Announcing Public Preview of Confidential VMs with Intel TDX in Azure Virtual Desktop

We are excited to announce that Azure Virtual Desktop now supports the public preview of DCesv5 and ECesv5-series confidential VMs. These confidential VMs are powered by 4th Gen Intel® Xeon® Scalable processors with Intel® Trust Domain Extensions (Intel® TDX) and enable organizations to bring confidential workloads to the cloud without code changes to applications. Through the gated preview, we continued to enhance performance with our Intel partnership. These new virtual machines are up to 20% faster than 3rd Gen Intel Xeon virtual machines, and we expect performance for I/O intensive workloads to continue to improve as the technology matures.

Azure confidential VMs (CVMs) offer VM memory encryption with integrity protection, which strengthens guest protections to deny the hypervisor and other host management components code access to the VM memory and state. For additional CVM security benefits, please see the CVM documentation for more information.

For more information on AVD’s support for confidential VMs, please see this blog.

For more information about Intel TDX confidential VMs, please see this blog for more information.

How to deploy Intel TDX Confidential VMs in AVD Host Pool Provisioning

• On the Virtual machine location, select “Europe West”, “Central US”, or “East US 2”.

• Select Confidential Virtual Machines from the Security Type dropdown in the AVD Host Pool Virtual Machine blade.

• From there, go down to Virtual machine size, and click on “Change size” link.

• You will then get directed towards a table that gives you all SKUs available, make sure on the top, that the “Type” is “Confidential Compute”.

• Expand the DC or EC-Series categories and select and of the DCesv5/ECesv5 SKUs appropriate for your demand.

Getting Started

To get started, please visit Azure Virtual Desktop to learn more about the various benefits AVD provides and to get started with your first deployment.

Visit Create a host pool - Azure Virtual Desktop to start deploying your first confidential VM in Azure Virtual Desktop through the Azure Portal. For more information about any of these features, please visit Azure Virtual Desktop security best practices - Azure.

Continue the conversation. Find best practices. Bookmark the Azure Virtual Desktop Community. Have feedback on the service? Share your thoughts and upvote others on the Azure Virtual Desktop Feedback board.