As you may already know, you have been able to create virtual machines on Azure with trusted launch capabilities – Secure Boot, vTPM…
Until now, you could not enable trusted launch on existing VM’s.
After few months in private preview, you can now enable it on existing virtual machines.
Off course, existing virtual machines must meet the requirements for enabling trusted launch as listed here https://learn.microsoft.com/en-us/azure/virtual-machines/trusted-launch/.
To enable trusted launch on your virtual machine, connect to your Azure portal (https://portal.azure.com/) to shutdown the virtual machine before updating the Security type
Once trusted launch is selected, you can then the security features you want to enable.
You can also off course use a PowerShell script to do it in bulk:
Connect-AzAccount –SubscriptionId <subscription ID>
Stop-AzVM –ResourceGroupName <resource group> –Name <virtual machine name>
Get-AzVM -ResourceGroupName <resource group> -VMName <virtual machine name> | Update-AzVM -SecurityType TrustedLaunch -EnableSecureBoot $true -EnableVtpm $true
Start-AzVM -ResourceGroupName <resource group> -Name <virtual machine name>