Confidential Virtual Machine support for Azure Virtual Desktop now in Public Preview

We’re announcing that Azure Virtual Desktop has public preview support for Azure Confidential Virtual Machines. Confidential Virtual Machines increase data privacy and security by protecting data in use. The Azure DCasv5 and ECasv5 confidential VM series provide a hardware-based Trusted Execution Environment (TEE) that features AMD SEV-SNP security capabilities, which harden guest protections to deny the hypervisor and other host management code access to VM memory and state, and that is designed to protect against operator access and encrypts data in use.

With this preview, support for Windows 11 22H2 has been added to Confidential Virtual Machines. Confidential OS Disk encryption and Integrity monitoring will be added to the preview at a later date. Confidential VM support for Windows 10 is planned.

Azure Confidential Virtual Machines enable encrypting data in use.

How to deploy Confidential Virtual Machines with AVD Host pool provisioning:

1) Select Confidential virtual machines from the Security Type dropdown in the AVD Host Pool Virtual Machine blade.

AVD Host pool provisioning Security Type Drop-Down

2) Once Security Type is set to Confidential virtual machines, you will see Enable Secure Boot and Enable vTPM each selected. You have the option to disable Secure Boot though it is not recommended. vTPM is required.

AVD Host pool provisioning vTPM and Secure Boot checkboxes.

Learn More:

Review the Confidential Virtual Machine documentation for more information.