Microsoft Shifts Windows Licensing to Azure with Confidential Computing

Microsoft just moved one of its most sensitive workloads, Windows Licensing, fully to Azure. With the help of Confidential Computing and Managed HSMs, the licensing engine that powers billions of secure activations now runs in the cloud.

This is a big shift for the Windows Key Management Licensing Service (MKMS). It handles billions of requests daily, validating software access across Windows, Office, and Xbox. Now, it does all that with cryptographic protection built on Azure Confidential Virtual Machines and secure hardware-backed keys.

The move away from on-prem datacenters means Microsoft no longer needs constant hardware refreshes. Instead, it gets elastic compute, geographic redundancy, and faster scale. More importantly, MKMS now benefits from defense-in-depth security, from encrypted data in use, to isolated execution environments with AMD EPYC processors.

This move highlights how Microsoft is now using the most secure, high-throughput cryptographic platform ever deployed in Azure. And it’s not just about speed, it’s about trust. Every cryptographic key is secured with FIPS-certified HSMs, while all licensing operations are monitored, logged, and auditable.

This upgrade also supports Microsoft’s Secure Future Initiative. Confidential Computing blocks even cloud admins from viewing license data mid-process, and Azure’s global regions keep the service online even during local outages.