
close
close
Microsoft has announced that it is bringing Trusted Launch support to the Azure Virtual Desktop service. The company says this new capability aims to protect virtual machines in enterprise environments from advanced and persistent attacks.
Microsoft Azure Virtual Desktop is a cloud-based solution that enables end-users to access their desktop and applications virtually from any device. This new Trusted launch support brings several new configurable security features such as Secure Boot, virtual Trusted Platform Module (vTPM), as well as Virtualization-based security (VBS) capabilities.
advertisment
The Secure Boot feature offers protection at the operating system boot-up level by preventing the installation of malware (boot kits) and driver, firmware, and OS kernel-based rootkits. The feature has been designed to ensure that the computer system can only boot with trusted operating systems and drivers from the Original Equipment Manufacturer (OEM).
In addition to Secure Boot, the Trusted launch service introduces virtual Trusted Platform Module (vTPM) support for the Azure Virtual Desktop. It allows the guest operating system to create and store private security keys that helps to reduce the attack surface.
“Trusted launch provides your VM with its own dedicated TPM instance, running in a secure environment outside the reach of any VM,” the company explained. “Trusted launch uses the vTPM to perform remote attestation by the cloud. This is used for platform health checks and for making trust-based decisions. As a health check, trusted launch can cryptographically certify that your VM booted correctly.”
advertisment
The Virtualization-Based Security (VBS) feature enhances system security by virtually isolating a segment of main memory from the rest of the operating system. Trusted launch lets users enable Hypervisor Code Integrity (HVCI) to protect the Windows kernel protection against malicious exploits and vulnerabilities. Microsoft Defender for Cloud service provides integration with Trusted Launch that periodically detects and alerts users about VM health problems.
Microsoft has also acknowledged a couple of limitations as well. Currently, the feature doesn’t support Azure Site Recovery, Azure Dedicated Host, nested virtualization, and other security capabilities. The company added that the Trusted Launch functionality in Azure Virtual Desktop currently supports various Linux and Windows systems, and you can find the full list on this support page.
More from Rabia Noureen
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Microsoft Azure
Microsoft Revises Restrictive Cloud Licensing Policies to Avoid EU Antitrust Probe
May 19, 2022 | Rabia Noureen
Microsoft's Azure AD Conditional Access Service Can Now Require Reauthentication
May 13, 2022 | Rabia Noureen
Microsoft Addresses Cross-Tenant Database Vulnerability in Azure PostgreSQL
Apr 29, 2022 | Rabia Noureen
Microsoft Simplifies IT Monitoring with New Azure Managed Grafana Service
Apr 19, 2022 | Rabia Noureen
System Center 2022 is Now Available with New Datacenter Management Capabilities
Apr 4, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group