Azure Confidential computing VM and OS disk encryption through HSM backed key CMK
Why Confidential Computing with HSM-Backed Keys Is Essential: In today’s cloud-first world, protecting sensitive data during processing is just as critical as securing it at rest or in transit. Azure Confidential Computing (ACC) Virtual Machines, when combined with Hardware Security Module (HSM)-backed Customer-Managed Keys (CMKs), provide a robust solution for organizations with strict security and compliance requirements. In this blog, we’ll explore a scenario and walk through a step-by-step solution to meet these advanced data protection needs. Scenario: Customer needs a highly sensitive application – May be its processing financial transactions, handling healthcare data or supporting a government workload. Customer demands not only high performance and isolation, but also complete encryption backed by Hardware Security Models (HSM) Solution: Components: Azure Confidential Computing Virtual Machine (ACC VM) Key Vault Premium (HSM Backed Key) Key Vault Key (CMK) Disk Encryption Set ACC VM with HSM CMK disk encryption Azure Confidential Computing (ACC) VMs are designed to protect data in use by performing computations in a hardware-based Trusted Execution Environment (TEE). This ensures that data remains secure even when it is being processed. Disk Encryption with HSM (Hardware Security Module) involves using HSM-backed keys stored in Azure Key Vault to encrypt the disks of your VMs. This provides an additional layer of security by ensuring that encryption keys are stored in a highly secure environment Importance of Confidential VMs Confidential VMs are crucial for organizations that handle sensitive data and require enhanced security measures. They provide the following benefits: Data Protection: Confidential VMs protect data in use, ensuring that it remains secure even during processing. Compliance: They help organizations meet regulatory and compliance requirements by providing robust security measures. Trust: By using hardware-based TEEs, Confidential VMs build trust with customers and stakeholders by ensuring that data is protected at all times Confidential VM Disk Encryption: Confidential VM OS Disk Encryption with Customer-Managed Keys (CMK) using Key Vault Premium tier backed Hardware Security Module (HSM) key provides enhanced security for virtual machines (VMs). This guide will walk you through the steps to configure confidential vm os disk Encryption with Key Vault Premium (HSM Backed Key) The following resources must be created in sequence to deploy Azure Confidential Computing (ACC) VMs with OS disk encryption using HSM-backed Customer-Managed Keys (CMKs) Key Vault with Premium Pricing Tier(HSM Backed Key) Disk Encryption Set utilizing HSM key Azure Confidential VM with Disk Encryption Set Prerequisites to create ACC VM 1. An Azure subscription. Free trial accounts don't support confidential VM. 2. To set up Confidential disk encryption with a customer-managed key, execute the command below to opt in the Confidential VM Orchestrator service principal to your tenant. Connect-Graph -Tenant "your tenant ID" Application.ReadWrite.All New-MgServicePrincipal -AppId bf7b6499-ff71-4aa2-97a4-f372087be7f0 -DisplayName "Confidential VM Orchestrator"New-MgServicePrincipal -AppId bf7b6499-ff71-4aa2-97a4-f372087be7f0 -DisplayName "Confidential VM Orchestrator" 3. Ensure that your subscription includes the following sizes, as Confidential VMs are supports these VM sizes only General Purpose without local disk: DCasv5-series, DCesv5-series General Purpose with local disk: DCadsv5-series, DCedsv5-series Memory Optimized without local disk: ECasv5-series, ECesv5-series Memory Optimized with local disk: ECadsv5-series, ECedsv5-series NVIDIA H100 Tensor Core GPU powered NCCadsH100v5-series 4. OS images for confidential VMs must meet specific security requirements to support a confidential OS disk encryption and ensure isolation from the underlying cloud infrastructure. Refer to the following link for the most up-to-date list of supported OS images for Azure Confidential Computing (ACC) VMs: OS Support Images Steps to Configure Azure Disk Encryption Set with Key Vault Supported HSM Step 1: Create a Key Vault with Premium Pricing Tier 1. Create Key Vault: Use the following command to create a Key Vault with the Premium pricing tier, which supports HSM-backed keys. az keyvault create --name <keyvaultName> --resource-group <resourceGroupName> --location <location> --sku premium --enable-rbac-authorization false 2. Enable Purge Protection: Enable purge protection to add an extra layer of security. az keyvault update --name <keyvaultName> --resource-group <resourceGroupName> --enable-purge-protection true 3. Configure Access Policy: Set the access policy to allow necessary permissions to user Manged identity. If you don’t have any user managed identity you can create one. az keyvault set-policy --name <keyvaultName> --object-id <user-managed-identity-object-id> --secret-permissions get list --key-permissions get list --certificate-permissions get list 4. Create HSM-backed Key: Create an HSM-backed CMK key in the Key Vault. az keyvault key create --vault-name <keyvaultName> --name <KeyName> --protection hsm Step 2: Create a Disk Encryption Set 1. Create Disk Encryption Set: Use the following command to create a Disk Encryption Set that will use the HSM-backed key. az disk-encryption-set create --resource-group <resourceGroupName> --name <diskEncryptionSetName> --key-url <https://<vaultEndpoint>/keys/<keyName>/<keyVersion>> --source-vault <KeyVaultName> 2. Grant Permissions: Grant necessary permissions to the Disk Encryption Set. az keyvault set-policy --name <keyvaultName> --resource-group <KeyVault Resource Group Name> --object-id $(az disk-encryption-set show --resource-group <rg of diskEncryptionSet> --name <diskEncryptionSetName> --query "identity.principalId" -o tsv) --key-permissions wrapKey unwrapKey get Best Practices Use Purge Protection: Always enable purge protection for your Key Vault to prevent accidental or malicious deletion of keys. Monitor and Audit: Continuously monitor and audit access to your Key Vault and encryption keys to detect any unauthorized access. By following these steps and best practices, you can ensure that your data is securely encrypted using Azure Disk Encryption with Key Vault's HSM-backed keys Step3: Azure Confidential Computing VM Creation and Disk Encryption with HSM Key Create the ACC VM: Use the following command to create an ACC VM and encrypt OS disk with diskEncryptionSet. az vm create --resource-group <RG of VM> --name <VM_Name> --image <Image name from supported list of os image ex. "Canonical:0001-com-ubuntu-confidential-vm-jammy:22_04-lts-cvm:latest"> --size <confidential vm supported size, ex. Standard_DC64ads_v5> --admin-username <UserName> --generate-ssh-keys --enable-vtpm true --public-ip-sku Standard --security-type ConfidentialVM --os-disk-security-encryption-type DiskWithVMGuestState --os-disk-encryption-set $(az disk-encryption-set show --resource-group <rg name diskEncryptionSet> --name <diskEncryptionSet name> --query id -o tsv) By following these steps, you can create an Azure Confidential Computing VM and encrypt its Operating System (OS disk) using the Disk Encryption Set created earlier. Common Questions for Azure Confidential virtual Machine 1. Custom Image can be used for confidential virtual machine (CVM)? Ans: Yes, custom image can use for CVM. Kindly refer => Create a custom image for Azure confidential VMs | Microsoft Learn 2. What Disk SKU and encryption can be used for OS, TEMP, and DATA Disks in CVM with CMK? Ans: For Azure Confidential VMs, the supported disk SKUs are primarily within the "DCasv5" and "ECasv5" series. Supported VM SKUs are => Azure Confidential VM options | Microsoft Learn Confidential OS disk encryption => About Azure confidential VMs | Microsoft Learn Confidential temp disk encryption => About Azure confidential VMs | Microsoft Learn 3. Is CVM Backup supported in Azure backup? Ans: Backup of ACC is not supported in Azure as of now
Announcing preview for the next generation of Azure Intel® TDX Confidential VMs
Today, we are excited to announce the preview of Azure’s next generation of Confidential Virtual Machines powered by the 5 th Gen Intel® Xeon® processors (code-named Emerald Rapids) with Intel® Trust Domain Extensions (Intel® TDX). This will help to enable organizations to bring confidential workloads to the cloud without code changes to applications. The supported SKUs include the general-purpose families DCesv6-series and the memory optimized families ECesv6-series. Confidential VMs are designed for tenants with high security and confidentiality requirements, providing a strong, attestable, hardware-enforced boundary. They ensure that your data and applications stay private and encrypted even while in use, keeping your sensitive code and other data encrypted in memory during processing. Improvements Azure’s next generation of confidential VMs will bring improvements and new features compared to our previous generation. These VMs are our first offering to utilize our open-source paravisor, OpenHCL. This innovation allows us to enhance transparency with our customers, reinforcing our commitment to the "trust but verify" model. Additionally, our new confidential VMs support Azure Boost, enabling up to 205k IOPS and 4 GB/s throughput of remote storage along with 54 GBps VM network bandwidth. We are expanding the capabilities of our Intel® TDX powered confidential VMs by incorporating features from our general purpose and other confidential VMs. These enhancements include Guest Attestation support, and support of Intel® Tiber™ Trust Authority for enterprises seeking operator independent attestation. Offerings The DCesv6-series VMs are designed to offer a balance of memory to vCPU ratio, with up to 128 vCPUs, and up to 512 GiB of memory. The ECesv6-series VMs are designed to offer an even higher memory to vCPU ratio, with up to 64 vCPUs, and 512 GiB of memory. Availability The DCesv6-series and ECesv6-series preview is available now in the East US, West US, West US 3 and West Europe regions. Supported OS images include Windows Server 2025, Windows Server 2022, Ubuntu 22.04, and Ubuntu 24.04. Please sign up at aka.ms/acc/v6preview and we will reach out to you.
Confidential Temp Disk Encryption for Confidential VMs in Public Preview
We are announcing the public preview of confidential temp disk encryption for confidential VMs. Until recently, confidential encryption has only been available for OS disks. It binds the disk encryption keys to the virtual machine’s TPM (Trusted Platform Module) and makes the disk content accessible only to the VM. With this release, we are extending this protection by enabling encryption of the temp disk, using in-VM symmetric key encryption technology, after the disk is attached to the confidential VM (CVM).Preview of Azure Confidential Clean Rooms for secure multiparty data collaboration
Today, we are excited to announce the preview of Azure Confidential Clean Rooms, a cutting-edge solution designed for organizations that require secure multi-party data collaboration. With Confidential Clean Rooms, you can share privacy sensitive data such as personally identifiable information (PII), protected health information (PHI) and cryptographic secrets confidently, thanks to robust trust guarantees that help ensure that your data remains protected throughout its lifecycle from other collaborators and from Azure operators. This secure data sharing is powered by confidential computing, which helps protect data in-use by performing computations in hardware-based, attested Trusted Execution Environments (TEEs). These TEEs help prevent unauthorized access or modification of application code and data during use. Organizations across industries need to perform multi-party data collaboration with business partners, outside organizations, and even within company silos to improve business outcomes and bolster innovation. Confidential Clean Rooms help derive true value from such collaborations by enabling granular and private data to be shared while providing safeguards on data exfiltration hence protecting the intellectual property of the organization and the privacy of its customers and addressing concerns around regulatory compliance. Whether you’re a data scientist looking to securely fine-tune your ML model with sensitive data from other organizations, or a data analyst wanting to perform secure analytics on joint data with your partner organizations, Confidential Clean Rooms will help you achieve the desired results. You can sign up for the preview here Key Features Secure Collaboration and Governance: Allows collaborators to create tamper-resistant contracts that contain the constraints which will be enforced by the clean room. Governance verifies validity of those constraints before allowing data to be released into clean rooms and helps generate tamper-resistant audit trails. This is made possible with the help of an implementation of the Confidential Consortium Framework CCF). Enhanced Data Privacy: Provides a sandboxed execution environment which allows only authorized workloads to execute and prevents any unauthorized network or IO operations from within the clean room. This helps keep your data secure throughout the workload execution. This is possible with the help of deploying clean rooms in confidential containers on Azure Container Instances (ACI) which provides container group level integrity with runtime enforcement of the same. Verifiable trust at each step with the help of cryptographic remote attestation forms the cornerstone of Confidential Clean Rooms. Salient Use Cases Azure Confidential Clean Rooms caters to use cases spanning multiple industries. Healthcare: For fine-tuning and inferencing with predictive healthcare machine-learning (ML) models and for joint data analysis for advancing pharmaceutical research. This can help protect the privacy of patients and intellectual property of organizations while demonstrating regulatory compliance. Finance: For financial fraud detection through analysis of combined data across banks and other financial institutions and for providing personalized offers to customers through secure analysis of transaction data and purchase data in retail outlets Media and Advertising: For improving marketing campaign effectiveness by combining data across advertisers, ad-techs, publishers and measurement firms for audience targeting and attribution and measurement Retail: For enhanced personalized marketing and improved inventory and supply chain management Government and Public Sector Organizations: For analysis of high security data across multiple government and public sector organizations to streamline benefits for citizens Customer Testimonials We are already partnering with several organizations to accelerate their secure multi-party collaboration journey with confidential clean rooms. Confidential computing in healthcare allows secure data processing within isolated environments, called 'clean rooms', protecting sensitive patient data during AI model development, validation and deployment. Apollo Hospitals uses Azure Confidential Clean Rooms to enhance data privacy, encrypt data, and securely train AI models. The benefits include secure collaboration, anonymized patient privacy, intellectual property protection, and enhanced cybersecurity. Apollo’s pilot with Confidential Clean Rooms showed promising results, and future efforts aim to scale secure AI solutions, ensuring patient safety, privacy, and compliance as the healthcare industry advances technologically. - Dr. Sujoy Kar, Chief Medical Information Officer and Vice President, Apollo Hospitals Azure Confidential Clean Rooms is a game changer to make collaborations on sensitive data both seamless and secure. When combined with Sarus, any data processing job is automatically analyzed using the most advanced privacy technology. Once validated, they are processed securely in Confidential Clean Rooms protecting both the privacy of data and the confidentiality of the analysis itself. This eliminates administrative overheads and makes it very easy to build advanced data processing pipelines. With our partner EY, we're already leveraging it to help international banks improve AML practices without compromising privacy. - Maxime Agostini, CEO & Cofounder of Sarus Read here to learn more about how Sarus is using Confidential Clean Rooms. As co-leaders on this Data Consortium Pilot, we are thrilled to be working with industry partners, Sarus and Microsoft, to drive this initiative forward. By combining Sarus’ privacy preserving technologies and Microsoft’s Azure Confidential Clean Rooms, not only does this project push the edge of technology innovation, but it strives to address a pivotal issue that affects us as Canadians. Through this work, we aim to help financial services organizations and regulators navigate the complexities of private and personal data sharing, without compromising the integrity of the data, and adhering to all relevant privacy regulations. For the purposes of this pilot, we are focusing our efforts on how this technology can play a pivotal role in helping better detect cases of human trafficking, however, we recognize that it can be used to help organizations for multiple other use cases, and cross industries, including health care and government & public sector. - Jessica Hansen, Privacy Partner EY Canada, and Dana Ohab, AI & Data Partner EY Canada Retrieval-Augmented Generation (RAG) applications accessing Large Language Models (LLMs) are common in private AI workflows, but managing secure access to sensitive data can be complex. SafeLiShare’s integration of its LLM Secure Data Proxy (SDP) with Azure Confidential Clean Rooms (ACCR) simplifies access control and token management. The joint solution helps ensure runtime security through advanced Public Key Infrastructure (PKI) and centralized policy management in Trusted Execution Environments (TEEs), enforcing strict access policies and admission controls to guarantee authorized access to sensitive data. This integration establishes trust bindings between the Identity Provider (IDP), applications, and data, safeguarding each layer without compromise. It also enables secure creation, sharing, and management of applications and data assets, ensuring compliance in high-performance AI environments. - Cynthia Hsieh, VP of Marketing, SafeLiShare Read here to learn more about how SafeLiShare is using Confidential Clean Rooms. Learn More Signup for the preview of Azure Confidential Clean Rooms Confidential Consortium Framework (CCF) Confidential containers on Azure Container Instances (ACI)Preview: New DCasv6 and ECasv6 confidential VMs based on 4th Generation AMD EPYC™ processors
You can get started deploying your software on these confidential VMs by signing up here. Additional security enhancements With the launch of the DCasv6 and ECasv6 confidential VM family – we support AES-256 memory encryption enabled by default. Additionally, we now offer our customers the capability to leverage key protection with Virtualization-based Security (VBS) in Windows. By enabling key protection in Windows CVMs, customers can protect keys in-use from Guest OS and applications. This key protection is enforced by CPU hardware. Faster performance for confidential workloads These new CVMs have demonstrated up to 25% improvement in various benchmarks compared to our previous generation of AMD-based confidential VMs. KT is leveraging Azure confidential computing to secure sensitive and regulated data from its telco business in the cloud. With new V6 CVM offerings in Korea Central Region, KT extends its use to help Korean customers with enhanced security requirements, including regulated industries, benefit from the highest data protection as well as the fastest performance by the latest AMD SEV-SNP technology through its Secure Public Cloud built with Azure confidential computing. - Woojin Jung, EVP, KT Corporation Worldwide Region Availability These CVMs will be gradually made available across all supported Azure regions and availability zones. Please use the sign-up form to indicate interest in participating in the gated preview and regional requirements. General purpose & Memory-intensive workloads Featuring general purpose optimized memory-to-vCPU ratios and support up to 96 vCPUs and 384 GiB RAM, the DCasv6-series delivers enterprise-grade performance. The DCasv6-series enables organizations to run sensitive workloads with hardware-based security guarantees, making them ideal for applications processing regulated or confidential data. For more memory demanding workloads, the new ECasv6-series offer high memory-to-vCPU ratios with increased scalability up to 96 vCPUs and 672 GiB of RAM. The ECasv6-series is ideal for memory-intensive enterprise applications offering nearly double the memory capacity of DCasv6. The ECasv6-series scales 672 GiB RAM with up to 96 vCPUs, making them ideal for memory intensive applications that exceed even the capabilities of the DCasv6 series. DCasv6 DCadsv6 ECasv6 ECadsv6 vCPU 2 - 96 2 - 96 2 - 96 2 - 96 Memory 8 - 384 8 - 384 16 - 672 16 - 672 Max local disk NA 75-600GiB NA 75-600GiB OS Support These CVMs support the following guest operating systems: Windows Server 2019, 2022, 2025, Windows 11, Ubuntu 22.04, Ubuntu 24.04, and RHEL 9.4. Endorsements from our customers The BMW Group relies on Azure confidential VMs powered by AMD EPYC processors to enable a Zero Trust environment with end-to-end encryption for our identity authentication system, allowing over 200,000 associates to collaborate on building the future of individual mobility. The solution was made possible in part due to the fact that AMD EPYC processor based confidential VMs do not require code changes to protect data in memory. Further, our testing of the newest generation of DCasv6 VMs has shown significant improvements in performance, and we look forward to seeing them go live on Azure. - BMW Group Having early access to Microsoft’s latest confidential VMs is a game-changer, offering enhanced security and performance. Our customers are pleased that they won’t have to adapt existing algorithms to take advantage of computing within the optimal CVM environment available in their computing region and selected within the EscrowAI platform. - Mary Beth Chalk, Co-founder & Chief Commercial Officer, BeeKeeperAI Anjuna is thrilled to be among the first to access Microsoft’s latest confidential VMs, powered by the newest version of the AMD SEV-SNP technology. Our ongoing partnership with Microsoft Azure provides us with early access to explore advanced security and performance features. This collaboration empowers joint Azure and Anjuna customers to leverage the newest Azure technologies from day one, enhanced by the capabilities of the Anjuna Seaglass platform. - Ofir Azoulay-Rozanes, Director of Product Management, Anjuna Security Sign up now for exclusive access Joining our exclusive preview program gives you an opportunity to work with the product team. To get started deploying your software on the latest confidential VMs sign up here.Enhance your privacy posture without code changes with Azure confidential computing
Join us on Microsoft Mechanics where we discuss confidential virtual machines and containers solutions available today in Azure. These capabilities enable organizations of all sizes to achieve confidentiality with no code changes.
Announcing general availability of guest attestation for confidential VMs
We are announcing general availability of guest attestation for confidential virtual machines. Use this feature ensure your confidential VMs are running in a trusted execution environment (TEE) and prevent execution of their sensitive workloads if they are not.
