Get in touch
Using Azure Arc to maximise your Defender for Server Plan 2 investment with Azure Update Manager

Using Azure Arc to maximise your Defender for Server Plan 2 investment with Azure Update Manager

Recently, I posted on how to maximise your Defender for Server Plan 2 investment with Microsoft Sentinel. In addition to the free Log Analytics data ingestion benefits previously discussed, you can also take advantage of other complimentary benefits included in Defender for Server P2, including Azure Update Manager.

Update Manager is a centralised service designed to manage and govern updates across all your servers. It allows you to monitor update compliance for both Windows and Linux systems, whether they are in Azure, on-premises, or connected through other cloud platforms via Azure Arc. With Update Manager, you can apply updates instantly or schedule them during specified maintenance windows.

For more information, you can explore all the features of Microsoft Defender for Servers Plan 2 here.

Deprecation of Windows Server Update Service (WSUS)

On September 20, 2024, Microsoft announced the deprecation of Windows Server Update Service (WSUS), with Azure Update Manager recommended as the replacement. For organisations without other tools like Microsoft Configuration Manager, Azure Update Manager provides a cost-effective way to ensure all servers remain secure and can be easily managed via the Azure Portal. On-boarding to Azure Arc is straightforward, with all core control plane features being free. Once on-boarded, you can also take advantage of additional Azure Arc features beyond Azure Update Manager.

Important: Keep in mind, some add-on Azure management services incur additional costs, so it is important to review all pricing before enabling extra features like Guest Configuration, Arc-enabled Kubernetes, Extended Updates, Arc Data Services, and more.

Previously, organisations might have used the Log Analytics workspace method to onboard non-Azure machines to Defender for Server, which was also recently deprecated on August 31, 2024. Please refer to changes to legacy Defender for Servers Plan 2 onboarding via Log Analytics. Therefore, organisations must migrate to newer methods to onboard to Defender for Server.

Introducing Azure Arc

The new method is to now use the Azure Arc agent for all non-Azure servers. Once the Arc agent is installed, each Arc connected server will appear as a resource in the Azure Portal. You can then target the Defender for Server plan to the Azure subscription that hosts the Arc resources, instead of the legacy Log Analytics workspace method.

There are several ways to deploy and on-board machines to Azure Arc. Recently, at a customer site, I deployed Azure Arc at scale to over 100+ servers using the Group Policy method. Setting up the required Service Principal, a Remote File Share, and a Group Policy Object was surprisingly easy. The deployment was fast, non-interactive, and did not require a restart.

Once on-boarded to Azure Arc, you can enable periodic assessments via Azure Policy at scale. Please refer to the “Configure periodic checking for missing system updates on azure Arc-enabled servers” policy definition. Azure Update Manager will then scan each connected Arc machine every 24 hours, reporting any missing updates that are required. You can then schedule deployment of updates via the Azure Update Manager portal, either at scale or on individual machines via one-time updates.

Conclusion

In summary, maximising your Microsoft Defender for Server Plan 2 investment goes beyond free Log Analytics data ingestion. It also includes key benefits like Azure Update Manager, particularly for Azure Arc connected machines. With the deprecation of WSUS, Azure Update Manager becomes a vital, cost-effective tool for managing server updates, whether in or outside of Azure Cloud. On-boarding to Azure Arc is straightforward, and once on-boarded, organisations can streamline update management through periodic assessments and scheduled updates via Azure Update Manager. For those transitioning from the deprecated Log Analytics Agent, using the Azure Arc agent ensures a smooth shift to modern cloud-based server management solutions.

If you require assistance to on-board to Azure Arc or to maximise your Defender for Server benefits, please get in touch.

Read more recent blogs

feature_image (1)

Agentic DevOps Safe Mode: A Practical Framework for Secure GitHub Copilot Agents

jpeg

How this simple change can make your Azure Databricks implementation better

devops-ai-mcp-feature-image

DevOps and AI Series: Azure Private MCP Registry

View all blogs

Shape what’s next

Get in touch
1300 907 809
info@arinco.com.au info@arinco.co.nz

Level 5, 440 Collins Street, Melbourne VIC 3000

Level 2, 24 Campbell St,
Sydney NSW 2000

200 Adelaide St,
Brisbane QLD 4000

191 St Georges Terrace
Perth WA 6000

Level 1, 155 Fanshawe Street, Auckland 1010

Part of

Arinco trades as Arinco (VIC) Pty Ltd, Arinco (NSW/QLD) Pty Ltd and Arinco Ltd. © 2024 All Rights Reserved Arinco™ | Privacy Policy | Sustainability and Our Community
Arinco acknowledges the Traditional Owners of the land on which our offices are situated, and pay our respects to their Elders past, present and emerging.

Get started on the right path to cloud success today. Our Crew are standing by to answer your questions and get you up and running.

CONTACT US