Announcing general availability of Azure Trusted Launch for virtual machines

Announcing general availability of Azure Trusted Launch for virtual machines

Modern malware is crafted to hide on a virtual machine and has the potential to remain in place for a long time if it's undetected. These persistent malwares such as boot kits and rootkits are so sophisticated that they can run with the same kernel-mode privileges as the operating system they infect. With malware intercepting and modifying operating system processes, information and resources can be easily stolen, undermining trust in information on your virtual machines.


Earlier this year, we introduced Trusted Launch for public preview. Several customers have tried Trusted Launch for a variety of workloads and love the improved security posture of virtual machines. Today, we are excited to announce general availability of Trusted Launch that customers can leverage for their virtual machines to help prevent boot kit and rootkit infections.


Trusted Launch, which is available for all Azure Generation 2 VM hardens your Azure workloads with security features that allow administrators to deploy virtual machines with verified and signed bootloaders, OS kernels, and a boot policy. This is accomplished via Trusted Launch features: secure boot, vTPM, and boot integrity monitoring that protect against boot kits, rootkits, and kernel-level malware.

  • Secure Boot protects against the installation of malware-based rootkits and boot kits and only allows signed OSes and drivers to boot.
  • Virtual TPM (vTPM) allows customers to protect keys, certificates, and secrets in the virtual machine.
  • Measured Boot examines and verifies the authenticity of bootloader’s signature and performs integrity measurement of the entire boot chain.
  • Boot integrity monitoring via Microsoft Azure Attestation and Azure Security Center generates integrity alerts, recommendations, and remediations if remote attestation fails.



Trusted Launch is a foundational offering of Azure Confidential Computing (ACC) family. In the spectrum of ACC offerings, Trusted Launch provides a simple and easy way to improve VM security posture and confidentiality with no modification to your workload. To learn how to incorporate the full range of ACC offerings more information can be found on ACC documentation.


Mediterranean Shipping Company (MSC), one of the largest shipping companies in the world, runs its global compute infrastructure on Trusted Launch.


“As UEFI boot kits and rootkits are increasingly becoming the tools for cybersecurity attacks, Azure Trusted Launch VM provides our administrators confidence and ability to securely migrate to Azure while ensuring the integrity of our kernel level components. Azure Trusted Launch comes with comprehensive features of secure boot, measured boot, and remote attestation as well as seamless user experience.” – Aaron Shvarts, CISO, MSC Technology (NA)


Windows 365 CloudPC is a ‘Windows in the Cloud’ service available exclusively in Azure Cloud that allows business and enterprise users a personalized PC in the cloud.


“Trusted Launch has been instrumental for Windows 365 Cloud PC (a new simplified Cloud service to use Windows in the Cloud, on any device) in order to support Windows 11 and Windows 10 upgrades to Windows 11 across all Azure regions we support. Adding more baseline security capabilities for our customer has been one of the reasons why we decided to be one of the first adopters of this service.” – Christiaan Brinkhoff, Principal Program Manager, Windows 365 Engineering


Trusted Launch is available in all Azure public cloud regions with no additional cost and supports the most commonly used operating systems images.


To learn more and get started with Trusted Launch and ACC offerings, visit the following documentation pages:


If you’d like to engage further with the ACC team, please contact us at Azure Confidential PMs.

Published on:

Learn more
Azure Confidential Computing Blog articles
Azure Confidential Computing Blog articles

Azure Confidential Computing Blog articles

Share post:

Related posts

HTTP Trigger Azure Function Authorization Types simplified

Here' how you can quickly understand what are the different Authorization Levels to be set while working with HTTP Azure Functions.

1 day ago

Increasing Security for SQL Server Enabled by Azure Arc

Back in November 2023, the least privileges deployment model was introduced as a public preview. After thorough testing, we are excited to ann...

2 days ago

Govern your Azure Firewall configuration with Azure Policies

Introduction:  In the rapidly evolving digital landscape, securing cloud environments is more critical than ever. Azure Firewall emerges ...

3 days ago

Azure Verified Modules - Monthly Update [June]

AVM Module Summary The AVM team are excited that our community have been busy building AVM Modules. As of June 17th, the AVM Footprint curren...

3 days ago

General Availability Announcement: Azure VM Regional to Zonal Move

Today, we announce the general availability of the capability to convert regional VMs to a zonal configuration within the same region. Th...

4 days ago

Azure WAF Public Preview: JavaScript Challenge

Microsoft has recently released JavaScript challenge in public preview for Azure WAF on Application Gateway and Azure Front Door.   Appro...

4 days ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy