This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
In this tutorial, you use Azure portal to deploy a confidential container to Azure Container Instances with a development confidential computing enforcement policy. After deploying the container, you can browse to the running application.
Note
When deploying confidential containers on Azure Container Instances via Portal you will only be able to deploy with a development confidential computing enforcement policy. This policy is only recommended for development and test workloads. Logging, and exec functionality are still available in the container group when using this policiy and software components are not validated. To full attest your container group while running production workloads, it is recommended that you deploy with a custom confidential computing enforcement policy via an Azure Resource Manager template. For more information, see the tutorial.
Sign in to the Azure portal at https://portal.azure.com
If you don't have an Azure subscription, create a free account before you begin.
On the Azure portal homepage, select Create a resource.
Select Containers > Container Instances.
On the Basics page, choose a subscription and enter the following values for Resource group, Container name, Image source, and Container image.
myresourcegrouphelloworldWest Europe/North Europe/East USConfidential (development policy)mcr.microsoft.com/acc/samples/aci/helloworld:2.8 (Linux)
Note
When deploying confidential containers on Azure Container Instances via Portal you will only be able to deploy with a development confidential computing enforcement policy. This policy is only recommended for development and test workloads. Logging, and exec functionality are still available in the container group when using this policiy and software components are not validated. To full attest your container group while running production workloads, it is recommended that you deploy with a custom confidential computing enforcement policy via an Azure Resource Manager template. For more information, see the tutorial.
Leave all other settings as their defaults, then select Review + create.
When the validation completes, you're shown a summary of the container's settings. Select Create to submit your container deployment request.
When deployment starts, a notification appears that indicates the deployment is in progress. Another notification is displayed when the container group deployed.
Open the overview for the container group by navigating to Resource Groups > myACIRG > helloworld. Make a note of the IP of the container instance and its Status.
On the Overview page, note the Status of the instance and its IP address.
Once its status is Running, navigate to the IP address in your browser.
The presence of the attestation report below the Azure Container Instances logo confirms that the container is running on hardware that supports a hardware-based and attested trusted execution environment (TEE). If you deploy to hardware that doesn't support a TEE, for example by choosing a region where the ACI Confidential SKU isn't available, no attestation report is shown.
Congratulations! You deployed a confidential container on Azure Container Instances, which displays a hardware attestation report in your browser.
When you're done with the container, select Overview for the helloworld container instance, then select Delete.
In this tutorial, you created a confidential container on Azure Container instances with a development confidential computing enforcement policy. If you would like to deploy a confidential container group with a custom computing enforcement policy continue to the confidential containers on Azure Container Instances - deploy with Azure Resource Manager template tutorial.
Training
Module
Run container images in Azure Container Instances - Training
Run container images in Azure Container Instances
Certification
Microsoft Certified: Azure Developer Associate - Certifications
Build end-to-end solutions in Microsoft Azure to create Azure Functions, implement and manage web apps, develop solutions utilizing Azure storage, and more.
Documentation
In this tutorial, you create an AKS cluster via Azure portal and then deploy virtual nodes on Azure Container Instances via a Helm chart.
Tutorial - Deploy a Spot container group on Azure Container Instances - Azure Container Instances
In this quickstart, you use the Azure CLI to quickly deploy a Spot container on Azure Container Instances
Learn how to create an Azure Resource Manager template for a confidential container deployment with a custom confidential computing enforcement policy.