Microsoft announced Azure Linux 4.0 at Open Source Summit North America in Minneapolis on May 18, 2026. It is the first time Microsoft has shipped a supported, general-purpose Linux distribution for Azure virtual machines, not just containers. If you manage Linux workloads on Azure, or plan to, this is worth understanding before it hits general availability in the second half of 2026.
What Is Azure Linux 4.0?
Azure Linux started as CBL-Mariner, an internal Microsoft distribution used to run Azure infrastructure. It was container-focused and not intended for general VM use. Azure Linux 4.0 changes that. It is now a Fedora-derived, RPM-based, general-purpose server distribution available as a VM image in all public Azure regions.
Key facts from the Microsoft Open Source blog announcement:
- Built on the Linux 6.6 LTS kernel
- Fedora-derived, RPM-based package management
- Ships Python 3.12 and a sandboxing feature called pylock
- Every package is signed and verified from source to image
- Available for public preview in all Azure regions today
- Free during preview (compute charges still apply)
- General availability expected in the second half of 2026
The companion release, Azure Container Linux, is now generally available. It is an immutable, container-optimized OS based on the Flatcar project, designed for Kubernetes node pools and Azure Container Instances. It boots faster and runs at higher density than a general-purpose Linux host.
Why Microsoft Built Its Own Linux Distribution
The numbers explain it. Microsoft says more than two-thirds of Azure customer cores now run Linux workloads. ChatGPT infrastructure, GitHub, and Microsoft 365 all run on Linux inside Microsoft. Linux is not a secondary choice on Azure any more. It is the primary OS for the platform’s most demanding workloads.
Building a Linux distribution Microsoft controls gives it a predictable, auditable supply chain. Azure Linux 4.0 is developed in the open and contributes upstream. Every package is sourced, built, and signed inside Microsoft’s own pipeline. Azure CTO Mark Russinovich was direct at the Open Source Summit keynote: “The future of AI must be built on open foundations. We cannot allow the operating systems, runtimes, and governance models of the agent era to be proprietary black boxes.”
For sysadmins and DevOps engineers, the practical result is a distribution where the people who built the cloud also built and maintain the OS running on it.
Azure Linux 4.0 in Practice
According to InfoQ’s coverage, Azure Linux 4.0 is available as a VM image and on Windows Subsystem for Linux. In the Azure portal, find it under the VM creation blade by selecting the Microsoft Linux publisher.
It is RPM-based, so dnf is the package manager. If you come from RHEL, AlmaLinux, or Fedora, the tooling feels familiar. Ubuntu admins will notice the shift from apt to dnf, but core administration is the same.
# Install a package
dnf install nginx -y
# Check kernel version
uname -r
# Expected: 6.6.x-azure
# Verify package signature
rpm --checksig package.rpm
# Install and use pylock (Python sandboxing)
dnf install python3-pylock -yThe pylock feature is worth noting for Python workloads. It provides a sandboxed environment that restricts what packages can be imported and what system calls they can make. For AI inference servers running third-party model code, this is a real security improvement over standard Python.
Azure Container Linux: AKS Node Pools
Azure Container Linux is now GA for AKS clusters and Azure Container Instances. It is immutable: the root filesystem is read-only and packages are not installed at runtime. Updates happen by replacing the entire node image rather than running dnf update on a live node.
For Kubernetes operators, the benefit is consistency. Every node in a pool runs exactly the same image. There is no configuration drift between nodes that have been up for different lengths of time. Existing AKS clusters can migrate to Azure Container Linux by updating the node image version:
# Check current AKS node image version
az aks nodepool show --resource-group myRG --cluster-name myAKS --name nodepool1 --query nodeImageVersion
# Upgrade node pool to Azure Container Linux
az aks nodepool upgrade --resource-group myRG --cluster-name myAKS --name nodepool1 --node-image-onlyConfidential Computing Roadmap
Microsoft’s roadmap includes a confidential computing variant of Azure Linux 4.0 working with Intel TDX and AMD SEV-SNP enclaves, expected to preview in Q4 2026. Confidential VMs keep data encrypted in memory so the cloud provider cannot inspect running workloads. Combined with a verified supply chain from kernel to package, this addresses the main objection enterprises have about regulated workloads on shared cloud infrastructure.
How Azure Linux 4.0 Compares
Ubuntu and RHEL are not going anywhere on Azure. Most teams have existing automation and compliance tooling built around them. The switching cost is real. However, Azure Linux 4.0 has clear advantages for specific use cases.
| Feature | Azure Linux 4.0 | Ubuntu 24.04 | RHEL 9 |
|---|---|---|---|
| Kernel | 6.6 LTS (Azure-tuned) | 6.8 | 5.14 |
| Package manager | dnf (RPM) | apt (DEB) | dnf (RPM) |
| Maintained by | Microsoft | Canonical | Red Hat |
| AI workload tuning | Yes (first-party) | Partial | Partial |
| Full supply chain | Source to image | Partial | Partial |
| License cost | Free | Free (Pro costs extra) | Subscription |
| Confidential VMs | Q4 2026 roadmap | Available | Available |
For teams already running RHEL or AlmaLinux on Azure, the tooling transition will be minimal. For Ubuntu teams who want tighter Azure integration, it is worth testing on new workloads. Disk management on Azure Linux 4.0 VMs uses the same growpart and resize2fs commands as any other Linux distribution. See our guide on extending disk on Azure Linux VMs for the exact steps. And before deciding on a container runtime for Azure Linux 4.0, our Docker vs Podman comparison covers what changed in 2026.
Should You Try It Now?
If you run non-critical dev or staging workloads on Azure, yes. The preview is live in all regions today and free to use. It is a good window to test your stack against a Fedora-derived base, check dnf compatibility, and flag any issues before GA. Production migrations should wait for general availability and the LTS cycle later in 2026.
Conclusion
Azure Linux 4.0 is a significant move. Microsoft is no longer just a contributor to Linux. It is now a Linux distributor with first-party support on its own cloud. For sysadmins and DevOps engineers managing Azure infrastructure, that means a new option with a verified supply chain, an Azure-tuned 6.6 LTS kernel, and a roadmap that includes confidential computing and AI-native features on a faster timeline than any third-party distribution can match. Try it on a dev VM this week while it is free.