What is Azure Attestation?
Azure Attestation is a service for verifying the trustworthiness of Trusted Execution Environments (TEEs). The service validates that code runs in a secure enclave like Intel SGX or AMD SEV-SNP and that the platform has not been compromised.
Attestation is a critical building block for Confidential Computing, where sensitive data remains encrypted even during processing.
Core Features
- Attestation for Intel SGX enclaves
- Attestation for AMD SEV-SNP virtual machines
- Attestation for TPM-based platforms
- Custom attestation policies
- REST API for application integration
- Region-specific attestation providers
Typical Use Cases
Confidential Computing: Verification that workloads actually run in a secure enclave before transferring sensitive data.
Multi-party computation: Establishing trust between different parties that want to jointly process data in a secure environment.
Regulatory compliance: Proof to auditors that sensitive computations take place in a verified secure environment.
Benefits
- Free service for Azure customers
- Hardware-based trust anchor
- Standardized attestation tokens in JWT format
- Support for multiple TEE technologies
Frequently Asked Questions
What is checked during attestation?
The service checks the hardware signature of the TEE, the loaded code (enclave measurement), and platform configuration. The result is a signed token confirming trustworthiness.
Do I need special hardware?
Yes, attestation requires hardware with TEE support. In Azure, these are Confidential VMs with Intel SGX or AMD SEV-SNP. For TPM attestation, a standard TPM 2.0 chip is sufficient.
How do I integrate attestation into my application?
Attestation SDKs are available for C, .NET, Python, and other languages. The application calls the Attestation API and receives a JWT token that can be passed to third parties.
What happens if attestation fails?
Failed attestation indicates compromised hardware, manipulated code, or incorrect configuration. In this case, sensitive data should not be transferred to the environment.
Integration with innFactory
As a Microsoft Solutions Partner, innFactory supports you with Azure Attestation: Confidential Computing architecture, policy design, and secure application development.
