vTPM Should be Enabled on Supported Virtual Machines
- Former user (Deleted)
Analytics
Description:
Enable virtual TPM device on supported virtual machines to facilitate Measured Boot and other OS security features that require a TPM. Once enabled, vTPM can be used to attest boot integrity. This assessment only applies to trusted launch enabled virtual machines.
Important:
Trusted launch requires the creation of new virtual machines.
You can't enable trusted launch on existing virtual machines that were initially created without it.
Trusted launch is currently in public preview. The preview is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. Learn more in Trusted launch for Azure virtual machines.
Remediation/Reference:
Enabling vTPM will trigger an immediate SYSTEM REBOOT. To enable it:
1. Select the VM.
2. On the VM page, navigate to the 'Configuration' tab.
3. On the 'Configuration' page, check 'vTPM'.
4. Click 'Save'.