Azure Cloud HSM
Manage hardware security modules (HSMs) that you use in the cloud.
Overview
Safeguard cryptographic keys within your private virtual network.
- Control who in your organization can access your HSMs—and the scope and assignment of their roles—while maintaining administrative and cryptographic control. Microsoft has no access to customer keys.
- Meet or exceed security and compliance requirements with HSMs validated against FIPS 140-3 Level 3 and eIDAS.
- Migrate HSM applications to Azure with minimal changes via Azure Cloud HSM. Applications that require PKCS#11, OpenSSL, JCE, and document and code signing migrate with ease. Azure Cloud HSM enables Apache/Nginx SSL Offload, Microsoft SQL Server, Oracle TDS, and Active Directory Certificates on Azure VMs.
Features
Provide a modern approach to enterprise security
Azure Cloud HSM is a FIPS 140-3 Level 3 validated, single-tenant service giving customers full control of secure HSM clusters for key storage and cryptographic operations.
Keep HSMs under your control
Maintain full administrative and cryptographic control of your HSMs.
Maintain compliance
Validated for FIPS 140-3 Level 3 and eIDAS.
Lift-and-shift your apps
Migrate HSM applications to Azure with minimal changes and improved latency.
Security
Embedded security and compliance
34,000
Full-time equivalent engineers dedicated to security initiatives at Microsoft.
15,000
Partners with specialized security expertise.
>100
Compliance certifications, including over 50 specific to global regions and countries.
FAQ
Frequently asked questions
- Azure Cloud HSM provides high availability and redundancy by grouping three HSMs into a cluster and automatically synchronizing across HSM instances. The HSM cluster supports load balancing of cryptographic operations.
- Azure Cloud HSM is compatible with industry standards such as PKCS#11, OpenSSL, and Java (JCE/JCA). It also supports non-Microsoft application integration, and enables Microsoft SQL Server/Oracle TDS, and Active Directory Certificate Services on Azure VMs.
- Azure offers multiple solutions for cryptographic key storage and management in the cloud. A flowchart, based on common high-level requirements and key management scenarios, is available to help customers make this decision. Learn more about how to choose the right key management solution.
- You can learn more with the expanded Azure Cloud HSM FAQ.
Next steps
Choose the Azure account that’s right for you
Pay as you go or try Azure free for up to 30 days.
Azure solutions
Azure cloud solutions
Solve your business problems with proven combinations of Azure cloud services, as well as sample architectures and documentation.
Business Solutions Hub
Find the right Microsoft Cloud solution
Browse the Microsoft Business Solutions Hub to find the products and solutions that can help your organization reach its goals.
Get the Azure mobile app 
