Saturday, July 1, 2023

Azure: ARM template for simple Win2k22 VM with trusted launch

 It was recently announced that trusted launch is now enabled by default when deploying new Gen 2 VMs via the portal.

I have modified an ARM template for a simple Windows Server 2022 to include the Trusted Launch security features. The addition to the template is a "securityProfile" section under the virtual machine resource:

"securityProfile": {
  "securityType": "[parameters('securityType')]",
  "uefiSettings": {
  "secureBootEnabled": "[parameters('secureBoot')]",
  "vTpmEnabled": "[parameters('vTPM')]"

Where securityType is TrustedLaunch and the other two are bool types set to true.

You can verify that the settings are configured correctly on the Overview page of the VM, see below:

There is a bit more info on how the VM is configured here.

The ARM template is available on Github, link to files:

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.