Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Azure confidential computing offerings span three areas:
- Virtual machines and containers
- Confidential services
- Supplementary offerings
Virtual machines and containers
Azure supports multiple confidential computing technologies, including AMD SEV-SNP and Intel Trust Domain Extensions (TDX). These technologies help protect code and data while they are in use.
- AMD SEV-SNP confidential VMs: DCasv5 and ECasv5 help you rehost existing workloads while protecting data from cloud operators. DCasv6 and ECasv6 are currently in gated preview and offer enhanced performance.
- Intel TDX confidential VMs: DCesv6 and ECesv6 help you rehost workloads with VM-level confidentiality.
- Confidential GPU VMs: NCCadsH100v5 combines GPU performance with linked CPU and GPU TEEs to help protect sensitive AI and machine learning workloads.
- Confidential AKS worker nodes: Confidential VM Azure Kubernetes Service (AKS) worker nodes help you rehost containers with worker-node-level confidentiality on AMD SEV-SNP hardware.
- Confidential containers on Azure Container Instances: Confidential containers on Azure Container Instances support container-level integrity and attestation by using confidential computing enforcement (CCE) policies.
Confidential services
Azure also offers platform and software services that are built on or integrated with confidential computing:
- Confidential inferencing with the Azure OpenAI Whisper model supports protected inferencing with TEEs, encrypted prompt protection, user anonymity, and OHTTP.
- Azure Databricks supports confidential computing scenarios by using confidential VMs in your lakehouse environment.
- Azure Virtual Desktop helps protect desktop sessions with encryption in memory and hardware-backed trust.
- Azure Key Vault Managed HSM provides a single-tenant, standards-compliant HSM service for key protection.
- Azure Attestation provides remote attestation for TEEs and verification of binary integrity.
- Azure confidential ledger is a tamper-evident, write-once store for sensitive records and auditing scenarios.
- Always Encrypted with secure enclaves in Azure SQL enables protected query processing in a TEE.
This portfolio continues to evolve based on customer demand.
How Microsoft uses Azure confidential computing
Microsoft also applies Azure confidential computing capabilities in first-party services and operations. These patterns align with the Secure Future Initiative (SFI) emphasis on secure by design, secure by default, and secure operations.
Examples of Microsoft use include:
- Microsoft Entra ID: Protecting key material and identity infrastructure workloads to reduce the risk of unauthorized access.
- Microsoft cryptographic and code-signing services: Isolating sensitive signing and cryptographic operations in trusted execution environments to support high-volume service transactions (about 3 billion transactions per day, as highlighted in Microsoft adoption examples).
- Data and analytics workflows (including Azure Databricks): Running analytics pipelines on confidential VMs to help protect data throughout processing lifecycles.
- Privacy Sandbox workloads: Applying hardware-backed isolation to improve user privacy while maintaining platform functionality, including scenarios designed to work without third-party cookies.
- Payment processing workloads (including Microsoft Pay): Protecting sensitive payment-processing data in use during transaction handling (about $25 billion per year, as highlighted in Microsoft adoption examples).
- End-user computing scenarios (including Azure Virtual Desktop): Cryptographically isolating guest workloads to help reduce exposure in high-risk or highly regulated access contexts.
Common benefits Microsoft realizes from these deployments include:
- Reducing exposure of sensitive data in memory by processing data inside hardware-backed trusted execution environments.
- Limiting insider and operator-access risk through attestation, policy enforcement, and workload isolation.
- Strengthening compliance posture for identity, payments, and privacy-sensitive scenarios.
- Enabling broader "encrypt data in use" patterns across platform and application services.
For more context, see Microsoft's Secure Future Initiative and its April 2025 progress report and November 2025 progress report.
Supplementary offerings
- Trusted Launch adds secure boot, virtual trusted platform module, and boot integrity monitoring to Generation 2 VMs.
- Azure Integrated HSM is generally available and provides dedicated, low-latency, FIPS 140-3 Level 3 key protection in Azure infrastructure.
- Trusted Hardware Identity Management manages certificate caches for TEEs in Azure and provides trusted computing base information for attestation baselines.