using WSL 2 while ensuring IT maintains full monitoring and compliance
Our software development team insists they need Linux environments to code effectively, so they've been using the Windows Subsystem for Linux (WSL) 2 on their corporate laptops. Our security team is panicking because they feel these Linux instances are unmanaged blind spots. How can we let the devs keep using WSL 2 while ensuring IT maintains full monitoring and compliance over those environments?
1 answer
-
Quinnie Quoc 11,485 Reputation points • Independent Advisor
Hello Lucaro Mano,
You can allow your developers to keep using WSL 2 while still giving your security team visibility and control, but it requires treating WSL as part of your managed endpoint environment. WSL 2 runs Linux distributions inside a lightweight VM, so the processes and file system are isolated from Windows but still accessible through the host. To monitor and enforce compliance, you should integrate WSL with your existing endpoint security stack: Defender for Endpoint can monitor WSL processes, and you can configure audit policies to capture activity inside the WSL VM. Additionally, you can redirect WSL networking through the corporate VPN and enforce firewall rules at the host level, ensuring traffic is inspected.
For compliance, use Intune or Group Policy to control which distributions can be installed, and disable sideloading of unapproved distros. You can also mount the WSL file system into Windows and apply DLP or AV scanning policies to those paths. The key is to manage WSL as an extension of the Windows host rather than a separate unmanaged machine. This way, developers retain their Linux tooling, but IT maintains full visibility through Defender telemetry, Intune compliance policies, and controlled distribution access.
If my answer is useful for you, please hit Accept the answer to support me.
Thank you,
Quoc