It's unsurprising to me that *nix systems are the majority on Azure. It is surprising to me that enterprise shops still commission new Windows servers at all in $current_year.
In supporting the enterprise, pretty much every application I deal with is unfortunately "Windows Only". Accounts tends to be managed by MYOB, Quickbooks or in the large firms, Accountants Office (also a MYOB product). All these ship with Windows services, Attache being particularly offensive as it has "known issues" with clients on Windows 8.1 or higher. Pay is often Payglobal or NAV, which again is Windows.
The closest I had was a LexisNexis product that used to run on a Linux server - until our account manager told us they were dropping Linux because, and I quote, "Linux has too many security problems". I've supported two different EMR (medical) products, and at least five different POS products, all Windows only. Even when we get a SaaS product running in a web browser, half the time it's "IE only".
I'd give a lot to live in the type of organisation without this legacy.
Tinfoil theory incoming: NSA pressures windows to have the largest attack surface possible by default. With the hope that any given targeted system will have at least one piece of default bloatware still running, presumably they have 0-days for most all of them.
Even putting aside the tinfoil hat. The NSA would never pressure anyone to have a larger attack surface, that would just make it easier for competing nations and attackers to discover flaws, which would render their own efforts moot
if Russia discovers how to hack Cortana and keeps it private, that in no way impinges on NSA's ability to use the same hack to compromise, say, an Iranian system. The more possible avenues for attack, the better (for attackers).
I have no idea what they were thinking. Yes, you can disable it with a policy editing. For a server product, you shouldn't have to.