Microsoft Security Product Hub

Azure Confidential Computing


Azure Confidential Computing is an umbrella term for protecting data in use by performing processing in a hardware-based Trusted Execution Environment (TEE). This is in addition to data at rest and data in transit protection. This prevents Microsoft as the hosting provider from having the ability to access encrypted data, restricts data to those who need it so even privileged administrators cannot access it, and prevents third party access to sensitive customer, financial or health data. Azure Confidential Computing is made up of multiple separate solutions.

Confidential Enclave with Intel SGX. Intel Software Guard Extension (Intel SGX) enabled virtual machines reserve part of the CPU hardware for a protected enclave and abstract the hardware from an application. A solution is also in testing for confidential VMs with AMD Sev-SNP for AMD EPYC 7003 processors.

Azure Attestation provides verification and validation that the trusted environment is secure. Attestation gives a credential to prove that the software is running in an enclave and that the enclave is up to date and secure.

Azure Confidential Ledger is a decentralised Blockchain based tamperproof ledger that runs in a trusted execution environment and digitally signs each transaction.

Azure IoT Edge with enclaves allows IoT Edge modules to remain encrypted during deployment and can only be decrypted to run inside a trusted enclave.

Azure Kubernetes Service confidential computing nodes allow container applications to run in an isolated, hardware protected environment on Azure Kubernetes Service

Azure Trusted Launch virtual machines have verified and signed bootloaders, operating system kernels and boot policies using the Trusted Launch Virtual Trusted Platform Module (VTPM). This allow measurement and attestation as to whether a boot was compromised.

Confidential Inference ONNX Runtime is a Machine Learning inference server that runs inside the enclave. In preview, this runs on an Azure Kubernetes Service confidential computing node and restricts the machine learning hoster from accessing the inference request and response.

SQL Always Encrypted with secure enclaves protects sensitive data from unauthorised privileged users and malware by running a protected region of memory within the database engine process. Data inside the enclave cannot be seen from outside the enclave, and allows the enclave to work with secure data in plaintext inside the enclave.


  • Protect data in use, in addition to at rest and in transit
  • Prevent access to sensitive data from outside the confidential enclave
  • Prevent modification of applications, data and boot processes
Secure Remote Work
Zero Trust