Standard virtual machines offer no protection against a compromised hypervisor, cloud operator access, or memory dump attacks. Azure Confidential Computing changes that guarantee at the hardware level, and Azure Virtual Desktop now supports it.

In this session, we walk end-to-end through building and deploying a fully confidential AVD environment: from automating image creation with Azure Image Builder and Bicep IaC, to configuring Customer-Managed Keys backed by a Managed HSM, to deploying DCasv5 session hosts with SEV-SNP memory encryption enabled.

The session closes with a live attestation walkthrough: we request a hardware-signed JWT from the Azure Instance Metadata Service, decode the MAA token, and verify that the workload is genuinely running on AMD SEV-SNP hardware with the expected boot measurements.

You will leave with a clear mental model of confidential compute, a reusable Bicep and PowerShell codebase, and the ability to prove to auditors and regulators that your AVD environment meets hardware-level isolation guarantees.

Target audience: Cloud architects, Azure administrators, and security engineers working on regulated or sensitive workloads. Intermediate to advanced level; familiarity with Azure Virtual Desktop and basic IaC concepts is assumed.

Preferred duration: 45 or 60 minutes (including live demo). Can be adapted to 75 minutes with extended Q&A and a deeper attestation policy walkthrough.

Technical requirements: Projector or large display at 1920x1080 minimum. Reliable internet connection required for the live Azure demo. A fallback recorded demo is available if live connectivity cannot be guaranteed.

Session tags: Azure Virtual Desktop, Confidential Computing, Security, IaC / Bicep, Azure Image Builder,

Additional resources:
All code referenced is publicly available at github.com/yannickdils/confidentialavd.

Supporting blog posts are published at tunecom.be.