To ensure and validate Sovereign Landing Zone (SLZ) deployed infrastructure serves confidential needs of the customers' workloads, we have designed a Human Resources (HR) confidential sample application to:
- Prevent Microsoft operators from accessing your data at rest, in transit, or in use, when configured as directed.
- Prevent unauthorized access when the workloads are running with Azure confidential computing resources.
- Allow only customers with the proper access policies to access secret keys stored in protected managed enclaves. Microsoft personnel or anyone else can't access the secret keys.
- Validate that applied SLZ policies work as expected; policies are applied and enforced, and policies are auditable on change.
Azure confidential computing enhances the security posture of your applications by protecting data and code when in use that is when running and being processed in memory. This extra level of protection elevates the existing security posture in Azure by running applications in hardware-encrypted trusted execution environments.
After completing this tutorial, you'll learn about common confidential use cases validated on an end-to-end sovereign application. Follow these steps in order to complete the tutorial.
- Scenario and use cases
- Architecture
- Prerequisites
- Deployment
- Managing application
- Clean up resources
Common known issues and FAQ are listed in our Known Issues and FAQ page.
If you can't find an answer in the known issues page, log issues to GitHub issues
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.