Microsoft Confidential Compute Updates - Q3 2023
Within this blog, we want to give an overview of all the feature in Q3 2023 that becomes available in General Availability and/or Technical Preview by Microsoft. This information can be found at Microsoft Azure Updates and Azure Confidential Computing Blog.
Features are now supported by Microsoft (GA):
- [General available] Share VM images publicly with community gallery - Azure Compute Gallery feature
With community gallery, a new feature of Azure Compute Gallery, you can now easily share your VM images with the wider Azure community. By setting up a 'community gallery', you can group your images and make them available to other Azure customers. As a result, any Azure customer can utilize images from the community gallery to create resources such as virtual machines (VMs) and VM scale sets. Azure customers can then deploy VMs and VM scale sets using the portal, CLI, rest API, and PowerShell with the images you published and shared. Additionally, Fedora, CentOS Stream, AlmaLinux, FreeBSD, RockyLinux and other publishers will be able to share their non-commercial images and software packages with their customers using community galleries on Azure Compute Gallery. More capabilities include:- Browse view, an easy way to view and filter existing community images using the Azure portal;
- Support for confidential VM supported images and trusted launch supported images based on regional availability. Click here to learn more.
- [General available] Trusted launch as default for VMs deployed through the Azure portal
Trusted launch, hardens your Azure virtual machines with security features that allow administrators to deploy virtual machines with verified and signed bootloaders, OS kernels, and a boot policy. This is accomplished via trusted launch features: secure boot, vTPM, and boot integrity monitoring that protect against boot kits, rootkits, and kernel-level malware. With this announcement trusted launch is enabled by default.- Secure Boot protects against the installation of malware-based rootkits and boot kits and only allows signed OSes and drivers to boot;
- Virtual TPM (vTPM) allows customers to protect keys, certificates, and secrets in the virtual machine;
- Measured Boot examines and verifies the authenticity of bootloader’s signature and performs integrity measurement of the entire boot chain;
- Boot integrity monitoring via Microsoft Azure Attestation and Azure Security Center generates integrity alerts, recommendations, and remediations if remote attestation fails.
As of this announcement, trusted launch is enabled by default for VMs when deployed through the Azure portal.
For more information, read the blog announcement.
Features are not yet supported by Microsoft (GA)
- [Public Preview] Azure Virtual Network encryption
With Virtual Network encryption, customers can enable encryption of traffic between Virtual Machines and Virtual Machines Scale Sets within the same virtual network and between regionally and globally peered virtual networks. This new feature enhances the existing encryption in transit capabilities in Azure. Azure Virtual Network encryption is available in the following regions during public preview: East US 2 EUAP, Central US EUAP, West Central US, East US, East US 2, West US, West US 2. Sign up to obtain access to the public preview, click here For more information, click here.