Linux Went Enterprise. It's Time to Treat It That Way.

I've watched Linux sit at the edge of mainstream adoption for over a decade. Every year someone declares it the year of the Linux desktop. Every year it doesn't happen. But this year the numbers actually moved. Linux crossed 5% market share in the US in June. That's not a dramatic figure until you realize it took eight years to go from 1% to 2% and less than a year to go from 4% to 5%. Something changed.

Part of it is Microsoft pushing people out the door. 240 million PCs can't run Windows 11. The hardware requirements disqualified a huge portion of working machines. Windows 10 support ended in October. So organizations are now looking at perfectly functional hardware and deciding whether to replace it, pay Microsoft for extended security updates, or try something else. A lot of them are trying something else.

I used to think government Linux migrations were mostly symbolic. Announcements that sounded good but didn't go anywhere. That's not what's happening now. Schleswig-Holstein in Germany is moving 30,000 PCs. Denmark's digital ministry is switching over after watching their Microsoft costs rise 72% in five years. France's Gendarmerie has been running over 100,000 Linux machines for years. These are budget line items with deadlines, not press releases.

The Recall situation in mid-2024 didn't help Microsoft's case. Storing screenshots in unencrypted plaintext was a strange choice for a company trying to earn trust. The UK regulator opened an inquiry. Microsoft made it opt-in and removable after the backlash. I don't think that single feature drove anyone to Linux. But it made some organizations ask harder questions about where they're heading.

AI workstations changed things too. If you're training models, you're probably on Linux. PyTorch, TensorFlow, and CUDA are all optimized for it. ROCm only runs on it. The AI workstation market hit $1.88 billion in a single quarter last year, and it's the fastest-growing segment in PCs. A lot of new machines shipping this year will run Linux because the work demands it.

Here's the part that surprised me. Linux is now the top malware target. Not Windows. Linux. Over half of malware infections in 2024 went after Linux systems. The XZ Utils backdoor from March 2024 was a perfect 10 on the severity scale. Someone spent three years gaining a maintainer's trust to slip a backdoor into a compression library that ships with most distributions. That's not opportunistic. That's planned. And the ransomware gangs followed. Akira, RansomHub, and Interlock all have Linux variants now.

The security situation makes the management gap harder to ignore. I've talked to IT directors who have complete visibility into their Windows and Mac fleets. Inventory, patch status, compliance posture, remote wipe if needed. Then I ask about Linux. Most of them admit those machines are basically unmanaged. They know it's a problem. They just don't have a good solution.

The usual answer is DevOps tooling. Ansible, Puppet, Chef. But those tools assume you have someone who can write code. They're built for server configuration, not device management. There's no asset inventory. No way to push a Wi-Fi profile. No remote lock. No dashboard an IT generalist can actually use. If your team doesn't live in the terminal, those tools aren't realistic.

I assumed one of the big MDM vendors would have solved this by now. They haven't. Jamf doesn't support Linux. Kandji added Windows and Android this year but skipped Linux. Mosyle only does Apple. Intune technically supports Linux, but only two distributions, manual enrollment, and no app deployment. Workspace ONE needs command-line setup and Puppet knowledge. Someone at 1Password wrote that if you want to make Google tongue-tied, search for MDM for Linux. I tried it. They were right.

Compliance pressure is making this harder to defer. The HIPAA Security Rule changes proposed in December 2024 turn optional items into requirements. Asset inventory, workstation documentation, and encryption are all mandatory if the final rule goes through. The ISO 27001:2022 transition deadline passed in October, and the new controls require documented policies for endpoint configuration. SOC 2 auditors already flag unmanaged endpoints. The stat I keep coming back to: 92% of ransomware attacks last year involved an unmanaged device. That's not a Linux-specific number. But if your Linux machines are the unmanaged ones, they're the gap.

We could have waited. Linux might keep growing slowly. The compliance deadlines might slip further. The big vendors might finally add support. But six things lined up at once: the Windows migration pressure, AI workstations growing fast, Linux becoming the primary target for attackers, compliance frameworks tightening, existing tools not working for IT teams, and adoption finally crossing the threshold where it can't be treated as edge case anymore. That's not a single signal. That's a pattern.

I don't think managing Linux should require DevOps skills. IT teams deserve the same visibility and control they have over every other endpoint. That's what we built.