AmirB details the GA release of Enhanced Azure Security Baseline for Linux, highlighting audit-focused capabilities that help enterprises monitor Linux security compliance at scale.

GA: Enhanced Audit in Azure Security Baseline for Linux

The Enhanced Azure Security Baseline for Linux is now generally available, delivering robust audit-only security and compliance capabilities for over 1.6 million Linux devices across all Azure regions.

What Is the Azure Security Baseline for Linux?

This baseline consists of preconfigured security recommendations provided through Azure Policy and Azure Machine Configuration. It empowers organizations to continuously audit Linux VMs and Arc-enabled servers against industry standards (such as CIS) without enforcing changes or enabling auto-remediation.

Key audit features include:

  • Granular insights on each configuration check
  • Reporting aligned to industry benchmarks
  • Rule-level evidence and context for easy decision-making
  • Deployment at scale across Azure and Arc-enabled machines (on-premises/multicloud)

Key Features

Broad Distribution Support

Covers a comprehensive list of Linux distributions. See Supported Client Types.

Industry-Aligned Audit

Over 200 security controls per machine are audited, including:

  • OS hardening
  • Network/firewall configs
  • SSH and remote access
  • Logging and auditing
  • Kernel/system service configurations

Each finding details the configuration state and provides actionable context.

Coverage Across Hybrid/Multi-Cloud

Applies to Azure VMs, as well as Arc-enabled servers in other clouds or on-prem environments—enabling unified policy and security configuration management.

Powered by Azure OSConfig

Auditing leverages the Azure OSConfig open-source framework for in-depth, high-scale, and low-impact Linux-native assessments.

Enterprise-Scale Reporting

Audit results appear in:

  • Azure Policy compliance dashboard
  • Azure Resource Graph Explorer
  • Microsoft Defender for Cloud (Security Recommendations)

This ensures you can manage, track, and export compliance and audit data organization-wide.

Cost Model

The audit capability does not require any premium SKU or special licenses; only charges apply for Azure Arc managed workloads outside of Azure.

How to Get Started

  1. Review the Quickstart Guide: Quickstart: Audit Azure Security Baseline for Linux
  2. Assign the Built-In Policy: Search Azure Policy for “Linux machines should meet requirements for the Azure compute security baseline” and assign.
  3. Monitor Compliance: Use Azure Policy/Resource Graph to track compliance and spot non-compliant systems.
  4. Remediation Planning: While auto-remediation is in limited public preview, detailed audit findings empower organizations to plan fixes manually or via automation.

Benefits

  • Improved security visibility: Easily track Linux configuration and drift
  • Benchmark alignment: Prove compliance with industry standards
  • Streamlined reporting: Organization-scale dashboards and APIs
  • Risk reduction: Proactively address security gaps in hybrid/cloud Linux estates

For more on capabilities and onboarding, refer to the official documentation.

Authored by AmirB, August 27, 2025

This post appeared first on “Microsoft Tech Community”. Read the entire article here