Windows Server runs best in Microsoft Azure, especially when you look at the great management capabilities like Azure Automanage. At Microsoft Ignite, the team announced the new Windows Server 2022 edition and some great new features for Azure Automanage and one called hotpatch for Windows Server Azure virtual machines (VMs). Yes, this allows you to patch and install updates to your Window Server VMs in Azure without requiring a reboot.
Since I was part of this preview feature, I am happy to finally publicly talking and writing about this feature. Hotpatching is a new way to install updates on new Windows Server Azure Edition virtual machines (VMs) that doesn’t require a reboot after installation and comes with the following benefits:
- Lower workload impact with less reboots
- Faster deployment of updates as the packages are smaller, install faster, and have easier patch orchestration with Azure Update Manager
- Better protection, as the Hotpatch update packages are scoped to Windows security updates that install faster without rebooting
You can find more about this feature on Microsoft Docs (Keep in mind this feature is currently in preview).
Hotpatch works by first establishing a baseline with a Windows Update Latest Cumulative Update. Hotpatches are periodically released (for example, on the second Tuesday of the month) that build on that baseline. Hotpatches will contain updates that don’t require a reboot. Periodically (starting at every three months), the baseline is refreshed with a new Latest Cumulative Update.Microsoft Docs
There are two types of baselines: Planned baselines and unplanned baselines.
- Planned baselines are released on a regular cadence, with hotpatch releases in between. Planned baselines include all the updates in a comparable Latest Cumulative Update for that month, and require a reboot.
- Unplanned baselines are released when an important update (such as a zero-day fix) is released, and that particular update can’t be released as a Hotpatch. When unplanned baselines are released, a hotpatch release will be replaced with an unplanned baseline in that month. Unplanned baselines also include all the updates in a comparable Latest Cumulative Update for that month, and also require a reboot.
You can find more details on how hotpatch for Windows Server Azure VMs works, on Microsoft Docs.
How to get started with Hotpatch for Windows Server Azure Virtual Machines
Here is how you can use hotpatching for Windows Server virtual machines running in Azure.
Enable hotpatching preview
Since this feature is currently in preview, you will need to enable it in your Azure subscription. To do that you can simply run these Azure PowerShell commands. (You can also run these commands in Azure CloudShell)
Register-AzProviderFeature -FeatureName InGuestHotPatchVMPreview -ProviderNamespace Microsoft.Compute Register-AzProviderFeature -FeatureName InGuestAutoPatchVMPreview -ProviderNamespace Microsoft.Compute Register-AzProviderFeature -FeatureName InGuestPatchVMPreview -ProviderNamespace Microsoft.Compute
This will take up to 15 minutes. You can check the status of the registration with the following commands:
Get-AzProviderFeature -FeatureName InGuestHotPatchVMPreview -ProviderNamespace Microsoft.Compute Get-AzProviderFeature -FeatureName InGuestAutoPatchVMPreview -ProviderNamespace Microsoft.Compute Get-AzProviderFeature -FeatureName InGuestPatchVMPreview -ProviderNamespace Microsoft.Compute
After the features have been registred, you will need to make sure your Microsoft.Compute resource provider is reregistered:
Register-AzResourceProvider -ProviderNamespace Microsoft.Compute
Now you can start using hotpatching for new Azure VMs running Windows Server 2019 Datacenter: Azure Edition.
Deploy a new Azure VM with hotpatch for Windows Server enabled
To use this feature you currently need to deploy a new Azure virtual machine running the Windows Server 2019 Datacenter: Azure Edition image. During the preview, you’ll need to get started using this link.
Now on the create page make sure you still have the Windows Server 2019 Datacenter: Azure Edition selected.
Under management make sure that hotpatching is set to On and Patch installation defaulted to Azure-orchestrated patching.
If you now go to the virtual machines , you can manage the patch settings and review the patch status of your Azure virtual machine.
Here you can find an overview of missing updates of the virtual machine. If you don’t have an assessment right now (since you just deployed the VM, you can trigger it by pressing Access now.
Azure Automanage is a great feature to automatically manage your Azure virtual machines, and with hotpatch for Windows Server VMs, it just became even better! It helps you to reduce reboots of your Windows Server, and with that reduce downtime. And at the same time, makes sure that your servers are patched. If you have any questions feel free to leave a comment below.
By the way, if you are running Linux VMs in Azure, we have some great news for you too! We now have Automanage for Linux VMs in Azure!Last modified: March 3, 2021