Microsoft continues to beef up its security offering for cloud customers
Microsoft has revealed that its Azure platform now offers a free virtual trusted platform module. This new module aims to make Microsoft’s IaaS offering more attractive to enterprise customers.
Infrastructure as a service (IaaS) is an instant computing infrastructure, according to Microsoft. It’s one of the four types of cloud services. The other three are software as a service (SaaS), platform as a service (PaaS), and serverless.
Azure Trusted Launch prevents bootkit and rootkit infections
This week Microsoft launched “Azure Trusted Launch for virtual machines” and as a preview. Microsoft’s CTO for Azure Mark Russinovich described the new service in a blog post.
“Trusted Launch allows administrators to deploy virtual machines with verified and signed bootloaders, OS kernels, and a boot policy that leverages the Trusted Launch Virtual Trusted Platform Module (vTPM) to measure and attest to whether the boot was compromised,” he explains.
“The vTPM measurements give administrators visibility into the integrity of the entire boot process,” Russinovich says. “And vTPM release policies ensure that keys, certificates, and secrets aren’t accessible to compromised virtual machines.”
Observability through a single pane of glass
Azure Security Center serves as a single pane of glass for integrity alerts, recommendations, and remediations generated by Trusted Launch, Russinovich says.
Moreover, customers can switch on Trusted Launch with a simple change in deployment code or a checkbox within the Azure portal for all virtual machines.
If the service detects suspicious activity during boot, users will see medium-severity alert in the standard tier Azure Security Center.
Not all Azure customers can take advantage of the new offering
Unfortunately, the new security module is not available for all Microsoft Azure customers. The HBv3, Lsv2-series, M-series, Mv2-series, NDv4 series and NVv4-series cannot make use of Trusted Launch.
In addition, customers will need to run RHEL 8.3, SUSE 15 SP2, Ubuntu 20.04 or 18.04 LTS, Windows Server 2019 or 2016, and Windows 10 Pro or Enterprise to utilize the new security module.