Microsoft this week announced the public preview of new functionality to automatically deliver security patches to Windows virtual machines in Azure.
Called automatic VM guest patching, the feature is meant to improve the update management of Windows VMs to ensure security compliance through the automatic delivery of necessary patches.
Should the new feature be enabled, periodic assessment of the VM is performed, to determine if any applicable security updates are available, and all those patches that are classified as critical or security are automatically downloaded and installed, the company explains.
The patching process is automatically performed monthly, when Microsoft releases new security fixes through the Windows Update mechanism. The updates are fetched and applied during off-peak hours, based on the VM’s time zone, but only on VMs that are running.
According to Microsoft, patch orchestration is managed by Azure. Furthermore, the tech company says, all patches are delivered based on availability-first principles, within 30 days of the monthly release.
“Patch assessment and installation are automatic, and the process includes rebooting the VM as required,” the tech company says.
Automatic VM guest patching is compatible with all VM sizes and the health of the virtual machine is monitored to identify any patching failures.
“An opt-in procedure is needed to use the public preview functionality. This preview version is provided without a service level agreement, and is not recommended for production workloads. Certain features might not be supported or might have constrained capabilities,” Microsoft notes.
Only virtual machines with the Azure VM Agent installed are supported by the new feature. Furthermore, the Windows Update service must be running on the VM, which needs to be able to access Windows Update endpoints.
Specific details on how the patch installation process is orchestrated, on available patch orchestration modes, and on what OS images are supported can be found on this documentation page.
Related: New Security Capabilities Announced for Microsoft 365, Azure
Related: Microsoft Releases Azure Security Benchmark
Related: Microsoft, Google Announce Wider Availability of Secure VMs

More from Ionut Arghire
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- Apria Healthcare Notifying 2 Million People of Years-Old Data Breaches
- European Cybersecurity Firm Sekoia.io Raises $37.5 Million
- GitLab Security Update Patches Critical Vulnerability
- Android App With 50,000 Downloads in Google Play Turned Into Spyware via Update
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
