Secure multi-party computation demonstrations using Azure Confidential Computing with AMD SEV-SNP hardware protection — available as ACI confidential containers and as Confidential Virtual Machines (CVMs).
Each sample shows multiple organizations collaborating on shared analytics while keeping their raw data encrypted at rest, decrypted only inside a TEE, and cryptographically isolated from each other and the cloud operator.
| Sample | Parties | TEE | Highlight |
|---|---|---|---|
advanced-app-federated/ ⭐ NEW |
4 (Contoso, Fabrikam, Wingtip, Woodgrove) | ACI confidential | Federated analytics — only aggregates leave each TEE |
advanced-app/ |
3 (Contoso, Fabrikam, Woodgrove) | ACI confidential (+ optional AKS virtual nodes) | Cross-company partner analytics with delegated key access |
advanced-app-cvm/ |
3 (Contoso, Fabrikam, Woodgrove) | Ubuntu 24.04 CVM (DCas_v5) | Same scenario, but on Confidential VMs with App Gateway / WAF |
advanced-app-finance-openAI/ |
3 (Contoso, Fabrikam, Woodgrove) | ACI confidential | Adds an Azure OpenAI chat assistant over aggregate results |
demo-app/ |
2 (Contoso, Fabrikam) | ACI confidential | Minimal 2-party intro — encrypted-data-in-untrusted-storage |
All samples share the same trust model: a per-party HSM key in Azure Key Vault
released only to a TEE that passes Microsoft Azure Attestation
(x-ms-attestation-type: sevsnpvm), with the CCE policy hash
(or CVM platform hash) baked into the release policy.
Four independent parties — Contoso, Fabrikam, Wingtip Toys, and Woodgrove Bank — each run the same image with their own data, identity, and Key Vault. Woodgrove orchestrates a federated analysis: each partner decrypts its own data inside its own TEE, computes aggregates locally, and returns only counts / averages / percentages. No PII ever leaves a partner's TEE.
Key features:
- 4-way side-by-side UI; Woodgrove's pane gets the full architecture diagram and federated-analysis controls.
- Live RSA-OAEP-SHA256 encryption panel after key release.
- Cross-company key-access denial demo (Contoso trying Fabrikam's key fails).
- Operator-lockout demo (
exec, SSH, shell-spawn all blocked by CCE policy). - Demographics dashboard combining 750 records into country/city/generation/ blood-type/medical-condition aggregates with a salary world map.
Quick start:
cd advanced-app-federated
.\Deploy-MultiParty.ps1 -Prefix <yourcode> -Build -DeploySee advanced-app-federated/README-MultiParty.md
and DEMO-SCRIPT.md.
Woodgrove acts as a trusted analytics partner with delegated Key Vault access to Contoso and Fabrikam. Demonstrates centralized cross-company analytics inside a TEE (rather than the federated model above).
Quick start:
cd advanced-app
# Direct ACI
.\Deploy-MultiParty.ps1 -Prefix <yourcode> -Build -Deploy
# Or AKS confidential virtual nodes
.\Deploy-MultiParty.ps1 -Prefix <yourcode> -Build -Deploy -AKSThe 3-party scenario from advanced-app/ deployed on Ubuntu 24.04
Confidential VMs (DCas_v5) instead of containers.
| Aspect | ACI (advanced-app/) |
CVM (advanced-app-cvm/) |
|---|---|---|
| TEE | ACI confidential containers | Ubuntu 24.04 CVM (DCas_v5) |
| Attestation | ACI SKR sidecar | CVM SKR shim via vTPM + guest attestation |
| Key binding | Per-container CCE policy hash | Hardware attestation (azure-compliant-cvm + sevsnpvm) + KV access policies |
| Operator lockout | Enforced by CCE policy | Compensating controls (SSH off, NSG deny-all, no Bastion) |
| Networking | Per-container public FQDN | Private VNet + Application Gateway WAF_v2 |
| Disk encryption | N/A (ephemeral) | Confidential OS disk with CMK |
Quick start:
cd advanced-app-cvm
.\Deploy-MultiPartyCVM.ps1 -Prefix <yourcode>
.\Deploy-MultiPartyCVM.ps1 -Prefix <yourcode> -EnableDebug # SSH + Bastion for triageSee advanced-app-cvm/README.md.
5,000+ synthetic financial transactions across Contoso and Fabrikam, with an Azure OpenAI (gpt-4o-mini) chat assistant on the Woodgrove side that can answer natural-language questions over the aggregate analytics — the LLM never sees raw rows.
Quick start:
cd advanced-app-finance-openAI
.\Deploy-MultiFinanceAI.ps1 -Prefix <yourcode> -Build -DeploySee advanced-app-finance-openAI/README.md.
Two confidential containers (Contoso, Fabrikam) each holding their own SKR-protected key. The simplest entry point — no partner analytics, no federation. Useful as a "hello world" for SKR + attestation.
Quick start:
cd demo-app
.\Deploy-SimpleDemo.ps1 -Prefix <yourcode> -Build -DeploySee demo-app/README-MultiParty.md.
Just learning SKR + attestation? → demo-app/
Want partner analytics on containers? → advanced-app/
Same scenario, but VM-based? → advanced-app-cvm/
Want LLM-over-private-data on top? → advanced-app-finance-openAI/
Need true federation (no raw data shared)? → advanced-app-federated/ ⭐
- Azure CLI 2.60+ with
confcomextension:az extension add --name confcom --upgrade
- Docker Desktop (for security-policy generation)
- Azure subscription with Confidential Container quota
- PowerShell 7.0+ recommended
- Azure PowerShell (
Azmodule):Install-Module -Name Az -Force - Subscription with DCas_v5 quota in the target region
- Contributor on the subscription, signed in via
Connect-AzAccount
These samples were authored with heavy AI assistance (GitHub Copilot, Claude, GPT). They are intended for demonstration and education. Review carefully — especially the cryptographic and attestation paths — before adapting to production.
Provided AS IS, without warranty of any kind. Users are responsible for:
- Security review of all code
- Compliance with organizational policy
- Validating cryptographic and attestation flows
- Proper key management
