![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 38%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVA%3C/text%3E%3C/svg%3E)
Azure Dedicated HSM
An Azure service that provides hardware security module management.
27 questions
Thank you for reaching out to the Microsoft Q&A platform.
There is no direct option available to connect a physical Hardware Security Module (HSM) to an Azure VM. To connect a physical Hardware Security Module (HSM), you have to use the Azure Dedicated HSM service. This service provides a physical device for sole customer use with complete administrative control and management responsibility. The device made available is a Thales Luna 7 HSM model A790. Microsoft will have no administrative access once provisioned by a customer, beyond physical serial port attachment as a monitoring role. As a result, customers are responsible for typical operational activities including comprehensive monitoring and log analysis.
Ref: https://learn.microsoft.com/en-us/azure/dedicated-hsm/overview
Alternatively, you can use Azure Key Vault to store and manage cryptographic keys and secrets. Azure Key Vault supports HSM-protected keys, which are stored in FIPS 140-2 Level 2 validated HSMs. This provides an additional layer of protection for your keys and secrets.
Ref: https://learn.microsoft.com/en-us/azure/key-vault/keys/hsm-protected-keys
If I have answered your query, please click "Accept as answer" as a token of appreciation