Azure Trusted Launch

Trusted launch protects against advanced and persistent attack techniques on Generation 2 VM’s.

Getting the low down!

What is trusted launch?

Trusted launch is composed of several, coordinated infrastructure technologies that can be enabled independently. Each technology provides another layer of defense against sophisticated threats.


Securely deploy virtual machines with verified boot loaders, OS kernels, and drivers


Securely protect keys, certificates, and secrets in the virtual machines.


Ensure workloads are trusted and verifiable.

Azure Public Preview!

Public preview limitations

  • B-series
  • Dav4-series, Dasv4-series
  • DCsv2-series
  • Dv4-series, Dsv4-series, Dsv3-series, Dsv2-series
  • Ddv4-series, Ddsv4-series
  • Fsv2-series
  • Eav4-series, Easv4-series
  • Ev4-series, Esv4-series, Esv3-series
  • Edv4-series, Edsv4-series
  • Lsv2-series

Getting Paid

Secure boot

At the root of trusted launch is Secure Boot for your VM. This mode, which is implemented in platform firmware, protects against the installation of malware-based rootkits and boot kits. Secure Boot works to ensure that only signed operating systems and drivers can boot. It establishes a “root of trust” for the software stack on your VM.

Alert for VM attestation failure!

Azure Defender integration

If your VMs are properly set up with trusted launch, Azure Defender can detect and alert you of VM health problems. Azure Defender will periodically perform attestation on your VMs. This also happens after your VM boots.


Security Center integration

Trusted launch is integrated with Azure Security Center to ensure your VMs are properly configured. Azure Security Center will continually assess compatible VMs and issue relevant recommendations.

Thank you for reading!

We are happy to bring the latest in cloud technology right to your fingertips!

WordPress Appliance - Powered by TurnKey Linux