Azure Arc is a Microsoft service that extends Azure's management and monitoring capabilities to on-premises, multi-cloud, and edge environments, allowing organisations to centrally manage, secure, and govern resources across various infrastructure types using Azure tools and services.
In this blog post, we will delve into the importance of maintaining an updated Azure Arc agent and guide you through the seamless process of ensuring that your infrastructure remains secure, optimised, and primed for the future.
- A server with an outdated Azure Arc agent version installed
It is always best practice to run the latest version of the Azure Arc agent to ensure any bug fixes, stabilities enhancements, and new functionality is available. You can manually update installs of the agent on your Ubuntu and Debian operating systems using the following commands:
# Updating the local package index sudo apt update # Installing an Agent Update sudo apt upgrade azcmagent
The recommended way to update the Azure Arc agent on a Windows server is to obtain the updates through the same way you receive your Windows Update. Updating the Azure Arc agent doesn’t require you to reboot your server.
Windows Server doesn’t check for updates of other products by default, you need to configure the Windows update client on the machine to check for other Microsoft products. There are a number of ways you can manage updating the agent, from manually configuring Windows Updates on the server or through Group Policy and WSUS.
If you manage the updates on your server individually, you need to ensure that Windows Update is set up to grab updates from other Microsoft Products.
Within Windows Server 2012 R2 open the Control Panel > System and Security > Windows Update > *Check Settings. * And ensure the “Give me updates for other Microsoft products when I update Windows” is ticked
Within Windows Server 2016 open up Settings > Update & Security. Select Advanced Options under Update settings and ensure Give me updates for other Microsoft products when I update Windows, is selected.
If you are patching your servers using a WSUS server, you need to ensure that you add the following products and classifications to your configuration:
- Product Name : Azure Connected Machine Agent (select all 3 options)
- Classifications : Critical Updates, Update
This will ensure that it downloads and distributes the Azure Arc agent updates to your servers.
If you are managing a lot of servers then changes are you will be managing those servers through a Group Policy instead of controlling settings individually.
- Sign into a computer used for server administration with an account that can manage Group Policy Objects (GPO) within your environment.
- Open the Group Policy Management Console
- Expand the forest, domain, and organisational unit(s) to find the GPO you want to change or where you want a new one to be created
- Right-click the unit and select Create a GPO in this domain if you are creating a new one and ensure you link it here.
- Provide a name for your policy such as "Microsoft Updates"
- Right-click the policy and select Edit
- Navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Update
- Select the Configure Automatic Updates setting to edit it
- Select the Enabled radio button to allow the policy to take effect
- At the bottom of the Options section, check the box for Install updates for other Microsoft products
- Select OK
In today's rapidly evolving IT landscape, keeping your Azure Arc agent current is a proactive measure that will not only safeguard your resources but also equip your organisation for the challenges and opportunities of the future. So, take the time to update your Azure Arc agent and stay ahead in the ever-changing world of technology.