Beyond Software: Microsoft Unveils Its Hardware-First Azure Security Strategy
For many years, Microsoft has built its cloud security strategy around hardware, and after a string of high-profile missteps, the company can no longer afford weak points. At the Hot Chips conference, Brian Kelly, Microsoft’s Partner in Security Architecture, detailed how Azure establishes multi-layered protection—from trusted execution environments embedded in processors to custom silicon for key storage and an open trusted boot module.
At the heart of this approach lies isolation. Cryptographic keys have been relocated from external racks into integrated hardware security modules, while virtual machines are separated at the level of trusted execution environments present in modern CPUs and GPUs. Control, data, network, and storage planes have been offloaded onto smart NICs, reducing shared points of contact. The root of trust is implemented through the open-source Caliptra module, which verifies that every component in the stack is truly what it claims to be.
The core highlight of the presentation was the new 2025 hardware: the integrated HSM and Caliptra 2.0, now standard in all fresh Azure deployments. The principle is simple—make each server its own key vault. Traditionally, HSMs operated as external systems, servicing multiple machines over the network. That model struggled with scalability and introduced latency, as workloads had to establish TLS sessions with the external module, wait for the operation, and retrieve results. By embedding the function directly within the same chassis as the applications, Microsoft eliminates this network tax and simplifies fleet expansion.
To this end, Microsoft has engineered the Azure Integrated HSM chip, which provides hardware acceleration for AES and private key operations, communicates with other services through secure interfaces such as the TEE Device Interface Security Protocol (TDISP), and is hardened against physical and side-channel attacks. The tamper-resistant package lacks seams or inspection windows, rendering probing attempts futile—even if the device were physically removed from the datacenter. The module extends Azure’s confidential computing stack, where data is encrypted at rest, in transit, and in memory, while code executes inside isolated enclaves inaccessible to neighboring VMs.
Integrity and authenticity of firmware, hypervisors, devices, and the boot chain are safeguarded by Caliptra, the open-source root of trust launched in 2022 with contributions from Microsoft, AMD, Google, and Nvidia. The 2.0 release introduces the Adam’s Engine, a quantum-resistant cryptographic accelerator, as well as support for the LOCK specification from the Open Compute Project, which governs NVMe key management. Its transparent architecture allows the security community to review implementations openly and identify flaws more rapidly—an essential feature in a domain where algorithms are standardized and improvisation is unacceptable.
Taken together, these innovations form a layered defense architecture: computations isolated in hardware, keys residing in local HSMs adjacent to workloads, system planes offloaded to smart NICs, and an open trusted boot module continuously validating that the platform remains uncompromised. According to Microsoft, this design reduces latency, simplifies scaling for AI and cloud clusters, and closes off traditional attack vectors at the seams between software and hardware. All of this is already being rolled out across Azure’s 2025 fleet.
