
Today, I’d like to walk you through how to efficiently update extensions on machines connected via Azure Arc.
Recently, I noticed that in the two commonly used extensions — WindowsOsUpdateExtension and WindowsPatchExtension — there was a little arrow pointing up in Azure Portal . This means that newer versions are available and ready to be installed.
While it is technically possible to update these extensions manually on each machine, doing so in larger environments quickly becomes time-consuming and inefficient. Let’s be honest — no one wants to click through dozens (or hundreds) of servers one by one.
Why These Extensions Matter
Before diving into automation, let’s briefly explain what these extensions do:
- WindowsOsUpdateExtension
This extension enables integration with Azure Update Manager and allows centralized patching of Windows machines connected via Azure Arc. It ensures your servers stay compliant with security and update policies. - WindowsPatchExtension
This extension is responsible for orchestrating patch installation workflows on Arc-enabled servers. It plays a key role in executing update deployments and maintaining system consistency.
Together, these extensions allow you to bring Azure-native patch management capabilities to on-premises or hybrid environments, which is a core value of Azure Arc.
Automation
To solve this, I created a PowerShell script that automates the entire process.
What the script does:
- Updates both WindowsOsUpdateExtension and WindowsPatchExtension
- Iterates through all Azure Arc-enabled machines within a subscription
- Works across multiple resource groups
- Displays progress, including:
- Which machine is currently being updated
- Execution order
This allows you to perform bulk updates in a consistent, controlled, and scalable way.
The script can be found on my GitHub account:
https://github.com/pstopka-tech/AzureArc.git
A Small but Important Detail on Versioning
While working on the script, I ran into a small detail that turned out to be a bit more tricky than expected.
In the Azure Portal, the available update for WindowsPatchExtension is shown as:
1.5.80.0

So naturally, I assumed that I should use the exact same version in the script.
However, it turns out that:
- In the code, the correct version to use is: 1.5.80
- And after the update, Azure also reflects the installed version as: 1.5.80

That small difference (.0) can be a bit misleading and may cause unnecessary troubleshooting if you’re not aware of it.
So if you’re automating extension updates like I did, it’s definitely something worth keeping in mind.
Final Thoughts
Azure Arc brings powerful cloud management capabilities to hybrid environments, but to fully benefit from it, keeping extensions up to date is essential.
Instead of managing updates manually, automation allows you to scale operations efficiently and focus on higher-value tasks.

Leave a Reply