1 min read

Azure – You can now enable Trusted Launch on Azure Virtual Machines (preview)

cubesys : Oct 28, 2021 12:00:00 AM

Azure

As you know, recent physical devices come with embedded security feature to help protect the operating system; features like TPM chipset or secure boot.

Well, unfortunately until now these features were not available when running virtual machines on Azure.

Good news, this now possible to turn on these security feature on Azure Virtual Machine.

To be able to turn on these features, you need to deploy Azure Virtual Machine Gen 2.

The below list details the supported virtual machine SKU’s and operating systems across all public regions:

  • Virtual Machine Type (SKU)
    • B-series
    • Dav4-series
    • Dasv4-series
    • DCsv2-series
    • Dv4-series
    • Dsv4-series
    • Dsv3-series
    • Dsv2-series
    • Ddv4-series
    • Ddsv4-series
    • Fsv2-series
    • Eav4-series
    • Easv4-series
    • Ev4-series
    • Esv4-series
    • Esv3-series
    • Edv4-series
    • Edsv4-series
    • Lsv2-series
  • Operating System
    • Redhat Enterprise Linux 8.3
    • SUSE 15 SP2
    • Ubuntu 20.04 LTS
    • Ubuntu 18.04 LTS
    • Debian 11
    • CentOS 8.4
    • Oracle Linux 8.3
    • Windows Server 2019
    • Windows Server 2016
    • Windows 11 Pro
    • Windows 11 Enterprise
    • Windows 11 Enterprise multi-session
    • Windows 10 Pro
    • Windows 10 Enterprise
    • Windows 10 Enterprise multi-session

Please note there are some additional limitations (at least during the preview) as the below lists services or features not supported during the preview:

  • Backup – this option will not be available during the VM creation process
  • Azure Site Recovery – this option will not be available during the VM creation process
  • Shared Image Gallery
  • Ephemeral OS disk
  • Shared disk
  • Managed image
  • Azure Dedicated Host

When creating the virtual machine, select Trusted launch virtual machine as Security Type – by selecting this option, you will get the options Secure boot (disabled by default) and vTPM (enabled by default) available for configuration.

If you have selected an unsupported series and/or operating system you will be notified.

image

You can update the configuration (Secure Boot and/or vTPM) after the virtual machine has been created by accessing the Configuration blade of the virtual machine

image

A migration path to enable the Trusted launch virtual machine option will be available when the feature reaches the general availability.

Azure – Azure Secure Score has been simplified (preview)

cubesys : Jan 23, 2020 12:00:00 AM

By now you should know Azure Secure Score (ASS), the Azure Security feature which helps you review the security recommendations and prioritize them...

Azure Security
Read More

Azure – You can now export your Azure Security Recommendations and alerts in CSV

cubesys : Feb 24, 2020 12:00:00 AM

It has been a long awaited feature, the ability to export recommendations and more importantly alerts from Azure Security Center (ASC).

Azure Security
Read More

Azure – A new troubleshooting tool – VM Inspector – is available in preview

cubesys : Oct 25, 2021 12:00:00 AM

If you work with virtual machines on Azure you already know that sometime things go wrong and you need to troubleshoot what is happening with the...

Azure
Read More