Microsoft* Azure Confidential Computing with Intel® SGX

By James C Gordon, Published: 11/08/2018, Last Updated: 11/08/2018

A couple months ago at Ignite 2018, Microsoft unveiled their public preview of Microsoft® Azure Confidential Computing (ACC). In Sept 2017, Microsoft Azure became the first cloud platform to enable new data security capabilities that provide enhanced protections for customer data while in use with confidential computing. 

Microsoft and Intel are working together to bring Trusted Execution Environments (TEEs), such as Intel® Software Guard Extensions (Intel® SGX) and Virtualization Based Security (VBS - previously known as Virtual Secure mode) to the cloud. Intel SGX is a tool that enables developers to better protect their most sensitive data and application code in-memory and prevent malware and system software from gaining access. Intel SGX adds this protection through CPU-based instructions that establish the TEE at the lowest layer possible. 

Many customers are looking to combine the scale and economics of cloud computing with the confidence they have in private, on-premise hardware. Azure Confidential Computing provides added protections for data while the data is processed in the cloud. ACC relies on Intel SGX, which provides an encrypted enclave that is even protected from the cloud provider and low-level system processes. Azure Confidential Computing aims to protect data while it’s processed in the cloud. Intel SGX enables application developers to protect select code and data from disclosure or modification through the use of secure enclaves. 

With security looming large in customers’ minds, developers should take advantage of the security-enhancing tools they have to protect their workloads. There are a wide variety of resources that can help developers get started with Intel SGX both in Azure and for on-premise, including the new Open Enclave SDK announced by Microsoft at Ignite. 

To learn more about Microsoft ACC and the security services that were showcased and enabled by Intel SGX, listen to this podcast with Christine Avanessians, Principal PM Manager of the Microsoft Azure Compute team at Microsoft.

Product and Performance Information

1

Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804