diff --git a/.github/workflows/run-k8s-tests-on-aks.yaml b/.github/workflows/run-k8s-tests-on-aks.yaml
index 020528fdfa..a58deadca7 100644
--- a/.github/workflows/run-k8s-tests-on-aks.yaml
+++ b/.github/workflows/run-k8s-tests-on-aks.yaml
@@ -47,21 +47,21 @@ jobs:
       matrix:
         include:
           - host_os: cbl-mariner
-            vmm: clh
+            vmm: clh-azure
             instance-type: small
             genpolicy-pull-method: oci-distribution
           - host_os: cbl-mariner
-            vmm: clh
+            vmm: clh-azure
             instance-type: small
             genpolicy-pull-method: containerd
           - host_os: cbl-mariner
-            vmm: clh
+            vmm: clh-azure
             instance-type: normal
           - host_os: cbl-mariner
-            vmm: clh-runtime-rs
+            vmm: clh-azure-runtime-rs
             instance-type: small
           - host_os: cbl-mariner
-            vmm: clh-runtime-rs
+            vmm: clh-azure-runtime-rs
             instance-type: normal
     concurrency:
       group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-run-k8s-tests-aks-${{ toJSON(matrix) }}
diff --git a/tests/common.bash b/tests/common.bash
index 7c740a089f..d601de041c 100644
--- a/tests/common.bash
+++ b/tests/common.bash
@@ -596,7 +596,7 @@ function enabling_hypervisor() {
 	declare -r CONTAINERD_SHIM_KATA="/usr/local/bin/containerd-shim-kata-${KATA_HYPERVISOR}-v2"
 
 	case "${KATA_HYPERVISOR}" in
-		dragonball|clh-runtime-rs|qemu-runtime-rs|qemu-se-runtime-rs)
+		dragonball|clh-runtime-rs|clh-azure-runtime-rs|qemu-runtime-rs|qemu-se-runtime-rs)
 			sudo ln -sf "${KATA_DIR}/runtime-rs/bin/containerd-shim-kata-v2" "${CONTAINERD_SHIM_KATA}"
 			declare -r CONFIG_DIR="${KATA_DIR}/share/defaults/kata-containers/runtime-rs"
 			;;
diff --git a/tests/gha-run-k8s-common.sh b/tests/gha-run-k8s-common.sh
index 9f8c42eb17..f63f5bf48e 100644
--- a/tests/gha-run-k8s-common.sh
+++ b/tests/gha-run-k8s-common.sh
@@ -26,7 +26,6 @@ HELM_CREATE_RUNTIME_CLASSES="${HELM_CREATE_RUNTIME_CLASSES:-}"
 HELM_CREATE_DEFAULT_RUNTIME_CLASS="${HELM_CREATE_DEFAULT_RUNTIME_CLASS:-}"
 HELM_DEBUG="${HELM_DEBUG:-}"
 HELM_DEFAULT_SHIM="${HELM_DEFAULT_SHIM:-}"
-HELM_HOST_OS="${HELM_HOST_OS:-}"
 HELM_IMAGE_REFERENCE="${HELM_IMAGE_REFERENCE:-}"
 HELM_IMAGE_TAG="${HELM_IMAGE_TAG:-}"
 HELM_K8S_DISTRIBUTION="${HELM_K8S_DISTRIBUTION:-}"
@@ -712,17 +711,18 @@ function helm_helper() {
 	# Enable node-feature-discovery deployment
 	yq -i ".node-feature-discovery.enabled = true" "${values_yaml}"
 
-	# Do not enable on cbl-mariner yet, as the deployment is failing on those
-	if [[ "${HELM_HOST_OS}" == "cbl-mariner" ]]; then
-		yq -i ".node-feature-discovery.enabled = false" "${values_yaml}"
-	fi
-
 	# Do not enable on nvidia-gpu-* tests, as it'll be deployed by the GPU operator
 	if [[ "${KATA_HYPERVISOR}" == *"nvidia-gpu"* ]]; then
 		yq -i ".node-feature-discovery.enabled = false" "${values_yaml}"
 		yq -i ".runtimeClasses.createDefault = true" "${values_yaml}"
 	fi
 
+	# Azure CLH jobs run on CBL-Mariner AKS nodes; keep NFD disabled to avoid
+	# virtualization gating preventing kata-deploy pod creation.
+	if [[ "${KATA_HYPERVISOR}" == *azure* ]]; then
+		yq -i ".node-feature-discovery.enabled = false" "${values_yaml}"
+	fi
+
 	if [[ -z "${HELM_IMAGE_REFERENCE}" ]]; then
 		die "HELM_IMAGE_REFERENCE environment variable cannot be empty."
 	fi
@@ -961,8 +961,6 @@ function helm_helper() {
 		[[ -n "${HELM_CREATE_RUNTIME_CLASSES}" ]] && yq -i ".runtimeClasses.enabled = ${HELM_CREATE_RUNTIME_CLASSES}" "${values_yaml}"
 		[[ -n "${HELM_CREATE_DEFAULT_RUNTIME_CLASS}" ]] && yq -i ".runtimeClasses.createDefault = ${HELM_CREATE_DEFAULT_RUNTIME_CLASS}" "${values_yaml}"
 
-		# Legacy env.* settings that don't have structured equivalents yet
-		[[ -n "${HELM_HOST_OS}" ]] && yq -i ".env.hostOS=\"${HELM_HOST_OS}\"" "${values_yaml}"
 	fi
 
 	# Enable verification during deployment if HELM_VERIFY_DEPLOYMENT is set
diff --git a/tests/hypervisor_helpers.sh b/tests/hypervisor_helpers.sh
index 24575a55fa..bdca4a9196 100644
--- a/tests/hypervisor_helpers.sh
+++ b/tests/hypervisor_helpers.sh
@@ -15,7 +15,9 @@ FIRECRACKER_HYPERVISORS=("firecracker" "fc")
 
 ALL_HYPERVISORS=(
 	"clh"
+	"clh-azure"
 	"clh-runtime-rs"
+	"clh-azure-runtime-rs"
 	"dragonball"
 	"qemu"
 	"qemu-runtime-rs"
diff --git a/tests/integration/kubernetes/gha-run.sh b/tests/integration/kubernetes/gha-run.sh
index 26142efe75..d271e10b16 100755
--- a/tests/integration/kubernetes/gha-run.sh
+++ b/tests/integration/kubernetes/gha-run.sh
@@ -199,7 +199,7 @@ function deploy_kata() {
 	fi
 
 	ANNOTATIONS="default_vcpus"
-	if [[ "${KATA_HOST_OS}" = "cbl-mariner" ]]; then
+	if [[ "${KATA_HYPERVISOR}" == *azure* ]]; then
 		ANNOTATIONS="image kernel default_vcpus cc_init_data"
 	fi
 	if [[ "${KATA_HYPERVISOR}" = "qemu" ]]; then
@@ -216,11 +216,6 @@ function deploy_kata() {
 		PULL_TYPE_MAPPING="${KATA_HYPERVISOR}:${PULL_TYPE}"
 	fi
 
-	HOST_OS=""
-	if [[ "${KATA_HOST_OS}" = "cbl-mariner" ]]; then
-		HOST_OS="${KATA_HOST_OS}"
-	fi
-
 	# nydus and erofs are always deployed by kata-deploy; set this unconditionally
 	# based on the snapshotter so that all architectures and hypervisors work
 	# without needing per-workflow USE_EXPERIMENTAL_SETUP_SNAPSHOTTER overrides.
@@ -246,7 +241,6 @@ function deploy_kata() {
 	export HELM_PULL_TYPE_MAPPING="${PULL_TYPE_MAPPING}"
 	export HELM_EXPERIMENTAL_SETUP_SNAPSHOTTER="${EXPERIMENTAL_SETUP_SNAPSHOTTER}"
 	export HELM_EXPERIMENTAL_FORCE_GUEST_PULL="${EXPERIMENTAL_FORCE_GUEST_PULL}"
-	export HELM_HOST_OS="${HOST_OS}"
 	helm_helper
 }
 
@@ -316,7 +310,7 @@ function run_tests() {
 		echo "start_time=${start_time}" >> "${GITHUB_ENV}"
 	fi
 
-	if [[ "${KATA_HYPERVISOR}" = "clh-runtime-rs" ]] && [[ "${SNAPSHOTTER}" = "devmapper" ]]; then
+	if [[ "${KATA_HYPERVISOR}" =~ ^clh(-azure)?-runtime-rs$ ]] && [[ "${SNAPSHOTTER}" = "devmapper" ]]; then
 		if [[ -n "${GITHUB_ENV}" ]]; then
 			KATA_TEST_VERBOSE=true
 			export KATA_TEST_VERBOSE
diff --git a/tools/testing/gatekeeper/required-tests.yaml b/tools/testing/gatekeeper/required-tests.yaml
index ee126b5224..82a0be74b3 100644
--- a/tools/testing/gatekeeper/required-tests.yaml
+++ b/tools/testing/gatekeeper/required-tests.yaml
@@ -77,11 +77,11 @@ mapping:
       - Kata Containers CI / kata-containers-ci-on-push / run-cri-containerd-tests-amd64 (lts, qemu) / run-cri-containerd-amd64 (lts, qemu)
       - Kata Containers CI / kata-containers-ci-on-push / run-cri-containerd-tests-s390x (active, qemu) / run-cri-containerd-s390x (active, qemu)
       #- Kata Containers CI / kata-containers-ci-on-push / run-k8s-tests-on-arm64 / run-k8s-tests-on-arm64 (qemu, kubeadm)
-      - Kata Containers CI / kata-containers-ci-on-push / run-k8s-tests-on-aks / run-k8s-tests (cbl-mariner, clh, normal)
-      - Kata Containers CI / kata-containers-ci-on-push / run-k8s-tests-on-aks / run-k8s-tests (cbl-mariner, clh, small, containerd)
-      - Kata Containers CI / kata-containers-ci-on-push / run-k8s-tests-on-aks / run-k8s-tests (cbl-mariner, clh, small, oci-distribution)
-      - Kata Containers CI / kata-containers-ci-on-push / run-k8s-tests-on-aks / run-k8s-tests (cbl-mariner, clh-runtime-rs, small)
-      - Kata Containers CI / kata-containers-ci-on-push / run-k8s-tests-on-aks / run-k8s-tests (cbl-mariner, clh-runtime-rs, normal)
+      - Kata Containers CI / kata-containers-ci-on-push / run-k8s-tests-on-aks / run-k8s-tests (cbl-mariner, clh-azure, normal)
+      - Kata Containers CI / kata-containers-ci-on-push / run-k8s-tests-on-aks / run-k8s-tests (cbl-mariner, clh-azure, small, containerd)
+      - Kata Containers CI / kata-containers-ci-on-push / run-k8s-tests-on-aks / run-k8s-tests (cbl-mariner, clh-azure, small, oci-distribution)
+      - Kata Containers CI / kata-containers-ci-on-push / run-k8s-tests-on-aks / run-k8s-tests (cbl-mariner, clh-azure-runtime-rs, small)
+      - Kata Containers CI / kata-containers-ci-on-push / run-k8s-tests-on-aks / run-k8s-tests (cbl-mariner, clh-azure-runtime-rs, normal)
       - Kata Containers CI / kata-containers-ci-on-push / run-k8s-tests-on-free-runner / run-k8s-tests (clh, lts)
       - Kata Containers CI / kata-containers-ci-on-push / run-k8s-tests-on-free-runner / run-k8s-tests (clh, active)
       - Kata Containers CI / kata-containers-ci-on-push / run-k8s-tests-on-free-runner / run-k8s-tests (dragonball, lts)
@@ -111,7 +111,6 @@ mapping:
     names:
       # ci-on-push.yaml (ci.yaml)
       - Kata Containers CI / kata-containers-ci-on-push / build-and-publish-tee-confidential-unencrypted-image
-      - Kata Containers CI / kata-containers-ci-on-push / build-kata-static-tarball-amd64 / build-asset (cloud-hypervisor-glibc, test)
       - Kata Containers CI / kata-containers-ci-on-push / build-kata-static-tarball-amd64 / build-asset (cloud-hypervisor, test)
       - Kata Containers CI / kata-containers-ci-on-push / build-kata-static-tarball-amd64 / build-asset (firecracker, test)
       - Kata Containers CI / kata-containers-ci-on-push / build-kata-static-tarball-amd64 / build-asset (kernel-dragonball-experimental, test)