedWithPlatformKey"

$vmConfig = Set-AzVMSourceImage -VM $vmConfig -Id $imageId
$vmConfig = Set-AzVMOperatingSystem -VM $vmConfig -Windows -ComputerName "cvmwingiprsbx02" -Credential (Get-Credential)

New-AzVM -ResourceGroupName $rg -Location $location -VM $vmConfig

🔹 Using CMK (Same Image!)

If compliance requires CMK:

• Create Disk Encryption Set
• Associate with Key Vault or Managed HSM
• Attach DES during deployment

$vmConfig = Set-AzVMOSDisk `
    -VM $vmConfig `
    -CreateOption FromImage `
    -SecurityEncryptionType "ConfidentialVM_DiskEncryptedWithCustomerKey" `
    -DiskEncryptionSetId $des.Id

✔ Same image
✔ Different encryption model
✔ Encryption applied at deployment

🔎 Validation

Check Confidential Security:

Get-AzVM -Name "cvmwingiprsbx02" -ResourceGroupName $rg | Select SecurityProfile

Check disk encryption:

Get-AzDisk -ResourceGroupName $rg

Architectural Summary

• Confidential VM security is independent of disk encryption model
• Encryption choice is applied at deployment
• One image supports multiple compliance models
• Source VHD is required for Confidential VM gallery publishing
• Azure Compute Gallery enables enterprise lifecycle

🆚 PMK vs CMK Decision Matrix

🏢 Enterprise Recommendations

✔ Always use Azure Compute Gallery
✔ Use semantic versioning (1.0.0, 1.0.1)
✔ Automate using Azure Image Builder
✔ Enforce Confidential VM via Azure Policy
✔ Enable Guest Attestation
✔ Monitor with Defender for Cloud

Final Thoughts

Creating custom images for Azure Confidential VMs allows organizations to combine the security benefits of Confidential Computing with the operational efficiency of standardized deployments. By baking security baselines, monitoring agents, and required configurations directly into a golden image, every new VM starts from a consistent and trusted foundation.

A key advantage of this approach is flexibility. The custom image itself is independent of the disk encryption model, meaning the same image can be deployed using Platform Managed Keys (PMK) for simplicity or Customer Managed Keys (CMK) to meet stricter compliance requirements. This allows platform teams to maintain a single image pipeline while supporting multiple security scenarios.

By publishing images through Azure Compute Gallery, organizations can version, replicate, and manage their Confidential VM images more effectively. Combined with proper VM generalization and hardening practices, custom images become a reliable way to ensure secure, consistent, and scalable deployments of Confidential workloads in Azure.

As Confidential Computing continues to gain adoption across industries handling sensitive data, investing in a well-designed custom image pipeline will enable organizations to scale securely while maintaining consistency, compliance, and operational efficiency across their cloud environments.