![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 4%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
Azure Arc
A Microsoft cloud service that enables deployment of Azure services across hybrid and multicloud environments.
On an Arc-enabled Windows Server 2025 Standard machine, hotpatching is managed and surfaced through Azure Update Manager. To verify that hotpatching is enabled and see how it is behaving, use these checks:
- Confirm hotpatch enrollment/status for that server
- In the Azure portal, go to Azure Update Manager.
- Under Resources, select Machines and then select the specific Arc-enabled server.
- On the Arc-enabled machine | Updates page, under Recommended updates, check the Hotpatch section:
- Status values mean:
- Enabled – license enrolled and the machine is enabled for hotpatch updates.
- Not enrolled – license available but not enrolled on this machine.
- Disabled – license enrolled but machine not enabled for hotpatch.
- Pending – enrollment in progress.
- Canceled – license canceled on this machine.
- Status values mean:
- Check hotpatch status at scale (optional)
- In Azure Update Manager → Machines, select Edit columns.
- Add the Hotpatch status column and Save.
- Filter Resource type to Arc-enabled server to see the hotpatch status for all Arc-connected servers, including this one.
- Verify hotpatch updates and reboot behavior
- On the same Arc-enabled machine | Updates page, use Recommended updates → Check for updates to trigger an on-demand assessment, or ensure periodic assessment is enabled.
- After assessment completes, review the list of available/installed updates and the Reboot required column.
- For hotpatch months, hotpatch-classified security updates should normally show as installed without requiring a reboot.
- A reboot is still required when a new baseline (cumulative update) is released, typically every three months, so seeing a reboot prompt in a baseline month is expected behavior.
Because hotpatch is orchestrated via Windows Update and Azure Update Manager, the authoritative indication that it is working is:
- Hotpatch status = Enabled for the server, and
- Security updates in hotpatch months installing with Reboot required = No, except when a new baseline is applied.
If the March update required a reboot, verify whether March was a baseline month for Windows Server 2025; baseline months always require a reboot even with hotpatching enabled.
References: