Cloud
Examine critical components of Cloud computing with Intel® software experts
145 Discussions

Intel and Azure: Confidential Computing to the Next Level

BryanHiestand
Employee
‎11-25-2025 04:54 AM
0 0 144

Authors:

Bryan Hiestand, Sales Development Manager, Global Accounts, Intel

Gary Brown, Product Marketing Cloud Lead, Intel Data Center Group

Radhika Rao, Sr. Director, Azure Infrastructure & Services, Intel Team, Microsoft

 

At Microsoft Ignite 2025, businesses gathered to learn how to solve problems in the cloud on Azure, including how to handle sensitive data securely in the cloud. Confidential Computing is a hot topic because today’s businesses need various controls in place around data security:

  • When migrating to the cloud, you need to be in control of confidential or regulated data.
  • Collaboration among multiple parties on shared analyses is imperative, while maintaining confidentiality, privacy, and compliance.
  • You need strong compliance and data sovereignty programs with technology-driven safeguards.
  • Application security and IP protection are imperatives, with hardware-based VM isolation and access controls,

Continued momentum of 5th Gen Intel® Xeon® processor-based confidential VMs on Azure

The preview of DCesv6 and ECesv6 series confidential Virtual Machines powered by 5th Gen Intel® Xeon® processors with Intel® Trust Domain Extensions (Intel® TDX), announced earlier this year, continues to garner interest from Azure customers. These confidential VMs allow Azure customers to bring their most sensitive workloads to the cloud without requiring application code changes.

Confidential computing with Intel TDX provides a hardware-based trusted execution environment that facilitates the deployment of trust domains, including hardware-isolated virtual machines, which protect sensitive data and applications. With Confidential Computing, you get virtual machine isolation from the cloud stack, admins, and other tenants. 

Use Case 1: Confidentiality Demonstrated with Intel on Microsoft Azure

To demonstrate how to deploy cutting-edge solutions in Azure cloud with confidential computing, two leading AI ISVs participated with Intel in a POC to showcase the power of Confidential Computing on Intel TDX-enabled hosts within Microsoft Azure.

The use case in this POC was Agentic AI for customer support ticketing, deployed across EU and US public clouds. The goal was to demonstrate how this POC could meet the requirements for data security, privacy, and sovereignty.

For this deployment, Intel and Microsoft partnered with Arqit and Kamiwaza, a member of Intel’s AI Liftoff program.

Arqit minimizes cyber risk with quantum-safe security solutions designed for on-premises, cloud, and edge environments.

Kamiwaza AI delivers powerful AI agents and orchestrates workflows across a distributed data infrastructure, all while maintaining security.

This deployment was achieved using Kamiwaza AI’s AI orchestration engine, which deploys LLMs on Azure Confidential VMs powered by Intel Xeon processors, and Arqit’s SKA, providing quantum-safe key creation for end-to-end data encryption.

This collaboration demonstrates how organizations can leverage the benefits of multi-regional public cloud and dispersed data sources while maintaining control, compliance, and cost-effectiveness.

By leveraging Arqit’s quantum-secure key encryption platform and Kamiwaza’s agentic AI framework, customer service platforms can deliver real-time, quantum-safe, and US/GDPR-compliant responses across regions and languages. The system leverages Arqit’s SKA platform to route queries based on customer tier, validate compliance, and synthesize localized responses – demonstrating tangible commercial value in cross-border support scenarios.

Use Case 2: Confidentiality in a University Research Scenario

In another example, the University of Copenhagen sought a way for on-campus scientists, researchers, and academic staff to use Microsoft Azure in a secure, compliant, and reliable manner for research projects. The University faced a challenge due to the potential risk of a data breach, given the sensitive nature of the data involved.

TDC Erhverv helped The University of Copenhagen implement a confidential landing zone for research data on Microsoft Azure, utilizing Intel® TDX to establish a secure and compliant foundation for processing highly sensitive and privacy-regulated information -- including genetic and medical data -- within a trusted execution environment that upholds full GDPR compliance. The solution enables researchers to collaborate and innovate at scale with confidence and integrity. Using this solution, the University minimizes the risk of shadow it. It reduces the burden on researchers to manage infrastructure or allocate valuable resources toward building and maintaining their own IT environments.

“For scientists, maintaining the integrity and confidentiality of data is essential. Partnering with TDC Erhverv allows us to provide solutions that are secure today and resilient enough to meet the challenges of tomorrow.”

--Morten Hansson, Security-lead University of Copenhagen

Summary: Azure Confidential Computing with Intel

Here are the key takeaways from the announcement of Azure Confidential Computing with Intel:

  • Helps protect against remote/software attacks even if OS / drivers / BIOS / VMM / SMM are compromised.
  • Helps increase protections for sensitive information (data/keys/etc), even if an attack has full control of the platform.
  • Helps prevent in-person hardware attacks, such as memory bus snooping, memory tampering, and “cold boot” attacks, against memory contents in RAM.
  • Provides an option for hardware-based attestation capabilities to measure and verify valid code and data signatures.

This diagram shows how Intel TDX works to deliver VM Isolation:

Picture1.png

 VM Isolation with Intel TDX

And the chart below summarizes the benefits of Azure Confidential Computing with Intel:

Picture2.png

 

To learn more about what customers like Bosch, Thales, TDC Erhverv, and Arqit have to say about these VMs, learn about new features that are in the works, and sign up for the preview, read the Azure Confidential Computing Tech Community blog post.

Endnotes:

  1.  Data Sharing is a Key Digital Transformation Capability
  2.  Privilege elevation exploits are used in over 50% of insider attacks
  3.  Identifying global privacy laws, relevant DPAs | IAPP

References:

https://techcommunity.microsoft.com/blog/AzureConfidentialComputingBlog/azure-intel%C2%AE-tdx-confidential-vms-momentum/4470736

https://techcommunity.microsoft.com/blog/azureconfidentialcomputingblog/announcing-preview-for-the-next-generation-of-azure-intel%C2%AE-tdx-confidential-vms/4404625

 

Notices and Disclaimers

Performance varies by use, configuration, and other factors. Learn more on the Performance Index site.
Performance results are based on testing as of dates shown in configurations and may not reflect all publicly available ​updates. See backup for configuration details. No product or component can be absolutely secure.
Your costs and results may vary.
Intel technologies may require enabled hardware, software, or service activation.
© Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Other names and brands may be claimed as the property of others.

 

0 Kudos

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.