Microsoft this week announced the public preview of new functionality to automatically deliver security patches to Windows virtual machines in Azure.
Called automatic VM guest patching, the feature is meant to improve the update management of Windows VMs to ensure security compliance through the automatic delivery of necessary patches.
Microsoft this week announced the public preview of new functionality to automatically deliver security patches to Windows virtual machines in Azure.
Called automatic VM guest patching, the feature is meant to improve the update management of Windows VMs to ensure security compliance through the automatic delivery of necessary patches.
Should the new feature be enabled, periodic assessment of the VM is performed, to determine if any applicable security updates are available, and all those patches that are classified as critical or security are automatically downloaded and installed, the company explains.
The patching process is automatically performed monthly, when Microsoft releases new security fixes through the Windows Update mechanism. The updates are fetched and applied during off-peak hours, based on the VM's time zone, but only on VMs that are running.
According to Microsoft, patch orchestration is managed by Azure. Furthermore, the tech company says, all patches are delivered based on availability-first principles, within 30 days of the monthly release.
“Patch assessment and installation are automatic, and the process includes rebooting the VM as required,” the tech company says.
Automatic VM guest patching is compatible with all VM sizes and the health of the virtual machine is monitored to identify any patching failures.
“An opt-in procedure is needed to use the public preview functionality. This preview version is provided without a service level agreement, and is not recommended for production workloads. Certain features might not be supported or might have constrained capabilities,” Microsoft notes.
Only virtual machines with the Azure VM Agent installed are supported by the new feature. Furthermore, the Windows Update service must be running on the VM, which needs to be able to access Windows Update endpoints.
Specific details on how the patch installation process is orchestrated, on available patch orchestration modes, and on what OS images are supported can be found on this documentation page.
Related: New Security Capabilities Announced for Microsoft 365, Azure
Related: Microsoft Releases Azure Security Benchmark
Related: Microsoft, Google Announce Wider Availability of Secure VMs
Tags: