Microsoft brings Trusted Launch in-place upgrades to Azure VMs

Microsoft is making it easier for businesses to secure their cloud workloads. The company has officially announced the general availability of in-place upgrades for Trusted Launch across Azure Virtual Machines and Scale Sets.

The new option allows organizations to enable security features like Secure Boot and vTPM without downtime or complicated migrations. Both Gen1 (BIOS) and Gen2 (UEFI) VMs are supported, with upgrades for Uniform Scale Sets also generally available. For Flex Scale Sets, Microsoft is offering access through a private preview program.

Trusted Launch helps protect virtual machines from advanced threats that attempt to compromise the boot process. With capabilities like Boot Integrity Monitoring, Secure Boot, and virtual TPM (vTPM), Azure VMs can start in a verified, uncompromised state. These protections are also key for meeting compliance standards, including FedRAMP, HIPAA, PCI-DSS, and Azure’s own Security Benchmark.

By rolling out in-place upgrades, Microsoft is ensuring that customers can improve their foundational security without rebuilding infrastructure. The company stresses that disabling Trusted Launch leaves workloads more vulnerable to bootkit attacks, making the upgrade not only recommended but essential.

Microsoft confirms that the Trusted Launch upgrade is offered at no additional cost. Customers can find detailed step-by-step guidance for upgrading Gen1 and Gen2 VMs, as well as Scale Sets, through official Azure documentation.

For IT admins, this rollout means less disruption and faster adoption of essential protections. Whether running existing workloads or planning new deployments, Trusted Launch is designed to be a first line of defense against modern threats in the cloud.

With in-place upgrade support now live, Microsoft is urging organizations to begin upgrading their Azure resources immediately, ensuring that virtual machines and scale sets are ready for today’s threat landscape and future compliance demands.