Microsoft has released Trusted Launch in-place upgrade support for Azure Virtual Machines and Scale Sets. This allows users to enhance security without downtime or complex migrations. It’s now generally available for existing Gen1 and Gen2 VMs and Uniform scale sets, and in private preview for Flex scale sets. What’s nice about this upgrade for customers is that it’s provided at no additional cost.
Trusted Launch is designed as a foundation security feature that helps to prevent bootkit malware. It is strongly recommended by Microsoft for protecting infrastructure and allows customers to meet compliance requirements such as Azure Security Benchmark, FedRAMP, and HIPAA.
Trusted Launch is a built-in capability that helps to protect virtual machines from advanced threats from the moment they start. It includes three key security features: Secure Boot, vTPM (virtual Trusted Platform Module), and Boot Integrity Monitoring. Secure Boot prevents unauthorized code from loading during startup, vTPM acts as a secure vault for encryption keys and boot measurements, and Boot Integrity Monitoring continuously checks that the VM boots into an uncompromised state.
The feature helps to maintain the trust of the guest operating system, adds defense-in-depth, and enhances the VM’s security posture through cryptographic verification.
Microsoft has shared detailed instructions on how to enable Trusted Launch on Gen1 VMs, Gen2 VMs, and Virtual Machine Scale Sets in its documentation pages. The upgrade can be completed with minimal effort and downtime and does not affect other existing VMs or scale sets. For Gen1 VMs, the upgrade requires a transition from a BIOS-based to a Gen2 UEFI-based operating system.
Microsoft said that the security of its cloud computing platform is a priority. The change is an important step toward ensuring Azure VMs provide a more secure environment. Upgrading to Trusted Launch will help Microsoft’s customers make their workloads more resilient against future threats.
Image via Depositphotos.com