Home NewsX How to preview: Azure Arc-connected Hotpatching for Windows Server 2025

How to preview: Azure Arc-connected Hotpatching for Windows Server 2025

by info.odysseyx@gmail.com
0 comment 5 views


As you may recall, we recently announced: Public Preview HotPatching on Windows Server 2025 VMs in Azure. With this latest preview, we are moving toward meeting the top customer request for this feature on their on-premises machines. With this optional HotPatching feature, you can enjoy the benefits of reduced reboots on your Windows Server 2025 machines. This feature was previously limited to Windows Server 2022 Azure Edition VMs in Azure. This preview gives you the opportunity to try out this new feature, see how it works in the future on Windows Server 2025, and provide feedback.

What is hotpatching?

Hotpatching is a method of installing OS security updates on a system without requiring a reboot after installation. It works by patching the in-memory code of a running process without requiring the process to be restarted. This feature was initially Windows Server 2022 Azure Edition.

  • Hotpatch update packages provide enhanced protection by limiting them to Windows security updates that install faster and without reboot.
  • Azure Update Manager helps you reduce exposure to security risks and change windows, and makes patch orchestration easier.
  • Fewer binaries mean updates download and install faster and use less disk and CPU resources.
  • Fewer reboots means less workload.

What’s included in the preview?

This preview lets you connect Windows Server 2025 Datacenter Evaluation Edition machines to Azure Arc and subscribe to HotPatching. [See steps below].

  • Connect Windows Server 2025 Datacenter Evaluation Machines to Azure Arc
  • Subscribe/Unsubscribe to HotPatching Service via Azure Arc Portal
  • Natively manages Hotpatch update deployments in Azure. Azure Update Manager.

Get started

To get started, follow the steps below. If you have any feedback or questions, please contact us. hotpatchfeedback@microsoft.com

step

guideline

Create a VM using WS 2025 Datacenter in the Evaluation Center

Setting up a VM using Windows Server 2025 Preview

Download the ISO image Evaluation CenterYou may be asked to fill out a form and provide your email address.

Vishal Bajaj_0-1726523759707.png

Create a Gen 2 VM on Hyper-V or another platform and use the option to create the VM using an ISO.

Vishal Bajaj_14-1726523201623.png

For installation media, point to the ISO you downloaded from the Evaluation Center.

Vishal Bajaj_15-1726523201631.png

Please read the document below for detailed steps.

Create a Virtual Machine in Hyper-V | Microsoft Learn

Create a Virtual Machine with Hyper-V in Windows 11 | Microsoft Learn

If you are using it VMWare As a virtualization platform, in the following cases: Select Guest OS Page, Select Enable Windows Virtualization-based Security. More details here.

Enable virtualization-based security

Run the command below in an elevated command prompt. A reboot is required after setting the registry.

Reg add "HKLM\SYSTEM\ControlSet001\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f

To verify that VBS is running after reboot, open “System Information” on your computer.

Vishal Bajaj_16-1726523201632.png

****If you are using VMWare If VBS is not running yet, follow the instructions here. Enabling Virtualization-Based Security on Virtual Machines (vmware.com)

Install KB5040435 (7B security update)

Download and install July Security Updates Or use Azure Update Manager. This is required to ensure that the September security updates do not require a reboot.

Connect VMs to Azure Arc

Connect your VM to Azure Arc. Quick Start – Connect Hybrid Machines to Azure Arc-enabled Servers – Azure Arc | Microsoft Learn

You need to run the script in the Azure Arc portal on the machine (Powershell).

Sign up as an administrator + subscribe to HotPatch

Now enable hotpatching.

Click Azure Arc at the top of the page.

Vishal Bajaj_17-1726523201635.png

Click here machine On the left panel

Vishal Bajaj_18-1726523201636.png

You will now see the Azure Arc connected machine you have set up in the list. Click on it.

Vishal Bajaj_19-1726523201639.png

This will take you to the server management page, where you will see the Hotpatch card at the bottom.

Vishal Bajaj_20-1726523201640.png

Clicking on that tile will bring up a fly-in page where you can select hotpatching next to it. Check the box and check Click the button below. In the background, the Azure Arc connection server will be configured to receive hotpatches.

Vishal Bajaj_0-1726612909178.png

It will take about 10 minutes for the job to complete. If you refresh the page while the job is in progress, the Hotpatch tile will display “On hold” Status. When the registration task is confirmed, the service is added to the Hotpatch tile. Activated.

memo: If the status is stuck as Pending, it is likely that the Azure Arc agent has not been updated. To update the Arc agent, run the following command in PowerShell on the machine.

[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor 3072;
Invoke-WebRequest -UseBasicParsing -Uri "https://aka.ms/azcmagent-windows" -TimeoutSec 30 -OutFile "$env:TEMP\install_windows_azcmagent.ps1";
& "$env:TEMP\install_windows_azcmagent.ps1";

Vishal Bajaj_22-1726523201643.png

Machines connected to Azure Arc are now ready to receive hotpatches.

9B Hotpatch Scan and Install

Now when you perform Check Windows Updates Hotpatch is provided. [see image below]. If a hot patch is not available, please pause the update and send us the update log. To get the update log, run the command in PowerShell. Get-WindowsUpdateLog

Below is a screenshot of the September Windows HotPatch update completed and no reboot was required.

HP 9B on 7B rebootless.jpg

You can also use SConfig to download and install Hotpatch updates if other updates are available that you do not want to install.

Scan and install the 9B Hotpatch using Azure Update Manager.

Azure Update Manager helps you identify all machines that can use hotpatches and schedule hotpatch installations.

Hot patches don’t disrupt availability, allowing you to update services immediately after release, creating faster schedules and requiring less planning to maintain stability across large fleets.

Here’s how to manage hotpatches using Azure Update Manager:

1. Check if a Hotpatch subscription is available or already activated. Update Tabs in Arc Server:

Vishal Bajaj_1-1726612978447.png

that change The options above allow you to activate or cancel your Hotpatch subscription as needed.

2. The 9B updates provided to this computer can be scanned and viewed by doing the following: evaluation.

Vishal Bajaj_2-1726613040582.png

3. To choose when to include and install specific 9B updates on your Arc server, create: Custom schedule or One-time updateIt can be installed immediately after release, so your device’s security is strengthened faster.

4. Verify that the 9B update is installed and check the reboot status. history.

Vishal Bajaj_3-1726613080122.png

These steps provide a streamlined way to plan a hotpatch installation on your Arc machine.

Hotpatch Preview FAQ:

Are there any prerequisites for subscribing to HotPatching?

There are some prerequisites.

  1. Windows Server 2025 Datacenter Evaluation
  2. Virtualization-based security must be enabled and running on the computer.
  3. July Security Updates Installed
  4. The machine must be connected to Azure Arc.





Source link

You may also like

Leave a Comment

Our Company

Welcome to OdysseyX, your one-stop destination for the latest news and opportunities across various domains.

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Laest News

@2024 – All Right Reserved. Designed and Developed by OdysseyX