Price reduction and upcoming features for Azure confidential ledger!
Effective March 1, 2025, you can keep your records in Azure confidential ledger (ACL) at the reduced price of ~$3/day per instance! The reduced price is for the computation and the ledger use. The price of any additional storage used will remain unchanged. To tamper protect your records: Automatically create hash (e.g. MD5 or SHA256) of your blob storage data and keep those in Azure confidential ledger. For forensics, you can verify the integrity of the data against the signature in ACL. Imagine doing this as you are migrating data from one system to another, or when you restore archived records from cold storage. It is also valuable when there is a need to protect from insider/administrator risks and confidently report to authorities. If you keep your data in Azure SQL database, you can use their security ledger feature to auto generate record digests and store them in confidential ledger for integrity protection and safeguarding. You can use the SQL stored procedure to verify that no tampering or administrator modifications occurred to your SQL data! In addition, we are announcing the preview of User Defined Functions for Azure confidential ledger. Imagine doing a schema validation before writing data to the Ledger or using pattern matching to identify sensitive information in log messages and perform data massaging to mask it. To increase your awareness, request access for this preview via the sign-up form. Get started by reading our documentation and trying out confidential ledger yourself! _____________________________________________________________________________________________________ What is Azure confidential ledger and what is the change? It is a tamper protected and auditable data store backed by a Merkle tree blockchain structure for sensitive records that require high levels of integrity protection and/or confidentiality. While customers from AI, financial services, healthcare, and supply chain continue to use the ledger for their business transaction’s archival needs and confidential data’s unique identifiers for audit purposes, we are acting on their feedback for scaling ledgers to more of their workloads with a more competitive price! How can I use Azure confidential ledger? - Azure SQL database ledger customers can enable confidential ledger as its trusted digest store to uplevel integrity and security protection posture - Azure customers who use blob storage have found value in migrating their workloads to Azure with a tamper protection check via the Azure confidential ledger Marketplace App. - Azure customers who use data stores and databases (e.g. Kusto, Cosmos, and Log Analytics) may benefit from auditability and traceability of logs being kept in the confidential ledger with new compliance certifications in SOC 2 Type 2 and ISO27001. How much does Azure confidential ledger cost? - Approximately $3/day/ledger _____________________________________________________________________________________________________ Resources Explore the Azure confidential ledger documentation Read the blog post on: Integrity protect blob storage Read the blog post on: How to choose between ledger in Azure SQL Database and Azure Confidential Ledger Read the blog post on: Verify integrity of data transactions in Azure confidential ledger View our recent webinar in the Security Community Recent case studies: HB Antwerp & BeekeeperAI
Confidential Temp Disk Encryption for Confidential VMs in Public Preview
We are announcing the public preview of confidential temp disk encryption for confidential VMs. Until recently, confidential encryption has only been available for OS disks. It binds the disk encryption keys to the virtual machine’s TPM (Trusted Platform Module) and makes the disk content accessible only to the VM. With this release, we are extending this protection by enabling encryption of the temp disk, using in-VM symmetric key encryption technology, after the disk is attached to the confidential VM (CVM).Preview of Azure Confidential Clean Rooms for secure multiparty data collaboration
Today, we are excited to announce the preview of Azure Confidential Clean Rooms, a cutting-edge solution designed for organizations that require secure multi-party data collaboration. With Confidential Clean Rooms, you can share privacy sensitive data such as personally identifiable information (PII), protected health information (PHI) and cryptographic secrets confidently, thanks to robust trust guarantees that help ensure that your data remains protected throughout its lifecycle from other collaborators and from Azure operators. This secure data sharing is powered by confidential computing, which helps protect data in-use by performing computations in hardware-based, attested Trusted Execution Environments (TEEs). These TEEs help prevent unauthorized access or modification of application code and data during use. Organizations across industries need to perform multi-party data collaboration with business partners, outside organizations, and even within company silos to improve business outcomes and bolster innovation. Confidential Clean Rooms help derive true value from such collaborations by enabling granular and private data to be shared while providing safeguards on data exfiltration hence protecting the intellectual property of the organization and the privacy of its customers and addressing concerns around regulatory compliance. Whether you’re a data scientist looking to securely fine-tune your ML model with sensitive data from other organizations, or a data analyst wanting to perform secure analytics on joint data with your partner organizations, Confidential Clean Rooms will help you achieve the desired results. You can sign up for the preview here Key Features Secure Collaboration and Governance: Allows collaborators to create tamper-resistant contracts that contain the constraints which will be enforced by the clean room. Governance verifies validity of those constraints before allowing data to be released into clean rooms and helps generate tamper-resistant audit trails. This is made possible with the help of an implementation of the Confidential Consortium Framework CCF). Enhanced Data Privacy: Provides a sandboxed execution environment which allows only authorized workloads to execute and prevents any unauthorized network or IO operations from within the clean room. This helps keep your data secure throughout the workload execution. This is possible with the help of deploying clean rooms in confidential containers on Azure Container Instances (ACI) which provides container group level integrity with runtime enforcement of the same. Verifiable trust at each step with the help of cryptographic remote attestation forms the cornerstone of Confidential Clean Rooms. Salient Use Cases Azure Confidential Clean Rooms caters to use cases spanning multiple industries. Healthcare: For fine-tuning and inferencing with predictive healthcare machine-learning (ML) models and for joint data analysis for advancing pharmaceutical research. This can help protect the privacy of patients and intellectual property of organizations while demonstrating regulatory compliance. Finance: For financial fraud detection through analysis of combined data across banks and other financial institutions and for providing personalized offers to customers through secure analysis of transaction data and purchase data in retail outlets Media and Advertising: For improving marketing campaign effectiveness by combining data across advertisers, ad-techs, publishers and measurement firms for audience targeting and attribution and measurement Retail: For enhanced personalized marketing and improved inventory and supply chain management Government and Public Sector Organizations: For analysis of high security data across multiple government and public sector organizations to streamline benefits for citizens Customer Testimonials We are already partnering with several organizations to accelerate their secure multi-party collaboration journey with confidential clean rooms. Confidential computing in healthcare allows secure data processing within isolated environments, called 'clean rooms', protecting sensitive patient data during AI model development, validation and deployment. Apollo Hospitals uses Azure Confidential Clean Rooms to enhance data privacy, encrypt data, and securely train AI models. The benefits include secure collaboration, anonymized patient privacy, intellectual property protection, and enhanced cybersecurity. Apollo’s pilot with Confidential Clean Rooms showed promising results, and future efforts aim to scale secure AI solutions, ensuring patient safety, privacy, and compliance as the healthcare industry advances technologically. - Dr. Sujoy Kar, Chief Medical Information Officer and Vice President, Apollo Hospitals Azure Confidential Clean Rooms is a game changer to make collaborations on sensitive data both seamless and secure. When combined with Sarus, any data processing job is automatically analyzed using the most advanced privacy technology. Once validated, they are processed securely in Confidential Clean Rooms protecting both the privacy of data and the confidentiality of the analysis itself. This eliminates administrative overheads and makes it very easy to build advanced data processing pipelines. With our partner EY, we're already leveraging it to help international banks improve AML practices without compromising privacy. - Maxime Agostini, CEO & Cofounder of Sarus Read here to learn more about how Sarus is using Confidential Clean Rooms. As co-leaders on this Data Consortium Pilot, we are thrilled to be working with industry partners, Sarus and Microsoft, to drive this initiative forward. By combining Sarus’ privacy preserving technologies and Microsoft’s Azure Confidential Clean Rooms, not only does this project push the edge of technology innovation, but it strives to address a pivotal issue that affects us as Canadians. Through this work, we aim to help financial services organizations and regulators navigate the complexities of private and personal data sharing, without compromising the integrity of the data, and adhering to all relevant privacy regulations. For the purposes of this pilot, we are focusing our efforts on how this technology can play a pivotal role in helping better detect cases of human trafficking, however, we recognize that it can be used to help organizations for multiple other use cases, and cross industries, including health care and government & public sector. - Jessica Hansen, Privacy Partner EY Canada, and Dana Ohab, AI & Data Partner EY Canada Retrieval-Augmented Generation (RAG) applications accessing Large Language Models (LLMs) are common in private AI workflows, but managing secure access to sensitive data can be complex. SafeLiShare’s integration of its LLM Secure Data Proxy (SDP) with Azure Confidential Clean Rooms (ACCR) simplifies access control and token management. The joint solution helps ensure runtime security through advanced Public Key Infrastructure (PKI) and centralized policy management in Trusted Execution Environments (TEEs), enforcing strict access policies and admission controls to guarantee authorized access to sensitive data. This integration establishes trust bindings between the Identity Provider (IDP), applications, and data, safeguarding each layer without compromise. It also enables secure creation, sharing, and management of applications and data assets, ensuring compliance in high-performance AI environments. - Cynthia Hsieh, VP of Marketing, SafeLiShare Read here to learn more about how SafeLiShare is using Confidential Clean Rooms. Learn More Signup for the preview of Azure Confidential Clean Rooms Confidential Consortium Framework (CCF) Confidential containers on Azure Container Instances (ACI)Preview: New DCasv6 and ECasv6 confidential VMs based on 4th Generation AMD EPYC™ processors
You can get started deploying your software on these confidential VMs by signing up here. Additional security enhancements With the launch of the DCasv6 and ECasv6 confidential VM family – we support AES-256 memory encryption enabled by default. Additionally, we now offer our customers the capability to leverage key protection with Virtualization-based Security (VBS) in Windows. By enabling key protection in Windows CVMs, customers can protect keys in-use from Guest OS and applications. This key protection is enforced by CPU hardware. Faster performance for confidential workloads These new CVMs have demonstrated up to 25% improvement in various benchmarks compared to our previous generation of AMD-based confidential VMs. KT is leveraging Azure confidential computing to secure sensitive and regulated data from its telco business in the cloud. With new V6 CVM offerings in Korea Central Region, KT extends its use to help Korean customers with enhanced security requirements, including regulated industries, benefit from the highest data protection as well as the fastest performance by the latest AMD SEV-SNP technology through its Secure Public Cloud built with Azure confidential computing. - Woojin Jung, EVP, KT Corporation Worldwide Region Availability These CVMs will be gradually made available across all supported Azure regions and availability zones. Please use the sign-up form to indicate interest in participating in the gated preview and regional requirements. General purpose & Memory-intensive workloads Featuring general purpose optimized memory-to-vCPU ratios and support up to 96 vCPUs and 384 GiB RAM, the DCasv6-series delivers enterprise-grade performance. The DCasv6-series enables organizations to run sensitive workloads with hardware-based security guarantees, making them ideal for applications processing regulated or confidential data. For more memory demanding workloads, the new ECasv6-series offer high memory-to-vCPU ratios with increased scalability up to 96 vCPUs and 672 GiB of RAM. The ECasv6-series is ideal for memory-intensive enterprise applications offering nearly double the memory capacity of DCasv6. The ECasv6-series scales 672 GiB RAM with up to 96 vCPUs, making them ideal for memory intensive applications that exceed even the capabilities of the DCasv6 series. DCasv6 DCadsv6 ECasv6 ECadsv6 vCPU 2 - 96 2 - 96 2 - 96 2 - 96 Memory 8 - 384 8 - 384 16 - 672 16 - 672 Max local disk NA 75-600GiB NA 75-600GiB OS Support These CVMs support the following guest operating systems: Windows Server 2019, 2022, 2025, Windows 11, Ubuntu 22.04, Ubuntu 24.04, and RHEL 9.4. Endorsements from our customers The BMW Group relies on Azure confidential VMs powered by AMD EPYC processors to enable a Zero Trust environment with end-to-end encryption for our identity authentication system, allowing over 200,000 associates to collaborate on building the future of individual mobility. The solution was made possible in part due to the fact that AMD EPYC processor based confidential VMs do not require code changes to protect data in memory. Further, our testing of the newest generation of DCasv6 VMs has shown significant improvements in performance, and we look forward to seeing them go live on Azure. - BMW Group Having early access to Microsoft’s latest confidential VMs is a game-changer, offering enhanced security and performance. Our customers are pleased that they won’t have to adapt existing algorithms to take advantage of computing within the optimal CVM environment available in their computing region and selected within the EscrowAI platform. - Mary Beth Chalk, Co-founder & Chief Commercial Officer, BeeKeeperAI Anjuna is thrilled to be among the first to access Microsoft’s latest confidential VMs, powered by the newest version of the AMD SEV-SNP technology. Our ongoing partnership with Microsoft Azure provides us with early access to explore advanced security and performance features. This collaboration empowers joint Azure and Anjuna customers to leverage the newest Azure technologies from day one, enhanced by the capabilities of the Anjuna Seaglass platform. - Ofir Azoulay-Rozanes, Director of Product Management, Anjuna Security Sign up now for exclusive access Joining our exclusive preview program gives you an opportunity to work with the product team. To get started deploying your software on the latest confidential VMs sign up here.Azure Confidential Computing at Ignite 2024
This is another great year for Azure Confidential Computing (ACC) team at Ignite. We are announcing the availability of two new offerings: The preview of our latest DCa/ECa v6 series confidential VMs running on 4th generation AMD EPYC™ processors, with enhanced performance and security features. The preview of Azure Confidential Clean Rooms, a totally new PaaS for building privacy preserving multiparty analytics and collaboration solutions. And we are amplifying the confidential AI use cases of our recently announced generally available confidential VMs with NVIDIA H100 Tensor Core GPUs. Preview of our latest DCa/ECa v6 series confidential VMs We are thrilled to partner with AMD to offer these confidential VMs based on 4th generation AMD EPYC processors. They offer up to 25% better CPU performance on Windows Server 2022 compared to their previous generation counterparts. Also, for Windows Server, they offer enhanced security with the option to use Virtualization-based Security (VBS) to protect secrets in a highly secure section of VM memory. And these VMs will be our most widely available confidential VM to date. To learn more and sign up for the preview read the preview blog post: https://aka.ms/Genoa-CVM-Prev-blog Preview of Azure Confidential Clean Rooms We are very excited to announce the preview Azure’s first confidential clean room offering, Azure Confidential Clean Rooms, a PaaS for building multi-party, privacy preserving applications, leveraging the Confidential Consortium Framework (CCF) and confidential containers on Azure Container Instances (ACI). To learn more and sign up for the preview read the preview blog post: https://aka.ms/ACCR-preview-blog Confidential GPUs new use cases On Thursday, November 21, at 12:30 PM CST, I will be at Ignite presenting a live demonstration of deploying an NCC H100 v5 confidential VM with NVIDIA H100 Tensor Core GPU (aka, confidential GPU) and show several use cases within the context of confidential AI including: How to do attestation of the confidential VM and its associated GPU Using confidential GPUs to support confidential retrieval-augmented generation (RAG) Using confidential GPUs to support confidential speech to text translation with the preview of the confidential inference feature of the Azure OpenAI Whisper model Please make sure to attend if you are at the event as this event is not being broadcast and will not being recorded. Figure 1. Architecture of Azure AI confidential inferencing Other recent ACC related announcements We are excited to acknowledge the recent announcement of confidential containers on Azure Red Hat OpenShift (ARO). This gives ARO users the opportunity to provide an additional layer of protection of their sensitive workloads in memory from Azure operators and from your own application and tenant administrators. Read the blog post to learn more: Confidential Containers Public Preview on Azure Red Hat OpenShift | Microsoft Community Hub We are happy to report that Azure Batch is now supported on all AMD SEV-SNP based v5 and v6 confidential VMs. And finally, as part of Microsoft’s commitment to our Secure Future Initiative (SFI), we are announcing our newest in-house security chip, Azure Integrated HSM, a dedicated Hardware Security Module (HSM) that strengthens key protection by enabling the use of encryption and signing keys while they remain within the bounds of a HSM, without incurring the typical network access latencies for HSM access. Read the blog post to learn more: Securing Azure infrastructure with silicon innovation | Microsoft Community Hub ACC at Ignite sessions In addition to my confidential GPU demonstration mentioned above, ACC powered solutions are being covered in multiple sessions at Ignite including: Confidential AI with Ubuntu on Azure Exploring the latest innovations in Azure Compute Provide a new level of protection with Confidential Virtual Machines Explore everything infrastructure with AMD EPYC on Azure Master managed cloud solutions to drive TTM and reduce costs Securing critical open source workloads on Azure with Ubuntu (in person only) Inside Azure innovations with Mark Russinovich Cloud platform security in an evolving threat landscape Accelerate generative AI adoption with NVIDIA AI on Azure Azure continues to be a pioneer in confidential computing. There is more to come, and we look forward to you joining us on this journey. Get started with Azure Confidential Computing Documentation: https://aka.ms/accdocs Blogs: https://aka.ms/accblogs Customer and partner successes: https://aka.ms/accstoriesAdams Bridge: An Accelerator for Post-Quantum Resilient Cryptography
The name Adams Bridge is inspired by the mythological structure which was said to span a vast gulf between two landmasses. In the realm of cryptography, a similar vast gap exists between classical asymmetric cryptography and quantum-resilient cryptography. Azure aims to bridge this gap by developing a fully open-source silicon quantum resilient cryptographic accelerator known as the Adams Bridge Accelerator. The Adams Bridge accelerator will be first integrated into Caliptra 2.0, and then delivered as an independent accelerator thereafter. This integration makes Caliptra the first open-source root-of-trust with hardened post quantum resilient cryptography. The algorithms used in classical asymmetric cryptography depend on complex number theory problems, such as integer factorization or the discrete logarithm problem, for their security. However, research has demonstrated that a quantum computer with enough power can defeat current asymmetric algorithms. Given this, the National Institute of Standards and Technology (NIST) has been working closely with the industry for several years to create new algorithms that are safe from quantum threats. NIST has finalized its selection of quantum-safe algorithms and has released publications, FIPS 203 and FIP S204 in August 2024. The newly selected post-quantum algorithms are significantly different from their classical counterparts, which calls for a new approach to the design of digital signature schemes and attestation protocols. Hardware device manufacturers and suppliers need to pay immediate attention to these changes as they impact foundational hardware security capabilities such as immutable root-of-trust anchors for both code integrity and hardware identity. Currently, the risks to hardware are more significant than for software, due to longer development times and the immutability of hardware. Therefore, immediate action is needed for new hardware designs. To accelerate the adoption of these quantum resilient algorithms and to increase trustworthiness of hardware security, Microsoft is open sourcing our new Adams Bridge Accelerator that provides hardware acceleration for the NIST-selected quantum resilient algorithms Dilithium & Kyber. The Register Transfer Language (RTL) code for the Adams Bridge Accelerator – ‘Dilithium component’ is open-sourced as a discrete crypto accelerator and is also integrated into the already open-sourced Caliptra Root of Trust (RoT). Providing the RTL for all portions of Adams Bridge will allow for easy uptake by industry partners, and save development time that would otherwise be spent developing identical functionality. This new open-source Caliptra update will be made available in October 2024. The Adams Bridge Accelerator – Kyber component will be released shortly thereafter. Figure 1 Caliptra Subsystem block diagram Caliptra 2.0 – Root of Trust Subsystem Caliptra, an open-source silicon root of trust for which Microsoft is a founding member, is already being adopted by leaders in modern AI infrastructure, storage and network infrastructure. At the OCP Global Summit 2024, This version of Caliptra is not only quantum resilient, but it expands upon the capabilities of Caliptra 1.0 to include the Root of Trust for Update and Root of Trust for Recovery. Caliptra subsystem meets all the root of trust requirements of NIST 800-193 and offers a fully transparent root of trust subsystem, negating the need for additional boot controllers. For more information about Caliptra and Adams Bridge, please visit the Caliptra website: https://Caliptra.ioGeneral Availability: Azure confidential VMs with NVIDIA H100 Tensor Core GPUs
Today, we are announcing the general availability of Azure confidential virtual machines (VMs) with NVIDIA H100 Tensor core GPUs. These VMs combine the hardware-based data-in-use protection capabilities of 4 th generation AMD EPYC TM processor based confidential VMs with the performance of NVIDIA H100 Tensor Core GPUs.Azure Confidential Computing at Inspire 2023
Confidential computing has been growing in interest from customers in order to maximize their defense in depth for data protection in Azure. Beyond traditional means of protecting data at rest and in transit, confidential computing protects data in use while processing in memory, enabled by new hardware available in Azure. Just as https is a way to protect data in transit, confidential computing can be seen as a way to protect data in use.
