Microsoft is building a new security pillar into its Azure Linux distribution: OS Guard, a feature designed to transform the system into an immutable container host with strict code integrity enforcement, mandatory access controls, and hardened boot protections.
The latest release, Azure Linux 3.0.20250822, expanded OS Guard’s functionality by adding osguard-ci, a new component that brings code integrity enforcement to container environments. According to Microsoft engineers, this update enables integrity checking in containerd, activates SELinux in enforcing mode, and streamlines OS Guard image generation through new configuration tooling.
What Is OS Guard?
Announced at Microsoft Build 2025 by Azure CTO Mark Russinovich, OS Guard (codename Linux Guard) is described as a high-security immutable container host built on top of the FedRAMP-certified Azure Linux 3.0 base and its sovereign supply chain.
Its key security pillars include:
- Code Integrity (CI): Built on IPE (Integrity Policy Enforcement), upstreamed in Linux kernel 6.12, ensuring that only trusted binaries —validated with
dm-verityorfs-verity— can run, including container layers. - Immutability: The
/usrdirectory is mounted read-only on a dm-verity–protected volume with a signed root hash, preventing unauthorized tampering at runtime. - Mandatory Access Control (MAC): Enforced with SELinux in strict mode, confining processes and users to least-privilege access.
- Trusted Launch: Uses measured boot integrity with keys secured in a vTPM, protecting against bootkits and rootkits.
Threats OS Guard Is Designed to Mitigate
- Rootkits and boot tampering: Secure Boot plus Trusted Launch ensure integrity from firmware to user space.
- Container escapes and filesystem tampering: Read-only root filesystems and signed dm-verity container layers prevent modification of critical components.
- Unauthorized code execution: Untrusted or tampered binaries cannot run, even inside containers, thanks to IPE. SELinux further restricts access to critical system resources.
Transparency and Open Source Contributions
Microsoft emphasizes that OS Guard isn’t a black box. The technologies underpinning it —dm-verity, SELinux, IPE— are open source and actively maintained upstream.
The company is contributing back to the community, including:
- SELinux policy updates that move configurations into immutable paths under
/usr. - Contributions to the
containerdecosystem with erofs-snapshotter for code integrity in OCI containers. - Kernel improvements enabling secure script execution for interpreters like Bash and Python.
Microsoft has also made its image build tooling public on GitHub (azure-linux-image-tools), ensuring reproducibility and transparency.
Availability and Adoption
OS Guard is already available as a Community Image in the Microsoft Container Registry, with deployment instructions for Azure VMs (official guide).
In this first release, users can explore:
- Trusted Launch with ephemeral keys.
/usras a read-only dm-verity volume.- Both IPE and SELinux in enforcing mode.
Microsoft confirmed that OS Guard will soon ship as an official SKU for Azure Kubernetes Service (AKS), allowing customers to deploy hardened AKS clusters with OS Guard enabled via feature flag.
Conclusion
With OS Guard, Microsoft aims to position Azure Linux as a cloud-native OS with enterprise-grade security, combining immutability, code integrity, and regulatory compliance. For customers, the promise is a hardened container host that can resist advanced threats while remaining open source and transparent.
This move places Azure Linux alongside initiatives such as Fedora Silverblue and Ubuntu Core, but with a strong focus on containers, Kubernetes, and enterprise cloud workloads.
Frequently Asked Questions (FAQ)
1. How is OS Guard different from standard Azure Linux?
It applies strict immutability and integrity policies, ensuring only trusted binaries run and blocking unauthorized changes to the base system.
2. How does OS Guard prevent container escapes?
By validating container layers with dm-verity and enforcing execution restrictions via IPE and SELinux.
3. Is OS Guard open source?
Yes. Microsoft publishes its tooling on GitHub and contributes upstream to SELinux, containerd, and the Linux kernel.
4. When will it be production-ready?
It can already be tested as a Community Image and will soon be available as an official SKU in Azure Kubernetes Service (AKS).
sources: techcommunity.microsoft.com & Github
