Azure Linux 4.0 and Container Linux go GA

Microsoft launched Azure Linux 4.0 and Azure Container Linux for Azure VMs and AKS.

Microsoft launched Azure Linux 4.0 for virtual machines and made Azure Container Linux generally available at Open Source Summit North America 2026 on May 18 in Minneapolis. The company is positioning both as hardened Linux options for AI training, inference, and container workloads on Azure.

What changed

Azure Linux 4.0 extends Microsoft’s internal CBL-Mariner line into a customer-facing VM OS. It ships with a 6.x long-term support kernel, an immutable core, signed images, and a minimal userland built for cloud services rather than general desktop use.

Azure Container Linux goes further for Kubernetes nodes. The image is read-only, has no package manager, and updates through atomic image swaps. Microsoft says that model reduces drift and keeps nodes in a known state after every reboot.

• Azure Linux 4.0 adds support for NVIDIA H200 and AMD Instinct MI350X GPUs.
• Microsoft says Azure Container Linux can improve pod density by 10–15% versus Ubuntu 24.04 LTS nodes.
• The new OS image includes disk encryption at rest, measured boot, and kernel lockdown mode.
• AKS users can select Azure Container Linux with os-sku=AzureLinux.

On the kernel side, Azure Linux 4.0 adds Microsoft-authored patches for GPU-heavy memory reclaim, better NVMe multi-queue performance, and a new akv-driver for Azure Key Vault Managed HSM at boot. It also includes eBPF support, Cilium as the default CNI for AKS, and a fuse-azure passthrough filesystem for faster Blob Storage access.

For AI, Microsoft says the GPU direct RDMA path was rewritten to skip the CPU for collective communication, cutting all-reduce latency by up to 40% in internal tests. A new mlx-scheduler cpufreq governor is meant to protect latency-sensitive inference containers from noisy neighbors.

Why it matters

The main appeal is control. Microsoft is offering an OS stack tuned for its own cloud hardware, update pipeline, and security controls, instead of asking customers to adapt a general-purpose distro to AI and confidential computing workloads.

That matters for teams running regulated or data-sensitive systems. Azure Linux 4.0 supports Confidential AI with AMD SEV-SNP and Intel TDX, letting models run inside trusted execution environments without code changes. Microsoft says partners including Anthropic and Mistral AI are already using confidential VMs for enterprise deployments.

Security is also a selling point. Microsoft says the OS image is signed end to end, boot is verified with UEFI Secure Boot, and critical CVEs can get hotfix manifests within 24 hours. For developers, that means fewer moving parts to manage; for Microsoft, it tightens the link between Azure hardware, the hypervisor, and the guest OS.

The broader signal is that Microsoft is no longer just supporting Linux on Azure. It is shipping its own Linux variants to control performance, patching, and trust boundaries for AI infrastructure.

The open question is whether these Azure-specific builds become the default choice for high-stakes AI fleets, or remain a niche option for teams that want Microsoft’s opinionated stack from kernel to control plane.