GA: Enhanced Audit in Azure Security Baseline for Linux

Microsoft

Sep 02, 2025

We’re thrilled to announce the General Availability (GA) of the Enhanced Azure Security Baseline for Linux—a major milestone in cloud-native security and compliance. This release brings powerful, audit-only capabilities to over 1.6 million Linux devices across all Azure regions, helping enterprise customers and IT administrators monitor and maintain secure configurations at scale.

What Is the Azure Security Baseline for Linux?

The Azure Security Baseline for Linux is a set of pre-configured security recommendations delivered through Azure Policy and Azure Machine Configuration. It enables organizations to continuously audit Linux virtual machines and Arc-enabled servers against industry-standard benchmarks—without enforcing changes or triggering auto-remediation.

This GA release focuses on enhanced audit capabilities, giving teams deep visibility into configuration drift and compliance gaps across their Linux estate. For our remediation experience, there is a limited public preview available here: What is the Azure security baseline for Linux? | Microsoft Learn

Why Enhanced Audit Matters

In today’s hybrid environments, maintaining compliance across diverse Linux distributions is a challenge. The enhanced audit mode provides:

Granular insights into each configuration check
Industry aligned benchmark for standardized security posture
Detailed rule-level reporting with evidence and context
Scalable deployment across Azure and Arc-enabled machines

Whether you're preparing for an audit, hardening your infrastructure, or simply tracking configuration drift, enhanced audit gives you the clarity and control you need—without enforcing changes.

Key Features at GA

✅ Broad Linux Distribution Support

📘 Full distro list: Supported Client Types

🔍 Industry-Aligned Audit Checks

The baseline audits over 200+ security controls per machine, aligned to industry benchmarks such as CIS. These checks cover:

OS hardening
Network and firewall configuration
SSH and remote access settings
Logging and auditing
Kernel parameters and system services

Each finding includes a description and the actual configuration state—making it easy to understand and act on.

🌐 Hybrid Cloud Coverage

The baseline works across:

Azure virtual machines
Arc-enabled servers (on-premises or other clouds)

This means you can apply a consistent compliance standard across your entire Linux estate—whether it’s in Azure, on-prem, or multi-cloud.

🧠 Powered by Azure OSConfig

The audit engine is built on the open-source Azure OSConfig framework, which performs Linux-native checks with minimal performance impact. OSConfig is modular, transparent, and optimized for scale—giving you confidence in the accuracy of audit results.

📊 Enterprise-Scale Reporting

Audit results are surfaced in:

Azure Policy compliance dashboard
Azure Resource Graph Explorer
Microsoft Defender for Cloud (Recommendations view)

You can query, export, and visualize compliance data across thousands of machines—making it easy to track progress and share insights with stakeholders.

💰 Cost

There’s no premium SKU or license required to use the audit capabilities with charges only applying to the Azure Arc managed workloads hosted on-premises or other CSP environments—making it easy to adopt across your environment.

How to Get Started

Review the Quickstart Guide
📘 Quickstart: Audit Azure Security Baseline for Linux
Assign the Built-In Policy
Search for “Linux machines should meet requirements for the Azure compute security baseline” in Azure Policy and assign it to your desired scope.
Monitor Compliance
Use Azure Policy and Resource Graph to track audit results and identify non-compliant machines.
Plan Remediation
While this release does not include auto-remediation, the detailed audit findings make it easy to plan manual or scripted fixes.