Ensure Trusted Launch is enabled on Virtual Machines
Why This Matters
Trusted Launch combines Secure Boot and virtual Trusted Platform Module (vTPM) to protect Azure virtual machines from boot-level attacks such as bootkits, rootkits, and firmware rootkits. Without this protection, an attacker who gains low-level access can replace bootloaders or tamper with the boot process, potentially compromising system integrity and data security. Enabling Trusted Launch helps detect unauthorized boot changes and prevents malicious code from executing during startup.
What Aether365 Checks
Aether365 verifies that Trusted Launch is enabled on Azure Virtual Machines, confirming that both Secure Boot and vTPM are active. This check appears in your Aether365 dashboard under the azure-azure-virtual-machines checks section.
How to Fix
To enable Trusted Launch on an existing Generation 2 VM using the Azure portal: