Merge pull request #296173 from vinfnet/2025-content-refresh

tidy-up

Author: ShannonLeavitt

articles/confidential-computing/TOC.yml

@@ -31,9 +31,9 @@
   expanded: true
   items:
   - name: Multi-party and cleanroom collaboration
-    href: multi-party-data.md #multi-party-collaboration # new #p1
-  - name: It's the future #maybe change link to a page that references the below, and explains why it's the future
-    href: https://azure.microsoft.com/blog/key-foundations-for-protecting-your-data-with-azure-confidential-computing/ # New, house-view.. why is it the future - x-links to a lot of MarkRus material tying it back to strategic direction/vision
+    href: multi-party-data.md 
+  - name: It's the future 
+    href: https://azure.microsoft.com/blog/key-foundations-for-protecting-your-data-with-azure-confidential-computing/
   - name: Confidential AI
     href: confidential-ai.md
 - name: How do I get it? # HOW?
@@ -109,18 +109,10 @@
     items:  
     - name: Container solutions overview
       href: choose-confidential-containers-offerings.md 
-    - name: Application enclave nodes on AKS
-      items:
-      - name: Application enclave with Intel SGX DCSv2/DCsv3 nodes 
-        href: confidential-nodes-aks-overview.md
-      - name: Deploy application enclave nodes on AKS
-        href: confidential-enclave-nodes-aks-get-started.md
-      - name: Enclave-aware containers
-        href: enclave-aware-containers.md
-      - name: AKS Add-on
-        href: confidential-nodes-aks-addon.md
-      - name: Confidential enclave nodes FAQ
-        href: confidential-nodes-aks-faq.yml
+    - name: Confidential node pools on AKS
+      items: 
+      - name: Confidential VM node pools in AKS
+        href: confidential-node-pool-aks.md
     - name: Confidential containers
       items:
       - name: Confidential containers overview
@@ -133,10 +125,18 @@
         href: confidential-containers.md#vm-isolated-confidential-containers-on-azure-container-instances-aci
       - name: Confidential containers with Intel SGX enclaves
         href: confidential-containers-enclaves.md
-    - name: Confidential node pools on AKS
-      items: 
-      - name: Confidential VM node pools in AKS
-        href: confidential-node-pool-aks.md
+    - name: Application enclave nodes on AKS
+      items:
+      - name: Application enclave with Intel SGX DCSv2/DCsv3 nodes 
+        href: confidential-nodes-aks-overview.md
+      - name: Deploy application enclave nodes on AKS
+        href: confidential-enclave-nodes-aks-get-started.md
+      - name: Enclave-aware containers
+        href: enclave-aware-containers.md
+      - name: AKS Add-on
+        href: confidential-nodes-aks-addon.md
+      - name: Confidential enclave nodes FAQ
+        href: confidential-nodes-aks-faq.yml
     - name: References
       items:
       - name: DCasv5 and DCadsv5-series
@@ -154,10 +154,6 @@
   - name: Confidential services
     expanded: true
     items:
-    - name: SQL Always Encrypted with secure enclaves # x-link to SQL docs #done
-      href: /sql/relational-databases/security/encryption/configure-always-encrypted-enclaves
-    - name: SQL on confidential virtual machines #done
-      href: /azure/azure-sql/virtual-machines/windows/sql-vm-create-confidential-vm-how-to
     - name: Confidential VMs for Azure Databricks
       href: https://techcommunity.microsoft.com/t5/azure-confidential-computing/confidential-vm-option-for-azure-databricks-preview/ba-p/3827982#:~:text=Azure%20Databricks%20now%20supports%20using%20Confidential%20computing%20VM,Azure%20Databricks%20workload%20securely%20%26%20confidentially%20on%20Azure
     - name: Confidential VMs for Azure Data Explorer (preview) #done
@@ -166,6 +162,10 @@
       href: /azure/virtual-desktop/whats-new#confidential-virtual-machines-and-trusted-launch-virtual-machines-are-now-generally-available-in-azure-virtual-desktop
     - name: Azure confidential ledger #done
       href: /azure/confidential-ledger/overview
+    - name: SQL on confidential virtual machines #done
+      href: /azure/azure-sql/virtual-machines/windows/sql-vm-create-confidential-vm-how-to
+    - name: SQL Always Encrypted with secure enclaves # x-link to SQL docs #done
+      href: /sql/relational-databases/security/encryption/configure-always-encrypted-enclaves
   - name: Partner Solutions
     items:
     - name: Overview

articles/confidential-computing/index.yml

@@ -107,8 +107,8 @@ landingContent:
             url: https://azure.microsoft.com/global-infrastructure/services/?products=virtual-machines
       - linkListType: whats-new
         links:
-          - text: Azure confidential VMs with NVIDIA H100 Tensor Core GPUs (Public Preview)
-            url: https://aka.ms/cvm-h100-blog
+          - text: Azure confidential VMs with NVIDIA H100 Tensor Core GPUs
+            url: https://techcommunity.microsoft.com/blog/azureconfidentialcomputingblog/general-availability-azure-confidential-vms-with-nvidia-h100-tensor-core-gpus/4242644
 
   # Card
   - title: Container compute
@@ -126,14 +126,14 @@ landingContent:
         links:
           - text: Hello world with Confidential containers with Azure Container Instances (ACI)
             url: /azure/container-instances/container-instances-tutorial-deploy-confidential-containers-cce-arm
+          - text: Confidential VM node pools on AKS
+            url: /azure/aks/use-cvm
           - text: CLI based provisioning with a hello from enclave container app on AKS
             url: confidential-enclave-nodes-aks-get-started.md
           - text: Confidential containers with Intel SGX quickstart
             url: confidential-containers-enclaves.md
           - text: App enclave aware container samples
             url: enclave-aware-containers.md
-          - text: Confidential VM node pools on AKS
-            url: /azure/aks/use-cvm
       - linkListType: reference
         links:
           - text: Azure architecture center confidential container scenarios

articles/confidential-computing/media/overview-azure-products/confidential-computing-product-line.jpg

@@ -13,44 +13,57 @@ ms.author: jushiman
 
 ## Virtual machines and containers
 
-Azure provides the broadest support for hardened technologies such as [AMD SEV-SNP](https://www.amd.com/en/developer/sev.html), [Intel TDX](https://www.intel.com/content/www/us/en/developer/tools/trust-domain-extensions/overview.html) and [Intel SGX](https://www.intel.com.au/content/www/au/en/architecture-and-technology/software-guard-extensions-enhanced-data-protection.html). All technologies meet our definition of confidential computing, helping organizations prevent unauthorized access or modification of code and data while in use.
+Azure provides the broadest support for hardened technologies such as [AMD SEV-SNP](https://www.amd.com/en/developer/sev.html), [Intel TDX](https://www.intel.com/content/www/us/en/developer/tools/trust-domain-extensions/overview.html), and [Intel SGX](https://www.intel.com.au/content/www/au/en/architecture-and-technology/software-guard-extensions-enhanced-data-protection.html). All technologies meet our definition of confidential computing, helping organizations prevent unauthorized access or modification of code and data while in use.
 
-- Confidential VMs using AMD SEV-SNP. [DCasv5](/azure/virtual-machines/dcasv5-dcadsv5-series) and [ECasv5](/azure/virtual-machines/ecasv5-ecadsv5-series) enable lift-and-shift of existing workloads and helps protect data from the cloud operator with VM-level confidentiality. 
+- Confidential VMs using AMD SEV-SNP. [DCasv5](/azure/virtual-machines/dcasv5-dcadsv5-series) and [ECasv5](/azure/virtual-machines/ecasv5-ecadsv5-series) enable lift-and-shift of existing workloads and helps protect data from the cloud operator with VM-level confidentiality. [DCasv6 and ECasv6](https://techcommunity.microsoft.com/blog/azureconfidentialcomputingblog/preview-new-dcasv6-and-ecasv6-confidential-vms-based-on-4th-generation-amd-epyc%E2%84%A2/4303752) confidential virtual machines based on 4th generation AMD EPYC processors are currently in gated preview and offer enhanced performance.
 
-- Confidential VMs using Intel TDX. [DCesv5](/azure/virtual-machines/dcasv5-dcadsv5-series) and [ECesv5](/azure/virtual-machines/ecasv5-ecadsv5-series) enable lift-and-shift of existing workloads and helps protect data from the cloud operator with VM-level confidentiality.
+- Confidential VMs using Intel Trust Domain eXtensions (TDX). [DCesv5](/azure/virtual-machines/dcasv5-dcadsv5-series) and [ECesv5](/azure/virtual-machines/ecasv5-ecadsv5-series) enable lift-and-shift of existing workloads and helps protect data from the cloud operator with VM-level confidentiality.
+
+- Confidential VMs with Graphical Processing Units (GPUs). [NCCadsH100v5](/azure/virtual-machines/sizes/gpu-accelerated/nccadsh100v5-series) confidential VMs come with a GPU help to ensure data security and privacy while boosting AI and machine learning tasks. These CVMs use linked CPU and GPU TEEs to [protect sensitive data in CPU and a GPU to accelerate computations](https://techcommunity.microsoft.com/blog/azureconfidentialcomputingblog/general-availability-azure-confidential-vms-with-nvidia-h100-tensor-core-gpus/4242644), making it ideal for organizations needing to protect data from the cloud operator and using high-performance computing.
 
 - VMs with Application Enclaves using Intel SGX. [DCsv2](/azure/virtual-machines/dcv2-series), [DCsv3, and DCdsv3](/azure/virtual-machines/dcv3-series) enable organizations to create hardware enclaves. These secure enclaves help protect from cloud operators, and your own VM admins.
 
+- [Confidential VM AKS Worker Nodes](/azure/confidential-computing/confidential-node-pool-aks) allows lift-and-shift of containers to AKS clusters using worker nodes based on AMD SEV-SNP hardware and helps protect data from the cloud operator with worker-node level confidentiality with the configuration flexibility of Azure Kubernetes Service (AKS).
+
+- [Confidential Containers on ACI](/azure/container-instances/container-instances-confidential-overview) allows lift-and-shift of containers to the serverless Azure Container Instances service running on AMD SEV-SNP hardware. Confidential containers support container-level integrity and attestation via [confidential computing enforcement (CCE) policies](/azure/container-instances/container-instances-confidential-overview#confidential-computing-enforcement-policies) that prescribe the components that are allowed to run within the container group, which the container runtime enforces. This helps protect data from the cloud operator and internal threat actors with container-level confidentiality.
+
 - [App-enclave aware containers](enclave-aware-containers.md) running on Azure Kubernetes Service (AKS). Confidential computing nodes on AKS use Intel SGX to create isolated enclave environments in the nodes between each container application.
 
-:::image type="content" source="media/overview-azure-products/confidential-computing-product-line.jpg" alt-text="Diagram of the various confidential computing enabled VM SKUs, container and data services." lightbox="media/overview-azure-products/confidential-computing-product-line.jpg":::
+:::image type="content" source="media/overview-azure-products/confidential-computing-product-line.jpg" alt-text="Diagram of the various confidential computing enabled VM SKUs, container, and data services." lightbox="media/overview-azure-products/confidential-computing-product-line.jpg":::
 
 ## Confidential services
 
 Azure offers various PaaS, SaaS and VM capabilities supporting or built upon confidential computing, this includes:
 
-- [Azure Key Vault Managed HSM](/azure/key-vault/managed-hsm/), a fully managed, highly available, single-tenant, standards-compliant cloud service that enables you to safeguard cryptographic keys for your cloud applications, using FIPS 140-2 Level 3 validated Hardware Security Modules (HSM).
-
-- [Always Encrypted with secure enclaves in Azure SQL](/sql/relational-databases/security/encryption/always-encrypted-enclaves). The confidentiality of sensitive data is protected from malware and high-privileged unauthorized users by running SQL queries directly inside a TEE. 
+- [Confidential inferencing with Azure OpenAI Whisper](https://techcommunity.microsoft.com/blog/azureconfidentialcomputingblog/azure-ai-confidential-inferencing-technical-deep-dive/4253150) Azure Confidential Computing ensures data security and privacy through TEEs. It includes encrypted prompt protection, user anonymity, and transparency using OHTTP and Confidential GPU VMs. 
 
 - [Azure Databricks](https://www.databricks.com/blog/announcing-general-availability-azure-databricks-support-azure-confidential-computing-acc) helps you bring more security and increased confidentiality to your Databricks Lakehouse using confidential VMs.
 
 - [Azure Virtual Desktop](../virtual-desktop/deploy-azure-virtual-desktop.md?tabs=portal) ensures a user’s virtual desktop is encrypted in memory, protected in use, and backed by hardware root of trust.
 
-- [Microsoft Azure Attestation](/azure/attestation/overview), a remote attestation service for validating the trustworthiness of multiple Trusted Execution Environments (TEEs) and verifying integrity of the binaries running inside the TEEs.
+- [Azure Key Vault Managed HSM](/azure/key-vault/managed-hsm/), a fully managed, highly available, single-tenant, standards-compliant cloud service that enables you to safeguard cryptographic keys for your cloud applications, using FIPS 140-2 Level 3 validated Hardware Security Modules (HSM).
 
-- [Trusted Hardware Identity Management](../security/fundamentals/trusted-hardware-identity-management.md), a service that handles cache management of certificates for all TEEs residing in Azure and provides trusted computing base (TCB) information to enforce a minimum baseline for attestation solutions.
+- [Microsoft Azure Attestation](/azure/attestation/overview), a remote attestation service for validating the trustworthiness of multiple Trusted Execution Environments (TEEs) and verifying integrity of the binaries running inside the TEEs.
 
 - [Azure Confidential Ledger](/azure/confidential-ledger/overview). ACL is a tamper-proof register for storing sensitive data for record keeping and auditing or for data transparency in multi-party scenarios. It offers Write-Once-Read-Many guarantees, which make data non-erasable and non-modifiable. The service is built on Microsoft Research's [Confidential Consortium Framework](https://www.microsoft.com/research/project/confidential-consortium-framework/).
 
+- [Always Encrypted with secure enclaves in Azure SQL](/sql/relational-databases/security/encryption/always-encrypted-enclaves). The confidentiality of sensitive data is protected from malware and high-privileged unauthorized users by running SQL queries directly inside a TEE. 
+
+And we are actively working on expanding this portfolio based on customer demand.
+
+
 ## Supplementary offerings
 
+- [Trusted Launch](/azure/virtual-machines/trusted-launch) is available across all Generation 2 VMs bringing hardened security features – secure boot, virtual trusted platform module, and boot integrity monitoring – that protect against boot kits, rootkits, and kernel-level malware.
+
+- [Azure Integrated HSM](https://techcommunity.microsoft.com/blog/azureinfrastructureblog/securing-azure-infrastructure-with-silicon-innovation/4293834) is currently in-development. Azure Integrated HSM is a dedicated hardware security module designed to meet FIPS 140-3 Level 3 security standards, providing robust key protection by enabling encryption and signing keys to remain within the HSM without incurring network access latency. It offers enhanced security with locally deployed HSM services, allowing cryptographic keys to remain isolated from software, including both guest and host software, and supports high volumes of cryptographic requests with minimum latency. Azure Integrated HSM will be installed in every new server in Microsoft's datacenters starting next year to increase protection across Azure's hardware fleet.
+ 
+ - [Trusted Hardware Identity Management](../security/fundamentals/trusted-hardware-identity-management.md), a service that handles cache management of certificates for all TEEs residing in Azure and provides trusted computing base (TCB) information to enforce a minimum baseline for attestation solutions.
+
 - [Azure IoT Edge](../iot-edge/deploy-confidential-applications.md) supports confidential applications that run within secure enclaves on an Internet of Things (IoT) device. IoT devices are often exposed to tampering and forgery because they're physically accessible by bad actors. Confidential IoT Edge devices add trust and integrity at the edge by protecting the access to data captured by and stored inside the device itself before streaming it to the cloud.
 
 - [Confidential Inference ONNX Runtime](https://github.com/microsoft/onnx-server-openenclave), a Machine Learning (ML) inference server that restricts the ML hosting party from accessing both the inferencing request and its corresponding response.
 
-- [Trusted Launch](/azure/virtual-machines/trusted-launch) is available across all Generation 2 VMs bringing hardened security features – secure boot, virtual trusted platform module, and boot integrity monitoring – that protect against boot kits, rootkits, and kernel-level malware.
-
 ## What's new in Azure confidential computing
 
 > [!VIDEO https://www.youtube.com/embed/ds48uwDaA-w]

articles/confidential-computing/overview-azure-products.md

@@ -22,24 +22,26 @@ The following diagram shows what is "in" and what is "outside' of the trusted co
 
 ## Hardware Root of Trust
 
-The root of trust is the hardware that is trusted to attest (validate) that the customer workload is using confidential computing through the generation of cryptographic proofs.
+The root of trust is the hardware that is trusted to attest (validate) that the customer workload is using confidential computing through the generation and validation of cryptographic proofs provided by hardware vendors.
 
 ## Confidential Computing Workload (TCB)
 
 The customer workload, encapsulated inside a Trusted Execution Environment (TEE) includes the parts of the solution that are fully under control and trusted by the customer. The confidential computing workload is opaque to everything outside of the TCB using encryption.
 
 ## Host OS, Hypervisor, BIOS, Device drivers
 
-These elements have no visibility of the workload inside the TCB because it encrypted. Host OS, BIOS etc. are under the control of the cloud provider and inaccessible by the customer.
+These elements have no visibility of the workload inside the TCB because it encrypted. Host OS, BIOS etc. are under the control of the cloud provider and inaccessible by the customer and conversely they can only see the customer workload in encrypted form.
 
 ## Mapping TCB to different Trusted Execution Environments (TEE)
 
 Depending on the Confidential Computing technology in-use, the TCB can vary to cater to different customer demands for confidentiality and ease of adoption.
 
-Intel SGX, for example offers the most granular TCB definition down to individual code functions but requires applications to be written using specific APIs to use confidential capabilities. 
-
 Confidential Virtual Machines (CVM) using the AMD SEV-SNP (and, in future Intel TDX) technologies can run an entire virtual machine inside the TEE to support lift & shift scenarios of existing workloads, in this case, the guest OS is also inside the TCB.
 
+Container compute offerings are built upon Confidential Virtual Machines and offer a variety of TCB scenarios from whole AKS nodes to individual containers when using Azure Container Instances (ACI).
+
+Intel SGX can offer the most granular TCB definition down to individual code functions but requires applications to be developed using specific SDKs to use confidential capabilities. 
+
 :::image type="content" source="./media/trusted-compute-base/app-enclave-vs-virtual-machine.jpg " alt-text="Diagram showing the Trusted Compute Base (TCB) concept mapped to Intel SGX and AMD SEV-SNP Trusted Execution Environments":::