Microsoft has rolled out Confidential Live Migration for Azure confidential virtual machines, a long-awaited capability that lets security-conscious enterprises move encrypted workloads between physical hosts without ever shutting them down. The feature preserves the full confidentiality and integrity guarantees of AMD SEV-SNP-based trusted execution environments even during a live migration, meaning sensitive data stays encrypted in memory, attestation remains unbroken, and workloads continue running with zero downtime.

For teams running regulated databases, machine learning on private data, or proprietary financial models inside Azure confidential VMs, this closes a major operational gap. Previously, any planned host maintenance or hardware refresh meant either a full VM restart or a migration that temporarily broke the trust boundary—an unacceptable choice for mission-critical secure workloads.

The rise of confidential computing in the cloud

Confidential computing isolates data during processing by executing it inside a hardware-protected trusted execution environment (TEE). On Azure confidential VMs, that TEE comes from AMD’s Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) technology, which encrypts the entire VM’s memory with a key that the hypervisor cannot access. Even a compromised cloud operator or a malicious co-tenant cannot read the VM’s memory or modify its execution state.

This protection extends to the boot process. Every time a confidential VM starts, the AMD secure processor generates an attestation report—a cryptographic proof signed by the hardware itself—that verifies the firmware, OS, and bootloader have not been tampered with. Customers can validate this report against a trusted reference before ever sending sensitive data into the VM.

But the same property that makes confidential VMs so secure has made them stubbornly immovable. Traditional live migration streams the guest’s memory pages from the source host to the destination, then cuts over vCPU state and device states. During that transfer, the hypervisor needs full access to guest memory—something SEV-SNP is explicitly designed to prevent. Without special handling, migrating an encrypted VM would either leave it in an unprotected state or just fail entirely.

Why live migration matters for secure workloads

High availability isn’t just a convenience for enterprise applications; it’s often a contractual SLA requirement. Azure’s platform performs regular host maintenance for security patches, hardware updates, and capacity balancing. For standard VMs, live migration hides these events transparently. For confidential VMs, until now, customers had to schedule maintenance windows, reboot their VMs, and re-establish attestation—a manual, disruptive process.

Consider a healthcare provider running a confidential VM that processes patient genome data. Any outage, even a few minutes, could delay clinical decisions. Or a bank performing real-time fraud detection on encrypted transaction streams. A restart might lose state and trigger lengthy re-authentication flows. Confidential Live Migration eliminates these disruptions.

How Confidential Live Migration works

Microsoft engineers built Confidential Live Migration on top of the foundational capabilities of SEV-SNP, but they had to solve several deep technical challenges. The core innovation is a migration protocol that keeps the VM’s memory encryption intact from source to destination while re-establishing attestation post-migration—all without the guest OS or applications being aware of the move.

Here’s a simplified view of the sequence. When Azure’s fabric controller decides to migrate a confidential VM, it orchestrates a preparation phase on the destination host. The destination TEE initializes a fresh SEV-SNP context and establishes a secure channel with the source TEE. The source host then streams encrypted memory pages over this channel. Crucially, because both ends share a mutually authenticated secure link, the data remains opaque to the hypervisor and the network.

Once the full memory image is transmitted, the vCPU state and device state are transferred. The destination TEE resumes the VM exactly where it left off. At that point, the AMD secure processor on the new host generates a fresh attestation report. The Azure Attestation service validates this report and issues a new JWT token to the guest’s attestation agent—replacing the old token seamlessly. From the workload’s perspective, nothing changed; attestation checks continue to succeed, and all encryption keys remain bound to the hardware.

Microsoft has emphasized that the process is agentless. Customers do not need to install any additional components inside the VM or modify their images. The live migration operates entirely at the hypervisor level, preserving the existing security model.

Preserving the trust boundary

A legitimate security concern arises: does migrating a VM between physical hosts weaken the trust boundary? After all, the TEE moves from one CPU to another, and the attestation report now reflects the new hardware. Microsoft’s design accounts for this by ensuring the attestation report is always freshly signed by the actual hardware that is currently running the VM. Customers can choose to re-verify the new attestation evidence after migration if their policy requires it.

Moreover, the migration protocol itself is integrity-protected. Any attempt by a compromised host or network device to tamper with the encrypted pages would be detected by the destination TEE, and the migration would abort. In that case, the VM either resumes safely on the source host (if it hasn’t been fully committed) or, in the worst case, enters a stop state rather than continue in an untrusted environment.

For highly sensitive deployments, Azure Policy allows customers to disable live migration entirely or restrict it to specific host pools. This gives compliance officers fine-grained control.

Availability and supported configurations

Confidential Live Migration is initially rolling out in public preview across select Azure regions, with general availability planned for later this year based on customer feedback. During the preview, it supports DCasv5 and ECasv5 confidential VM series powered by 4th Gen AMD EPYC processors with SEV-SNP. These VM sizes range from 2 vCPUs and 8 GiB of memory up to 96 vCPUs and 672 GiB, covering a broad spectrum of workloads.

The feature is available at no additional cost beyond the standard confidential VM pricing. Users can opt in via the Azure Portal, CLI, or ARM templates by enabling the confidentialLiveMigration property when creating or updating a VM. Windows Server 2022 and 2019, as well as Ubuntu 22.04 LTS and Red Hat Enterprise Linux 9, are supported as guest OSes.

Microsoft is also working to extend support to DCesv5 and ECesv5 series, which use Intel TDX technology, but that timeline remains separate.

Real-world impact for regulated industries

For financial services, healthcare, and government agencies, Confidential Live Migration removes a major obstacle to adopting confidential computing for production workloads. Many compliance frameworks—such as PCI-DSS, HIPAA, and FedRAMP—require not only data-at-rest and data-in-transit encryption but also strict operational uptime. With live migration, organizations can meet both demands simultaneously.

Early adopters in the preview program have reported seamless failover scenarios during planned maintenance, cutting the operational overhead of managing encrypted VMs by up to 80%. One large European bank is using confidential VMs with Nvidia GPU partitions for risk-model simulations, and live migration allows them to keep those simulations running through host updates that previously required weekend downtimes.

Comparing with other cloud providers

No other major cloud provider currently offers live migration for hardware-protected confidential VMs. AWS Nitro Enclaves provide a different model that isolates a portion of the instance but does not support live migration of the entire VM. Google Cloud Confidential VMs support live migration, but Google’s implementation uses AMD SEV without SEV-SNP’s full attestation protections, so the trust boundary is weaker. Azure’s combination of full SEV-SNP encryption, hardware-rooted attestation, and transparent live migration is an industry first.

This leadership position matters because it signals that the Azure confidential computing stack is maturing from a nice-to-have for boutique security projects into a foundational platform for mainstream enterprise workloads.

What’s next for Azure confidential computing

Confidential Live Migration is one piece of a broader strategy. Microsoft is investing heavily in confidential AI, where GPU-accelerated VMs can process sensitive models and data inside TEEs. Live migration of GPU-enabled confidential VMs is a natural next step, though considerably more complex due to the need to migrate GPU memory state.

Another area of development is confidential containers. Azure Kubernetes Service is already experimenting with confidential node pools, and live migration could eventually enable zero-downtime pod relocation while preserving container-level attestation.

Microsoft also hinted at plans to integrate Confidential Live Migration with Azure Site Recovery for disaster recovery, so that even geo-replicated confidential VMs can fail over without manual attestation reconfiguration.

Practical steps to get started

If you’re already using Azure confidential VMs, check the preview documentation for region availability and enrollment steps. Enabling live migration is a simple configuration change; no guest modifications are needed. However, you should review your attestation policies. If your security team insists on revalidating the attestation report after every migration, make sure your monitoring pipelines are prepared to handle the post-migration attestation event.

For new workloads, start by deploying a DCasv5 or ECasv5 VM with a supported OS image. In the Azure Portal, under the Management tab of the VM creation blade, you’ll find a new toggle for “Enable confidential live migration.” Once enabled, any future host maintenance that Azure schedules will attempt live migration first; if it fails for any reason, the platform falls back to a traditional migration with a brief pause, but that pause is typically less than a second.

Conclusion

Confidential Live Migration finally bridges the gap between high security and high availability for Azure confidential VMs. By keeping data encrypted and attestation intact throughout the move, Microsoft has eliminated the tradeoff that previously forced organizations to choose between uptime and confidentiality. With public preview now open, enterprises can begin testing this capability and preparing for a future where no sensitive workload ever needs a planned restart.