Intel Israel and Microsoft Remove a Key Limitation in Secured Cloud
16 June, 2026
A breakthrough: Intel Israel’s security team enabled encrypted virtual machines to move between Azure servers without downtime
[Photo: The Intel Israel engineering team behind the development of the new capability. Photo credit: Aviv Harel]
By Yohai Schwiger
At its Build conference in Seattle, Microsoft unveiled a new capability called Confidential Live Migration, which allows encrypted virtual machines (VMs) to be moved between servers in Azure data centers without interruption. The technology was developed by a team of approximately 20 engineers from Intel Israel’s security group and is built on Intel’s TDX platform, which is integrated into the company’s Xeon server processors.
The new capability addresses one of the most significant limitations in the field of confidential computing—a rapidly growing area designed to enable organizations to run sensitive workloads in the cloud while protecting data even from the cloud provider itself. While conventional virtual machines have long supported live migration for maintenance, load balancing, and infrastructure upgrades, encrypted VMs have traditionally required downtime whenever they needed to be moved to another server.
The challenge stems from the security mechanisms that make confidential computing possible. Technologies such as Intel TDX encrypt and isolate a virtual machine’s memory at the hardware level, preventing access not only by the cloud provider’s administrators but also by the host operating system and cloud management software. This additional layer of protection is particularly valuable for financial institutions, healthcare organizations, government agencies, and other enterprises handling highly sensitive information.
“This feature is entirely an Israeli development,” said Boaz Tamir, Senior Director at Intel. “We can move an encrypted virtual machine from one server to another while it continues running, without the customer noticing anything. For customers, this means higher service availability. For cloud providers, it means greater flexibility in managing infrastructure without compromising the security model.”
According to Tamir, the architecture, development, and validation of the new capability were all carried out by Intel’s security team in Haifa. The engineering challenge involved securely transferring the VM’s execution state, encrypted memory, encryption keys, and trust mechanisms between two separate servers, while cryptographically verifying the target environment and maintaining uninterrupted service.
Bringing Secure Hardware Trust to the Cloud
At the heart of the development is Intel TDX (Trust Domain Extensions), one of Intel’s flagship security technologies for its Xeon processor family. TDX enables the creation of isolated and encrypted computing environments known as Trust Domains, where sensitive workloads can run without exposure to the host operating system, cloud management software, or even data center operators.
In essence, Intel is extending the hardware-based trust model traditionally associated with secure enclaves into the world of cloud infrastructure and hyperscale data centers.
TDX is part of the broader confidential computing movement, which has emerged as one of the fastest-growing segments of cloud infrastructure. While traditional security approaches focus on encrypting data at rest or in transit, confidential computing aims to protect data while it is actively being processed. This means that information remains protected even when loaded into server memory and being analyzed by applications or AI models.
Demand for such capabilities continues to rise as organizations move increasingly sensitive workloads to public cloud environments. Banks, insurance companies, healthcare providers, government agencies, and technology firms are seeking to leverage cloud scalability while reducing the need to place complete trust in infrastructure providers. At the same time, the rapid adoption of AI is driving new requirements for secure processing of medical, financial, industrial, and defense-related data.
Eliminating a Major Operational Barrier
For Microsoft, the new capability removes one of the primary operational constraints that have historically affected confidential computing services. Routine maintenance tasks—including server upgrades, hardware replacements, and load balancing—have often required temporary shutdowns of encrypted virtual machines.
With Confidential Live Migration, those operations can now be performed transparently, much like they are for standard virtual machines, while preserving the security guarantees of confidential computing.
The project also highlights Intel Israel’s role in developing core technologies for the global TDX platform. Unlike customer-specific software projects, TDX is a foundational element of Intel’s server security architecture. As a result, the expertise and technologies developed by the Israeli team become part of a broader platform used by cloud providers and secure applications worldwide.
As Microsoft rolls out the new capability across Azure’s DCesv6, ECesv6, DCedsv6, and ECedsv6 server families, Intel is already working on the next generation of confidential computing technologies. The company says its Israeli TDX development team is also building a new capability called TDX Connect, designed to further expand the possibilities of secure computing within data centers.
Over the past decade, competition among cloud providers has largely focused on performance, cost efficiency, and AI capabilities. In the years ahead, however, one of the industry’s most important battlegrounds may be the ability to guarantee that even the cloud provider itself cannot access customer data.
The joint Microsoft–Intel development offers a glimpse of that future: a cloud environment where security, privacy, and high availability coexist without compromise.
Posted in: News
