Hotpatch for Windows Server Azure VMs

Hotpatch for Windows Server Azure virtual machines VMs

Windows Server runs best in Microsoft Azure, especially when you look at the great management capabilities like Azure Automanage. At Microsoft Ignite, the team announced the new Windows Server 2022 Azure edition and some great new features for Azure Automanage and one called hotpatch for Windows Server Azure virtual machines (VMs). Yes, this allows you to patch and install updates to your Window Server VMs in Azure without requiring a reboot.

Since I was part of this preview feature, I am happy to finally publicly talk and write about this feature. Hotpatching is a new way to install updates on new Windows Server Azure Edition virtual machines (VMs) that doesn’t require a reboot after installation and comes with the following benefits:

  • Lower workload impact with less reboots
  • Faster deployment of updates as the packages are smaller, install faster, and have easier patch orchestration with Azure Update Manager
  • Better protection, as the Hotpatch update packages are scoped to Windows security updates that install faster without rebooting

You can find more about this feature on Microsoft Docs.

Hotpatch works by first establishing a baseline with a Windows Update Latest Cumulative Update. Hotpatches are periodically released (for example, on the second Tuesday of the month) that build on that baseline. Hotpatches will contain updates that don’t require a reboot. Periodically (starting at every three months), the baseline is refreshed with a new Latest Cumulative Update.

Microsoft Docs
Windows Server Azure VM hotpatch sample schedule
Windows Server Azure VM hotpatch sample schedule (Source Microsoft Docs)

There are two types of baselines: Planned baselines and unplanned baselines.

  • Planned baselines are released on a regular cadence, with hotpatch releases in between. Planned baselines include all the updates in a comparable Latest Cumulative Update for that month, and require a reboot.
  • Unplanned baselines are released when an important update (such as a zero-day fix) is released, and that particular update can’t be released as a Hotpatch. When unplanned baselines are released, a hotpatch release will be replaced with an unplanned baseline in that month. Unplanned baselines also include all the updates in a comparable Latest Cumulative Update for that month, and also require a reboot.

You can find more details on how hotpatch for Windows Server Azure VMs works, on Microsoft Docs.

How to get started with Hotpatch for Windows Server Azure Virtual Machines

Now you can start using hotpatching for new Azure VMs running Windows Server 2022 Datacenter: Azure Edition Core Gen2.

Deploy a new Azure VM with hotpatch for Windows Server enabled

To use this feature you currently need to deploy a new Azure virtual machine running the Windows Server 2022 Datacenter: Azure Edition Core Gen2 image.

Now on the create page make sure you still have the Windows Server 2022 Datacenter: Azure Edition Core Gen2 selected.

Create Windows Server 2022 Datacenter Azure Edition Core Gen2 Hotpatch Virtual machine VM
Create Windows Server 2022 Datacenter Azure Edition Core Gen2 Hotpatch Virtual machine VM

To use this feature you currently need to deploy a new Azure virtual machine running the Windows Server 2022 Datacenter: Azure Edition Core Gen2 image.

Now on the create page make sure you still have the Windows Server 2022 Datacenter: Azure Edition Core Gen2 selected.

Enable Hotpach Azure VM
Enable Hotpach Azure VM

If you now go to the virtual machines, you can manage the patch settings and review the patch status of your Azure virtual machine.

Manage Guest patches Hotpach Azure VM
Manage Guest patches Hotpach Azure VM

Here you can find an overview of missing updates of the virtual machine. If you don’t have an assessment right now (since you just deployed the VM, you can trigger it by pressing Access now.)

Azure VM Windows Server Hotpatch Update Overview
Azure VM Windows Server Hotpatch Update Overview

Conclusion

Azure Automanage is an excellent feature to automatically manage your Azure virtual machines, and with hotpatch for Windows Server VMs, it just became even better! It helps you to reduce reboots of your Windows Server, and with that reduce downtime. And at the same time, makes sure that your servers are patched. If you have any questions, feel free to leave a comment below.

By the way, if you are running Linux VMs in Azure, we have some great news for you too! We now have Automanage for Linux VMs in Azure!