Announcing: Microsoft transforms Licensing with Cloud Security and Confidential Computing
Microsoft is proud to announce the successful migration of its Windows Licensing Service to Azure, leveraging cutting-edge Confidential Computing and Managed Hardware Security Modules (mHSM) technology. This marks a significant breakthrough in the cloud adoption journey for workloads operating in highly secure environments, reshaping the way Microsoft’s licensing services operate securely at scale. But what did it really take to move one of Microsoft’s most security-critical services to the cloud? Read on to uncover how the team enabled the largest cryptographic workload ever run in Azure—built on high-assurance infrastructure designed for secure, high-throughput operations. Migrating highly secure workloads is made possible with the help of Confidential computing and Managed HSM empowering organizations handling highly secure, high-throughput, and confidential workloads to operate with greater confidence, flexibility, and value. Advancing Security and Throughput The Microsoft Windows Key Management Licensing Service (MKMS) is built around the protection and management of high-value cryptographic keys, which are central to its security model. This service processes billions of licensing requests and related cryptographic operations each day, using these keys to ensure that only authorized individuals have access to their Windows operating systems, desktop applications, and games. Through its focus on secure key management, MKMS supports the authenticity of software licenses and the protection of sensitive data, making secure Windows licensing possible on a global scale. With the integration of Confidential Virtual Machines (CVM) and Managed Hardware Security Modules, the service now meets modern high-security requirements by extending this rigorous protection into the cloud environment. This evolution not only reinforces Microsoft's dedication to safeguarding sensitive cryptographic operations but also ensures that customers can trust the reliability and security of their licensing experience. Building Trust by Moving to Azure Transitioning from multiple highly secure on-prem datacenters to strategically selected Azure regions has enabled greater reliability, stronger security, and a seamless customer experience for the service. This migration not only aligns with Microsoft’s Secure Future Initiative and delivers CAPEX savings by eliminating the need for hardware refreshes but also unlocks the benefits of cloud-native solutions powered by Confidential Computing and Azure Key Vault Managed HSM. Migrating MKMS licensing service from on-premises infrastructure to Azure has delivered significant operational benefits. Azure’s elastic cloud resources allow us to scale efficiently, adapting to changing workload demands and supporting future growth while optimizing costs by paying only for the resources we use. Distributing services across multiple geographic regions in Azure has substantially improved our service availability, minimizing downtime and maintaining consistent delivery even during unexpected events. This geographic redundancy ensures our customers experience fewer disruptions. By utilizing Azure’s performance-driven infrastructure, we have reduced upfront hardware investments and ongoing maintenance costs, while still meeting the high throughput, speed, and reliability necessary for large-scale cryptographic operations—achieving results on par with or better than our previous on-premises environment. Enabling Security with Azure Confidential Computing At the heart of this transformation lies Azure Confidential Computing based on 4th generation AMD EPYC™ CPUs with SEV-SNP, which safeguards sensitive data during processing through hardware-based Trusted Execution Environments (TEEs). This technology prevents unauthorized access, including by cloud administrators and datacenter operators, ensuring robust confidentiality for cryptographic operations that are central to the authenticity of software licenses. Azure encrypts data at rest and in transit, while confidential computing further secures data in use. This added layer of protection addressed essential security requirements for migrating secure workloads to Azure, supporting the safety and integrity of customer data. The migration also incorporated Azure Managed HSM to provide enhanced security and tighter control over cryptographic keys. Complemented by Confidential Virtual Machines and securely attested OS images, the service now operates in a trusted and isolated environment, delivering a resilient and scalable cryptographic foundation —crucial for managing high value cryptographic keys required for Windows licensing. Setting a Benchmark for High-Scale Cryptographic Services Microsoft’s Key Management Licensing Service, leveraging Azure Confidential Computing and the specially engineered high-throughput Managed HSM capabilities, delivers advanced performance for securely hosting confidential, high-scale workloads in the cloud. These enhanced MHSM features were designed and built to meet the immense demand of this service, enabling it to support the highest throughput cryptographic workload ever run on Azure to date. MKMS is deployed on Azure using a purpose-built, internally attested secure image to ensure a trusted baseline. The deployment leverages Azure confidential VMs, and managed hardware security modules to protect data: all data at rest and in transit is encrypted, with encryption keys secured by FIPS-validated HSMs. In addition, CVM guarantees our service that all data in-use is encrypted and secure as an additional layer of security. Comprehensive logging and monitoring are enabled across the stack: control-plane operations, host OS events, and network traffic are all recorded and analyzed for auditing and threat detection. This defense-in-depth design layers protection from the hardware and hypervisor up through network firewalls and application-level safeguards, ensuring comprehensive resilience against both volumetric and application-targeted attacks. Summary In summary, migration of Windows Licensing to Azure signifies Microsoft’s commitment to driving innovation and security in the cloud. By leveraging Confidential Computing and Managed HSMs, Microsoft is delivering value to billions of users worldwide while reinforcing the trust placed in its services. This achievement highlights the potential of cloud-native technologies to transform traditional mission-critical systems, offering a glimpse into the future of secure and scalable computing.Announcing preview for the next generation of Azure Intel® TDX Confidential VMs
Today, we are excited to announce the preview of Azure’s next generation of Confidential Virtual Machines powered by the 5 th Gen Intel® Xeon® processors (code-named Emerald Rapids) with Intel® Trust Domain Extensions (Intel® TDX). This will help to enable organizations to bring confidential workloads to the cloud without code changes to applications. The supported SKUs include the general-purpose families DCesv6-series and the memory optimized families ECesv6-series. Confidential VMs are designed for tenants with high security and confidentiality requirements, providing a strong, attestable, hardware-enforced boundary. They ensure that your data and applications stay private and encrypted even while in use, keeping your sensitive code and other data encrypted in memory during processing. Improvements Azure’s next generation of confidential VMs will bring improvements and new features compared to our previous generation. These VMs are our first offering to utilize our open-source paravisor, OpenHCL. This innovation allows us to enhance transparency with our customers, reinforcing our commitment to the "trust but verify" model. Additionally, our new confidential VMs support Azure Boost, enabling up to 205k IOPS and 4 GB/s throughput of remote storage along with 40 GBps VM network bandwidth. We are expanding the capabilities of our Intel® TDX powered confidential VMs by incorporating features from our general purpose and other confidential VMs. These enhancements include Guest Attestation support, and support of Intel® Tiber™ Trust Authority for enterprises seeking operator independent attestation. Offerings The DCesv6-series VMs are designed to offer a balance of memory to vCPU ratio, with up to 128 vCPUs, and up to 512 GiB of memory. The ECesv6-series VMs are designed to offer an even higher memory to vCPU ratio, with up to 64 vCPUs, and 512 GiB of memory. Availability The DCesv6-series and ECesv6-series preview is available now in the East US, West US, West US 3 and West Europe regions. Supported OS images include Windows Server 2025, Windows Server 2022, Ubuntu 22.04, and Ubuntu 24.04. Please sign up at aka.ms/acc/v6preview and we will reach out to you.Azure Intel® TDX confidential VMs momentum
Azure’s next generation of Confidential Virtual Machines powered by 5th Gen Intel® Xeon® processors (code-named Emerald Rapids) with Intel® Trust Domain Extensions (Intel® TDX) is out in preview now. This will help to enable organizations to bring confidential workloads to the cloud without code changes to applications. These instances also enable Intel® Advanced Matrix Extensions (Intel® AMX) to accelerate confidential AI scenarios. Supported SKUs include the general-purpose DCesv6-series, as well as the memory-optimized ECesv6-series. Confidential VMs are designed for tenants with high security and confidentiality requirements, providing a strong, attestable, hardware-enforced boundary. They ensure that your data and applications stay private and encrypted even while in use, keeping your sensitive code and other data encrypted in memory during processing. Improvements for next milestone As a first for Azure’s Confidential VM offerings, we are soon adding support for local NVMe SSDs for our DCedsv6-series and ECedsv6-series. These sizes are suited for storage workloads that need a balance of SSD capacity, compute, and memory. With NVMe we can achieve nearly 5× more throughput while reducing latency by about 16% compared to the previous SCSI generation. Overall, we see lower IO latency by ~27 microseconds across block size and thread count. Additionally, these TDX confidential VMs are Azure’s first offering to utilize our open-source paravisor, OpenHCL. This innovation allows us to enhance transparency with our customers, reinforcing our commitment to the "trust but verify" model. These VMs also support Azure Boost, enabling up to 205k IOPS and 4 GB/s throughput of remote storage along with 40 Gbps VM network bandwidth. Customers are excited to use TDX based Confidential VMs “At Bosch Trustworthy Collaboration Services, we’ve enrolled our collaboration platform on Azure’s latest Confidential VMs powered by Intel’s 5th Generation Xeon processors with TDX support. That means better transparency, stronger performance, and more robust verification: the foundation we need for cross-company teamwork. These improvements reinforce our capability to deliver best-in-class secure collaboration capabilities to our customers with our Trusted Collaboration Spaces.” - Dr. Sven Trieflinger, CTO Bosch Trustworthy Collaboration Services “Ensuring data security across its entire lifecycle has always been a key priority for me. Until recently, encryption for data-in-use was the missing link, preventing true end-to-end protection managed by the customer. Through collaboration with Microsoft and Intel, we have established a comprehensive ecosystem, called End-to-End Data Encryption. This ecosystem seamlessly unites data protection at rest, in transit, and now in use, thanks to the integration of Intel TDX technology. The root of trust remains Thales CipherTrust Data Security Platform, enabling us to manage and safeguard our data with confidence. Of course, leveraging that technology for our own use significantly strengthens our cyber defenses. I would like to thank Microsoft for bringing this innovation to fruition.” - Didier Espinet, Chief Information Security Officer for Thales Cyber & Digital Identity "In the public sector and other regulated industries, trust and fairness are paramount. By integrating Microsoft Azure confidential virtual machines with Intel® TDX and AMX technologies, Nuuday delivers a secure and compliant Confidential AI environment that upholds strict data sovereignty and privacy standards. These capabilities ensure sensitive information can be processed with verifiable confidentiality and integrity – while unlocking new opportunities for digital innovation." - John Henriksen, CEO, TDC Erhverv. “Arqit is delighted to partner with Microsoft and Intel on the launch of Azure’s latest Intel TDX-enabled Confidential VMs. Together we have demonstrated a combination of security-enhancing technologies to deliver provable protection of sensitive AI workloads processed across multi-region public cloud. This partnership underlines our shared commitment to giving customers full sovereign control over their data even outside of their own networks, in turn accelerating AI adoption and digital transformation.” - Jonathan Pope, VP Sales & Partnerships Offerings The DCesv6-series and DCedsv6-series VMs are designed to offer a balance of memory to vCPU ratio, with up to 128 vCPUs, and up to 512 GiB of memory. The ECesv6-series and ECedsv6-series VMs are designed to offer an even higher memory to vCPU ratio, with up to 64 vCPUs, and 512 GiB of memory. Availability We expect the DCesv6, DCedsv6, ECesv6 and ECedsv6 VMs with Intel® TDX to be generally available in the first quarter of 2026 in select US regions and Europe regions. In the meantime, please sign up for our DCesv6 and ECesv6 VM preview at aka.ms/acc/v6preview and we will contact you with further instructions.GA: DCasv6 and ECasv6 confidential VMs based on 4th Generation AMD EPYC™ processors
Today, Azure has expanded its confidential computing offerings with the general availability of the DCasv6 and ECasv6 confidential VM series in regions Korea Central, South Africa North, Switzerland North, UAE North, UK South, West Central US. These VMs are powered by 4th generation AMD EPYC™ processors and feature advanced Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) technology. These confidential VMs offer: Hardware-rooted attestation Memory encryption in multi-tenant environments Enhanced data confidentiality Protection against cloud operators, administrators, and insider threats You can get started today by creating confidential VMs in the Azure portal as explained here. Highlights: 4th generation AMD EPYC processors with SEV-SNP 25% performance improvement over previous generation Ability to rotate keys online AES-256 memory encryption enabled by default Up to 96 vCPUs and 672 GiB RAM for demanding workloads Streamlined Security Organizations in certain regulated industries and sovereign customers migrating to Microsoft Azure need strict security and compliance across all layers of the stack. With Azure Confidential VMs, organizations can ensure the integrity of the boot sequence and the OS kernel while helping administrators safeguard sensitive data against advanced and persistent threats. The DCasv6 and ECasv6 family of confidential VMs support online key rotation to give organizations the ability to dynamically adapt their defenses to rapidly evolving threats. Additionally, these new VMs include AES-256 memory encryption as a default feature. Customers have the option to use Virtualization-Based Security (VBS) in Windows, which is currently in preview to protect private keys from exfiltration via the Guest OS or applications. With VBS enabled, keys are isolated within a secure process, allowing key operations to be carried out without exposing them outside this environment. Faster Performance In addition to the newly announced security upgrades, the new DCasv6 and ECasv6 family of confidential VMs have demonstrated up to 25% improvement in various benchmarks compared to our previous generation of confidential VMs powered by AMD. Organizations that need to run complex workflows like combining multiple private data sets to perform joint analysis, medical research or Confidential AI services can use these new VMs to accelerate their sensitive workload faster than ever before. "While we began our journey with v5 confidential VMs, now we’re seeing noticeable performance improvements with the new v6 confidential VMs based on 4th Gen AMD EPYC “Genoa” processors. These latest confidential VMs are being rolled out across many Azure regions worldwide, including the UAE. So as v6 becomes available in more regions, we can deploy AMD based confidential computing wherever we need, with the same consistency and higher performance." — Mohammed Retmi, Vice President - Sovereign Public Cloud, at Core42, a G42 company. "KT is leveraging Azure confidential computing to secure sensitive and regulated data from its telco business in the cloud. With new V6 CVM offerings in Korea Central Region, KT extends its use to help Korean customers with enhanced security requirements, including regulated industries, benefit from the highest data protection as well as the fastest performance by the latest AMD SEV-SNP technology through its Secure Public Cloud built with Azure confidential computing." — Woojin Jung, EVP, KT Corporation Kubernetes support Deploy resilient, globally available applications on confidential VMs with our managed Kubernetes experience - Azure Kubernetes Service (AKS). AKS now supports the new DCasv6 and ECasv6 family of confidential VMs, enabling organizations to easily deploy, scale and manage confidential Kubernetes clusters on Azure, streamlining developer workflows and reducing manual tasks with integrated continuous integration and continuous delivery (CI/CD) pipelines. AKS brings integrated monitoring and logging to confidential VM node pools with in-depth performance and health insights, the clusters and containerized applications. Azure Linux 3.0 and Ubuntu 24.04 support are now in preview. AKS integration in this generation of confidential VMs also brings support for Azure Linux 3.0, that contains the most essential packages to be resource efficient and contains a secure, hardened Linux kernel specifically tuned for Azure cloud deployments. Ubuntu 24.04 clusters are also supported in addition to Azure Linux 3.0. Organizations wanting to ease the orchestration issues associated with deploying, scaling and managing hundreds of confidential VM node pools can now choose from either of these two for their node pools. General purpose & Memory-intensive workloads Featuring general purpose optimized memory-to-vCPU ratios and support for up to 96 vCPUs and 384 GiB RAM, the DCasv6-series delivers enterprise-grade performance. The DCasv6-series enables organizations to run sensitive workloads with hardware-based security guarantees, making them ideal for applications processing regulated or confidential data. For more memory demanding workloads that exceed even the capabilities of the DCasv6 series, the new ECasv6-series offer high memory-to-vCPU ratios with increased scalability up to 96 vCPUs and 672 GiB of RAM, nearly doubling the memory capacity of DCasv6. You can get started today by creating confidential VMs in the Azure portal as explained here. Additional Resources: Quickstart: Create confidential VM with Azure portal Quickstart: Create confidential VM with ARM template Azure confidential virtual machines FAQGenerational Performance Leap for Azure Confidential Computing
At Microsoft, protecting customer data is a foundational commitment. Organizations moving their most sensitive workloads to the cloud require assurances beyond just encryption of data-at-rest and data-in-transit. They need robust protection while the data is in use, and they need it without sacrificing the performance of their business-critical applications. Confidential Computing emerged as a technology to address this need for data-in-use protection. For years, a key consideration for adopting confidential computing has been the perceived trade-off between stronger security and application performance. To provide our customers with transparent, third-party validation, Microsoft and AMD commissioned a technical analysis from Prowess Consulting, an independent research firm specializing in hands-on performance validation for the enterprise IT industry. Their report provides an assessment of our latest generation confidential VMs. Azure confidential VMs, powered by the latest 4th generation AMD EPYC™ processors, deliver both next-generation performance and hardware-enforced security, fundamentally shifting the conversation from a security trade-off to a performance dividend. Enterprises are required to handle sensitive information or personal data like transactions, analytics or intellectual property (IP) while operating under strict compliance regimes like GDPR or HIPAA can now seamlessly transition to the cloud, running their high performance, mission-critical applications on Azure’s latest confidential VMs. A Generational Leap in Performance While uncertainty surrounding the performance overhead of enabling confidential computing features and performance gaps, confidential computing has broadened its appeal as processors leap forward in both performance and capabilities with each successive generation. The motivation of the study was to identify a clear performance uplift by comparing the latest Azure DCasv6 confidential VMs, powered by 4th generation AMD EPYC™ processors, against the previous generation. The data confirms that upgrading delivers a significant and measurable performance uplift across the stack. A 77% gain in memory bandwidth, driven by architectural enhancements including the adoption of DDR5 memory, directly benefiting data-intensive applications. A 34% increase in Redis throughput, demonstrating substantial real-world gains for in-memory databases and caching workloads where latency is critical. A 30% rise in CPU throughput, confirming faster execution for compute-bound workloads on the latest generation of Azure confidential VMs. Quantifying the Overhead of SEV-SNP Beyond generational gains, the Prowess report sought to answer the critical question: What is the real performance overhead of enabling AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP)? This hardware-level security feature isolates VMs by encrypting memory in use, protecting it even from the host hypervisor. The study compared confidential VMs (DCasv6) against general-purpose counterparts (Dasv6) running on identical 4th Gen AMD EPYC processors. The overhead introduced by these advanced protections was found to be minimal and predictable. An 8% overhead for CPU-intensive and Redis workloads. A mere 2% overhead for memory-intensive workloads. These results affirm that a robust security posture with a minimum impact on performance or latency, making it a practical choice for a broad spectrum of production workloads. From Technical Validation to Business Value For IT leaders and developers, these findings mean you no longer need to architect around performance limitations to achieve stronger security. The implications are clear: Confidentiality is a mainstream capability. With such minimal overhead, confidential computing is no longer a niche solution for only the most sensitive data, but a viable option for securing a diverse array of enterprise applications. Modernize with confidence. Organizations can now confidently migrate and modernize applications on Azure confidential VMs, gaining both hardware-enforced data protection and a significant performance boost. Unlock new possibilities. This validated performance enables the processing of sensitive data from financial analytics to healthcare insights in the cloud, scenarios that were previously constrained by security and performance concerns. This report validates our commitment to delivering a confidential cloud without compromise. Next Steps We encourage you to review the detailed report and explore how Azure confidential computing can fit into your security strategy. Read the full Prowess Consulting Technical Report for a deep dive into the methodology and results. Visit the confidential computing homepage to learn more about our comprehensive portfolio. Explore the DCasv6 and ECasv6-series VMs today.
Announcing general availability of guest attestation for confidential VMs
We are announcing general availability of guest attestation for confidential virtual machines. Use this feature ensure your confidential VMs are running in a trusted execution environment (TEE) and prevent execution of their sensitive workloads if they are not.Confidential VM node pool with AMD SEV-SNP protection available on AKS in public preview
AKS node pools now support the generally available confidential VM sizes (DCav5/ECav5). Confidential VMs with AMD SEV-SNP support bring a new set of security features to protect date-in-use with full VM memory encryption. This enables confidential VM node pools to target the migration of highly sensitive container workloads to AKS without any code refactoring while benefiting from the full AKS feature support.
Securing Confidential VM Backups with Azure Recovery Services Vault and Private Endpoints
When working with Confidential VMs (CVMs) in Azure, ensuring secure backups is just as important as protecting workloads in use. Confidential VMs use hardware-based Trusted Execution Environments (TEEs) such as AMD SEV-SNP or Intel TDX to keep your data safe. But how do you securely back up this data without exposing it to the public internet? The answer lies in combining Azure Recovery Services Vault (RSV) with Private Endpoints. In this blog, we’ll walk through why this setup matters, how to configure it, and what challenges you should watch out for. Note: This blog specifically deals with CVMs encrypted with Confidential OS Encryption on the OS Disk. As of now, Azure Backup for CVMs is in Private Preview, so make sure to engage with your Microsoft Account Team or Product Team for access. Why Use Private Endpoints for RSV? By default, the Recovery Services vault communicates over public endpoints. With private endpoints, all traffic between your Confidential VM and RSV flows over the secure Microsoft backbone instead of the public internet. This adds an extra layer of isolation and protection — a perfect match for sensitive workloads. What You’ll Need (Prerequisites) Before jumping in, make sure you have: An Azure Subscription and appropriate permissions (Owner/Contributor for RSV, DNS Zone Contributor for DNS). A Confidential VM on supported SKUs. A Recovery Services Vault in the same or a peered region. A Virtual Network and Subnet: Use a dedicated subnet for private endpoints. A private endpoint connection for Backup uses 11 private IPs (including Azure Backup storage). This may be higher in certain regions. Recommended subnet size: /25 to /27 to ensure sufficient private IP availability. Private DNS Zones: privatelink.backup.windowsazure.com (for the vault itself) privatelink.blob.core.windows.net (staging and recovery data) privatelink.queue.core.windows.net (backup operations queue) privatelink.table.core.windows.net (metadata storage) Azure Backup for CVMs supports only the 3-blob layout, which is now generally available. As a result, all new deployments on versions v5 and v6 SKUs will have 3-blob configuration by default instead of the previous 2-blob setup. Older deployments that did not enable the Preview Feature may need to be redeployed to align with this change. Azure Backup Private Preview Feature enabled on the subscription-level in collaboration with the Azure Product Team. Up-to-date Backup Extension on the VM. Step-by-Step: Configuring Backup with Private Endpoints Request Product Team Enablement: Work with Microsoft support/product team to enable the Azure Backup Private Preview Feature for your subscription. Create the Recovery Services Vault in the desired region. Add a Private Endpoint: Go to RSV → Networking → Private Endpoint connections. Select your VNet and subnet (ensure enough private IPs: /25 to /27 recommended). Link to the required private DNS zones. Enable Backup on the Confidential VM: Open the VM → Backup. Select the RSV. Choose or create an Enhanced policy (required for CVMs). Trigger the initial backup. Key Considerations for Confidential VM Backup Enhanced Policies Only: CVM backup supports only Enhanced policies. Backup support for CVM with confidential OS disk encryption using CMK is only available with Enhanced policies. Zone-Redundant Recovery Services Vault (ZRS): Consider deploying RSV as ZRS if you want to restore CVMs across zones. Restores from other zones are possible only via vault; snapshot restores are not supported across zones. CVM Backup with CMK Support: Currently available only under Private Preview on an enrollment basis. Key Vault and Managed HSM Permissions: When configuring via Azure Portal, access to Key Vault/Managed HSM is granted automatically. When using PowerShell, CLI, or REST API, access issues occur because Azure Backup requires explicit permissions. Fix: Assign Permissions to Azure Backup: For Key Vault: Grant Get, List, Backup key permissions (no secret permissions needed). For Managed HSM: Go to Managed HSM → Local RBAC → Add Role Assignment. Assign one of the following: Built-in Role: Managed HSM Crypto User Custom Role: Ensure dataActions include: Microsoft.KeyVault/managedHsm/keys/read/action Microsoft.KeyVault/managedHsm/keys/backup/action Set scope to the specific key (or All Keys). Assign role to Backup Management Service. Once permissions are configured, proceed with CVM backup setup as usual. Restore Options and Limitations When restoring a Confidential VM, Azure Backup provides several restore paths — each with certain caveats due to the confidential computing model: Restore to Original Location You can restore the CVM directly to the same subscription, resource group, and network configuration. Ideal for operational recovery after accidental deletion or corruption. Restore to Alternate Location You can restore the backup to a different resource group, virtual network, or availability zone. Limitations: Only supported when RSV is deployed as Zone-Redundant (ZRS). Snapshot restore is not supported when restoring to other zones. Disk-Level Restore Allows restoring specific managed disks (OS or data disks) from the backup vault. Restored disks can be used to recreate CVMs manually. Limitations: Replacement of OS Disk on the existing VM is not supported. Point-in-Time Restore (Enhanced Policy Only) Available for Enhanced Backup Policies with configurable retention settings. Restore Limitations Encryption Constraints: Restores for CVMs with CMK require the same Key Vault access and permissions to be valid at restore time. Private DNS Dependency: Incorrect or missing DNS resolution for blob or backup endpoints can cause restore failures. Feature Availability: All restore capabilities mentioned above are still evolving under the Azure Backup Private Preview program. Security Benefits Network Isolation: All communication between CVMs, the Recovery Services Vault, and backup storage occurs over private IPs using private endpoints — no exposure to the public internet. End-to-End Encryption: Backup data is encrypted both at rest and in transit. Use Customer-Managed Keys (CMK) in Azure Key Vault or Managed HSM for greater control over encryption. Role-Based Access Control (RBAC): Fine-grained access management ensures only authorized users and services can trigger or restore backups. Managed Identities for Authentication: Reduces key management complexity and enhances security posture. Known Issues and Limitations DNS Misconfiguration: Missing or misconfigured private DNS zones for backup, blob, queue, or table endpoints often lead to failed backups or restores. Limited Regional Support: Confidential VM backups with private endpoints are currently available in selected Azure regions only. Extension Compatibility: Ensure that the latest Azure Backup extension version is installed on the CVM. Older versions may not support CVM encryption. Feature Dependencies: Azure Backup for CVMs (Private Preview) must be manually enabled at the subscription level by the Azure Product Team. Performance Overhead: Due to attestation and encryption validation, backup operations may experience slight latency. Best Practices Test Restore Scenarios Regularly: Validate both backup and restore processes to ensure end-to-end functionality. Subnet Planning: Reserve adequate IP addresses in your subnet (/25 or /27) to accommodate private endpoints. ZRS Deployment: Use Zone-Redundant Recovery Services Vault (ZRS) for better resiliency and zone-to-zone restore capability. Use Enhanced Backup Policies: Enhanced policies ensure point-in-time recovery and support for CMK-based encryption. DNS Hygiene: Keep private DNS zones properly configured and linked to ensure uninterrupted connectivity. Permission Management: Verify Key Vault and Managed HSM permissions before initiating backup/restore through PowerShell or REST API. Network Segmentation: Use dedicated subnets for private endpoints to avoid IP conflicts and simplify network management. Automate with IaC: Use Bicep or Terraform templates for repeatable, auditable deployments of RSVs, private endpoints, and DNS configurations. Monitor Health and Alerts: Enable Azure Monitor and Backup Center to track job statuses, failures, and performance. Engage Product Team Early: Contact the Microsoft Product Team early in your project to ensure required preview feature (Azure Backup for CVMs) is enabled in time. Final Thoughts Backing up Confidential VMs with Azure Recovery Services vault over private endpoints gives you the best of both worlds: confidential computing protections for your workloads and secure, compliant backups that never leave the private network. By carefully planning DNS, subnet sizing, enabling subscription features with product team help, and configuring permissions properly, you can avoid common pitfalls and strengthen your data protection strategy. Note: This blog specifically deals with CVMs encrypted with Confidential OS Encryption on the OS Disk. Tip: If you’re just getting started, reach out to the Azure Product Team to enable the required features, deploy a test CVM, link it to an RSV with private endpoints, and run a backup/restore cycle to validate your configuration end-to-end.
