Microsoft 365


Active Directory


Windows Server


Microsoft Teams Day is back!




Microsoft Announces Ephemeral OS Disk Support for Confidential Azure VMs

Rabia Noureen

Azure hero approved 2

Microsoft has announced Ephemeral OS disk support for Azure confidential virtual machines (VMs). The new feature enables organizations to use Azure hardware-based trusted execution environments (TEEs) in order to protect sensitive data while is being processed from unauthorized access.

Azure confidential computing was first announced at Microsoft’s Ignite conference in 2017. These confidential VMs are designed for organizations that handle highly sensitive workloads in the cloud. Confidential VMs use hardware-protected encryption keys to ensure that customer data remains encrypted in memory, in transit (over a network), and at rest (in storage). It helps to protect sensitive information from hackers, government warrants, as well as Microsoft’s administrators.

Key features of Ephemeral disks

With this release, Microsoft says that OS disk data will be lost when the VMs are resized, redeployed, restarted, or maintained (using healing or live migration). The company highlights several unique features offered by Ephemeral disks, such as support for Azure Compute Gallery, custom images, and Marketplace.

Additionally, Ephemeral OS disks allow users to fast reset/reimage virtual machines as well as scale set instances back to the original boot state. Other capabilities include stateless application support, lower latency, and more.

“Ephemeral OS disks work well for stateless workloads, where applications are tolerant of individual VM failures but are more affected by VM deployment time or reimaging of individual VM instances. With Ephemeral OS disk, you get lower read/write latency to the OS disk and faster VM reimage,” Microsoft explained.

Ephemeral OS disks support is available for free in all Azure regions

According to the support document, Ephemeral OS disk support is currently available in public preview for free in all Azure regions. Keep in mind that customers will not be able to access Ephemeral disks through the portal.

Currently, confidential VMs with Ephemeral OS disks don’t provide certain features, including disk snapshots, OS Disk Swap, capturing VM images, Azure Site Recovery, Azure Backup, and Azure Disk Encryption.

In case you missed it, Microsoft announced hot patching support for Windows Server Azure virtual machines back in February. The feature lets IT admins install Windows security updates without requiring frequent reboots.

Article saved!

Access saved content from your profile page. View Saved