![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 73%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Azure Arc
A Microsoft cloud service that enables deployment of Azure services across hybrid and multicloud environments.
Hello
Thank you for posting your question in the Microsoft Q&A forum.
To upgrade the Azure Arc agent (Azure Connected Machine agent) across all servers automatically using Azure Update Manager (AUM), follow these steps:
Prerequisites
- Ensure all servers are onboarded to Azure Arc.
- Azure Update Manager must be enabled in your subscription (part of Azure Automation).
- Servers must have Log Analytics agent (AMA or MMA) installed if using AUM for patch management.
Create an Update Deployment for Arc Agent Upgrades
- Navigate to Azure Update Manager: Go to Azure Portal → Azure Automation → Update Management.
- Schedule an Update Deployment:
- Select "Schedule update deployment".
- Under Update classifications, choose "Critical" and "Security" (Arc agent updates fall under these categories).
- Target Arc-Enabled Servers:
- Scope the deployment to Azure Arc machines using:
- Dynamic groups (e.g., Resource type = "Azure Arc for servers").
- Manual selection of Arc machines.
- Scope the deployment to Azure Arc machines using:
- Configure Maintenance Window: Set a recurring schedule (e.g., monthly) to ensure continuous updates.
- Pre/Post Scripts (Optional): Use Automation Runbooks to validate agent health post-upgrade.
Verify and Monitor Upgrades
- Check Update Manager compliance dashboard for agent upgrade status.
- Use Azure Resource Graph to query Arc agent versions:
kusto code as below:
Resources
| where type == "microsoft.hybridcompute/machines"
| extend agentVersion = properties.agentVersion
| project name, agentVersion
Alternative: Azure Policy for Enforced Upgrades
- Assign "Deploy latest Azure Connected Machine agent" policy (Azure Policy → "Deploy if not exists").
- Ensures new and existing Arc servers auto-update.
Troubleshooting
If updates fail, check:
- Network connectivity (Arc agent requires https://*.his.arc.azure.com).
- Log Analytics agent health (required for AUM).
By following these steps, Azure Arc agents will stay up-to-date automatically via Azure Update Manager.
If the above answer helped, please do not forget to "Accept Answer" as this may help other community members to refer the info if facing a similar issue. Your contribution to the Microsoft Q&A community is highly appreciated.