Windows Server Summit 2024
Mar 26 2024 08:00 AM - Mar 28 2024 04:30 PM (PDT)
Microsoft Tech Community

Shielded VM's


Does it support other HSM (eg. Thales) for shielded VM's or is Bitlocker our only option?

2 Replies
From the Tech Ed only bitlocker
Shielded VM supports HSM connected to the Host Guardian Service. The Shielded VM itself is encrypted using BitLocker with a key that reside inside a virtual TPM. The virtual TPM is then encrypted with a key that can only be unlocked by the Host Guardian Service key The Host Guardian Service key in turn can reside in an HSM so you have a chain of keys that is rooted in the HSM