We are announcing Trusted Launch for Azure virtual machines general availability in all Azure for China regions: China East, China East 2, China East 3, China North, China North 2, and China North 3. Trusted launch for Azure VMs allows you to bolster the security posture of an Azure Virtual Machine in the following ways.
- Improve foundational security of your virtual machine by booting to a defined and trusted state.
- Reduce persistent malware such as boot kits and rootkits that are so sophisticated that they can run with the same kernel-mode privileges as the operating system they infect.
- Enable Credential guard (isolate & protect secrets, such as user passwords, and prevent compromise of the user’s credentials. Also protects derived domain credentials) backed by secure boot, and Virtualization based security and vTPM, pre-requisites for domain controllers.
- Gain continuous insights into your virtual machines for health state and boot chain integrity, plus remediate attestation (Microsoft Azure Attestation) failures via Microsoft Defender for Cloud.
- Strengthen your Windows 11 virtual machines with UEFI, secure boot, and vTPM to prevent lower layer malware. (UEFI, and vTPM are pre-requisites for Windows 11)
For more information about the capabilities available, please visit the Trusted Launch for Azure virtual machines documentation webpage.