Azure Virtual Desktop Support for Trusted Launch Virtual Machines

We are excited to officially announce Azure Virtual Desktop support for Trusted Launch virtual machines! Deploying Trusted Launch virtual machines in your Azure Virtual Desktop environment allows you to improve the security posture of your virtual machines by protecting against advanced and persistent attack techniques. The key benefits are as follows:

• Protect against the installation of malware-based rootkits and boot kits with Secure Boot.
• Provide your VM with its own dedicated Trusted Platform Module instance with a vTPM.
• Protect Windows kernel-mode processes against injection and execution of malicious or unverified code with Hypervisor Code Integrity.
• Isolate and protect secrets so that only privileged system software can access them with Windows Defender Credential Guard.
• Ability to perform feature updates when using Windows 11 Enterprise or Windows 11 Enterprise multi-session.

There is now a Trusted launch virtual machines option under Security type when adding virtual machines in the host pool UI:

When the Trusted Launch virtual machines Security type is selected, you will also have the option to enable secure boot and vTPM:

To learn more about Trusted Launch virtual machines, please visit here.