Microsoft is advancing cloud and AI innovation with a clear focus on security, quality, and responsible practices. At Ignite 2025, Azure Linux reflects that commitment. As Microsoft’s ubiquitous Linux OS, it powers critical services and serves as the hub for security innovation. This year’s announcements, Azure Linux with OS Guard public preview and GA of pod sandboxing, reinforce security as one of our core priorities, helping customers build and run workloads with confidence in an increasingly complex threat landscape.
Announcing OS Guard Public Preview
We’re excited to announce the public preview of Azure Linux with OS Guard at Ignite 2025! OS Guard delivers a hardened, immutable container host built on the FedRAMP-certified Azure Linux base image. It introduces a significantly streamlined footprint with approximately 100 fewer packages than the standard Azure Linux image, reducing the attack surface and improving performance. FIPS mode is enforced by default, ensuring compliance for regulated workloads right out of the box. Additional security features include dm-verity for filesystem immutability, Trusted Launch backed by vTPM-secured keys, and seamless integration with AKS for container workloads. Built with upstream transparency and active Microsoft contributions, OS Guard provides a secure foundation for containerized applications while maintaining operational simplicity.
During the preview period, code integrity and mandatory access Control (SELinux) are enabled in audit mode, allowing customers to validate policies and prepare for enforcement without impacting workloads.
General Availability: Pod Sandboxing for stronger isolation on AKS
We’re also announcing the GA of pod sandboxing on AKS, delivering stronger workload isolation for multi-tenant and regulated environments. Based on the open source Kata project, Pod Sandboxing introduces VM-level isolation for containerized workloads by running each pod inside its own lightweight virtual machine using Kata Containers, providing a stronger security boundary compared to traditional containers.
Connect with us at Ignite
Meet the Azure Linux team and see these innovations in action:
- Ignite: Join us at our breakout session (https://ignite.microsoft.com/en-US/sessions/BRK144) and visit the Linux on Azure Booth for live demos and deep dives.
|
Session Type |
Session Code |
Session Name |
Date/Time (PST) |
|
Breakout |
BRK 143 |
Optimizing performance, deployments, and security for Linux on Azure |
Thu, Nov 20/ 1:00 PM – 1:45 PM |
|
Breakout |
BRK 144 |
Wed, Nov 19/ 1:30 PM – 2:15 PM | |
|
Breakout |
BRK 104 |
From VMs and containers to AI apps with Azure Red Hat OpenShift |
Thu, Nov 20/ 8:30 AM – 9:15 AM |
|
Theatre |
TRH 712 |
Tue, Nov 18/ 3:15 PM – 3:45 PM | |
|
Theatre |
THR 701 |
From Container to Node: Building Minimal-CVE Solutions with Azure Linux |
Wed, Nov 19/ 3:30 PM – 4:00 PM |
|
Lab |
Lab 505 |
Fast track your Linux and PostgreSQL migration with Azure Migrate |
Tue, Nov 18/ 4:30 PM – 5:45 PM PST Wed, Nov 19/ 3:45 PM – 5:00 PM PST Thu, Nov 20/ 9:00 AM – 10:15 AM PST |
Whether you’re migrating workloads, exploring security features, or looking to engage with our engineering team, we’re eager to connect and help you succeed with Azure Linux.
Resources to get started
- Azure Linux OS Guard Overview & QuickStart: https://aka.ms/osguard
- Pod Sandboxing Overview & QuickStart: https://aka.ms/podsandboxing
- Azure Linux Documentation: https://learn.microsoft.com/en-us/azure/azure-linux/
Microsoft