Announcing general availability of Azure Trusted Launch for virtual machines
Modern malware is crafted to hide on a virtual machine and has the potential to remain in place for a long time if it's undetected. These persistent malwares such as boot kits and rootkits are so sophisticated that they can run with the same kernel-mode privileges as the operating system they infect. With malware intercepting and modifying operating system processes, information and resources can be easily stolen, undermining trust in information on your virtual machines.
Earlier this year, we introduced Trusted Launch for public preview. Several customers have tried Trusted Launch for a variety of workloads and love the improved security posture of virtual machines. Today, we are excited to announce general availability of Trusted Launch that customers can leverage for their virtual machines to help prevent boot kit and rootkit infections.
Trusted Launch, which is available for all Azure Generation 2 VM hardens your Azure workloads with security features that allow administrators to deploy virtual machines with verified and signed bootloaders, OS kernels, and a boot policy. This is accomplished via Trusted Launch features: secure boot, vTPM, and boot integrity monitoring that protect against boot kits, rootkits, and kernel-level malware.
- Secure Boot protects against the installation of malware-based rootkits and boot kits and only allows signed OSes and drivers to boot.
- Virtual TPM (vTPM) allows customers to protect keys, certificates, and secrets in the virtual machine.
- Measured Boot examines and verifies the authenticity of bootloader’s signature and performs integrity measurement of the entire boot chain.
- Boot integrity monitoring via Microsoft Azure Attestation and Azure Security Center generates integrity alerts, recommendations, and remediations if remote attestation fails.
Trusted Launch is a foundational offering of Azure Confidential Computing (ACC) family. In the spectrum of ACC offerings, Trusted Launch provides a simple and easy way to improve VM security posture and confidentiality with no modification to your workload. To learn how to incorporate the full range of ACC offerings more information can be found on ACC documentation.
Mediterranean Shipping Company (MSC), one of the largest shipping companies in the world, runs its global compute infrastructure on Trusted Launch.
“As UEFI boot kits and rootkits are increasingly becoming the tools for cybersecurity attacks, Azure Trusted Launch VM provides our administrators confidence and ability to securely migrate to Azure while ensuring the integrity of our kernel level components. Azure Trusted Launch comes with comprehensive features of secure boot, measured boot, and remote attestation as well as seamless user experience.” – Aaron Shvarts, CISO, MSC Technology (NA)
Windows 365 CloudPC is a ‘Windows in the Cloud’ service available exclusively in Azure Cloud that allows business and enterprise users a personalized PC in the cloud.
“Trusted Launch has been instrumental for Windows 365 Cloud PC (a new simplified Cloud service to use Windows in the Cloud, on any device) in order to support Windows 11 and Windows 10 upgrades to Windows 11 across all Azure regions we support. Adding more baseline security capabilities for our customer has been one of the reasons why we decided to be one of the first adopters of this service.” – Christiaan Brinkhoff, Principal Program Manager, Windows 365 Engineering
Trusted Launch is available in all Azure public cloud regions with no additional cost and supports the most commonly used operating systems images.
To learn more and get started with Trusted Launch and ACC offerings, visit the following documentation pages:
If you’d like to engage further with the ACC team, please contact us at Azure Confidential PMs.
Published on:
Learn moreRelated posts
Record Scanner for vinyl collectors cuts costs with Azure Cosmos DB vector search
by Artur Drozdz, Founder of Record Scanner (recordscanner.com) If you’re like me, there’s at least one room in your home with an entire cabine...
🚀 Introducing the New VS Code Extension for Azure Cosmos DB
We’re excited to share that the Azure Databases extension for Visual Studio Code is now officially rebranded as the Azure Cosmos DB extension!...
AI-based T-SQL Refactoring: an automatic intelligent code optimization with Azure OpenAI
This article presents an AI-powered approach to automating SQL Server code analysis and refactoring. The system intelligently identifies ineff...
Azure Boards integration with GitHub Copilot (Private Preview)
Several months ago, GitHub introduced the public preview of its Copilot coding agent, a powerful new capability that allows you to assign GitH...
What is Azure Key Vault and How It Secures Microsoft Dynamics 365 CRM Systems?
Azure Key Vault is a service by Microsoft Azure that helps securely store and manage sensitive information such as API keys, connection string...
Azure AI Foundry Model In Copilot Studio Custom Prompts
Any custom model created in Azure AI Foundry can be used in Copilot Studio. This ... The post Azure AI Foundry Model In Copilot Studio Custom ...
Running Teams PowerShell Cmdlets in Azure Automation
This article describes the prerequisites and how to run cmdlets from the Teams PowerShell module in Azure Automation runbooks. We also conside...