Manage hardware security modules that you use in the cloud
Azure Dedicated HSM allows you to do key management on a hardware security module that you control in the cloud. You can meet your compliance requirements such as FIPS 140-2 Level 3 and help ensure your keys are secure by using a cloud-hosted HSM. You can drastically reduce the latency of applications and increase their performance by running them in your own hardware security module in Azure.
Explore pricing options
Apply filters to customise pricing options to your needs.
US government entities are eligible to purchase Azure Government services from a licensing solution provider with no upfront financial commitment or directly through a pay-as-you-go online subscription.
Important—The price in R$ is merely a reference; this is an international transaction and the final price is subject to exchange rates and the inclusion of IOF taxes. An eNF will not be issued.
Azure Germany is available to customers and partners who have already purchased this, doing business in the European Union (EU), the European Free Trade Association (EFTA)and in the United Kingdom (UK). It provides data residency in Germany with additional levels of control and data protection. You can also sign up for a free Azure trial.
US government entities are eligible to purchase Azure Government services from a licensing solution provider with no upfront financial commitment or directly through a pay-as-you-go online subscription.
Important—The price in R$ is merely a reference; this is an international transaction and the final price is subject to exchange rates and the inclusion of IOF taxes. An eNF will not be issued.
Azure Germany is available to customers and partners who have already purchased this, doing business in the European Union (EU), the European Free Trade Association (EFTA)and in the United Kingdom (UK). It provides data residency in Germany with additional levels of control and data protection. You can also sign up for a free Azure trial.
| Hourly usage fee per HSM | |
|---|---|
| Azure Dedicated HSM | $- |
The service is available in limited regions – To learn more about availability, please contact your local Microsoft representative.
Azure pricing and purchasing options
Connect with us directly
Get a walkthrough of Azure pricing. Understand pricing for your cloud solution, learn about cost optimisation and request a custom proposal.
Talk to a sales specialistSee ways to purchase
Purchase Azure services through the Azure website, a Microsoft representative or an Azure partner.
Explore your optionsAdditional resources
Azure Dedicated HSM details
Learn more about Azure Dedicated HSM features and capabilities.
Pricing calculator
Estimate your expected monthly costs for using any combination of Azure products.
SLA
Review the Service Level Agreement for this product.
Documentation
Review technical tutorials, videos and more Azure Dedicated HSM resources.
Frequently asked questions
-
Azure Dedicated HSM (hardware security module) is a cloud-based service that provides HSMs hosted in Azure datacenters that are directly connected to a customers’ virtual network. These are dedicated network HSM appliances (Gemalto's SafeNet Network HSM 7, FIPS 140-2 Level 3) available in a customers' private IP address space. Microsoft does not have any access to the cryptographic functionality of the HSMs. Only the customer has full administrative control and cryptographic control over these HSMs and can get full activity logs directly from the HSM. Dedicated HSMs help customers meet compliance/regulatory requirements such as GDPR, HIPAA, PCI-DSS, eIDAS and many others.
-
HSM (hardware security module) is a physical computing device used for safeguarding and managing cryptographic keys that can be used for cryptographic operations. The key material stays safe in a tamper-resistant, tamper-evident hardware module, while allowing authenticated/authorised applications to use the keys to perform cryptographic operations. The key material never leaves the HSM protection boundary.
-
HSMs are used for storing cryptographic keys that are used for cryptographic functionality such as SSL (secure socket layer), encrypting data, PKI (public key infrastructure), DRM (digital rights management) and signing documents.
-
Customers can provision HSMs in specific regions using PowerShell or command line interface. The customer specifies virtual network and subnet detail for the HSMs to be connected to. Once provisioned, the HSMs will be available in the designated subnet at an assigned IP addresses in the customer's private IP address space. Customers can then connect to the HSMs using the SSH tool for appliance management and administration, to setup HSM client connections, initialise HSMs, create partitions, define and assign roles such as partition officer, crypto officer and crypto user. Finally, a customer will use Gemalto provided HSM client tools/SDK/software to perform cryptographic operations from their applications.
-
By design, the customer has exclusive administrative control of the HSM device including monitoring, configuration and software/firmware maintenance. Considering Microsoft is not involved in this, we cannot ensure the health and hence uptime of the device.
-
No. The Dedicated HSM service does not support integration with other Azure or Microsoft cloud services.
Talk to a sales specialist for a walk-through of Azure pricing. Understand pricing for your cloud solution.
Get free cloud services and a $200 credit to explore Azure for 30 days.