A key aspect of Microsoft's hardware security is isolation. Encryption keys are stored in an integrated hardware security module (HSM), while VMs are isolated from one another using trusted execution environments (TEE) baked into modern CPUs and GPUs. The control, data, networking, and storage planes are all offloaded to smartNICs and an open source Root of Trust (RoT) module ensures everything is what it purports to be.