Important Changes: Azure Update Delivery Service Tag to Be Deprecated in 2024

  • Thread Author
Azure Update Delivery service tag is a component that assists in facilitating the delivery of Windows updates to Azure Firewall. As of July 1, 2024, the Azure Update Delivery service tag will be deprecated. This change necessitates a shift away from using this service tag towards utilizing Azure Firewall application rules for receiving Windows updates.

Understanding the Azure Update Delivery Service Tag​

The Azure Update Delivery service tag is a part of Azure Firewall service tags, which are collections of IP addresses and ranges linked to specific resources. These tags simplify the firewall configuration process by automatically updating IP addresses. The AzureUpdateDelivery service tag specifically enables Windows devices to scan for Windows updates, ensuring that they securely connect to Microsoft services.

Changes and Implications​

The evolving workflow now involves content downloads from third-party Content Delivery Networks (CDNs) outside the Azure network. Consequently, relying on service tags like AzureUpdateDelivery and AzureFrontDoor.FirstParty for scanning and downloading updates may encounter issues. To adapt, it is recommended to transition to Azure Firewall application rules with Fully Qualified Domain Name (FQDN) filtering tags, allowing the same functionality using DNS hosts.

Action Steps for Users​

  • Transition Recommendations: Move away from the AzureUpdateDelivery and AzureFrontDoor.FirstParty service tags and adopt Azure Firewall application rules.
  • Creating Firewall Rules: Implement Windows Update FQDN tags in your Azure Firewall policy to authorize Windows updates for desktop and server devices.
  • Utilize Microsoft Guidance: Refer to official Microsoft documentation for configuring enterprise firewalls and proxies for Windows updates.
  • Consider WSUS: Another option is utilizing Windows Server Update Services (WSUS) to manage Windows updates within your network perimeter.

    Conclusion​

    The deprecation of the Azure Update Delivery service tag signifies the need for users to adapt their firewall configurations to ensure continued Windows update delivery. This change reflects an ongoing commitment to security and efficiency in managing system updates. By following the recommended actions, users can maintain a robust and reliable update delivery mechanism for their Windows devices.
 


Back
Top