Patching Azure Edition for Windows Server and Automatic VM guest patching for Azure VMs

How is patching of Windows Server “Azure Edition” different from patching Windows servers using BigFix Patch in the on-premise datacenter?

One obvious consideration with patching cloud servers is any traffic costs incurred through caching and relays, but what about the new Automatic VM guest patching for Azure VMs, does this circumvent BigFix patching completely?

Is there any best practice or guidance specifically for OS patching of Windows Server Azure Edition, or for Windows Server VMs in Azure generally?

Actually curious about BigFix support. MS just announced Hotpatching is coming to all Windows Server 2025 install types, but will require a monthly licensing when running outside of Azure and the server has to connect to Azure ARC.

Basically it works where you apply a “baseline” (MS baseline here, not BigFix Baseline :D) in January, and then next 2 months you apply a OS Security Hotpatch, and then in April you would apply a new OS “baseline” (I assume this is basically the equivalent of a monthly cumulative) and reboot… then the cycle starts again. Only OS security is supported, nothing for .NET and OS updates.

I am emailing our account teams right now actually to get more info, since we are in process to renew HCL and Microsoft licensing.

MS Hotpatch Documentation for Server 2022

Windows Server Summit 2024 wrapup

Windows Server Summit 2024 - Hotpatching: Improving server security and productivity

1 Like