Microsoft previews Azure's automatic VM guest patching feature

The new capability allows Azure to automatically update Windows virtual machine against vulnerabilities

Microsoft has announced a new feature for Azure that enables admins to automatically patch Windows virtual machines (VMs) against new security vulnerabilities.

The new capability, dubbed Automatic VM guest patching, is currently in public preview for Windows VM on Azure. When enabled, it will ensure that a VM on Azure is regularly assessed to find and apply applicable patches.

Azure will automatically install patches classified as ' Critical ' or ' Security ' within 30 days after the release of the monthly Windows Update. The patches will work for all VM sizes and will be installed - following availability-first principles - during off-peak hours in the VM's time zone.

Only VMs created from some specific OS platform images are supported in the public preview. The platform SKUs that are currently supported include:

While Azure will carry out periodic assessments for machines where automatic guest patching is enabled, system admins can also launch on-demand patch assessments at any time, for any of their VMs. The assessment process takes a few minutes, and the status will be updated on the VM's instance view.

The feature only works on VMs with the Azure VM Agent installed and the Windows Update service running. Moreover, the VM must use Compute API version 2020-06-01 or higher and must be able to access Windows Update endpoints.

Microsoft announced the general availability of Azure Monitor for VMs in March, offering users the ability to gain an in-depth view of VM performance trends and dependencies. Admins can access the feature from the Azure VM resource blade to view details about a single VM.

Users can also access the feature from the Azure Virtual Machine Scale Sets (VMSS) resource blade to view details about a single VM scale set.