Microsoft Azure Attestation

플랫폼 내부에서 실행되는 이진 파일의 무결성과 플랫폼의 신뢰성을 원격으로 확인하는 통합 솔루션

Store and process confidential data with confidence

Verify the identity and security posture of a platform before you interact with it. Azure Attestation receives evidence from the platform, validates it with security standards, evaluates it against configurable policies, and produces an attestation token for claims-based applications. The service supports attestation of trusted platform modules (TPMs) and trusted execution environments (TEEs) like Intel® Software Guard Extensions (SGX) and virtualization-based security (VBS) enclaves.

Demonstrates that software binaries were instantiated on a trusted platform

Supports attestation of multiple platforms like TEEs and TPMs

Custom attestation providers can be configured for fine-grained control and enforce user-defined policies

Default attestation providers simplify attestation without the need for additional configuration

Verify the trustworthiness of multiple platforms

Tap into disruptive business models that require highly scalable compute resources and uncompromising trust with the remote attestation capability. Azure Attestation provides comprehensive attestation services for multiple environments and distinctive use cases such as enclave validation, secure key sharing, and confidential multiparty computation.

Simplify attestation with a default provider

Easily access a default provider in your Azure region for attestation services without the need for configuration. Default providers are available for all Azure Active Directory (Azure AD) users.

Learn more about default providers

Enforce customized attestation policies

Create your own attestation provider and configure custom policies to restrict attestation token generation. Azure Attestation evaluates the platform evidence against your policies to ensure that the binaries running inside the platform haven’t been tampered with by external entities. If your attestation provider allows signed policies, Azure Attestation will use your signer certificates to validate the signed policies and authenticate the users.

Learn more about attestation policies

Comprehensive security and compliance, built in

  • Microsoft는 사이버 보안 연구 및 개발에 매년 USD 10억 넘게 투자합니다.

  • Microsoft에 소속된 3,500명의 보안 전문가가 데이터 보안 및 개인 정보 보호를 전담합니다.

  • Azure는 다른 어떤 클라우드 공급 기업보다도 많은 인증을 취득했습니다. 전체 목록을 확인하세요.

Azure Attestation is free

Azure Attestation services are available at no additional cost.

Azure Attestation resources and documentation

Get started with learning resources

Explore more references

Frequently asked questions about Azure Attestation

  • A public key generated within an enclave can be expressed in the enclave held data (EHD) property of the attestation request object sent to Azure Attestation. Azure Attestation includes EHD as a claim in the attestation token. A relying party can use the EHD from the verified attestation response to encrypt the secrets and share with the enclave. See Azure Attestation concepts for more information.
  • Attestation token generated by the Azure Attestation is signed using a self-signed certificate. The signing certificates are exposed via an OpenID metadata endpoint. Relying party can retrieve the certificates from this endpoint and perform signature verification of the attestation token.

Ready when you are—let’s set up your Azure free account

"Intel is a trademark of Intel Corporation or its subsidiaries."