Azure confidential computing

Azure confidential computing offers solutions to enable isolation of your sensitive data while it's being processed in the cloud. Learn how to create and deploy applications based on confidential computing infrastructure by reading concepts, completing tutorials, and working with code samples. Use Microsoft products built on confidential computing to keep your workloads as secure as possible.

Azure confidential computing

Overview

• What is confidential computing?
• What is Azure confidential computing?
• Choose your confidential computing offering

Quickstart

• Building confidential computing solutions
• Deploying confidential computing solutions
• Cleanroom solutions on confidential computing

Concept

• Microsoft Azure Attestation
• Azure Confidential Ledger
• Trusted Hardware Identity Management
• Trusted launch
• Azure Key Vault Managed HSM
• Azure SQL Always Encrypted in secure enclaves
• Azure IoT Edge

What's new

• What's new?

Confidential Virtual Machines

Overview

• Azure Confidential VM options on AMD
• Virtual Machines based on AMD processors with SEV-SNP technology
• Preview of Azure Confidential VM with Intel TDX

Concept

• Guest attestation for confidential VMs
• Microsoft Defender for Cloud integration
• Virtual TPMs in Azure confidential VMs

Quickstart

• Create an AMD confidential VM in the Azure portal
• Create an AMD confidential VM with ARM template
• Create an AMD confidential VM with Azure CLI

How-To Guide

• Use sample app for guest attestation
• How to leverage virtual TPMs in Azure confidential VMs
• Create a custom image for a confidential VM
• Harden a Linux image to remove sudo users
• Harden a Linux image to remove azure guest agent

Reference

• AMD confidential VMs FAQ
• DCasv5 and DCadsv5-series virtual machines
• ECasv5 and ECadsv5-series virtual machines
• Availability

What's new

• DCesv5 and ECesv5 Confidential VMs with Intel TDX

Container compute

Overview

• Confidential containers on Azure overview
• Confidential VM with AMD SEV-SNP node pools in AKS
• App enclave nodes with Intel SGX in AKS

Quickstart

• Hello world with Confidential containers with Azure Container Instances (ACI)
• CLI based provisioning with a hello from enclave container app on AKS
• Confidential containers with Intel SGX quickstart
• App enclave aware container samples
• Confidential VM node pools on AKS

Reference

• Azure architecture center confidential container scenarios
• Confidential containers with ACC Azure Samples
• Intel SGX based VM nodes on AKS FAQ

video

• Confidential VM worker nodes with AKS with remote attestation - Azure Friday
• Overview of confidential computing Intel SGX nodes on AKS
• Python hello world demo with Intel SGX based confidential containers on AKS
• Confidential big data analytics with Apache Spark in enclaves

What's new

• Confidential containers with Azure Container Instances (ACI) with AMD SEV-SNP Protection - Public preview

Virtual machines with app enclaves

Overview

• App enclave development
• Intel SGX app enclaves

Quickstart

• Create Intel SGX VM in the Azure portal
• Create Intel SGX VM in the Azure Marketplace

Reference

• DCsv2-series virtual machines
• DCsv3 and DCdsv3-series virtual machines

Secure key release (SKR)

Concept

• Secure Key Release(SKR) with AKV and Azure Confidential Computing
• Secure Key Release(SKR) with AKV example policies

Quickstart

• Confidential VM's SKR with guest attestation application
• Confidential containers with Azure Container Instances SKR Side-Car