Microsoft developing a custom Linux kernel to power azure.

Microsoft corporation is developing a custom Linux kernel, that is intended to power their Azure Sphere security framework. This is a great step for the software giant, that has formerly opposed free software and even Google. Now they are embracing Github and Linux. This is only a kernel; not an entire operating system. A kernel still needs userspace utilities and an operating system to work with, but this is a step in the right direction. This is to do with the Azure Sphere system, Azure Sphere will bring new hardware chips, that will feature a new customized operating system built for IoT security. This OS incorporates a custom Linux kernel that has been optimized for an IoT environment and reworked with security innovations pioneered in Windows to create a highly secured software environment. This will also include predictive maintenance, an appliance could sense impending hardware failure and notify the user before the component failed, and possibly damaged the rest of the appliance. This is outlined in the video below. This is creepy, but it would be very good to know your device is failing, this preventative measure is very nice. Better than having an appliance actually fail when you need it the most.

Microsoft Azure can also work with Windows Defender to automatically limit access to critical files and/or database records when malware is detected, this would help secure critical files that would otherwise be stolen by a rootkit or malicious software. But having a more secure network and network usage policies in place would prevent this in the first place. Group Policy settings rolled out via a Windows Domain server would prevent users running *.exe files and running CMD. This can prevent users running games brought from home and/or files downloaded from the Internet that could contain malware. This works even if the files are renamed to *.com. Very useful policy if you wish to avoid a malware infection that could compromise valuable files. Software Restriction Policies are very good to protect work machines from unwanted software. I have used this for a project in the past, this worked perfectly. As I said before, even renaming an exe would not allow you to run it, so a user who downloaded files from a dodgy website would not be able to run them. Good solution for locking down a network with a custom domain managed by a server, just roll out the SRP policies over the network to all machines connected to the domain and it will lock them down.