Infrastructure-as-Code repository for building Confidential VM images and deploying Confidential Compute session hosts for Azure Virtual Desktop.
This repository focuses exclusively on:
- Confidential VM Image Build - Azure Compute Gallery, Image Definitions (
TrustedLaunchAndConfidentialVmSupported), Image Templates (AIB withStandard_DC8as_v6) - Confidential VM Deployment - Session hosts with AMD SEV-SNP / Intel TDX, supporting two encryption modes:
- Option A - Platform-Managed Keys (PMK):
VMGuestStateOnlyencryption, no DES or Managed HSM required - Option B - Customer-Managed Keys (CMK):
DiskWithVMGuestStateencryption with Disk Encryption Set backed by Managed HSM
- Option A - Platform-Managed Keys (PMK):
- Supporting Infrastructure - Key Vault, Managed Identity, Disk Encryption Set, Private Endpoints
| Aspect | PMK (Platform-Managed Keys) | CMK (Customer-Managed Keys) |
|---|---|---|
| Security Encryption Type | VMGuestStateOnly |
DiskWithVMGuestState |
| What's encrypted | VM guest state (vTPM, VMGS) | OS disk + VM guest state |
| Managed HSM required | β No | β Yes |
| Disk Encryption Set required | β No | β Yes |
| RBAC on HSM key | Not needed | Crypto Service Encryption User |
| Pipeline parameter | confidentialCompute: true + customerManagedKeys: false |
confidentialCompute: true + customerManagedKeys: true |
encryptionAtHost |
false |
false |
| Best for | Simpler setup, no key management overhead | Maximum control, regulatory requirements |
confidentialavd/
βββ ComponentLibrary/ # Reusable Bicep modules
β βββ AzureVirtualDesktop/
β β βββ AzureComputeGallery/ # Gallery, Image Definition, Template, Version
β β βββ SessionHost/ # CC & standard session host VMs
β β βββ ManagedIdentity/ # User-Assigned Identity
β βββ DiskEncryptionSet/ # CC disk encryption (Managed HSM + Key Vault variants)
β βββ EventGrid/ # CMK key-expiry alerting (Event Grid + Azure Monitor)
β βββ GuestAttestation/ # CVM Data Collection Rule for attestation monitoring
β βββ KeyVault/ # Secrets management
β β βββ CMK/ # CMK Key Vault, RSA key, rotation policy & private endpoint
β βββ Policy/ # Azure Policy for Guest Attestation compliance
β βββ PrivateEndpoint/ # Private endpoints
β βββ ResourceGroup/ # Subscription-level resource group deployment
β
βββ Environments/
β βββ sub-avd-images-prd/
β β βββ images/
β β βββ AzureComputeGallery/ # CC gallery orchestrator & params
β βββ Hostpools/ # Host pool configuration template
β
βββ Pipelines/
β βββ AVD-GalleryInfrastructure.yml # Deploy gallery + definitions
β βββ AVD-ImageBuild.yml # Build CC image via AIB
β βββ AVD-DeployAdditionalHosts.yml # Deploy CC session hosts
β βββ AVD-DeployCMK.yml # Deploy CMK Key Vault, DES & expiry alerts
β βββ AVD-DeployIMAGER.yml # Deploy imager VM
β βββ AVD-DeployAttestation.yml # Deploy attestation infrastructure + policy
β
βββ Queries/
β βββ attestation-kql-queries.kql # KQL queries for attestation monitoring
β
βββ Operations/ # Day-two operational playbooks (part 4)
β βββ monthly-patch-cycle.md # Four-week cadence aligned with Patch Tuesday
β βββ runbooks.md # Tier 1-4 incident runbooks
β βββ operational-maturity-checklist.md # Self-assessment: Deployed β Resilient
β βββ figure1-operations.png # Series diagram
β
βββ Scripts/
βββ CreateHSM_CMK.ps1 # Create Managed HSM key for CVM encryption
βββ Rotate-CMK.ps1 # Safely rotate CMK key (drain, deallocate, rotate, restart)
βββ Invoke-SafeCMKRotation.ps1 # Autoscale-aware wrapper around Rotate-CMK.ps1
βββ Get-AttestationStatus.ps1 # Check GuestAttestation extension health on all CVMs
βββ Get-AIBPackerLog.ps1 # Retrieve AIB Packer build logs
βββ Register-CCFeatureFlags.ps1 # Register CC feature flags
βββ PAWImageprep.ps1 # Pre-sysprep remediation
βββ Watch-AIBBuild.ps1 # Monitor AIB build progress
βββ ImageCapture/ # VM capture automation
βββ Sysprep/ # Sysprep finalization
Deploy the Compute Gallery, Managed Identity, and CC Image Definition:
az deployment group create \
--subscription <SUBSCRIPTION_ID_IMAGES_PRD> \
--resource-group rg-avd-images-prd-image-weu-001 \
--template-file Environments/sub-avd-images-prd/images/AzureComputeGallery/main.bicep \
--parameters @Environments/sub-avd-images-prd/images/AzureComputeGallery/main.bicepparamOr use pipeline: AVD-GalleryInfrastructure.yml
Deploy the AIB Image Template and trigger the build:
Use pipeline: AVD-ImageBuild.yml with imageProfile: cc and imageType: cvm
Deploy the Key Vault with CMK key, Disk Encryption Set, and key-expiry alerting:
Use pipeline: AVD-DeployCMK.yml - this pipeline has four stages:
- Approval Gate - manual sign-off before any change
- Deploy CMK Key Vault - Premium SKU vault, RSA key with rotation policy, private endpoint, UAMI
- Deploy Disk Encryption Set -
ConfidentialVmEncryptedWithCustomerKeylinked to the Key Vault key - Deploy Key Expiry Alerts (optional) - Event Grid system topic + Azure Monitor alert for
KeyNearExpiry
Skip this step entirely if you use PMK (Platform-Managed Keys).
Deploy CC session hosts using the gallery image:
Use pipeline: AVD-DeployAdditionalHosts.yml with:
confidentialCompute: truecustomerManagedKeys: falsefor PMK (no DES needed)customerManagedKeys: truefor CMK (DES + Managed HSM required)
Deploy the CVM-specific Data Collection Rule, validate GuestAttestation extension health on existing session hosts, and optionally deploy the Azure Policy definition that audits missing/failed GuestAttestation extensions. Session hosts use the Microsoft shared MAA endpoint (https://sharedweu.weu.attest.azure.net) automatically - no custom Attestation Provider is deployed.
Use pipeline: AVD-DeployAttestation.yml - this pipeline has four stages:
- Approval Gate - human sign-off before any changes
- Deploy DCR - CVM-specific Data Collection Rule
- Validate - checks GuestAttestation extension health on all CVMs (runs
Scripts/Get-AttestationStatus.ps1) - Policy (optional) - deploys the
require-guest-attestation-confidential-avdpolicy definition
Run this pipeline once per environment before deploying your first CVM session hosts, or when adding attestation monitoring to an existing Confidential AVD deployment. See ComponentLibrary/GuestAttestation/, ComponentLibrary/Policy/, and Queries/attestation-kql-queries.kql for the underlying modules and monitoring queries.
Once parts 1 to 3 are deployed, the platform moves from a project into day-two operations. The Operations/ folder holds the playbooks that make Confidential AVD actually runnable in production:
monthly-patch-cycle.md- four-week cadence aligned with Patch Tuesday (review β build β test β rollout) that keeps Guest Attestation healthy through Windows updates and AIB image refreshes.runbooks.md- four severity tiers (Minor attestation failure β Moderate zone capacity exhaustion β Major HSM key expiry β Severe regional outage), each with trigger, RTO, recovery steps, and verification criteria.operational-maturity-checklist.md- honest self-assessment across four tiers (Deployed / Monitored / Operable / Resilient) with binary per-item criteria.
The runbooks reference Scripts/Invoke-SafeCMKRotation.ps1, which wraps the nine-step Rotate-CMK.ps1 rotation from part 2 with the AVD autoscale exclusion-tag guard so the two do not race during maintenance windows.
- Feature Flag:
Microsoft.Compute/DCav6Seriesmust be registered (requires support ticket for some regions) - Service Connection: Pipeline service principal with Contributor on images subscription
- Compute Gallery: Must exist before image builds (deployed in Step 1)
- CC VM Size: DC-series or EC-series VMs (e.g.,
Standard_DC4as_v5,Standard_EC8as_v6)
- Managed HSM or Key Vault (Premium): Key must exist for Disk Encryption Set (
ConfidentialVmEncryptedWithCustomerKey)- Managed HSM variant: Use
CreateHSM_CMK.ps1andDiskEncryptionSet/main.bicep - Key Vault variant: Use pipeline
AVD-DeployCMK.ymlwhich deploysKeyVault/CMK/main.bicep+DiskEncryptionSet/cmk-kv.bicep
- Managed HSM variant: Use
- UAMI for DES: Must have
Crypto Service Encryption Userrole on the key - Key Rotation: CVM does not support automatic rotation. Use
Scripts/Rotate-CMK.ps1to safely drain, deallocate, rotate, and restart session hosts - Key Expiry Alerting (optional):
EventGrid/cmk-key-expiry-alert.bicepdeploys Event Grid + Azure Monitor alerts that fire 30 days before the CMK key expires
- π Blog part 1: How to build and deploy confidential AVD images with Azure Image Builder
- π Blog part 2: Customer-Managed Keys for Confidential AVD
- π Blog part 3: Guest Attestation for Confidential AVD
- π Blog part 4: Operating Confidential AVD at Scale
- Azure Confidential VMs
- Azure Image Builder
- Disk Encryption with Confidential VMs