Microsoft will add telemetry collection to its build of the Go language compiler and tools, used for FIPS (Federal Information Processing Standards) compliance, and internally such as in Azure Linux. The official Go binaries are not affected.

According to senior software engineering manager George Adams, telemetry will be added to Go 1.25 and higher, and used to prioritize roadmap items, identify optimization opportunities and understand developer workflows. The data will be anonymized, and there is an opt out by setting the environment variable MS_GOTOOLCHAIN_TELEMETRY_ENABLED to 0.

Does anyone outside Microsoft use its Go build though? The main reason for developers to use this build has been for FIPS 140-3 compliance, required for applications running in some regulated contexts such as financial and government services. FIPS 140-3 is a security standard which specifies requirements for cryptographic modules.

Until Go 1.24, released in February 2025, the options for FIPS compliance in Go applications was either to use Go with the BoringCrypto module, based on BoringSSL, or to use the Microsoft build, which modifies Go to call a platform-provided cryptographic library. However, using the BoringCrypto module is unsupported by Google, even though BoringCrypto itself is FIPS-certified.

In Go 1.24 this has changed, since there is now a native FIPS 140-3 mode. This is currently in process for validation by NIST (US National Institute of Standards and Technology) though this is not yet complete. Once it is complete, there will be less reason to use Microsoft’s Go build, although Microsoft itself still prefers the system library approach.

According to senior software engineer Quim Muntal, the company evaluated using the new Go FIPS module but “determined that this approach doesn’t align with Microsoft internal cryptographic strategy and policies.” Muntal added a carefully worded recommendation to external developers to use the official FIPS module “once it is certified, if it fits their needs.”

Another issue with Microsoft Go is lack of macOS support, though this has now been added in preview. Muntal said that it is planned to be ready in Go 1.25, expected in August.

Microsoft’s Go build is also used in Docker images published on the Microsoft Artifact Registry, and with the company’s Linux distribution, Azure Linux. This is “FIPS 140-3 compliant out of the box,” said Muntal.