Azure Update Manager – Patching .NET Core

by Jeff Pigott | Posted on

.NET Core did not follow the same patching strategies that the original .NET Framework did. It was opting to use Intune, WSUS or SCCM for patching the machines. .NET Core became available to use with Automatic Updates, but something was still missing to make patches available through Azure Update Manager. This is where the quest began…

This blog will share how to configure the Azure Virtual machine to take advantage of utilizing Azure Update Manager to patch .NET Core security updates.

This registry change allows .NET Core to become available to Automatic Updates. This setting can be set for a specific version or all of .NET Core as the author lined out in the blog below.

.NET Automatic Updates for Server Operating Systems – .NET Blog (microsoft.com)

Create a .REG file entries:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NET]
"AllowAUOnServerOS"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NET\6.0]
"AllowAUOnServerOS"=dword:00000001
Or Use PowerShell(Admin) to create the registry entries:
# Create the .NET key if it doesn't exist
if (!(Test-Path -Path "HKLM:\SOFTWARE\Microsoft\.NET")) {
    New-Item -Path "HKLM:\SOFTWARE\Microsoft" -Name ".NET"
}
# Create the .NET\6.0 key if it doesn't exist
if (!(Test-Path -Path "HKLM:\SOFTWARE\Microsoft\.NET\6.0")) {
    New-Item -Path "HKLM:\SOFTWARE\Microsoft\.NET" -Name "6.0"
}
# Now set the values
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NET" -Name "AllowAUOnServerOS" -Value 1
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NET\6.0" -Name "AllowAUOnServerOS" -Value 1

The virtual machine needs to be able to look for other software updates outside of Windows update. This blog below covers different options to set this setting via PowerShell or Group Policy. Below is an example of the PowerShell configuration.

Configure Windows Update settings in Azure Update Manager | Microsoft Learn

$ServiceManager = (New-Object -com "Microsoft.Update.ServiceManager")
$ServiceManager.Services
$ServiceID = "7971f918-a847-4430-9279-4a52d1efe18d"
$ServiceManager.AddService2($ServiceId,7,"")

Once these settings are changed. Use the check for updates option in Azure Update Manager and you should see the patch become available to the virtual machine for .NET Core.

In this example, an Azure Windows Server 2022 machine image had the .NET Core 6.0.27 installed. After the machine was checked for new updates, the patch is available now for .NET core 6.0.28.

A screenshot of a computer Description automatically generated
Post Views: 88

About the author

Jeff Pigott is a Senior Cloud Solution Architect at Microsoft, with expertise in Azure technologies such as Arc, DevOps, security, storage, and more. He has over 29 years of experience in IT, development, and DevOps, working with various platforms, tools, and languages. He is passionate about learning the newest Microsoft technologies and services, and holds several Azure certifications.

Related Posts