.NET Core introduced a modern approach to patching, offering users the flexibility to leverage powerful tools like Intune, WSUS, or SCCM for managing updates. This shift from the traditional .NET Framework patching strategies empowers users to tailor their patching processes to best fit their unique environments. But wait, how would you update .NET core using Azure Update Manager?
This blog will share how to configure an Azure Virtual Machine or an Azure Arc-enabled virtual machine to utilize Azure Update Manager for patching .NET Core security updates.
There are two different changes that need to be made to the server to allow .NET Core to receive updates with Azure Update Manager:
Step 1: Create a registry entry for .NET core updates
Step 2: Change the Windows Server to receive other Microsoft Updates for patching.
The registry change allows .NET Core to become available to Automatic Updates.
.NET Automatic Updates for Server Operating Systems - .NET Blog (microsoft.com)
Step 1: Create a registry entry for .NET Core updates
You may execute PowerShell to enable this registry setting or create a .reg file to execute.
PowerShell example for all of .NET core versions:
New-Item -Path "HKLM:\SOFTWARE\Microsoft" -Name ".NET" -Force | Out-Null
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NET" -Name "AllowAUOnServerOS" -Value 1 -Type DWord
Or a PowerShell example for a specific .NET core version:
New-Item -Path "HKLM:\SOFTWARE\Microsoft\.NET" -Name "6.0" -Force | Out-Null
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NET\6.0" -Name "AllowAUOnServerOS" -Value 1 -Type DWord
Registry File example:
To use a .reg file for creating the registry entries, copy the text below into a new file (ex: dotnetcore.reg) and execute. This example will create both options for all versions of .NET core and version 6.0 of .NET core. Remove lines as needed.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NET]
"AllowAUOnServerOS"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NET\6.0]
"AllowAUOnServerOS"=dword:00000001
Step 2: Change the Windows Server to receive other Microsoft Updates for patching.
The other required change to make to the server is to change the Windows Server to receive “other Microsoft products” updates. This change allows other Microsoft products such as SQL Server, and in this example of .NET Core to become available for updating Windows Machines.
Configure Windows Update settings in Azure Update Manager | Microsoft Learn
Run these commands in PowerShell to change the update settings to receive other Microsoft product updates:
$ServiceManager = (New-Object -com "Microsoft.Update.ServiceManager")
$ServiceManager.Services
$ServiceID = "7971f918-a847-4430-9279-4a52d1efe18d"
$ServiceManager.AddService2($ServiceId,7,"")
Once these settings are changed. Use the ‘Check for updates’ option in Azure Update Manager. The patch should become available to the virtual machine for .NET Core.
In this example, an Azure Windows Server 2022 machine image had the .NET Core 6.0.27 installed. After the machine was checked for new updates, the patch is available now for .NET core 6.0.28.
For testing purposes this link is the .NET Core 6.0.27 installer. .NET Core 6.0.27 - Versions of .NET.
In conclusion, configuring Azure Update Manager to patch .NET Core security updates is a crucial step in maintaining the security and performance of your Azure Virtual Machines. By enabling the registry setting for automatic updates, you can ensure that your .NET Core installations are always up-to-date with the latest security patches.
This process not only simplifies the management of updates but also enhances the overall security posture of your environment. Whether you choose to use PowerShell commands or create a .reg file, the steps outlined in this article provide a clear and effective method for keeping your .NET Core installations secure and up-to-date.
*** Disclaimer ***
The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use
Updated Feb 24, 2025
Version 2.0
jpigott
Microsoft
Microsoft