If you have a need to run workloads on a virtual machine with high security and confidentiality requirements you can now use a confidential Azure Virtual Machine.
This specific capability is provided thanks to AMD processors using SEV-SNP technologies.
The confidential compute is available with the DC and EC virtual machine SKUs:
- DCasv5-series: Confidential VM with remote storage only. No local temporary desk
- DCadsv5-series: Confidential VM with a local temporary disk
- ECasv5-series: Memory-optimized confidential VM with remote storage only. No local temporary disk
- ECadsv5-series: Memory-optimized confidential VM with a local temporary disk
You can not resize a confidential compute virtual machine to a non confidential compute SKU as well as the other way around.
You can only use confidential compute with the following operating systems:
- Ubuntu 20.04 Gen 2
- Windows Server 2019 Gen 2
- Windows Server 2022 Gen 2
This is currently available only in WEST US region (https://azure.microsoft.com/en-us/global-infrastructure/services/?products=virtual-machines)
When you choose to use confidential compute, don’t forget to also enable the Confidential compute encryption at the Disks configure step
