Azure ATP Sensor Update - Does it require manual install of MSI?

%3CLINGO-SUB%20id%3D%22lingo-sub-1444010%22%20slang%3D%22en-US%22%3EAzure%20ATP%20Sensor%20Update%20-%20Does%20it%20require%20manual%20install%20of%20MSI%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1444010%22%20slang%3D%22en-US%22%3E%3CP%3EI%20would%20appreciate%20if%20we%20can%20get%20clarity%20on%20if%20major%20update%20for%20Azure%20ATP%20sensor%20will%20require%20download%20of%20MSI%20package%20and%20deployment%20by%20admin%20on%20each%20Domain%20Controller%20OR%20this%20is%20done%20automatically%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20trying%20to%20understand%20if%20there%20is%20any%20way%20we%20can%20control%20installation%20and%20deployment%20of%20major%20upgrades%20of%20Azure%20ATP%20sensor%20on%20Domain%20Controller%20servers%20in%20Production%20environment.%20From%20Microsoft%20documentation%20it%20seems%20that%20if%20delayed%20upgrade%20selected%20then%20does%20it%20mean%20that%20after%2072%20hours%20the%20Azure%20ATP%20Sensor%20is%20updated%20automatically%20on%20Domain%20Controllers.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20advise%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1444080%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ATP%20Sensor%20Update%20-%20Does%20it%20require%20manual%20install%20of%20MSI%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1444080%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63690%22%20target%3D%22_blank%22%3E%40nitin%20nagar%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3ENo%2C%20no%20need%20for%20manual%20actions%2C%20the%20updater%20will%20take%20care%20of%20major%20updates%20as%20well%20if%20any.%3C%2FP%3E%0A%3CP%3EThose%20are%20extremely%20rare.%3CBR%20%2F%3EYou%20can%20control%20for%20each%20DC%20if%20you%20allow%20it%20to%20auto%20restart%20or%20not.%20if%20not%2C%20and%20a%20major%20update%20is%20pushed%2C%20the%20sensor%20will%20be%20pending%20a%20manual%20restart%20to%20complete%20the%20update.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Esee%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fsensor-update%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fsensor-update%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%22%3CSPAN%3EControl%20automatic%20sensor%20restarts%20(for%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3Emajor%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3Bupdates)%20in%20the%20Azure%20ATP%20portal%20configuration%20page.%22%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3ENote%20that%20we%20are%20working%20on%20removing%20the%20major%20updates%20%2C%20so%20we%20won't%20need%20them%20any%20more%2C%20thus%20won't%20need%20to%20reboot%26nbsp%3B%20at%20all%2C%20but%20this%20is%20a%20bug%20effort%20and%20will%20take%20months%20at%20best.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EEli%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1449397%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ATP%20Sensor%20Update%20-%20Does%20it%20require%20manual%20install%20of%20MSI%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1449397%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F106935%22%20target%3D%22_blank%22%3E%40Eli%20Ofek%3C%2FA%3E%26nbsp%3B%20First%20thanks%20for%20responding%20to%20my%20question.%20Can%20you%20please%20also%20confirm%20if%20the%20Azure%20ATP%20sensor%20after%20update%20BUT%20before%20restart%20of%20domain%20controller%20WILL%20CONTINUE%20to%20operate%20as%20usual.%20If%20Yes%2C%20then%20is%20there%20any%20time%20limit%20before%20which%20the%20domain%20controller%20must%20be%20restarted%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20trying%20to%20ensure%20that%20we%20have%20some%20control%20over%20restarting%20domain%20controllers%20in%20our%20production%20environment%20and%20at%20the%20same%20time%20ensure%20that%20Azure%20ATP%20sensors%20continue%20to%20operational%20even%20when%20domain%20controllers%20are%20required%20to%20be%20restarted%20after%20delayed%20upgrade.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20advise%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3ENitin%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1449581%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ATP%20Sensor%20Update%20-%20Does%20it%20require%20manual%20install%20of%20MSI%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1449581%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63690%22%20target%3D%22_blank%22%3E%40nitin%20nagar%3C%2FA%3E%26nbsp%3BWe%20do%20our%20best%20to%20maintain%20support%20for%20the%20previous%20version%20so%20it%20can%20still%20be%20functional%20until%20update%20completes.%20we%20need%20that%20because%20of%20the%20option%20to%20delay%20a%20deployment.%3C%2FP%3E%0A%3CP%3Ein%20some%20cases%20it%20will%20be%20partially%20online%2C%20and%20might%20not%20yet%20work%20with%20new%20features.%3C%2FP%3E%0A%3CP%3EAlso%2C%20if%20you%20keep%20it%20like%20that%20too%20long%20(many%20days)%2C%20while%20we%20try%20to%20preserve%20backwards%20compatibility%20a%20few%20versions%20back%2C%20we%20can't%20grantee%20it%26nbsp%3B%20%2C%20so%20the%20advice%20is%20to%20reboot%20as%20soon%20as%20possible%20to%20complete%20the%20update.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWhile%20that%20said%2C%20those%20majors%20are%20extremely%20rare.%20from%20GA%20till%20now%20it%20happened%20ONCE.%26nbsp%3B%3CBR%20%2F%3Eand%20since%20it%20rare%2C%20we%20do%20make%20an%20effort%20to%20let%20customers%20know%20via%20the%20different%20community%20channels%20that%20it%20is%20coming...%20and%20in%20most%20chances%20will%20also%20let%20you%20know%20how%20you%20can%20prepare%20to%20avoid%20the%20need%20to%20reboot%2C%20for%20example%2C%20if%20you%20are%20currently%20running%20.net%204.7.0%2C%20and%20we%20found%20an%20issue%20that%20will%20force%20us%20to%20move%20to%204.8%2C%20and%20this%20will%20require%20a%20reboot%2C%20we%20will%20tell%20you%20ahead%20that%20if%26nbsp%3B%20you%20upgrade%20to%20.net%204.8%20at%20will%20before%20that%20at%20your%20own%20time%2C%20and%20there%20are%20no%20other%20pending%20reboots%20on%20the%20machine%2C%20the%20update%26nbsp%3B%20will%20complete%20without%20the%20need%20to%20reboot%20at%20all.%3CBR%20%2F%3EThis%20is%20true%20for%20new%20deployments%20as%20well%2C%20we%20suggest%20to%20customer%20to%20pre%20install%20.net%204.7%20or%20higher%20before%20on%20their%20own%20planned%20time%2C%20this%20way%20when%20deploying%20the%20sensor%20for%20the%20first%20time%2C%20if%20there%20are%20no%20pending%20reboots%20already%2C%20they%20won't%20need%20a%20reboot%20at%20this%20point%20as%20well.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

I would appreciate if we can get clarity on if major update for Azure ATP sensor will require download of MSI package and deployment by admin on each Domain Controller OR this is done automatically?

 

We are trying to understand if there is any way we can control installation and deployment of major upgrades of Azure ATP sensor on Domain Controller servers in Production environment. From Microsoft documentation it seems that if delayed upgrade selected then does it mean that after 72 hours the Azure ATP Sensor is updated automatically on Domain Controllers.

 

Please advise

 

 

3 Replies
Highlighted

@nitin nagar 
No, no need for manual actions, the updater will take care of major updates as well if any.

Those are extremely rare.
You can control for each DC if you allow it to auto restart or not. if not, and a major update is pushed, the sensor will be pending a manual restart to complete the update.

 

see https://docs.microsoft.com/en-us/azure-advanced-threat-protection/sensor-update

"Control automatic sensor restarts (for major updates) in the Azure ATP portal configuration page."

 

Note that we are working on removing the major updates , so we won't need them any more, thus won't need to reboot  at all, but this is a bug effort and will take months at best.

 

Eli

@Eli Ofek  First thanks for responding to my question. Can you please also confirm if the Azure ATP sensor after update BUT before restart of domain controller WILL CONTINUE to operate as usual. If Yes, then is there any time limit before which the domain controller must be restarted?

 

We are trying to ensure that we have some control over restarting domain controllers in our production environment and at the same time ensure that Azure ATP sensors continue to operational even when domain controllers are required to be restarted after delayed upgrade.

 

Please advise

 

Thanks

Nitin

Highlighted

@nitin nagar We do our best to maintain support for the previous version so it can still be functional until update completes. we need that because of the option to delay a deployment.

in some cases it will be partially online, and might not yet work with new features.

Also, if you keep it like that too long (many days), while we try to preserve backwards compatibility a few versions back, we can't grantee it  , so the advice is to reboot as soon as possible to complete the update.

 

While that said, those majors are extremely rare. from GA till now it happened ONCE. 
and since it rare, we do make an effort to let customers know via the different community channels that it is coming... and in most chances will also let you know how you can prepare to avoid the need to reboot, for example, if you are currently running .net 4.7.0, and we found an issue that will force us to move to 4.8, and this will require a reboot, we will tell you ahead that if  you upgrade to .net 4.8 at will before that at your own time, and there are no other pending reboots on the machine, the update  will complete without the need to reboot at all.
This is true for new deployments as well, we suggest to customer to pre install .net 4.7 or higher before on their own planned time, this way when deploying the sensor for the first time, if there are no pending reboots already, they won't need a reboot at this point as well.