The Microsoft Home windows Key Administration Licensing Service (MKMS) has been migrated to Azure to leverage applied sciences similar to Azure Confidential Computing (ACC) and Managed {Hardware} Safety Modules (mHSM). ACC’s foremost profit is Trusted Execution Environments (TEEs) which create safe, remoted enclaves throughout the processor the place information is encrypted whereas being processed.

As for mHSMs, these are bodily, hardened units that generate, retailer, and shield cryptographic keys. They’re extremely immune to bodily and logical assaults and may self-destruct or erase keys if any tampering is detected.

MKMS processes billions of licensing requests every day for merchandise together with the Home windows working system, functions, and video games. With this transfer to Azure, all of this might be finished much more securely. Outlining the advantages of the transfer, Microsoft stated: “Transitioning from a number of extremely safe on-prem information facilities to strategically chosen Azure areas has enabled larger reliability, stronger safety, and a seamless buyer expertise for the service.”

Microsoft’s Azure Confidential Computing is predicated on AMD EPYC CPUs with Safe Encrypted Virtualization – Safe Nested Paging (SEV-SNP) which protects information throughout processing in hardware-based Trusted Execution Environments (TEEs). One of many perks of that is that it prevents unauthorized entry to the info, even by cloud directors. Azure already encrypts the info when it is at relaxation and in transit and Confidential Digital Machines (CVMs) encrypt the info when it’s within the reminiscence getting used.

For a little bit of background, TEEs in Azure are specialised, remoted areas throughout the CPU and reminiscence that shield code and information from tampering and unauthorized entry. Azure implements them utilizing {hardware} security measures and encryption.

With this shift to the cloud, Microsoft expects to see improved reliability and stronger safety for licensing, in comparison with the on-premises strategy it has been utilizing so far. The Redmond big stated that the transfer aligns with its Safe Future Initiative, which goals to safe Microsoft’s operations. It additionally helps with capital expenditure because it reduces prices because of the elimination of {hardware} refreshes.

One other profit is that Microsoft has extra flexibility on the subject of scaling as cloud pricing is extra elastic and the corporate solely must pay for what it makes use of. The corporate has additionally managed to cut back upfront {hardware} investments and ongoing upkeep prices whereas sustaining excessive throughput, velocity, and reliability; it claims that it’s seeing outcomes on par with or higher than its earlier on-premises setting.

Supply: Microsoft