You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/confidential-computing/use-cases-scenarios.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -73,10 +73,10 @@ In this use-case we use a combination of Azure Confidential Compute technologies
73
73
- Application is protected from the cloud operator whilst in-use using Confidential Compute
74
74
- Application resources can only be deployed in the West Europe Azure region
75
75
- Consumers of the application authenticating with modern authentication protocols can be mapped to the sovereign region they're connecting from, and denied access unless they are in an allowed region.
76
-
- Access using administrative protocols (RDP, SSH etc.) is limited to access from the Azure Bastion service that is integrated with Priviledged Identity Management (PIM). The PIM policy requires a Conditional Access Policy that validates which sovereign region the administrator is accessing from.
76
+
- Access using administrative protocols (RDP, SSH etc.) is limited to access from the Azure Bastion service that is integrated with Privileged Identity Management (PIM). The PIM policy requires a Conditional Access Policy that validates which sovereign region the administrator is accessing from.
77
77
- All services log actions to Azure Monitor.
78
78
79
-
:::image type="content" source="media/use-cases-scenarios/restricted-workload.jpg" alt-text="Diagram showing workloads protected by Azure Confidential Compute and complemented with Azure configuration including Azure Policy and Conditional Access":::
79
+
:::image type="content" source="media/use-cases-scenarios/restricted-workload.jpg" alt-text="Diagram showing workloads protected by Azure Confidential Compute and complemented with Azure configuration including Azure Policy and Conditional Access.":::
80
80
81
81
## Manufacturing – IP Protection
82
82
@@ -100,9 +100,9 @@ In this case, the Azure Container Instance policy engine would refuse to release
100
100
101
101
The Tailspin Toys application itself is coded to periodically make a call to the attestation service and report the results back to Tailspin Toys over the Internet to ensure there's a continual heartbeat of security status.
102
102
103
-
The attestation service returns cryptographically signed details from the hardware supporting the Contoso tenant to validate that the workload is running inside a confidential enclave as expected, the attestation is outside the the control of the Contoso administrators and is based on the hardware root of trust that Confidential Compute provides.
103
+
The attestation service returns cryptographically signed details from the hardware supporting the Contoso tenant to validate that the workload is running inside a confidential enclave as expected, the attestation is outside the control of the Contoso administrators and is based on the hardware root of trust that Confidential Compute provides.
104
104
105
-
:::image type="content" source="media/use-cases-scenarios/manufacturing-ip-protection.jpg" alt-text="Diagram showing a service provider running an industrial control suite from a toy manufacturer inside a Trusted Execution Environment (TEE)":::
105
+
:::image type="content" source="media/use-cases-scenarios/manufacturing-ip-protection.jpg" alt-text="Diagram showing a service provider running an industrial control suite from a toy manufacturer inside a Trusted Execution Environment (TEE).":::
106
106
107
107
## Enhanced customer data privacy
108
108
@@ -116,7 +116,7 @@ Confidential computing goes in this direction by allowing customers incremental
116
116
117
117
### Data sovereignty
118
118
119
-
In Government and public agencies, Azure confidential computing is a solution to raise the degree of trust towards the ability to protect data sovereignty in the public cloud. Moreover, thanks to the increasingly adoption of confidential computing capabilities into PaaS services in Azure, a higher degree of trust can be achieved with a reduced impact to the innovation ability provided by public cloud services. This combination of protecting data sovereignty with a reduced impact to the innovation ability makes Azure confidential computing a very effective response to the needs of sovereignty and digital transformation of Government services.
119
+
In Government and public agencies, Azure confidential computing is a solution to raise the degree of trust towards the ability to protect data sovereignty in the public cloud. Moreover, thanks to the increasing adoption of confidential computing capabilities into PaaS services in Azure, a higher degree of trust can be achieved with a reduced impact to the innovation ability provided by public cloud services. This combination of protecting data sovereignty with a reduced impact to the innovation ability makes Azure confidential computing a very effective response to the needs of sovereignty and digital transformation of Government services.
0 commit comments