Trusted Launch for Azure virtual machines

Applies to: ✔️ Linux VMs ✔️ Windows VMs ✔️ Flexible scale sets ✔️ Uniform scale sets

Azure offers Trusted Launch as a seamless way to improve the security of Generation 2 virtual machines (VMs). Trusted Launch protects against advanced and persistent attack techniques. Trusted Launch is composed of several coordinated infrastructure technologies that can be enabled independently. Each technology provides another layer of defense against sophisticated threats.

Important

Benefits

  • Securely deploy VMs with verified boot loaders, operating system (OS) kernels, and drivers.
  • Securely protect keys, certificates, and secrets in the VMs.
  • Gain insights and confidence of the entire boot chain's integrity.
  • Ensure that workloads are trusted and verifiable.

Virtual machines sizes

Type Supported size families Currently not supported size families Not supported size families
General purpose B-series, DCsv2-series, DCsv3-series, DCdsv3-series, Dv4-series, Dsv4-series, Dsv3-series, Dsv2-series, Dav4-series, Dasv4-series, Ddv4-series, Ddsv4-series, Dv5-series, Dsv5-series, Ddv5-series, Ddsv5-series, Dasv5-series, Dadsv5-series, Dlsv5-series, Dldsv5-series Dpsv5-series, Dpdsv5-series, Dplsv5-series, Dpldsv5-series Av2-series, Dv2-series, Dv3-series
Compute optimized FX-series, Fsv2-series All sizes supported.
Memory optimized Dsv2-series, Esv3-series, Ev4-series, Esv4-series, Edv4-series, Edsv4-series, Eav4-series, Easv4-series, Easv5-series, Eadsv5-series, Ebsv5-series,Ebdsv5-series, Edv5-series, Edsv5-series Epsv5-series, Epdsv5-series, M-series, Msv2-series, Mdsv2 Medium Memory series, Mv2-series Ev3-series
Storage optimized Lsv2-series, Lsv3-series, Lasv3-series All sizes supported.
GPU NCv2-series, NCv3-series, NCasT4_v3-series, NVv3-series, NVv4-series, NDv2-series, NC_A100_v4-series, NVadsA10 v5-series NDasrA100_v4-series, NDm_A100_v4-series NC-series, NV-series, NP-series
High Performance Compute HB-series, HBv2-series, HBv3-series, HBv4-series, HC-series, HX-series All sizes supported.

Note

  • Installation of the CUDA & GRID drivers on Secure Boot-enabled Windows VMs doesn't require any extra steps.
  • Installation of the CUDA driver on Secure Boot-enabled Ubuntu VMs requires extra steps. For more information, see Install NVIDIA GPU drivers on N-series VMs running Linux. Secure Boot should be disabled for installing CUDA drivers on other Linux VMs.
  • Installation of the GRID driver requires Secure Boot to be disabled for Linux VMs.
  • Not supported size families don't support Generation 2 VMs. Change the VM size to equivalent supported size families for enabling Trusted Launch.

Operating systems supported

OS Version
Alma Linux 8.7, 8.8, 9.0
Azure Linux 1.0, 2.0
Debian 11, 12
Oracle Linux 8.3, 8.4, 8.5, 8.6, 8.7, 8.8 LVM, 9.0, 9.1 LVM
RedHat Enterprise Linux 8.4, 8.5, 8.6, 8.7, 8.8, 9.0, 9.1 LVM, 9.2
SUSE Enterprise Linux 15SP3, 15SP4, 15SP5
Ubuntu Server 18.04 LTS, 20.04 LTS, 22.04 LTS, 23.04, 23.10
Windows 10 Pro, Enterprise, Enterprise Multi-Session *
Windows 11 Pro, Enterprise, Enterprise Multi-Session *
Windows Server 2016, 2019, 2022 *
Window Server (Azure Edition) 2022

* Variations of this OS are supported.

More information

Regions:

  • All public regions
  • All Azure Government regions
  • All Azure China regions

Pricing: Trusted Launch doesn't increase existing VM pricing costs.

Unsupported features

Currently, the following VM features aren't supported with Trusted Launch:

Secure Boot

At the root of Trusted Launch is Secure Boot for your VM. Secure Boot, which is implemented in platform firmware, protects against the installation of malware-based rootkits and boot kits. Secure Boot works to ensure that only signed operating systems and drivers can boot. It establishes a "root of trust" for the software stack on your VM.

With Secure Boot enabled, all OS boot components (boot loader, kernel, kernel drivers) require trusted publishers signing. Both Windows and select Linux distributions support Secure Boot. If Secure Boot fails to authenticate that the image is signed by a trusted publisher, the VM fails to boot. For more information, see Secure Boot.

vTPM

Trusted Launch also introduces virtual Trusted Platform Module (vTPM) for Azure VMs. This virtualized version of a hardware Trusted Platform Module is compliant with the TPM2.0 spec. It serves as a dedicated secure vault for keys and measurements.

Trusted Launch provides your VM with its own dedicated TPM instance that runs in a secure environment outside the reach of any VM. The vTPM enables attestation by measuring the entire boot chain of your VM (UEFI, OS, system, and drivers).

Trusted Launch uses the vTPM to perform remote attestation through the cloud. Attestations enable platform health checks and are used for making trust-based decisions. As a health check, Trusted Launch can cryptographically certify that your VM booted correctly.

If the process fails, possibly because your VM is running an unauthorized component, Microsoft Defender for Cloud issues integrity alerts. The alerts include details on which components failed to pass integrity checks.

Virtualization-based security

Virtualization-based security (VBS) uses the hypervisor to create a secure and isolated region of memory. Windows uses these regions to run various security solutions with increased protection against vulnerabilities and malicious exploits. Trusted Launch lets you enable hypervisor code integrity (HVCI) and Windows Defender Credential Guard.

HVCI is a powerful system mitigation that protects Windows kernel-mode processes against injection and execution of malicious or unverified code. It checks kernel mode drivers and binaries before they run, preventing unsigned files from loading into memory. Checks ensure that executable code can't be modified after it's allowed to load. For more information about VBS and HVCI, see Virtualization-based security and hypervisor-enforced code integrity.

With Trusted Launch and VBS, you can enable Windows Defender Credential Guard. Credential Guard isolates and protects secrets so that only privileged system software can access them. It helps prevent unauthorized access to secrets and credential theft attacks, like Pass-the-Hash attacks. For more information, see Credential Guard.

Microsoft Defender for Cloud integration

Trusted Launch is integrated with Defender for Cloud to ensure that your VMs are properly configured. Defender for Cloud continually assesses compatible VMs and issues relevant recommendations:

  • Recommendation to enable Secure Boot: The Secure Boot recommendation only applies for VMs that support Trusted Launch. Defender for Cloud identifies VMs that can enable Secure Boot but have it disabled. It issues a low-severity recommendation to enable it.

  • Recommendation to enable vTPM: If your VM has vTPM enabled, Defender for Cloud can use it to perform guest attestation and identify advanced threat patterns. If Defender for Cloud identifies VMs that support Trusted Launch and have vTPM disabled, it issues a low-severity recommendation to enable it.

  • Recommendation to install guest attestation extension: If your VM has Secure Boot and vTPM enabled but it doesn't have the Guest Attestation extension installed, Defender for Cloud issues low-severity recommendations to install the Guest Attestation extension on it. This extension allows Defender for Cloud to proactively attest and monitor the boot integrity of your VMs. Boot integrity is attested via remote attestation.

  • Attestation health assessment or boot integrity monitoring: If your VM has Secure Boot and vTPM enabled and the Attestation extension installed, Defender for Cloud can remotely validate that your VM booted in a healthy way. This practice is known as boot integrity monitoring. Defender for Cloud issues an assessment that indicates the status of remote attestation.

    If your VMs are properly set up with Trusted Launch, Defender for Cloud can detect and alert you of VM health problems.

  • Alert for VM attestation failure: Defender for Cloud periodically performs attestation on your VMs. The attestation also happens after your VM boots. If the attestation fails, it triggers a medium-severity alert. VM attestation can fail for the following reasons:

    • The attested information, which includes a boot log, deviates from a trusted baseline. Any deviation can indicate that untrusted modules have been loaded, and the OS could be compromised.

    • The attestation quote couldn't be verified to originate from the vTPM of the attested VM. An unverified origin can indicate that malware is present and could be intercepting traffic to the vTPM.

      Note

      Alerts are available for VMs with vTPM enabled and the Attestation extension installed. Secure Boot must be enabled for attestation to pass. Attestation fails if Secure Boot is disabled. If you must disable Secure Boot, you can suppress this alert to avoid false positives.

  • Alert for untrusted Linux kernel module: For Trusted Launch with Secure Boot enabled, it's possible for a VM to boot even if a kernel driver fails validation and is prohibited from loading. If this scenario happens, Defender for Cloud issues low-severity alerts. While there's no immediate threat, because the untrusted driver hasn't been loaded, these events should be investigated. Ask yourself:

    • Which kernel driver failed? Am I familiar with this driver and do I expect it to load?
    • Is this the exact version of the driver I'm expecting? Are the driver binaries intact? If this is a third-party driver, did the vendor pass the OS compliance tests to get it signed?

Deploy a Trusted Launch VM.