Enhance data protection and compliance
Secure key management is essential to protecting data in the cloud. With Azure Cloud HSM, you can safeguard encryption keys in hardware security modules (HSMs) that are FIPS 140-3 Level 3 validated HSMs (hardware and firmware). For added assurance, you can import or generate your encryption keys in Cloud HSM.

Scenarios best fit for Azure Cloud HSM
Azure Cloud HSM is IaaS only, and most suitable for general purpose and applications that interface through PKCS#11, KSP/CNG, JCE and OpenSSL. It's ideal for scenarios where customer applications are hosted on Azure VMs or Web Apps and require cryptographic operations supporting scenarios.

Applications that utilize PKCS#11

ADCS (Active Directory Certificate Services)

SSL/TLS Offload for Nginx and Apache

Microsoft SQL Server TDE (IaaS) through EKM.

Oracle TDE

Document and Code signing.

Java applications that require JCE provider