Azure Linux 4.0 Goes General-Purpose: Now Runs on Any Azure VM

Azure Linux 4.0 Goes General-Purpose: Now Runs on Any Azure VM

Microsoft shipped Azure Linux 4.0 into public preview at Build 2026, and for the first time you can run it on any Azure virtual machine, not just as the host underneath Azure Kubernetes Service. That sounds like a small distinction. But, this is the moment Microsoft's in-house Linux stops being a special-purpose appliance distro and becomes a general-purpose Linux distro.

What is Azure Linux?

Azure Linux is the distribution that grew out of CBL-Mariner. CBL stands for Common Base Linux, a family of internal distros named after Seattle geography. Mariner was an RPM-based distro built from scratch with spec files borrowed from Photon OS, Fedora, and Linux From Scratch. In March 2024, Microsoft renamed it Azure Linux and renamed the GitHub repository to match.

None of that history was aimed at you running it on your own VM. That is what changes now.

What is actually new in 4.0

Azure Linux 4.0 is derived from Fedora, right now a Fedora 43 snapshot, rather than assembled package by package the way 1.0 through 3.0 were. Microsoft no longer maintains every spec file by hand. Instead it tracks Fedora upstream and applies declarative overlays, where every deviation from Fedora carries a written description of why it exists. The rendered spec files are checked into the repository so you can read exactly what Microsoft changed and why.

The component stack moved up accordingly:

• Kernel 6.18 LTS, Azure-tuned, with Hyper-V integration and GPU/AI accelerator support.
• dnf5 replaces tdnf, Microsoft's lean C reimplementation of dnf inherited from Photon OS. This is the single most user-visible change. You now get standard dnf5 tooling and the full plugin ecosystem.
• glibc 2.42, systemd 258, OpenSSL 3.5 (with post-quantum cryptography support), Python 3.14, and RPM 6.0 with a modernized database backend and stronger signature verification.
• FIPS 140-3 certification is in progress and slated for general availability.

Security is solid: SELinux on every image, kernel hardening (ASLR, stack protection, seccomp, systemd service sandboxing), cryptographically signed packages and repositories, and Microsoft publishes SBOMs for the supply chain.

Why this is the next step

For most of its life, Azure Linux was infrastructure you ran on without knowing it. It was the host OS for AKS nodes, the base image for Microsoft's own first-party services, the system distro that hosts WSLg. You did not pick it. It was underneath the thing you picked.

Azure Linux 4.0 is built to be picked. It runs across every Azure compute surface:

• Virtual machines and scale sets, deployable straight from the Azure Marketplace with no additional OS licensing cost.
• Containers, with base, distroless, and language-runtime images on the Microsoft Container Registry, built from the same supply chain as the VM images.
• AKS, where it has been the container host since 2023, now joined by Azure Container Linux, a Flatcar-based immutable variant that shares the same kernel for stricter compliance environments.
• WSL, so you can develop locally on the same Linux you deploy to production with wsl --install -d AzureLinux (soon, go try it on Azure first).

Databricks migrated more than 100,000 VMs and over a million CPU cores to Azure Linux. LinkedIn moved its infrastructure to Azure Linux. Azure Linux already runs behind AKS, Azure SQL, and Cosmos DB. The 4.0 preview takes that and gives it to everyone else.

What makes Azure Linux different

There are a lot of cloud Linux distributions. Amazon has Amazon Linux. The Flatcar and CoreOS lineage offers immutable container hosts. Ubuntu and RHEL run nearly everywhere. So what is distinct here?

• The supply chain is auditable by design. Building on Fedora with declarative overlays means every change from upstream is documented in the repository. That is a stronger story than most distributions can tell about what is in their packages and why.
• It is minimal on purpose. Azure Linux ships only what cloud and server workloads need. There is no desktop, no GUI, no general-purpose sprawl. The distroless container images take this to its logical end: no shell, no package manager, almost nothing to exploit.
• Microsoft made a Linux distro.

What it means for Linux

Microsoft went from consuming Linux, to shipping Linux internally, to shipping a Linux distribution anyone can run. Another major vendor maintaining a distribution upstream-first against Fedora, contributing patches, and putting real money into supply-chain security work through OpenSSF and Alpha-Omega. More maintained distributions, built in the open, is good for everyone downstream.

From an undocumented Debian remix I had to reverse-engineer from a package mirror, to a Fedora-derived, FIPS-targeted, distroless-capable distribution you can deploy from a marketplace in two clicks. That is a long way in four years.

How to try Azure Linux 4.0

Go to the Azure Marketplace, search for "Azure Linux", and deploy a VM. No additional OS licensing cost. If you're already on AKS, you're likely already running it as the host OS. For local development, watch for the WSL image coming soon. Run dnf5 commands as you would on Fedora, and check the GitHub repository for the overlay files to see exactly what Microsoft changed.