Learn how Microsoft Azure Integrated HSM delivers hardware‑enforced key protection in the cloud, combining FIPS Level 3 assurances with transparency and open‑source collaboration.

Azure's blog provides insights into cloud computing, infrastructure as a service (IaaS), and platform as a service (PaaS), offering documentation, tutorials, and best practices for deploying and managing applications on Microsoft Azure cloud platform. By exploring Azure's curated content, developers can learn about virtual machines, Azure App Service, Azure Functions, and Azure DevOps for building, deploying, and scaling applications in the cloud. Whether you're migrating existing workloads or developing cloud-native applications, Azure offers resources to accelerate your cloud journey and achieve business goals.

Microsoft Azure

Microsoft is open-sourcing the Azure Integrated HSM, a tamper-resistant hardware security module built into every new Azure server. Engineered to meet FIPS 140-3 Level 3 standards, it brings hardware-enforced cryptographic key protection directly to the compute layer rather than relying solely on centralized services. The firmware, driver, and software stack are now available on GitHub, with an OCP workgroup planned to guide ongoing development. Keys are designed to never leave the hardware boundary, eliminating entire classes of memory-based key exfiltration attacks. The HSM supports TDISP for integration with confidential computing environments and will be available in Azure V7 VMs globally in the coming weeks.

Enforcing trust and transparency: Open-sourcing the Azure Integrated HSM

Reinforcing transparency through trust with open-sourced designs

Setting a new standard for server-local key protection at scale