How to preview: Azure Arc-connected Hotpatching for Windows Server 2025 by info.odysseyx@gmail.com September 20, 2024 written by info.odysseyx@gmail.com September 20, 2024 0 comment 5 views 5 As you may recall, we recently announced: Public Preview HotPatching on Windows Server 2025 VMs in Azure. With this latest preview, we are moving toward meeting the top customer request for this feature on their on-premises machines. With this optional HotPatching feature, you can enjoy the benefits of reduced reboots on your Windows Server 2025 machines. This feature was previously limited to Windows Server 2022 Azure Edition VMs in Azure. This preview gives you the opportunity to try out this new feature, see how it works in the future on Windows Server 2025, and provide feedback. What is hotpatching? Hotpatching is a method of installing OS security updates on a system without requiring a reboot after installation. It works by patching the in-memory code of a running process without requiring the process to be restarted. This feature was initially Windows Server 2022 Azure Edition. Hotpatch update packages provide enhanced protection by limiting them to Windows security updates that install faster and without reboot. Azure Update Manager helps you reduce exposure to security risks and change windows, and makes patch orchestration easier. Fewer binaries mean updates download and install faster and use less disk and CPU resources. Fewer reboots means less workload. What’s included in the preview? This preview lets you connect Windows Server 2025 Datacenter Evaluation Edition machines to Azure Arc and subscribe to HotPatching. [See steps below]. Connect Windows Server 2025 Datacenter Evaluation Machines to Azure Arc Subscribe/Unsubscribe to HotPatching Service via Azure Arc Portal Natively manages Hotpatch update deployments in Azure. Azure Update Manager. Get started To get started, follow the steps below. If you have any feedback or questions, please contact us. hotpatchfeedback@microsoft.com step guideline Create a VM using WS 2025 Datacenter in the Evaluation Center Setting up a VM using Windows Server 2025 Preview Download the ISO image Evaluation CenterYou may be asked to fill out a form and provide your email address. Create a Gen 2 VM on Hyper-V or another platform and use the option to create the VM using an ISO. For installation media, point to the ISO you downloaded from the Evaluation Center. Please read the document below for detailed steps. Create a Virtual Machine in Hyper-V | Microsoft Learn Create a Virtual Machine with Hyper-V in Windows 11 | Microsoft Learn If you are using it VMWare As a virtualization platform, in the following cases: Select Guest OS Page, Select Enable Windows Virtualization-based Security. More details here. Enable virtualization-based security Run the command below in an elevated command prompt. A reboot is required after setting the registry. Reg add "HKLM\SYSTEM\ControlSet001\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f To verify that VBS is running after reboot, open “System Information” on your computer. ****If you are using VMWare If VBS is not running yet, follow the instructions here. Enabling Virtualization-Based Security on Virtual Machines (vmware.com) Install KB5040435 (7B security update) Download and install July Security Updates Or use Azure Update Manager. This is required to ensure that the September security updates do not require a reboot. Connect VMs to Azure Arc Connect your VM to Azure Arc. Quick Start – Connect Hybrid Machines to Azure Arc-enabled Servers – Azure Arc | Microsoft Learn You need to run the script in the Azure Arc portal on the machine (Powershell). Sign up as an administrator + subscribe to HotPatch Now enable hotpatching. Click Azure Arc at the top of the page. Click here machine On the left panel You will now see the Azure Arc connected machine you have set up in the list. Click on it. This will take you to the server management page, where you will see the Hotpatch card at the bottom. Clicking on that tile will bring up a fly-in page where you can select hotpatching next to it. Check the box and check Click the button below. In the background, the Azure Arc connection server will be configured to receive hotpatches. It will take about 10 minutes for the job to complete. If you refresh the page while the job is in progress, the Hotpatch tile will display “On hold” Status. When the registration task is confirmed, the service is added to the Hotpatch tile. Activated. memo: If the status is stuck as Pending, it is likely that the Azure Arc agent has not been updated. To update the Arc agent, run the following command in PowerShell on the machine. [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor 3072; Invoke-WebRequest -UseBasicParsing -Uri "https://aka.ms/azcmagent-windows" -TimeoutSec 30 -OutFile "$env:TEMP\install_windows_azcmagent.ps1"; & "$env:TEMP\install_windows_azcmagent.ps1"; Machines connected to Azure Arc are now ready to receive hotpatches. 9B Hotpatch Scan and Install Now when you perform Check Windows Updates Hotpatch is provided. [see image below]. If a hot patch is not available, please pause the update and send us the update log. To get the update log, run the command in PowerShell. Get-WindowsUpdateLog Below is a screenshot of the September Windows HotPatch update completed and no reboot was required. You can also use SConfig to download and install Hotpatch updates if other updates are available that you do not want to install. Scan and install the 9B Hotpatch using Azure Update Manager. Azure Update Manager helps you identify all machines that can use hotpatches and schedule hotpatch installations. Hot patches don’t disrupt availability, allowing you to update services immediately after release, creating faster schedules and requiring less planning to maintain stability across large fleets. Here’s how to manage hotpatches using Azure Update Manager: 1. Check if a Hotpatch subscription is available or already activated. Update Tabs in Arc Server: that change The options above allow you to activate or cancel your Hotpatch subscription as needed. 2. The 9B updates provided to this computer can be scanned and viewed by doing the following: evaluation. 3. To choose when to include and install specific 9B updates on your Arc server, create: Custom schedule or One-time updateIt can be installed immediately after release, so your device’s security is strengthened faster. 4. Verify that the 9B update is installed and check the reboot status. history. These steps provide a streamlined way to plan a hotpatch installation on your Arc machine. Hotpatch Preview FAQ: Are there any prerequisites for subscribing to HotPatching? There are some prerequisites. Windows Server 2025 Datacenter Evaluation Virtualization-based security must be enabled and running on the computer. July Security Updates Installed The machine must be connected to Azure Arc. Source link Share 0 FacebookTwitterPinterestEmail info.odysseyx@gmail.com previous post September 2024 Viva Glint Customer Town Hall: Recap & Recording next post Now in preview: Hotpatch for Windows Server 2025 You may also like A New Dawn of Software Defined Networking (SDN) in Windows Server 2025 November 5, 2024 Get AI ready: Empowering developers in the era of AI November 5, 2024 Announcing the General Availability of Windows Server IoT 2025! November 5, 2024 America’s Partner Blog | Partners Make More Possible: Education November 4, 2024 Turn Microsoft Copilot into a personal assistant with Scheduled Prompts November 4, 2024 Sync identities from Rippling to Microsoft Entra ID November 4, 2024 Leave a Comment Cancel Reply Save my name, email, and website in this browser for the next time I comment.