Microsoft has released the first downloadable ISO image for Azure Linux 4.0, enabling administrators and developers to install its homegrown Linux distribution on bare-metal hardware or any virtual machine—not just Azure VMs. The preview, which arrived in June 2026, is also available as Azure virtual machine images and container images, but the ISO represents a deliberate expansion of the test surface beyond Microsoft's cloud.

For years, Azure Linux—originally known as CBL-Mariner—served as Microsoft's internal and cloud-facing Linux platform, powering everything from the Azure Kubernetes Service (AKS) node OS to purpose-built appliances. By offering a standard bootable ISO, Microsoft is acknowledging that many enterprises want to evaluate, stage, and secure Linux workloads on their own terms before committing to the cloud.

Beyond a Cloud-Only Artifact

The move is a departure from Azure Linux's traditional distribution model. Until now, testers could pull container images from the Microsoft Container Registry or spin up an Azure VM with an official image, but installing directly on a Lenovo ThinkPad or a Dell PowerEdge server required unsupported community workarounds. The ISO delivers a straightforward, interactive installer that guides users through disk partitioning, regional settings, and package selection—a mature experience reminiscent of Fedora's Anaconda, which makes sense given the distro's lineage.

Microsoft is providing the ISO for x86_64 and ARM64 architectures, covering both data-center hardware and the emerging edge-computing scenarios where Azure Linux has been gaining traction. Checksums and a signed SHA-256 hash file accompany the download, allowing security-conscious teams to verify integrity before imaging a USB drive.

What Exactly Is Azure Linux?

Azure Linux started life in 2022 as CBL-Mariner, a lightweight, security-hardened distribution built by Microsoft's Linux Systems Group. It was designed from the ground up to serve as a container host and infrastructure layer inside Microsoft's cloud. Unlike more consumer-friendly distributions, Azure Linux strips away anything that isn't required for running containers or hosting services—no desktop environment, no office productivity suite, not even an out-of-the-box compiler toolchain unless you explicitly add it.

Key design mantras reflect Microsoft's cloud-first priorities:

  • Minimal footprint: The base image is roughly 400 MB, reducing attack surface and update churn.
  • Security hardening: The kernel is compiled with multiple hardening flags, and the package repository delivers regularly rebuilt RPMs with compiler-level security features.
  • Predictable lifecycle: Major releases align with Fedora upstream releases, and Microsoft promises security updates for two years per version, with extended support via Azure Arc–enabled solutions.

Over time, Azure Linux became the default node operating system for AKS, and it underpins the Azure Linux Container Host for AKS—a specialized SKU that integrates vulnerability scanning and automated patching. It also serves as the reference platform for Azure Stack HCI's Linux workloads and appears in IoT and edge firmware configurations.

The Fedora Connection, Reaffirmed

Azure Linux has always been derived from Fedora, and version 4.0 deepens that relationship. While Microsoft engineers rebase each major Azure Linux release onto a recent Fedora release, they make significant modifications: the kernel is built with a custom configuration that disables unnecessary modules, the system uses dnf for package management but connects to Microsoft's curated repositories, and the default security policy enforces SELinux in enforcing mode with a targeted policy.

In the 4.0 preview, the underlying Fedora base has been updated to a recent version, bringing in a newer kernel (at least 6.x), updated glibc, systemd, and container toolchain components. Notably, the podman and containerd packages are aligned with the versions shipping in AKS, ensuring that workloads tested locally with the ISO behave identically in production. The preview also includes Microsoft's azurelinux-release package, which delivers a streamlined login banner and a set of validation commands that admins can use to verify they're running a certified image.

What's Inside the ISO?

The bootable ISO boots into a text-mode installer that offers three preset configurations:

  • Minimal: Just the core OS, suitable for customizing with scripts.
  • Container Host: Adds containerd, podman, crun, and a selection of networking utilities tuned for CNI plugins.
  • Developer Workstation: Includes build tools, debuggers, and the Visual Studio Code repository preconfigured for remote development.

Regardless of the profile, the installed system fetches the latest packages from Microsoft's online repository during setup, mitigating the risk of shipping stale artifacts. The installer also generates a machine-specific SSH host key and offers to import SSH authorized_keys from a USB drive—a small but telling detail that highlights Microsoft's expectation that these systems will be managed at scale, not tinkered with via a graphical console.

Perhaps the most significant inclusion is the azure-init service, which handles provisioning once the machine boots. It is the same agent that Azure VMs use, meaning administrators can write a single cloud-init configuration and apply it to an on-premises server or a fleet of Azure instances. For edge deployments where connectivity is intermittent, azure-init can cache policies and execute them when the device next phones home.

Testing Beyond the Cloud: Use Cases for the ISO

The ISO immediately opens several scenarios that were previously impractical:

  • Bare-metal AKS node simulation: Operators can install Azure Linux 4.0 on a local server, join it to a test cluster, and validate node lifecycle operations before deploying into production.
  • Air-gapped environment staging: Governments and financial institutions often vet operating systems in isolated labs. The ISO lets them build a golden image using their own tools and then side-load updates from an internal mirror.
  • Embedded and IoT prototyping: The ARM64 ISO can be written to a USB stick and booted on a Raspberry Pi 5 or a Jetson Orin, enabling early evaluation of Azure IoT Edge runtime compatibility.
  • CI/CD pipeline integration: Build agents can boot, snapshot, and discard Azure Linux instances at will, integrating kernel-level testing into existing workflows.

Microsoft's own documentation for the preview encourages these scenarios, suggesting that the ISO is not a one-off curiosity but a deliberate tool for broadening the feedback loop. A verified Microsoft engineer active on the Azure Linux GitHub repository confirmed that the preview ISO images are rebuilt weekly, incorporating the latest security patches from the upstream repositories.

Early Community Sentiment

While the discussion thread on the Windows News forum is still nascent, early testers are highlighting several themes. The most prominent is relief that Microsoft has stopped relying solely on Azure-based testing channels. "Being able to spin up Azure Linux on a local KVM host without cloning a VHD is a game changer for our compliance scans," one administrator noted. Others are asking for Hyper-V Gen 2 support, which apparently still requires a few manual steps due to the TPM provisioning model.

Some criticism centers on the installer's lack of a graphical partitioning tool; the text-mode interface is functional but assumes familiarity with Linux disk layout. However, given the target audience of cloud administrators, this is unlikely to be a lasting friction point.

Where Azure Linux 4.0 Fits in the Enterprise Linux Landscape

Azure Linux isn't aiming to displace Red Hat Enterprise Linux, Ubuntu, or SUSE on general-purpose servers. Instead, it occupies a narrow but critical niche: the thinnest possible layer between the hardware and a Kubernetes pod. Microsoft positions it as the reference implementation for "infrastructure Linux"—a term the company has been using internally to describe an OS that exists solely to run containers.

This positioning invites comparisons with CoreOS (now part of Fedora CoreOS) and Bottlerocket, Amazon's container-optimized OS. Azure Linux differentiates itself through deep integration with Azure Arc, enabling consistent policy enforcement across on-premises, multi-cloud, and edge. The ISO release extends that potential ubiquity by removing the Azure dependency from the evaluation phase.

Security and Supply Chain Hardening

The 4.0 preview continues Azure Linux's tradition of supply chain hygiene. Every RPM is signed with Microsoft's GPG key, and the repository metadata is timestamped. The ISO itself is signed, and the installation medium verifies the signature before beginning the install. Inside the installed system, SELinux blocks any process from writing to /boot unless the kernel update process specifically authorizes it, preventing a whole class of bootkit attacks.

Microsoft has also nurtured an active CVE scanning pipeline. The Azure Linux team rebases onto Fedora's upstream security patches within hours of publication, and their own internally discovered vulnerabilities are disclosed in the Azure Security Lab portion of the Microsoft Security Response Center. The team actively participates in the oss-security mailing list, a practice that has earned grudging respect from the Linux community.

Getting Started

To download the ISO, head to the official Azure Linux releases page at https://aka.ms/azurelinux-iso. The site serves a minimal landing page with links for both architectures and a quick-start guide. The preview images are labeled as "Preview" in the ISO filename, and the installed system displays a banner on login: "This is a preview release. Do not use in production."

Admins familiar with Ansible or Terraform will find that existing playbooks targeting Fedora or Rocky Linux work with minor modifications. The biggest adjustments involve the package names: for example, audit is called auditd-al to avoid conflicts with upstream Fedora packages.

Microsoft has also published a hands-on lab on Microsoft Learn that walks through deploying the ISO on a NUC-class device, attaching it to an Azure Arc control plane, and deploying a sample Kubernetes pod—all in under 30 minutes. The lab underscores the company's belief that Azure Linux can be a frictionless scaffold for hybrid computing.

What's Next?

Microsoft hasn't announced a general availability date for Azure Linux 4.0, but the cadence of public previews suggests a GA release within 6–9 months. When it arrives, it will likely become the default node OS for new AKS clusters, a change that would touch millions of containers daily. The ISO capability is expected to persist beyond preview, giving enterprises a stable path from bare-metal testing to cloud deployment.

In the meantime, the preview ISO lowers the barrier for any Linux-curious Windows administrator to experience firsthand what Microsoft has been building. That transparency, more than any individual feature, may be Azure Linux 4.0's most strategic asset.