Fortifying security for Ubuntu on Azure with Metadata Security Protocol (MSP)

Ubuntu now supports Azure’s Metadata Security Protocol (MSP), raising the baseline for VM security on Azure. MSP locks down IMDS and WireServer behind HMAC-signed, identity-aware requests enforced by the azure-proxy-agent (Canonical’s integration of Microsoft’s GPA) using eBPF interception and per-endpoint allowlists. It must be enabled from Azure (Portal/CLI). The package is ready for testing (including via -proposed) with SRUs planned for 24.04 LTS and 22.04 LTS. Start in Audit mode, then move to Enforce once behaviour is validated.Ubuntu blogRead More