Azure, Windows

Trusted Launch – Secure VM at Azure

Hello friends

Hope you all are doing well. Kind of better times for us too, as Covid cases are decreasing from wave 2 in India. Hope tread continues.

Recently I was performing some test for my new project and strike with excellent feature on Azure – Trusted launch. It is a security feature for Azure generation 2 VMs and protects against advanced and persistent attack techniques.

Benefits ( Courtesy Microsoft docs)

  • Securely deploy virtual machines with verified boot loaders, OS kernels, and drivers.
  • Securely protect keys, certificates, and secrets in the virtual machines.
  • Gain insights and confidence of the entire boot chain’s integrity.
  • Ensure workloads are trusted and verifiable.

How it does it ?

Trusted launch provides option to configure:

  • Secure Boot – ensures only signed operating systems and drivers can boot
  • vTPM – It is a virtual TPM, compliant with TPM 2.0. The vTPM enables attestation by measuring the entire boot chain of your VM (UEFI, OS, system, and drivers).

Considerations

  • Its in public preview
  • Support only Gen 2 VMs
  • Need to be configured at the time of VM creation
  • Support only list of region, OS and VM size. You can check this list here

How to configure

  • Sign in to the Azure portal ( ensure that you open portal using this link)
  • On home screen, click Create a resource
  • Click on Compute and then select Virtual machine
  • Configure Resource Group, Virtual machine name. Select Region, image and size as per the Microsoft document provided in link above. Note that Trusted Launch is not available in all location, image and size. Once you select correct settings, a note for Trusted Launch will appear below image.
  • Trusted Launch settings are under Advanced menu.

Click on Review+Create to create VM.

So, this is how to configure Trusted Launch. I have enable it on few of my test machines and it worked like charm. Word of caution, its still in public preview.

So here we end this blog and see you soon with some other technical stuff.

BTW, Microsoft has a big event on 24th June and going to announce something big on OS. Is it Windows 11? Let’s stay tuned to know more: https://www.microsoft.com/en-us/windows/event

Published by Vinit Pandey

I am Microsoft Certified Trainer ( MCT) with couple of other certifications including MCSE, MCITP and MCTS. My core technologies are Windows Servers and clients, System Center products including MECM, Intune, Systrack, Nexthink, Yellow.AI, PowerShell, Nomad, Tachyon, Shopping, SCOM, SCVMM, Hyper-V, Failover Clustering and Azure. I have done B.Tech in electronics and communication stream. I have total 15+ experience in IT field. Presently, I am working with Larsen and Toubro Infotech as Experience Architect. My job includes transition, transformation and migration activities which we perform for our esteemed clients. Often I need to provide consultancy to my clients in migration and planning projects. I am from Chousa (Buxar) which has a lot of historical significance. In my free time I love to blog and play with Shreya (my daughter) and Tiger ( my pet dog).

Leave a comment