We’re thrilled to announce the General Availability (GA) of the Enhanced Azure Security Baseline for Linux—a major milestone in cloud-native security and compliance. This release brings powerful, audit-only capabilities to over 1.6 million Linux devices across all Azure regions, helping enterprise customers and IT administrators monitor and maintain secure configurations at scale.
What Is the Azure Security Baseline for Linux?
The Azure Security Baseline for Linux is a set of pre-configured security recommendations delivered through Azure Policy and Azure Machine Configuration. It enables organizations to continuously audit Linux virtual machines and Arc-enabled servers against industry-standard benchmarks—without enforcing changes or triggering auto-remediation.
This GA release focuses on enhanced audit capabilities, giving teams deep visibility into configuration drift and compliance gaps across their Linux estate. For our remediation experience, there is a limited public preview available here: What is the Azure security baseline for Linux? | Microsoft Learn
Why Enhanced Audit Matters
In today’s hybrid environments, maintaining compliance across diverse Linux distributions is a challenge. The enhanced audit mode provides:
- Granular insights into each configuration check
- Industry aligned benchmark for standardized security posture
- Detailed rule-level reporting with evidence and context
- Scalable deployment across Azure and Arc-enabled machines
Whether you're preparing for an audit, hardening your infrastructure, or simply tracking configuration drift, enhanced audit gives you the clarity and control you need—without enforcing changes.
Key Features at GA
✅ Broad Linux Distribution Support
📘 Full distro list: Supported Client Types
🔍 Industry-Aligned Audit Checks
The baseline audits over 200+ security controls per machine, aligned to industry benchmarks such as CIS. These checks cover:
- OS hardening
- Network and firewall configuration
- SSH and remote access settings
- Logging and auditing
- Kernel parameters and system services
Each finding includes a description and the actual configuration state—making it easy to understand and act on.
🌐 Hybrid Cloud Coverage
The baseline works across:
- Azure virtual machines
- Arc-enabled servers (on-premises or other clouds)
This means you can apply a consistent compliance standard across your entire Linux estate—whether it’s in Azure, on-prem, or multi-cloud.
🧠 Powered by Azure OSConfig
The audit engine is built on the open-source Azure OSConfig framework, which performs Linux-native checks with minimal performance impact. OSConfig is modular, transparent, and optimized for scale—giving you confidence in the accuracy of audit results.
📊 Enterprise-Scale Reporting
Audit results are surfaced in:
- Azure Policy compliance dashboard
- Azure Resource Graph Explorer
- Microsoft Defender for Cloud (Recommendations view)
You can query, export, and visualize compliance data across thousands of machines—making it easy to track progress and share insights with stakeholders.
💰 Cost
There’s no premium SKU or license required to use the audit capabilities with charges only applying to the Azure Arc managed workloads hosted on-premises or other CSP environments—making it easy to adopt across your environment.
How to Get Started
- Review the Quickstart Guide
📘 Quickstart: Audit Azure Security Baseline for Linux - Assign the Built-In Policy
Search for “Linux machines should meet requirements for the Azure compute security baseline” in Azure Policy and assign it to your desired scope. - Monitor Compliance
Use Azure Policy and Resource Graph to track audit results and identify non-compliant machines. - Plan Remediation
While this release does not include auto-remediation, the detailed audit findings make it easy to plan manual or scripted fixes.
Final Thoughts
This GA release marks a major step forward in securing Linux workloads at scale. With enhanced audit now available, enterprise teams can:
- Improve visibility into Linux security posture
- Align with industry benchmarks
- Streamline compliance reporting
- Reduce risk across cloud and hybrid environments