Azure confidential VMs (DCasv5/ECasv5) using AMD SEV-SNP processors are now generally available
Published Nov 22 2021 11:24 AM 13.3K Views

Updated July 19 2022 07:30 AM

Azure today provides the broadest set of confidential offerings for virtual machines (VMs), containers and applications across CPUs and GPUs. We are excited to announce the general availability of Azure DCasv5 and ECasv5 confidential VM-series utilizing 3rd Gen AMD EPYCTM processors with Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) security features. You can get started today by creating confidential VMs here.


Microsoft spends over billions of dollars per year on cybersecurity and much of that goes to making Microsoft Azure the most trusted cloud platform. From strict physical datacenter security, robust data privacy, encrypting data at rest and in transit, novel uses of machine learning for threat detection, and the use of stringent operational software development lifecycle controls, Azure represents the cutting edge of cloud security and privacy.


Azure today provides powerful controls around protecting data at rest and data in transit. Aligned with the Confidential Computing Consortium (CCC) definition, Azure confidential computing protects data in use using hardware-based Trusted Execution Environments (TEEs), which provides customers hardware-backed security protection of code execution and data.


Azure confidential VMs are designed to offer a new, hardware-based TEE leveraging SEV-SNP, which hardens guest protections to deny the hypervisor and other host management code access to VM memory and state, protecting against operator access.  Customers in regulated industries such as banking, healthcare, and public sector, can easily migrate their legacy workloads from on-prem environments to the cloud with minimal performance impact and without code changes by leveraging Azure confidential VMs (DCasv5/ECasv5).


“The new Azure DCasv5 and ECasv5 confidential VMs are the first EPYC processor-based confidential VMs at Azure, enabling our joint customers to have their data encrypted in use, in transit and at rest,” said Lynn Comp, corporate vice president, Cloud Business Unit, AMD. “DCasv5 and ECasv5 VMs offer access to the modern security features and impressive price-performance of 3rd Gen AMD EPYC processors while delivering impressive performance for general purpose and memory optimized workloads.”


Hardware-based confidentiality and integrity protection


DCasv5/ECasv5 confidential VMs run on 3rd Gen AMD EPYCTM 7763v processors with boosted maximum frequency up to 3.5GHz, which provide hardware-based VM memory encryption and integrity protection only available through SEV-SNP. Keys used for VM memory encryption are generated by a dedicated secure processor inside of AMD CPUs and cannot be read from software. Integrity protection is an enhanced capability only available with the SEV-SNP security feature in AMD 3rd Gen EPYC processors, which hardens VM-level Isolation and integrity protection.


Azure confidential VMs offer an in-cloud OS full disk encryption option, where the OS disk partitions are encrypted prior to a VM first boot. Customers can choose encryption either through a platform-managed key or a customer-managed key. Keys are cryptographically bonded with customized release policies, the keys won’t be released unless policies are satisfied. Customer keys can be stored in the Azure Key Vault or Azure Managed HSM (Hardware Security Module). Azure Managed HSM, which runs inside Intel SGX based hardware enclaves, offers enhanced data protection and compliance as each customer owns a dedicated, highly available HSM (validated to FIPS 140-2 Level 3) which gives them control over keys. 


Verifiable Remote Attestation

Azure confidential VMs will only boot when the platform verifies that VM host environment is chained to an AMD hardware root-of-trust and customized secure key release policies are met. Additionally, customers can initiate attestation requests inside of Azure confidential VMs to demonstrate that the VMs are running on AMD-powered nodes with SEV-SNP enabled and that the VM attributes are compliant with pre-set customer policies including secure boot, serial console settings, and other configurations. 


Virtual Trusted Platform Module and secure boot

Each Azure confidential VM has a unique virtual Trusted Platform Module (vTPM). This vTPM resides in higher privileged memory and 3rd Gen AMD EPYCTM processors protect the memory against guest (Guest OS or admin) as well as Azure host (host admin or services including hypervisor.)  Customers can seal their disk encryption keys, certificates, and secrets inside of vTPMs.


Azure confidential VMs support secure boot. Secure boot protects customers against the installation of malware-based rootkits, boot kits, and requires signed OS images and drivers to run. Measured boot examines and verifies the authenticity of the bootloader’s signature and performs integrity measurement of the whole boot chain.



Use Cases



“BMW Group's shift to the cloud has already enabled dev-ops teams to provide application services with new capabilities, agility, flexibility and service levels. The Azure confidential computing DCasv5-series VMs and the security controls for disk and memory encryption will enable BMW's highest protection level workloads to migrate to Azure. The customer managed keys and the guest attestation provide the required level of assurance to meet BMW Group's IT policy needs.”



“This integration between HashiCorp Vault and Azure confidential computing reflects our shared commitment to make zero trust security accessible for joint customers. With Azure’s proven scalability and reliability, in addition to the recent launch of Azure confidential virtual machines with AMD SEV-SNP, our customers can ensure their most sensitive and isolated data is protected with HashiCorp Vault’s secrets management and data encryption.”  - Eric Schwindt, HashiCorp Director of Alliances for Microsoft.


Getting started

The newly announced Azure confidential VM series (DCasv5 and ECasv5) offer the same VM configurations as the general-purpose VMs with minimal performance delta on common benchmarks and can be launched similarly with a few clicks via the Azure portal. Customers can further choose to customize their network, storage, and security posture settings depending on their requirements. Today Azure confidential VMs are available in below regions during initial general availability.

  • North America: West US, East US
  • Europe: North Europe, West Europe


For the latest information regarding regional availability, please refer to the Azure Products by Region page. To learn more about Azure confidential VM series (DCasv5 and ECasv5), please refer to the links listed below.


Version history
Last update:
‎Nov 28 2023 04:32 PM
Updated by: