Discovering Azure

How to Update Azure Arc Extensions at Scale

Published by

Patrycja Stopka

on

Today, I’d like to walk you through how to efficiently update extensions on machines connected via Azure Arc.

Recently, I noticed that in the two commonly used extensions — WindowsOsUpdateExtension and WindowsPatchExtension — there was a little arrow pointing up in Azure Portal . This means that newer versions are available and ready to be installed.

While it is technically possible to update these extensions manually on each machine, doing so in larger environments quickly becomes time-consuming and inefficient. Let’s be honest — no one wants to click through dozens (or hundreds) of servers one by one.

Why These Extensions Matter

Before diving into automation, let’s briefly explain what these extensions do:

  • WindowsOsUpdateExtension
    This extension enables integration with Azure Update Manager and allows centralized patching of Windows machines connected via Azure Arc. It ensures your servers stay compliant with security and update policies.
  • WindowsPatchExtension
    This extension is responsible for orchestrating patch installation workflows on Arc-enabled servers. It plays a key role in executing update deployments and maintaining system consistency.

Together, these extensions allow you to bring Azure-native patch management capabilities to on-premises or hybrid environments, which is a core value of Azure Arc.

Automation

To solve this, I created a PowerShell script that automates the entire process.

What the script does:

  • Updates both WindowsOsUpdateExtension and WindowsPatchExtension
  • Iterates through all Azure Arc-enabled machines within a subscription
  • Works across multiple resource groups
  • Displays progress, including:
    • Which machine is currently being updated
    • Execution order

This allows you to perform bulk updates in a consistent, controlled, and scalable way.

The script can be found on my GitHub account:

https://github.com/pstopka-tech/AzureArc.git

A Small but Important Detail on Versioning

While working on the script, I ran into a small detail that turned out to be a bit more tricky than expected.

In the Azure Portal, the available update for WindowsPatchExtension is shown as:

1.5.80.0

So naturally, I assumed that I should use the exact same version in the script.

However, it turns out that:

  • In the code, the correct version to use is: 1.5.80
  • And after the update, Azure also reflects the installed version as: 1.5.80

That small difference (.0) can be a bit misleading and may cause unnecessary troubleshooting if you’re not aware of it.

So if you’re automating extension updates like I did, it’s definitely something worth keeping in mind.

Final Thoughts

Azure Arc brings powerful cloud management capabilities to hybrid environments, but to fully benefit from it, keeping extensions up to date is essential.

Instead of managing updates manually, automation allows you to scale operations efficiently and focus on higher-value tasks.

Leave a Reply

I’m Pati

Welcome to my corner of the internet dedicated to Microsoft Azure. Here, I invite you to join me on a journey into technology — exploring cloud services, sharing practical tips, and uncovering how Azure shapes the way we work and build solutions. Whether you’re just starting your cloud adventure or already deep into the Azure universe, this space is all about learning, inspiration, and growing together.

Let’s connect

Recent posts

Discover more from Discovering Azure

Subscribe now to keep reading and get access to the full archive.

Continue reading