Reply to post:

Rogue sysadmins the target of Microsoft's new 'Shielded VM' security

TheVogon

"if you can move to replacement hardware then you can copy it."

You can copy the encrypted VM container, yes. That doesn't give you any access to the data...

"If you have access to take the VM, you also have access to take any needed keys."

No, you don't. Even the rights of admins can be limited to just the access required via JEA or the existing granular ACLs - see: https://msdn.microsoft.com/en-us/library/dn896648.aspx

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon