Loading...

Announcing general availability of Azure Trusted Launch for virtual machines

Announcing general availability of Azure Trusted Launch for virtual machines

Modern malware is crafted to hide on a virtual machine and has the potential to remain in place for a long time if it's undetected. These persistent malwares such as boot kits and rootkits are so sophisticated that they can run with the same kernel-mode privileges as the operating system they infect. With malware intercepting and modifying operating system processes, information and resources can be easily stolen, undermining trust in information on your virtual machines.

 

Earlier this year, we introduced Trusted Launch for public preview. Several customers have tried Trusted Launch for a variety of workloads and love the improved security posture of virtual machines. Today, we are excited to announce general availability of Trusted Launch that customers can leverage for their virtual machines to help prevent boot kit and rootkit infections.

 

Trusted Launch, which is available for all Azure Generation 2 VM hardens your Azure workloads with security features that allow administrators to deploy virtual machines with verified and signed bootloaders, OS kernels, and a boot policy. This is accomplished via Trusted Launch features: secure boot, vTPM, and boot integrity monitoring that protect against boot kits, rootkits, and kernel-level malware.

  • Secure Boot protects against the installation of malware-based rootkits and boot kits and only allows signed OSes and drivers to boot.
  • Virtual TPM (vTPM) allows customers to protect keys, certificates, and secrets in the virtual machine.
  • Measured Boot examines and verifies the authenticity of bootloader’s signature and performs integrity measurement of the entire boot chain.
  • Boot integrity monitoring via Microsoft Azure Attestation and Azure Security Center generates integrity alerts, recommendations, and remediations if remote attestation fails.

prasadmsft_0-1635791939461.png

 

Trusted Launch is a foundational offering of Azure Confidential Computing (ACC) family. In the spectrum of ACC offerings, Trusted Launch provides a simple and easy way to improve VM security posture and confidentiality with no modification to your workload. To learn how to incorporate the full range of ACC offerings more information can be found on ACC documentation.

 

Mediterranean Shipping Company (MSC), one of the largest shipping companies in the world, runs its global compute infrastructure on Trusted Launch.

 

“As UEFI boot kits and rootkits are increasingly becoming the tools for cybersecurity attacks, Azure Trusted Launch VM provides our administrators confidence and ability to securely migrate to Azure while ensuring the integrity of our kernel level components. Azure Trusted Launch comes with comprehensive features of secure boot, measured boot, and remote attestation as well as seamless user experience.” – Aaron Shvarts, CISO, MSC Technology (NA)

 

Windows 365 CloudPC is a ‘Windows in the Cloud’ service available exclusively in Azure Cloud that allows business and enterprise users a personalized PC in the cloud.

 

“Trusted Launch has been instrumental for Windows 365 Cloud PC (a new simplified Cloud service to use Windows in the Cloud, on any device) in order to support Windows 11 and Windows 10 upgrades to Windows 11 across all Azure regions we support. Adding more baseline security capabilities for our customer has been one of the reasons why we decided to be one of the first adopters of this service.” – Christiaan Brinkhoff, Principal Program Manager, Windows 365 Engineering

 

Trusted Launch is available in all Azure public cloud regions with no additional cost and supports the most commonly used operating systems images.

 

To learn more and get started with Trusted Launch and ACC offerings, visit the following documentation pages:

 

If you’d like to engage further with the ACC team, please contact us at Azure Confidential PMs.

Published on:

Learn more
Azure Confidential Computing Blog articles
Azure Confidential Computing Blog articles

Azure Confidential Computing Blog articles

Share post:

Related posts

Creating an Agent with Actions in Azure AI Foundry

Azure AI Foundry is an Azure service where you can create agents using various LLMs (including your own). In this post we will look at how to ...

1 day ago

New Test Run Hub in Azure Test Plans

Delivering high-quality software is a necessity and that’s why Azure Test Plans has introduced the all-new Test Run Hub, an enabler for teams ...

2 days ago

Microsoft Teams: New SlimCore-based optimization for Microsoft Teams in VDI – support for MacOS on Citrix and Azure Virtual Desktops/Windows 365

This feature allows MAC endpoints to optimize Microsoft Teams in VDI environments with the new SlimCore-based media engine, providing an expan...

2 days ago

Microsoft Whiteboard: Azure to OneDrive migration progress update

Microsoft Whiteboard storage is migrating from Azure to OneDrive, starting February 2024 and completing by August 2025, with full deprecation ...

3 days ago

Copilot Studio: Azure AI Search Complete Setup Guide

Copilot Studio can use an Azure AI Search index as knowledge to answer Users questions ... The post Copilot Studio: Azure AI Search Complete S...

6 days ago

Microsoft Azure Fundamentals #1: Creating External Tenants in Entra ID: A Step-by-Step Guide

It is important to configure external tenants for different scenarios. In this post we can see how to create a tenant step by step so that it ...

6 days ago

Azure Information Protection: Enable multifactor authentication for your Azure tenant by October 1, 2025

Microsoft will enforce multifactor authentication (MFA) for all Azure resource management actions starting October 1, 2025, with a postponemen...

8 days ago

Azure Automation Custom Runtime Environments

A custom runtime environment is a way of defining a specific job execution environment for Azure Automation runbooks, including Microsoft Grap...

8 days ago

Dynamics 365 Customer Insights – Data – Export your data to Azure Data Lake Storage

We are announcing the general availability of the export to Azure Data Lake Storage (ADLS) feature in Dynamics 365 Customer Insights – Data on...

9 days ago

Dynamics 365 Business Central: Quickly find the Tenant ID, Azure AD Instance, and Tenant Scope from the domain (tenant) name without signing in

Hi, Readers.Today I would like to share another mini tip, how to quickly find the Tenant ID, Azure AD Instance, and Tenant Scope from the doma...

12 days ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy