Sudhanva details Azure Linux security innovations introduced at Ignite 2025, including OS Guard and pod sandboxing in AKS, offering cloud practitioners stronger workload isolation and compliance capabilities.

Azure Linux: Security-Focused Cloud Innovation at Ignite 2025

Overview

Microsoft continues advancing cloud and AI innovation with a sharp focus on security, quality, and responsible development. At Ignite 2025, Azure Linux stands out, powering critical services and serving as a hub for ongoing security innovation.

Key Announcements

OS Guard Public Preview

  • Azure Linux OS Guard (public preview):
    • Hardened, immutable container host based on Azure Linux’s FedRAMP-certified base image
    • Streamlined footprint with ~100 fewer packages than standard image, reducing attack surface and improving performance
    • FIPS mode enforced by default for out-of-the-box compliance in regulated workloads
    • Security features include:
      • dm-verity for filesystem immutability
      • Trusted Launch (vTPM-secured keys)
      • Integration with AKS for streamlined container workloads
      • Upstream transparency and ongoing Microsoft contributions
    • Operational simplicity for secure, containerized app deployment
  • Audit Mode for Code Integrity and SELinux:
    • Enabled during preview to allow customers policy validation and enforcement prep

General Availability: Pod Sandboxing in AKS

  • Pod Sandboxing for AKS (GA):
    • Stronger workload isolation in multi-tenant/regulatory environments
    • Kata Containers project enables VM-level isolation for each pod, utilizing lightweight VMs for security boundaries

Sessions & Resources at Ignite

Resources

Connect & Learn

  • Meet the Azure Linux team at Ignite, join live demos, ask questions, and participate in deep dive sessions focused on security and operational excellence.

Author

Sudhanva

Last updated: Nov 18, 2025

This post appeared first on “Microsoft Tech Community”. Read the entire article here