|
| 1 | +--- |
| 2 | +title: Hotpatching on Azure Arc-enabled machines |
| 3 | +description: This article details how to manage hotpatching on Azure Arc-enabled machines. |
| 4 | +ms.service: azure-update-manager |
| 5 | +ms.date: 10/06/2024 |
| 6 | +ms.topic: how-to |
| 7 | +author: SnehaSudhirG |
| 8 | +ms.author: sudhirsneha |
| 9 | +--- |
| 10 | + |
| 11 | +# Manage Hotpatches on Arc-Enabled Machines |
| 12 | + |
| 13 | +**Applies to:** :heavy_check_mark: Windows VMs :heavy_check_mark: Linux VMs :heavy_check_mark: On-premises environment :heavy_check_mark: Azure Arc-enabled servers. |
| 14 | + |
| 15 | +Azure Update Manager enables you to install hotpatches on Windows Server Azure Editions and Arc-enabled machines. For more information, see [Hotpatch for virtual machines](https://learn.microsoft.com/windows-server/get-started/hotpatch). |
| 16 | + |
| 17 | +This article explains how to install hotpatches on compatible Arc-enabled machines. For Hotpatches being non-intrusive on availability, you can create faster schedules and update your services immediately after release, with less planning to maintain reliability of your machines at-scale. |
| 18 | + |
| 19 | +## Support matrix |
| 20 | + |
| 21 | +- Windows Server 2025 Standard Edition |
| 22 | +- Windows Server 2025 Datacenter Edition |
| 23 | + |
| 24 | + |
| 25 | +## Prerequisites |
| 26 | + |
| 27 | +- Verify that the machine has a supported OS SKU [Learn more](#support-matrix). |
| 28 | +- Confirm that Virtualization Based Security (VBS) is enabled. [Learn more](https://techcommunity.microsoft.com/t5/windows-server-news-and-best/how-to-preview-azure-arc-connected-hotpatching-for-windows/ba-p/4246895). |
| 29 | +- Ensure the machine is Arc-enabled. |
| 30 | + |
| 31 | +## Manage Hotpatches |
| 32 | + |
| 33 | +### Enroll hotpatch license |
| 34 | + |
| 35 | +To enroll hotpatch license, follow these steps: |
| 36 | + |
| 37 | +1. Sign in to the [Azure portal](https://portal.azure.com) and go to **Azure Update Manager** |
| 38 | +1. Under **Resources**, select **Machines** and then select the specific *Arc-enabled server*. |
| 39 | +1. Under the **Recommended updates** section, in Hotpatch, select **Change**. |
| 40 | +1. In the Hotpatch (preview), select **Enroll in Hotpatch** and then select **Confirm**. |
| 41 | + |
| 42 | + :::image type="content" source="./media/manage-hot-patching-arc-machines/enroll-hot-patch-license.png" alt-text="Screenshot showing how to enroll hotpatch license." lightbox="./media/manage-hot-patching-arc-machines/enroll-hot-patch-license.png"::: |
| 43 | + |
| 44 | +### Manage hotpatch updates |
| 45 | + |
| 46 | +After you enroll to hotpatch license, your machine is automatically opted in to receive hotpatch updates. |
| 47 | + |
| 48 | +To re-enable or disable updates at scale, follow these steps: |
| 49 | + |
| 50 | +1. Sign in to the [Azure portal](https://portal.azure.com) and go to Azure Update Manager. |
| 51 | +1. Under **Resources**, select **Machines** and in the **Azure Update Manager | Machines** page, under **Settings**, select **Update settings**. |
| 52 | +1. In **Change update settings** page, select **+Add machine**, to select the machine to which you want to change the update settings. |
| 53 | +1. In **Select resources** page, select the machines and then select **Add** to view the machines in **Change update settings** page. |
| 54 | +1. In the **Hotpatch** dropdown, select **Enable** and then select **Save**. |
| 55 | + |
| 56 | + :::image type="content" source="./media/manage-hot-patching-arc-machines/manage-hot-patch-updates.png" alt-text="Screenshot showing how to manage hotpatch updates." lightbox="./media/manage-hot-patching-arc-machines/enroll-hotpatch-license.png"::: |
| 57 | + |
| 58 | +### View hotpatch status |
| 59 | + |
| 60 | +#### [At scale](#tab/hotpatch-scale) |
| 61 | + |
| 62 | +To view the hotpatch status at scale on your machines, follow these steps: |
| 63 | + |
| 64 | +1. Sign in to the [Azure portal](https://portal.azure.com) and go to Azure Update Manager. |
| 65 | +1. Under **Resources**, select **Machines** and then select **Edit columns**. |
| 66 | +1. In **Choose columns**, select **Hotpatch status** and then select **Save**. |
| 67 | + The **Hotpatch status** column appears in the machines grid and displays the status for all Azure machines and Arc-enabled machines. To view only Arc related details, you can filter Resource Type as **Arc-enabled server**. |
| 68 | + |
| 69 | + :::image type="content" source="./media/manage-hot-patching-arc-machines/view-status-at-scale.png" alt-text="Screenshot showing how to view hotpatching status at scale." lightbox="./media/manage-hot-patching-arc-machines/view-status-at-scale.png"::: |
| 70 | + |
| 71 | +#### [On single VM](#tab/hotpatch-single) |
| 72 | + |
| 73 | +To view the hotpatch status on a single machine, follow these steps: |
| 74 | + |
| 75 | +1. Sign in to the [Azure portal](https://portal.azure.com) and go to Azure Update Manager. |
| 76 | +1. Under **Resources**, select **Machines** and then select the specific Arc-enabled machine. |
| 77 | +1. Under the **Recommended updates** section, you can view the Hotpatch status for your VM. |
| 78 | + |
| 79 | + :::image type="content" source="./media/manage-hot-patching-arc-machines/view-status-single-machine.png" alt-text="Screenshot showing how to view hotpatching status on single virtual machine." lightbox="./media/manage-hot-patching-arc-machines/view-status-single-machine.png"::: |
| 80 | + |
| 81 | +--- |
| 82 | + |
| 83 | +### Hotpatch statuses |
| 84 | + |
| 85 | +| Status | Meaning | |
| 86 | +|------|-----| |
| 87 | +| Not enrolled| License is available but not enrolled on this machine. | |
| 88 | +| Enabled | License is enrolled and machine is enabled for receiving hotpatch updates.| |
| 89 | +| Canceled | License has been canceled on the machine. | |
| 90 | +| Disabled | License is enrolled but the machine is disabled for receiving hotpatch updates. | |
| 91 | +| Pending | Interim status while enrollment is in progress. | |
| 92 | + |
| 93 | +### Check hotpatch updates |
| 94 | + |
| 95 | +You can enable either [periodic assessment](assessment-options.md#periodic-assessment) or [one-time update](assessment-options.md#check-for-updates-nowon-demand-assessment) to check for latest hotpatch updates. |
| 96 | + |
| 97 | +Periodic assessment automatically assesses for available updates and ensures that available patches are detected. You can view the results of the assessment on the **Recommended updates** tab, including the time of the last assessment. |
| 98 | + |
| 99 | +You can also choose to trigger an *on-demand patch assessment* for your VM at any time using the **Check for updates** option and review the results after assessment completes. In this assessment result, you can view the reboot status of the given update under **Reboot required** column. |
| 100 | + |
| 101 | +:::image type="content" source="./media/manage-hot-patching-arc-machines/check-hot-patch-updates.png" alt-text="Screenshot showing how to check hotpatching updates." lightbox="./media/manage-hot-patching-arc-machines/check-hot-patch-updates.png"::: |
| 102 | + |
| 103 | + |
| 104 | +### Install hotpatch updates |
| 105 | + |
| 106 | +To install, you can create a [user-defined schedule](scheduled-patching.md#schedule-recurring-updates-on-a-single-vm) or [one-time update](quickstart-on-demand.md#install-updates). You can install it immediately after it's available, allowing your machine to get secure faster. |
| 107 | + |
| 108 | +Using either of these options you can choose to install all available update classifications or only security updates. You can also specify updates to include or exclude by providing a list of individual hotpatch knowledge base articles. |
| 109 | + |
| 110 | +This ensures hotpatch updates that don't require reboots are installed in the same schedule or one-time update, making patch installation window predictable. |
| 111 | + |
| 112 | +### View history |
| 113 | + |
| 114 | +You can also view the history of update deployments on your VM through the [history](deploy-updates.md#view-update-history-for-a-single-vm). |
| 115 | + |
| 116 | +Update history from the past 30 days is displayed, along with patch installation details such as reboot status. |
| 117 | + |
| 118 | +:::image type="content" source="./media/manage-hot-patching-arc-machines/history-update-deployments.png" alt-text="Screenshot showing how to view the history of update deployments on your VM." lightbox="./media/manage-hot-patching-arc-machines/history-update-deployments.png"::: |
| 119 | + |
| 120 | + |
| 121 | + |
| 122 | +## Next steps |
| 123 | + |
| 124 | +* Learn more about [configure update settings](manage-update-settings.md) on your machines. |
| 125 | +* Learn more on how to perform an [on-demand update](deploy-updates.md). |
| 126 | + |
| 127 | + |
0 commit comments