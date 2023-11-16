Key Takeaways Microsoft has added new capabilities to Windows Subsystem for Linux (WSL) to enhance enterprise-grade security monitoring, including the ability to monitor security events through Microsoft Defender for Endpoint without impacting resource utilization.

WSL now offers plugins that enable integration between Windows applications and WSL, allowing for information transfer between separate environments.

IT admins can now configure access to WSL, WSL commands, and WSL settings through new settings in Intune, which are group policy object-friendly and can be used with other tools. Networking controls specific to WSL have also been upgraded, including autoProxy, DNS tunneling, mirrored networking mode, and the inheritance of Windows Hyper-V firewall rules in Linux.

If you want to run GNU/Linux environments inside your Windows installation without requiring any virtual machines or dual-boot configurations, Windows Subsystem for Linux (WSL) is arguably the best way to go. However, personal and enterprise use-cases and requirements differ significantly, and today, Microsoft has made significant improvements to nudge the latter audience segment in the direction of leveraging WSL in their workflows.

In a blog post, Microsoft has outlined four new capabilities it has added to WSL in a bid to offer enterprise-grade security monitoring. The headliner is the ability to monitor all security events in WSL distros through Microsoft Defender for Endpoint (MDE) using a WSL plugin, without notable impact on resource utilization. In the same vein, WSL plugins that enable integration between Windows applications and WSL are now available; they can be used to transfer information between two applications in separate environments. These capabilities are now in public preview for security teams.

Next, we have the general availability of new settings for WSL in Intune, allowing IT admins to configure access to WSL, WSL commands, and WSL settings. Microsoft has noted that these configurations are group policy object-friendly, so they can be leveraged by other tools as well.

Finally, networking controls specific to WSL have been upgraded. The same features - namely autoProxy, DNS tunneling, a mirrored networking mode, and the inheritance of Windows Hyper-V firewall rules in Linux - that were announced as experimental back in September, are now generally available. That said, only Hyper-V firewall rules are automatically enabled, the rest of the features need to be configured manually.

If you're an IT or security admin at your organization, make sure to check out Microsoft's latest documentation regarding configuring WSL here. It has been updated with guidance about all the new enterprise-grade security features detailed today.