Skip to main content

General availability: Azure confidential VMs (DCasv5/ECasv5-series VMs)

Published date: July 20, 2022

Today we are announcing the general availability of Azure DCasv5/ECasv5 confidential VMs utilizing 3rd Gen AMD EPYC processors with Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) security features.

Azure confidential VMs are designed to offer a new, hardware-based TEE leveraging SEV-SNP, which hardens guest protections to deny the hypervisor and other host management code access to VM memory and state, protecting against operator access. 

DCasv5/ECasv5 confidential VMs run on AMD 3rd Gen EPYCTM 7763v processors with boosted maximum frequency up to 3.5GHz, which provide hardware based VM memory encryption and integrity protection only available through SEV-SNP. Keys used for VM memory encryption are generated by a dedicated secure processor inside of AMD CPUs and cannot be read from software. Integrity protection is an enhanced capability only available with SEV-SNP security feature in AMD 3rd EPYC Gen, which hardens VM-level Isolation and integrity protection.

For latest information of regional availability, please refer to Azure Products by Region. To learn more about Azure confidential VMs (DCasv5/ECasv5), please refer to below links.

  • Microsoft Inspire