General availability: Trusted launch for Azure VMs in Azure for US Government regions
Published date: 01 February, 2023
We are announcing trusted launch for Azure virtual machines general availability in all Azure for US Government regions: US Gov Virginia, US Gov Arizona US Gov Texas, US DoD East, US DoD Central. Trusted launch for Azure VMs allows you to bolster the security posture of an Azure Virtual Machine in the following ways.
- Improve foundational security of your virtual machine by booting to a defined and trusted state.
- Reduce persistent malware such as boot kits and rootkits that are so sophisticated that they can run with the same kernel-mode privileges as the operating system they infect.
- Enable Credential guard (isolate & protect secrets, such as user passwords, and prevent compromise of the user’s credentials. Also protects derived domain credentials) backed by secure boot, and Virtualization based security and vTPM, pre-requisites for domain controllers.
- Address critical DoD STIG requirements [STIG 1, STIG 2] to enable Virtualization based security (VBS) for your workloads.
- Gain continuous insights into your virtual machines for health state and boot chain integrity, plus remediate attestation (Microsoft Azure Attestation) failures via Microsoft Defender for Cloud.
- Strengthen your Windows 11 virtual machines with UEFI, secure boot, and vTPM to prevent lower layer malware. (UEFI, secure boot and vTPM are pre-requisites for Windows 11)
For more information about the capabilities available, please visit the trusted launch for Azure virtual machines documentation webpage.