Microsoft unveils Azure Integrated HSM for hardware-backed key protection

Microsoft announced Azure Integrated HSM, a Microsoft-built, tamper-resistant hardware security module integrated into Azure servers and being open-sourced via OCP and GitHub.

• Main announcement: Microsoft will integrate Azure Integrated HSM into every new Azure server as a tamper-resistant, hardware-enforced key protection layer; the firmware, driver, and software stack will be open-sourced via GitHub and an OCP workgroup will be launched to guide ongoing development. The product is engineered to meet FIPS 140‑3 Level 3 and the firmware and independent validation artifacts (including an OCP SAFE audit report) have been published.
• Background and rollout details: Azure Integrated HSM complements Azure Key Vault and Azure Managed HSM, supports standards such as TDISP, enables server-local key protection (keys never appear in host or guest memory), and will be available in Azure V7 virtual machines to all customers globally in the coming weeks; the announcement was made at the OCP EMEA Summit and linked resources are available on GitHub and Microsoft blogs.