We are announcing the public preview of confidential temp disk encryption for confidential VMs. Until recently, confidential encryption has only been available for OS disks. It binds the disk encryption keys to the virtual machine’s TPM (Trusted Platform Module) and makes the disk content accessible only to the VM. With this release, we now allow encryption of the temp disk using in-VM symmetric key encryption technology after the disk is attached to the confidential VM (CVM).
Most CVMs contain a temp disk, which is not a managed disk. The temp disk provides fast, local, and short-term storage for applications and processes. It is intended to only store data such as page files, log files, cached data, and other types of temporary data.
This feature is not enabled by default but can be enabled through an opt-in process. The pre-requisites are that the OS disk needs to be confidentially encrypted and the Azure Disk Encryption (ADE) extension needs to be installed to encrypt the temp disk.
To learn more, read the blog.