We’re thrilled to announce the public preview of the Trusted Launch feature for Generation 2 (Gen2) Virtual machines (VMs) in Azure DevTest Labs! 🌟 This game-changing feature is designed to enhance security of virtual machines (VMs), protecting against advanced and persistent attack techniques. Here are the key benefits:
- Securely deploy VMs with verified boot loaders, OS kernels, and drivers.
- Protect keys, certificates, and secrets within VMs securely.
- Gain insights and confidence in the integrity of the entire boot chain.
- Ensure workloads are trusted and verifiable.
Trusted Launch integrates several infrastructure technologies that can be enabled independently, each adding a layer of defense against sophisticated threats.
Secure Boot
At the core of Trusted Launch is Secure Boot, which protects against malware-based rootkits and boot kits by ensuring only signed OS and drivers can boot, establishing a “root of trust” for your VM’s software stack.
vTPM
The virtual Trusted Platform Module (vTPM) acts as a secure vault for keys and measurements and enables attestation by measuring the entire boot chain. If an unauthorized component is detected, Microsoft Defender for Cloud issues integrity alerts.
Virtualization-based Security (VBS)
VBS uses the hypervisor to create a secure memory region for Windows to run various security solutions with increased protection against vulnerabilities and malicious exploits. Trusted Launch allows you to enable Hypervisor Code Integrity (HVCI) and Windows Defender Credential Guard, which protect kernel-mode processes and isolate secrets, respectively.
Microsoft Defender for Cloud Integration
Trusted Launch integrates with Defender for Cloud to ensure proper VM configuration. Defender for Cloud provides recommendations to enable Secure Boot, vTPM, and the Guest Attestation extension. It also performs remote attestation to validate VM boot integrity and issues alerts for any health problems or untrusted components detected.
By leveraging Trusted Launch, you can significantly enhance the security and integrity of your virtual machines.
To learn more about Trusted Launch feature and how to use it on Azure DevTest Labs, please visit Trusted Launch for Generation 2 VMs in Azure DevTest Labs
0 comments
Be the first to start the discussion.