Azure Confidential Computing Preview Goes Public

Microsoft this week expanded access to its Azure confidential computing solution, which is now in public preview after a year of being at the more limited "Early Access" stage.

Azure confidential computing is part of Microsoft's "Confidential Cloud" security approach. This approach aims to gain the trust of organizations to use Microsoft's Azure datacenter infrastructure ("the cloud") for their operations. The new confidential computing preview adds security while Azure customer data is in use. Microsoft already provides security for Azure customer data while in transit and "at rest."

Azure confidential computing represents "the final piece to enable data protection through its lifecycle whether at rest, in transit, or in use," explained Christine Avanessians, a principal program manager for Azure, in Microsoft's announcement.

Azure DC-Series
Avanessians simultaneously announced a public preview of the Azure DC-Series virtual machines in "US East and Europe West" Azure regions. The DC-Series virtual machines are related to Azure confidential computing because they support "hardware-based Trusted Execution Environments" (TEEs), specifically right now using Intel Xeon processors with Intel's Software Guard Extensions (SGX) protection. TEEs, also called "enclaves," are a key element because they are used to prevent outside parties from seeing data stored on Azure infrastructure.

The previews of the Azure DC-Series are "the first set of Generation 2 virtual machines" available on Azure, Avanessians noted. Microsoft worked with its partners to enable support for Ubuntu Server 16.04 and Windows Server 2016 Datacenter with these Generation-2 VMs, she added. Custom images aren't supported yet.

Testers get access to these Azure DC-Series VMs though the Azure Marketplace, according to a description by Aidan Finn, a Microsoft Most Valuable Professional. He outlined that approach in a blog post.

In addition to the hardware-based TEEs, Microsoft offers a software version for use with Azure confidential computing. The software version, based on the Hyper-V hypervisor, is called "Virtualization Based Security" (formerly known as "Virtual Secure Mode"), as Microsoft has previously explained.

Open Enclave SDK
On top of the Azure confidential computing and DC-Series VM previews, Avanessians announced that Microsoft has published its Open Enclave software development kit (SDK) as open source code on GitHub. Developers can use the APIs in the Open Enclave SDK, currently at version 0.4, to build "enclave applications." The SDK currently supports "Intel SGX technology for C/C++ applications, using mBedTLS," she indicated. The SDK will get future support for Arm TrustZone, Windows and "additional runtimes," she promised.

The aim of the Open Enclave SDK is to support building TEE-based applications across platforms.

"As TEE technology matures and as different implementations arise, the Open Enclave SDK is committed to supporting an API set that allows developers to build once and deploy on multiple technology platforms, different environments from cloud to hybrid to edge, and for both Linux and Windows," the Open Enclave's landing page explained.

Microsoft's announcement described some early partner-built applications that are leveraging the Azure confidential computing platform. The Royal Bank of Canada is testing the ability to "share and analyze data across different institutions, while maintaining security and confidentiality." The company Ockam is using Azure confidential computing capabilities to support a public blockchain solution.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • The 2020 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.

  • 2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss. (Now updated with COVID-19-related event changes.)

  • Curvey Stone Steps Graphic

    Microsoft Makes Run at 5G, Edge Computing with Azure Edge Zones

    Microsoft is promising to enable new edge computing scenarios for partners and developers with Azure Edge Zones, which became available as a preview this week.

  • Microsoft's Entire 2020 Event Lineup Going 'Digital-First'

    In response to concerns about the ongoing coronavirus (COVID-19) pandemic, Microsoft is transitioning all of its big conferences in 2020 to be online only.

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.