MS Ai Insider

Microsoft Introduces Trusted Launch as Default Security for Azure Gen2 VMs to Enhance Cloud Protection

Posted by

ailona

Microsoft announces a public preview for Trusted Launch as the default security setting on new Azure Gen2 VMs, Scale Sets, Compute Gallery images, and disks. This enhances foundational cloud security with features like Secure Boot and vTPM, helping users prepare for stronger, compliance-ready deployments. Unique :

Azure Trusted Launch: Default Security Boost for Gen2 VMs and More

Microsoft is rolling out a game-changing update for Azure Gen2 Virtual Machines (VMs), Scale Sets, Compute Gallery images, and OS disks. Starting soon, Trusted Launch will become the default security setting for new deployments. This move strengthens foundational cloud security and helps protect your workloads from modern threats.

What’s New with Trusted Launch Default (TLaD)?

Trusted Launch will automatically activate on new Gen2 VMs, Scale Sets, Azure Compute Gallery (ACG) images, and OS disks. Previously, you had to explicitly enable it in your deployment scripts. Now, if your deployment uses the latest API versions and meets certain conditions, Trusted Launch kicks in by default—no extra config needed.

Key changes include:

  • Security type set to TrustedLaunch by default for new Gen2 VM and Scale Set deployments.
  • ACG image definitions default to TrustedLaunchSupported security type.
  • New disk property SupportedSecurityOption inherits security from the source image.
“This change is a major step and result of our ongoing efforts to improve the foundational security of our cloud computing platform.”

Why Trusted Launch Matters

Trusted Launch boosts VM security through cryptographic verification and boot integrity monitoring. It protects against rootkits and bootkits by enforcing Secure Boot and virtual TPM (vTPM) attestation. This ensures your VM boots into a trusted, uncompromised state.

It’s not just about security—it’s about compliance too. Trusted Launch helps meet standards like Azure Security Benchmark, FedRAMP, HIPAA, and PCI-DSS, making it essential for regulated workloads.

Key Features of Trusted Launch:

  • Secure Boot: Blocks unauthorized boot-level malware.
  • vTPM: Acts as a secure vault for encryption keys and measurements.
  • Boot Integrity Monitoring: Continuously attests VM boot health.

How to Get Started with the Preview

Microsoft invites users to test this upcoming change via public preview. To enable it, register the feature flag TrustedLaunchByDefaultPreview in your Azure subscription under the Microsoft.Compute namespace.

After onboarding, all new Gen2 VM, Scale Set, ACG, and disk deployments will default to Trusted Launch—unless you explicitly override it. This applies across popular deployment tools like ARM templates, Bicep, and Terraform.

“We strongly recommend onboarding your subscription for public preview and validating this change with your existing deployments.”

Important Considerations and Limitations

Currently, some limitations exist. For example, the Azure portal doesn’t yet allow disabling Trusted Launch once preview is enabled. Also, resizing VMs to unsupported sizes after enabling Trusted Launch isn’t supported. Microsoft plans fixes before the full rollout.

If you need to bypass Trusted Launch temporarily, you can set the security type to Standard in your deployment or unregister the preview feature flag.

Final Thoughts

Azure’s move to make Trusted Launch the default security setting marks a big leap in cloud workload protection. This change enhances trust and compliance while simplifying security management for your Gen2 VMs and related resources.

Tech pros should start testing now to ensure smooth adoption. As Microsoft puts it, “We take the security of our cloud computing platform as priority.” So, gear up to secure your Azure workloads with Trusted Launch by default!

  • Trusted Launch enables cryptographic verification to ensure VMs boot securely and resist OS-level attacks.
  • New Azure API versions automatically enable Trusted Launch by default if the OS image and VM size support it.
  • Azure Compute Gallery images will undergo validation to confirm Trusted Launch compatibility before deployment.
  • Users can explicitly disable Trusted Launch during deployment by setting the securityType parameter to “Standard.”
  • Some limitations exist in the preview, including inability to bypass Trusted Launch via Azure portal and VM resizing restrictions.

    • From the New blog articles in Microsoft Community Hub


    Related Posts
    Unlock New Possibilities with Windows Server Devices in Intune!

      Windows Server Devices Now Recognized as a New OS in Intune Microsoft has announced that Windows Server devices are Read more

    Unlock the Power of the Platform: Your Guide to Power Platform at Microsoft Ignite 2022

    Microsoft Power Platform is leading the way in AI-generated low-code app development. With the help of AI, users can quickly Read more

    Unlock the Power of Microsoft Intune with the 2210 October Edition!

    Microsoft Intune is an enterprise mobility management platform that helps organizations manage mobile devices, applications, and data. The October edition Read more

    Unlock the Power of Intune 2.211: What’s New for November!

    Microsoft Intune has released its November edition, featuring new updates to help IT admins better manage their organization’s mobile devices. Read more

    , , , , , , , , , , , , , , , , ,

    ailona

    Follow Us

    [adinserter name=”Block 4″]

    Recent Posts

    Categories

    Tags

    365 and articles Azure blog build community copilot developer enhanced exploring features for how hub: insider latest microsoft microsoft’s new power preview Security stories: Teams the unlock Windows with your