Hotpatching for Azure Arc–Connected Servers: General Availability and Subscription Details
Effective July 16, 2025, Hotpatching for Windows Server 2025 on Azure Arc–connected machines will be generally available (GA) and transition to a paid subscription model. This post provides technical details on the service, the value of hotpatching for on-premises servers, and important enrollment information for customers. What Is hotpatching? Hotpatching enables you to install OS security updates on Windows Server without requiring a reboot. This technology, previously exclusive to Windows Server Datacenter: Azure Edition, is now available for on-premises and hybrid environments through Azure Arc. Hotpatching has been in public preview at no cost, but as of July 16, 2025, a monthly subscription fee of $1.50 USD per CPU core will apply. Why hotpatching for on-premises servers? Minimize downtime: Apply critical security updates without interrupting workloads or requiring planned maintenance windows. Improve security posture: Reduce the window of vulnerability by deploying patches as soon as they are available. Operational efficiency: Eliminate the need for frequent reboots, simplifying patch management for IT teams. Consistent experience: Use the same hotpatching process across Azure, on-premises, and hybrid environments with Azure Arc. Enrollment and billing To receive hotpatches on Windows Servers outside of Azure, customers must enroll their servers. The servers must be on the latest cumulative update released during a baseline month (January, April, July and October) by Microsoft on the second Tuesday of the month. Only enrolled servers will continue to receive hotpatches and be billed accordingly. Preview customers: If already enrolled during the preview period, then no action is needed to continue to receive hotpatches. If you enrolled in hotpatching during the Preview and do not wish to be billed after GA, you must disenroll your servers before July 16, 2025, to avoid charges. New customers: Enroll your eligible Windows Server 2025 machines via Azure Arc to activate hotpatching and start receiving updates. How to enroll in hotpatching To begin receiving hotpatches for your Azure Arc–connected Windows Server 2025 machines, follow these steps: Prerequisites Ensure your machine is connected to Azure Arc. Ensure Virtualization Based Security (VBS) is enabled and running. Confirm that the latest cumulative update from a baseline month (January, April, July, or October) is installed. Hotpatching is only offered if this requirement is met. Enrollment via Azure Portal Connect your server to Azure Arc. Navigate to the Windows Server resource in the Azure Arc portal. Click on the Hotpatch blade Check the box “I want to license this Windows Server to receive monthly hotpatches” and click on confirm under the hotpatch blade. Note: Enrollment operation takes a few minutes, so you may need to manually refresh the Azure portal to see the updated status. How to disenroll from hotpatching If you no longer wish to receive hotpatches or want to avoid billing after the preview period ending on July 16, 2025, you must disenroll from hotpatching service on Azure Arc portal. Disenrollment via Azure portal Go to the Azure Arc–connected server in the Azure Arc portal. Open the hotpatch blade. Uncheck the box “I want to license this Windows Server to receive monthly hotpatches” and click on confirm. Important: Disenroll before disconnecting the machine from Azure Arc. If you disconnect first, billing may continue for up to 30 days after the last connection. See this blog post for additional details. Disenrollment via API Set subscriptionStatus to "Disable" in the license profile payload. This action is synchronous and should reflect immediately, though portal refresh may still be required. Learn more If you’re interested in learning more, check out our April blog post and the on-demand session on Hotpatching and Update Management from our recent Windows Server Summit virtual event.
Announcing Windows Server vNext Preview Build 26360
Announcing Windows Server vNext Preview Build 26360 Hello Windows Server Insiders! Welcome to 2025! Today we are pleased to release a new build of the next Windows Server Long-Term Servicing Channel (LTSC) Preview that contains both the Desktop Experience and Server Core installation options for Datacenter and Standard editions, Annual Channel for Container Host and Azure Edition (for VM evaluation only). Branding remains, Windows Server 2025, in this preview - when reporting issues please refer to Windows Server vNext preview. If you signed up for Server Flighting, you should receive this new build automatically. What's New Windows Defender Application Control for Business (WDAC) Windows Defender Application Control (WDAC) for business is a software-based security layer that reduces attack surface by enforcing an explicit list of software that is allowed to run. Introduced with Windows Server 2025, we have provided Microsoft defined ‘default policy’ which can be applied to the server via PowerShell cmdlets, powered by our Security configuration platform called ‘OSconfig’. To learn more, please review Windows Defender Application Control for Business (WDAC) - Microsoft Community Hub. Windows Admin Center (WAC) Windows Server preview customers can download and install Windows Admin Center right from the Windows Server Desktop using the in-OS app that takes care of downloading and guides you through the installation process. Note: You must be running a desktop version of Windows Server Datacenter or Standard preview to access this feature. Windows Server Flighting is here!! If you signed up for Server Flighting, you should receive this new build automatically later today. For more information, see Welcome to Windows Insider flighting on Windows Server - Microsoft Community Hub. Feedback Hub app is now available for Server Desktop users! The app should automatically update with the latest version, but if it does not, simply Check for updates in the app’s settings tab. Known Issues Download Windows Server Insider Preview (microsoft.com) Flighting: The label for this flight may incorrectly reference Windows 11. However, when selected, the package installed is the Windows Server update. Please ignore the label and proceed with installing your flight. This issue will be addressed in a future release. Available Downloads Downloads to certain countries may not be available. See Microsoft suspends new sales in Russia - Microsoft On the Issues. Windows Server Long-Term Servicing Channel Preview in ISO format in 18 languages, and in VHDX format in English only. Windows Server Datacenter Azure Edition Preview in ISO and VHDX format, English only. Microsoft Server Languages and Optional Features Preview Keys: Keys are valid for preview builds only. Server Standard: MFY9F-XBN2F-TYFMP-CCV49-RMYVH Datacenter: 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67 Azure Edition does not accept a key Symbols: Available on the public symbol server – see Using the Microsoft Symbol Server. Expiration: This Windows Server Preview will expire September 15, 2025. How to Download Registered Insiders may navigate directly to the Windows Server Insider Preview download page. If you have not yet registered as an Insider, see GETTING STARTED WITH SERVER on the Windows Insiders for Business portal. We value your feedback! The most important part of the release cycle is to hear what's working and what needs to be improved, so your feedback is extremely valued. Beginning with Insider build 26063, please use the new Feedback Hub app for Windows Server if you are running a Desktop version of Server. If you are using a Core edition, or if you are unable to use the Feedback Hub app, you can use your registered Windows 10 or Windows 11 Insider device and use the Feedback Hub application. In the app, choose the Windows Server category and then the appropriate subcategory for your feedback. In the title of the Feedback, please indicate the build number you are providing feedback on as shown below to ensure that your issue is attributed to the right version: [Server #####] Title of my feedback See Give Feedback on Windows Server via Feedback Hub for specifics. The Windows Server Insiders space on the Microsoft Tech Communities supports preview builds of the next version of Windows Server. Use the forum to collaborate, share and learn from experts. For versions that have been released to general availability in market, try the Windows Server for IT Pro forum or contact Support for Business. Diagnostic and Usage Information Microsoft collects this information over the internet to help keep Windows secure and up to date, troubleshoot problems, and make product improvements. Microsoft server operating systems can be configured to turn diagnostic data off, send Required diagnostic data, or send Optional diagnostic data. During previews, Microsoft asks that you change the default setting to Optional to provide the best automatic feedback and help us improve the final product. Administrators can change the level of information collection through Settings. For details, see http://aka.ms/winserverdata. Also see the Microsoft Privacy Statement. Terms of Use This is pre-release software - it is provided for use "as-is" and is not supported in production environments. Users are responsible for installing any updates that may be made available from Windows Update. All pre-release software made available to you via the Windows Server Insider program is governed by the Insider Terms of Use.
