Skip Navigation

Azure confidential computing

Own and control your data in transit and at rest—and extend that control by protecting data in use.

Choose from the broadest range of confidential HW and SW

Choose VMs based on AMD EPYC 3rd Gen CPUs in order to lift and shift applications without requiring any changes to code, and encrypt your entire VM at runtime. Or choose VMs based on Intel SGX for confidentiality and customization down to the application level. Utilize Azure services such as our trusted launch feature to measure the integrity of the confidential vm. Add Azure Attestation, a unified solution which verifies the security postures of virtual machines.

Move your existing workloads to Azure and make them confidential without changing any code. With AMD EYPC 3rd Gen technology the contents of entire virtual machines are opaque to cloud administrators for secure and isolated computation. Our trusted launch feature measures the integrity of the confidential vm. The runtime state of these VMs is fully encrypted, protecting your data even when it's in use. The keys used for this RAM encryption are generated inside the CPU and never leave it.

Watch the video

Optimize for confidentiality at the application level with Intel SGX. Lift and shift existing applications into secure enclaves. Use confidential nodes with containers supported by Azure Kubernetes Service (AKS). Manage keys confidentially using Azure Key Vault with managed HSM. Get runtime support for confidentiality with the Open Neural Network Exchange (ONNX).

Watch the video

Secure your sensitive and regulated data while it's being processed in the cloud by isolating computations in a hardware-based trusted execution environment (TEE). Protect data in use to keep it from being accessed by a cloud provider, administrator, or user. Build on top of secure hardware with familiar tools, software, and cloud infrastructure.

Watch the video

AI and machine learning require enormous datasets to provide value, but organizations are disincentivized from sharing their data for competitive or regulatory reasons. Azure confidential computing allows organizations to combine datasets confidentially—without exposing data to each contributing organization—enabling you to share AI and machine learning insights. Upload encrypted data to a secure enclave in a virtual machine, and perform algorithms on datasets from multiple sources.

Learn more

Explore Azure confidential computing solution architecture

Confidential computing on a healthcare platform

Hospitals can combine data confidentially using Azure confidential computing for AI-enhanced diagnostics.

Learn more about Azure confidential computing products and services

AMD EPYC 3rd Gen enabled Azure confidential computing virtual machines

VMs built on AMD EYPC 3rd Gen CPUs encrypt entire VMs at runtime and allow "lift and shift" conversion to confidentiality.

Intel SGX-enabled Azure confidential computing virtual machines

Virtual machines built on Intel SGX technology support hardware-based enclave creation.

Always Encrypted with secure enclaves in Azure SQL Database

Expands confidential computing capabilities by enabling in-place encryption and richer confidential queries.

Azure confidential computing nodes on Azure Kubernetes Service (AKS)

Confidential computing nodes improve security of container applications on AKS.

Trusted launch for virtual machines

Protects your virtual machines against bootkits, rootkits, and kernel-level malware.

Azure Confidential Ledger Preview

Tamperproof, unstructured data store hosted in trusted execution environments and backed by cryptographically verifiable evidence.

Get the latest Azure confidential computing news and resources

Customers are protecting data in use with Azure confidential computing

Protecting data for millions of customers

"We utilize Azure confidential computing to provide scalable, secure environments for our services. Signal puts users first, and Azure helps us stay at the forefront of data protection with confidential computing."

Jim O'Leary, VP of Engineering, Signal
Signal

Royal Bank of Canada protects data privacy

"With Azure confidential computing, we can personalize offerings and protect privacy at the same time, creating exceptional digital experiences that clients can trust."

Eddy Ortiz, Vice President of Innovation and Solution Acceleration, Royal Bank of Canada
Royal Bank of Canada

Accelerating transactions while protecting data

"Confidential computing rides the edge between what we can imagine and what we can protect. The praxis we've experienced with Azure allows us to commit to systems that are integral, high trust, and performant."

Joshua Goldbard, CEO, MobileCoin
MobileCoin

UCSF, Fortanix, Intel, and Microsoft utilize privacy-preserving analytics to accelerate AI in health care

"While we have been very successful in creating clinical-grade AI algorithms that can safely operate at the point of care...the work was time consuming and expensive. ... With this new technology, we expect to markedly reduce the time and cost, while also addressing data security concerns."

Michael Blum, MD, professor of medicine at UCSF
University of California San Francisco

Fortanix makes Azure applications confidential

"Today, data is often encrypted at rest in storage and in transit across the network, but not while in use. Securing data and code with confidential computing will help customers accelerate the journey to the cloud, while protecting their most valuable data. Azure confidential computing provides the hardware-based security infrastructure needed for our confidential computing platform and applications to excel in the cloud. Fortanix is excited to bring cloud-scale confidential computing to our global customers through our partnership with Microsoft."

Ambuj Kumar, CEO and Co-founder, Fortanix
Fortanix

Anjuna makes Azure applications confidential

"Insider threats are a clear and present danger to cloud computing. Azure confidential computing with enterprise-ready enclaves protects companies from insiders with a new level of simplicity. The time for enterprises to start POCs is now."

Ayal Yogev, CEO, Anjuna Security
Anjuna

Frequently asked questions

  • In the same way that Diffie-Helman private-key encryption tackled the challenge of protecting data at rest, and the Internet Engineering Task Force (IETF) tackled the challenge of protecting data in transit with Transport Layer Security (TLS), confidential computing protects data in use. One of the ways it can be implemented today is through the use of trusted execution environments (TEEs). Confidential computing can also be implemented through Azure Kubernetes Service (AKS).
  • Confidential computing is most commonly used in financial services and health care industries and by government agencies, but every industry can benefit from it.
  • Prevention of fraud and waste, anti-corruption, anti-terrorism, records and evidence management, intelligence analysis, global weapons systems and logistics management, vulnerable population protection (including child exploitation, human trafficking, etc.), anti-money laundering, digital currencies, blockchain, transaction processing, customer analytics, proprietary analytics/algorithm, disease diagnostics, drug development, and contact tracing.
  • Use confidential containers, write enclave-aware applications with the Open Enclave SDK, utilize a third-party solution to run workloads, or deploy the latest virtual machine from Azure with Intel SGX-enabled hardware.
  • Blockchain nodes are run and maintained by operators or validators who wish to ensure integrity and reach consensus on the state of the network. The nodes themselves are replicas and are used to track blockchain transactions. Each node has a full copy of the transaction history, ensuring integrity and availability in a distributed network. Blockchain technologies built on top of confidential computing can use hardware-based privacy to enable data confidentiality and secure computations.
  • The CCF is one example of a distributed blockchain framework built on top of Azure confidential computing. Spearheaded by Microsoft, this framework leverages the power of trusted execution environments to create a network of remote enclaves for attestation. Nodes can run on top of Azure virtual machines and take advantage of the enclave infrastructure. Through attestation protocols, users of the blockchain can verify the integrity of one CCF node, and effectively verify the entire network.

Browse Azure Marketplace

Deploy the latest virtual machine from Azure with Intel SGX-enabled hardware.

Explore technical documentation

Read about the easy steps required to make your applications and workloads confidential.