Blog Post

Azure Arc Blog
3 MIN READ

Generally Available: Windows Server 2012 and 2012 R2 Extended Security Updates enabled by Azure Arc

aurnovcy's avatar
aurnovcy
Icon for Microsoft rankMicrosoft
Sep 18, 2023

We are excited to announce that Windows Server 2012 and 2012 R2 Extended Security Updates (ESUs) enabled by Azure Arc is now Generally Available. Windows Server 2012 and 2012 R2 are going End of Support on October 10, 2023. With ESUs, customers who are running Windows Server 2012 on-premises or in other clouds can get three more years of critical security updates from Microsoft to protect their End of Life infrastructure. 

 

 

Why leverage Windows Server 2012 ESUs enabled by Azure Arc?

Windows Server 2012 ESU’s enabled by Azure Arc afford customers financial, management, and security benefits, beyond traditional Windows Server 2012 ESUs from Volume Licensing:

  • Monthly PAYG. Customers have no upfront annual commitments and are able to pay for what they need with the flexibility to deactivate ESU licenses mid-year as they migrate and modernize workloads to Azure.
  • Azure billing. As an Azure billed service, customers are able to decrement WS2012 ESUs enabled by Azure Arc from their MACC and can apply Azure Consumption Discounting (ACD) for price savings.
  • Seamless delivery. Azure Arc identifies and provides an inventory of all of the customers’ Windows Server 2012 and 2012 R2 servers, and with on-time point and click enrollment eliminates the need for annual MAK key deployment. 
  • Licensing flexibility. Customers have the ability to mix and match Standard and Datacenter licensing, and virtual core and physical core models, eliminating the need to match SKUs with their underlying host.
  • Azure management. Customers benefit from free access to Azure Update Manager, Azure Machine Configuration, and Azure Change Tracking and Inventory (AMA based) for their Azure Arc-enabled servers enrolled in WS2012 ESUs through Arc.

How can you enroll in Windows Server 2012 ESUs enabled by Azure Arc?

Taking advantage of this exciting new offer is as easy three steps: (1) onboard your servers to Azure Arc, (2) provision Windows Server 2012 Arc ESU licenses in Azure, and (3) link ESU licenses to your Azure Arc-enabled servers for access to critical security patches.

 

First, customers onboard their Windows Server 2012 and 2012 R2 machines to Azure Arc, deploying the Connected Machine agent onto their servers, using automation tool like Configuration Manager, PowerShell, or Group Policy. Customers can select from myriad networking options including public endpoint, proxy connectivity, and private link.

 

 

Next, customers provision Windows Server 2012 Extended Security Update licenses, specifying Standard or Datacenter edition and the number of cores (virtual or physical). Customers can modify the number of cores associated with a license and can deactivate/activate licenses. Billing for licenses will commence from End of Support on October 10, 2023. Extended Security Updates cost 100% of the full license price for Windows Server 2012 / 2012 R2. Note, this step requires attesting to meeting the Software Assurance and licensing requirements for using Extended Security Updates.

 

 

Finally, customers must link their Windows Server 2012 Extended Security Update licenses to their Azure Arc-enabled servers, to enroll the machines in ESUs. Customers do not need to re-enroll each year or manage any MAK Keys. Moreover, customers have the flexibility to use whatever first or third-party patching solution they prefer to receive the actual Windows Server 2012 ESU OS patches. Customers can utilize additional Azure services like Microsoft Defender for Cloud and Microsoft Sentinel to further secure their End of Support infrastructure.

 

 

With Windows Server 2012 and 2012 R2 End of Support days away, the time is now to onboard your server estate to Azure Arc and take advantage of this new offer. Extending Azure security, monitoring, and governance from cloud to edge, Azure Arc best positions our End-of-Life infrastructure customers as they migrate to innovate with Azure. Get started today: Deliver Extended Security Updates for Windows Server 2012. 

 

For additional resources, see:

 

Updated Sep 19, 2023
Version 5.0
azure arc
hybrid
servers
  • mattthekatt's avatar
    mattthekatt
    Copper Contributor
    Oct 24, 2023

    What is the process for a server 2012R2 MAK key for air gapped systems once the server is part of Azure ARC?

  • Joze_Markic's avatar
    Joze_Markic
    Copper Contributor
    Nov 05, 2023

    Hi Matt.

    As far as I understand how Azure Arc works, your scenario is a no-go... 

    Azure ARC (agent) requires internet access. More info here: Connected Machine agent network requirements - Azure Arc | Microsoft Learn

    Consider the following basic requirements when planning your deployment:

    • Your machines must run a supported operating system for the Connected Machine agent.
    • Your machines must have connectivity from your on-premises network or other cloud environment to resources in Azure, either directly or through a proxy server.
    • To install and configure the Azure Connected Machine agent, you must have an account with elevated privileges (that is, an administrator or as root) on the machines.
    • To onboard machines, you must have the Azure Connected Machine Onboarding Azure built-in role.
    • To read, modify, and delete a machine, you must have the Azure Connected Machine Resource Administrator Azure built-in role.

    All the best,

    Joze

  • mattthekatt's avatar
    mattthekatt
    Copper Contributor
    Nov 05, 2023

    I’ve resolved the issues.

    There was a problem with the CSP Tier 1 ESU order, which was addressed last week.  MS provision the skus, so the ESU updates could be ordered. So, if you need a MAK key (for Air Gap systems), place an order with a CSP Tier 1 and they will provision the key to your Office 365 tenant. The key is a subscription key for the period of October 2023 to October 2024. If you need a standard Server 2012R2, you need to purchase a 16-core license (minimum purchase for server 2012/R2)

    This is what you need to do for Air Gap     servers.