Microsoft today became the first major cloud provider to offer confidential virtual machines based on the new AMD EPYC 7003 series processors. In these new VMs, Microsoft has included an advanced security feature called Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP). SEV-SNP enables protection of virtual machines by creating a trusted execution environment.
These new AMD EPYC-CPU powered Azure VMs are fully encrypted at runtime, so your data is encrypted even when it is in use. The encryption keys used are secured in a dedicated secure processor on the EPYC CPU.
With the 3rd Gen AMD EPYC CPU-backed confidential computing VMs, Azure confidential computing now enables customers to encrypt entire VMs confidentially, enable confidentiality without recompiling code, and benefit from a host of Azure-specific enhancements.