Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Microsoft Announces Public Preview of Automatic VM Guest Patching in Azure

Microsoft this week announced the public preview of new functionality to automatically deliver security patches to Windows virtual machines in Azure.

Called automatic VM guest patching, the feature is meant to improve the update management of Windows VMs to ensure security compliance through the automatic delivery of necessary patches.

Microsoft this week announced the public preview of new functionality to automatically deliver security patches to Windows virtual machines in Azure.

Called automatic VM guest patching, the feature is meant to improve the update management of Windows VMs to ensure security compliance through the automatic delivery of necessary patches.

Should the new feature be enabled, periodic assessment of the VM is performed, to determine if any applicable security updates are available, and all those patches that are classified as critical or security are automatically downloaded and installed, the company explains.

The patching process is automatically performed monthly, when Microsoft releases new security fixes through the Windows Update mechanism. The updates are fetched and applied during off-peak hours, based on the VM’s time zone, but only on VMs that are running.

According to Microsoft, patch orchestration is managed by Azure. Furthermore, the tech company says, all patches are delivered based on availability-first principles, within 30 days of the monthly release.

“Patch assessment and installation are automatic, and the process includes rebooting the VM as required,” the tech company says.

Automatic VM guest patching is compatible with all VM sizes and the health of the virtual machine is monitored to identify any patching failures.

“An opt-in procedure is needed to use the public preview functionality. This preview version is provided without a service level agreement, and is not recommended for production workloads. Certain features might not be supported or might have constrained capabilities,” Microsoft notes.

Advertisement. Scroll to continue reading.

Only virtual machines with the Azure VM Agent installed are supported by the new feature. Furthermore, the Windows Update service must be running on the VM, which needs to be able to access Windows Update endpoints.

Specific details on how the patch installation process is orchestrated, on available patch orchestration modes, and on what OS images are supported can be found on this documentation page.

Related: New Security Capabilities Announced for Microsoft 365, Azure

Related: Microsoft Releases Azure Security Benchmark

Related: Microsoft, Google Announce Wider Availability of Secure VMs

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.