News

Microsoft Lines Up Support for Azure Confidential Computing

Microsoft this week put the spotlight on its partners' efforts around its Azure confidential computing project.

In preview since last September, Azure confidential computing is a method for ensuring that data remains protected "while it's processed in the cloud," according to a blog post Wednesday by Mark Russinovich, chief technology officer of Microsoft Azure. The goal of the project is to reassure organizations that are reticent about placing data and code on external infrastructures, including Azure public datacenters.

The Azure confidential computing project is still at its initial stages, but Microsoft sees it as becoming "the new norm for all data processing, both in the cloud and on the edge," according to Russinovich.

Microsoft has previously explained that Azure encrypts data in transit and at rest. Azure confidential computing would add protections for processed data, specifically against malicious insiders with administrative access, malware, external hackers and any third parties that may have access.

Microsoft is aligning Azure confidential computing with its "Confidential Cloud vision," which has the following characteristics, according to Russinovich:

  • Top data breach threats are mitigated
  • Data is fully in the control of the customer regardless of whether in rest, transit, or use and even though the infrastructure is not
  • Code running in the cloud is protected and verifiable by the customer
  • Data and code are opaque to the cloud platform, or put another way the cloud platform is outside of the trusted computing base

Confidential computing uses a Trusted Execution Environment (TEE) or "enclave," as manifested in either software or hardware, to prevent outside parties from viewing data stored on Azure. The software TEE part is known as Microsoft's Virtualization Based Security solution, formerly called "Virtual Secure Mode," based on the Hyper-V hypervisor. The hardware TEE part is Intel's SGX solution based on the CPU.

In updating the Azure confidential computing efforts, Microsoft announced this week that it is now using Intel Xeon processors with SGX technology in its Azure East U.S. region. It's also "introducing a new family of virtual machines (DC-Series)" that uses this Intel technology.

In addition, Microsoft is working with partners to support a consistent API for TEEs across both Linux and Windows "so that confidential application code is portable." Right now, it's possible to build C or C++ applications using Intel's SGX software development kit.

Microsoft also is partnering with chip vendors to verify or "attest" code running in TEEs, although it didn't provide details.

Confidential computing efforts also are associated with Microsoft's "Confidential Consortium Blockchain Framework" and the SQL Server Always Encrypted feature. Microsoft is also working on support for "secure multiparty machine learning scenarios," and other research to "harden" TEE applications, Russinovich explained.

Signing up for the Azure confidential computing preview entails filling out a survey. It's accessed at this page.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.

  • Report: Security Initiatives Can't Keep Pace with Cloud, AI Boom

    The increasingly fast adoption of hybrid, multicloud, and AI systems is easily outgrowing existing security measures, according to a recent global survey by the Cloud Security Alliance (CSA) and exposure management firm Tenable.

  • World Map Image

    Microsoft Taps Nebius in $17B AI Infrastructure Deal To Alleviate Cloud Strain

    Microsoft has signed a five-year, $17.4 billion agreement with Amsterdam-based Nebius Group to expand its AI computing capabilities through third-party GPU infrastructure.