Register SQL Server Installation with Azure and using Azure Update Manager for Patching
To register a SQL Server installation with Azure, you typically use the SQL IaaS Agent extension for Azure Virtual Machines.
The SQL Server IaaS Agent extension allows for integration with the Azure portal, and unlocks a number of benefits for SQL Server on Azure VMs:
- Feature benefits: The extension unlocks a number of automation feature benefits, such as portal management, license flexibility, automated backup, automated patching and more. See Feature benefits in the article by Microsoft.
- Compliance: The extension offers a simplified method to fulfill the requirement of notifying Microsoft that the Azure Hybrid Benefit has been enabled as is specified in the product terms. This process negates needing to manage licensing registration forms for each resource.
- Free: The extension is completely free. There’s no additional cost associated with the extension.
- Integration with centrally managed Azure Hybrid Benefit: SQL Server VMs registered with the extension can integrate with Centrally managed Azure Hybrid Benefit, making it easy manage the Azure Hybrid Benefit for your SQL Server VMs at scale.
- Simplified license management: The extension simplifies SQL Server license management, and allows you to quickly identify SQL Server VMs with the Azure Hybrid Benefit enabled using:
In this post I will show show step by step how to register a SQL server installation with Azure and how to update the SQL Server by using Azure Update Manager.
For using the Azure Update Manager to patch the SQL server it is not required to register the SQL server with Azure, this is just a requirement in case we want to use automated patching.
Automated Patching relies on the SQL Server IaaS Agent Extension. When registering the SQL server with Azure, since mid to late 2023 by default Azure Update Manager (new experience) will be enabled.
The Automated Patching feature will be retired on September 15th, 2027, so I will not focus on automated patching in this post.
Introduction
Registering with the SQL Server IaaS Agent extension creates the SQL virtual machine resource within your subscription, which is a separate resource from the virtual machine resource.
Deleting the extension from your SQL Server VM removes the SQL virtual machine resource but doesn’t drop the actual virtual machine.
Deploying a SQL Server VM Azure Marketplace image through the Azure portal automatically registers the SQL Server VM with the extension, which includes registering the subscription with the Microsoft.SqlVirtualMachine resource provider (RP), if it’s not already registered.
However, if you choose to self-install SQL Server on an Azure virtual machine (like in this post shown), or provision an Azure virtual machine from a custom VHD, then you must register your SQL Server VM with the SQL IaaS Agent extension to unlock full feature benefits and manageability.
By default, Azure VMs that have SQL Server 2016 or later installed will be automatically registered with the SQL IaaS Agent extension when detected by the CEIP service. See the SQL Server privacy supplement for more information. For information about privacy, see the SQL IaaS Agent extension privacy statements.
To utilize the SQL IaaS Agent extension, you must first register your subscription with the Microsoft.SqlVirtualMachine provider, which gives the SQL IaaS Agent extension the ability to create resources within that specific subscription. Then you can register your SQL Server VM with the extension.
Installing SQL Server 2019
To show how to register a SQL Server installation with Azure, I will first create a new Windows Server 2022 virtual machine in Azure and afterwards installing the SQL Server 2019 Standard Edition 2019 64 Bit directly by hand on the virtual machine by using an ISO file with the SQL server image.
I will so far not check to use Microsoft Update to check for updates.
In order to also get updates for the SQL server, we need to enable Microsoft Updates on the server, for demonstration purpose I will not check this here, we can enable it later.
I will install just the database engine services and client connectivity tools and SDK.
For testing SQL Server updates by using Azure Update Manger I will just install a default instance.
Next I will install the SQL Server Management Studio 21, for this post I will just use it to determine the installed version of SQL Server 2019.
Install SQL Server Management Studio | Microsoft Learn
I will select yes to try the new connection dialog experience, this will also allow us to easily trust the self-signed server certificate, used to encrypt the connection as shown below.
To connect to the localhost we can also just type a dot in the server name field.
Without checking on the new connection dialog Trust Server Certificate we will run into this well-known error.
So this time by just checking to trust the server certificate.
This is finally set on the advanced properties.
To determine the installed SQL server release we can use the following SQL query.
SELECT
SERVERPROPERTY('ProductVersion') AS ProductVersion,
SERVERPROPERTY('ProductLevel') AS ProductLevel,
SERVERPROPERTY('Edition') AS Edition,
SERVERPROPERTY('EngineEdition') AS EngineEdition;
So far the SQL Server is still on its initial RTM release and no updates were installed.
15.0.2000.5 is the initial release of SQL Server 2019 RTM (Released-To-Manufacturing) — meaning:
No cumulative updates (CU) have been installed.
The available updates in Azure Update Manager (AUM) after installing the SQL Server on the virtual machine, so far the AUM doesn’t find any new updates for the SQL server.
Register the SQL Server installation with Azure
To register your SQL Server VM with the SQL IaaS Agent extension, you must first register your subscription with the Microsoft.SqlVirtualMachine resource provider (RP).
This gives the SQL IaaS Agent extension the ability to create resources within your subscription. You can do so by using the Azure portal, the Azure CLI, or Azure PowerShell.
You can manually register your SQL Server VM with the SQL IaaS Agent extension by using Azure PowerShell or the Azure CLI.
Provide the SQL Server license type as either pay-as-you-go (PAYG) to pay per usage, Azure Hybrid Benefit (AHUB) to use your own license, or disaster recovery (DR) to activate the free DR replica license.
It’s not currently possible to register your SQL Server VM with the SQL IaaS Agent extension by using the Azure portal.
PS> Connect-AzAccount -Tenant $tenantId -Subscription $subscriptionID PS> $vm = Get-AzVM -Name W2K22-VM01 -ResourceGroupName VMs PS> New-AzSqlVM -Name $vm.Name -ResourceGroupName $vm.ResourceGroupName -Location $vm.Location -LicenseType 'AHUB'
Verify current SQL Server VM registration status by using Azure PowerShell. ProvisioningState shows as Succeeded if registration was successful.
PS> Get-AzSqlVM -Name <vm_name> -ResourceGroupName <resource_group>
An error indicates that the SQL Server VM hasn’t been registered with the extension.
We will now also see the SQL IaaS Agent extension in the Azure portal on the virtual machine blade under Settings -> Extensions + applications as shown below.
We will now also see two VMs with the same name when searching for as shown below.
When you deploy a SQL Server on a VM using the Azure Marketplace image or register a SQL installation with Azure (like in my case and show above), Azure creates:
- A regular Virtual Machine (type: Virtual machine)
This is the actual compute resource running Windows/Linux and SQL Server
Shows up under “Virtual machines” in the portal.
- A SQL Virtual Machine (type: SQL virtual machine)
This is a resource wrapper or management plane object that Azure uses to manage SQL Server-specific configurations (via the SQL IaaS Agent Extension).
Shows up under “SQL virtual machines”.
Allows Azure to offer SQL-specific features: automated backups, patching, license management, etc.
Both resources refer to the same VM instance, but from different Azure service perspectives.
When clicking above on the SQL virtual machine, we finally open the resource wrapper or management plane object that Azure uses to manage SQL Server-specific configurations (via the SQL IaaS Agent Extension).
Shown up under “SQL virtual machines” and allows Azure to offer SQL-specific features: automated backups, patching, license management, etc.
Patching the SQL Server by using Azure Update Manager
If you see Leave new experience below, then you’ve already enabled Azure Update Manager integration to update the SQL server by using Azure Update Manager.
As mentioned since mid to late 2023 by default Azure Update Manager (new experience) will be enabled and the Automated Patching feature will be retired on September 15th, 2027.
I will now trigger again an assessment to check if new updates for the SQL server are available.
Same as previously, still no updates for the SQL server found despite the fact it is running on the initial release of SQL Server 2019 RTM (Released-To-Manufacturing).
After triggering the first time an Azure Update Manager assessment, a few minutes later the virtual machine is onboarded to Azure Update Manager and the “Receive updates for other Microsoft products when you update Windows” option now is greyed out as shown below.
Azure Update Manager registers the VM for update orchestration, and depending on the configuration, locks the Microsoft Update setting.
By default, the local Windows Update client (aka Windows Update Agent WUA) is configured to provide updates only for the Windows operating system.
Azure Update Manager uses the Windows Update Agent (WUA) on the VM to assess and apply updates. By default, it only queries Windows Update, not Microsoft Update (which includes SQL, .NET, Office, etc.).
The maintenance configuration on the Azure Update Manager where you can use to schedule updates also includes under Settings -> Updates the option to specify which classification should be included in the updates.
This classification doesn’t specify if Microsoft Update will be also included finally in addition to the default Windows Update, it will just define which classification of updates (for both Windows Update or Microsoft Update) will be applied.
If we enable above on the virtual machine the Receive updates for other Microsoft products when you update Windows setting, we will also receive updates for other Microsoft products. Updates include security patches for Microsoft SQL Server and other Microsoft software.
We can enable Microsoft Update to finally getting updates for the SQL server also during the installation of SQL server as mentioned to the beginning.
Run the following PowerShell command on the server to enable Microsoft Update and to receive also updates for the SQL server.
Turn on:
PS> (New-Object -ComObject Microsoft.Update.ServiceManager).AddService2("7971f918-a847-4430-9279-4a52d1efe18d",7,"")
Turn off:
PS> (New-Object -com "Microsoft.Update.ServiceManager").RemoveService("7971f918-a847-4430-9279-4a52d1efe18d")
Opt-In to Microsoft Update
You can opt a computer in to the Microsoft Update service and then register that service with Automatic Updates.
https://learn.microsoft.com/en-us/windows/win32/wua_sdk/opt-in-to-microsoft-update
This registers the Microsoft Update service alongside Windows Update.
We can check registration in the registry and its following key: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services
As mentioned we can also enable Microsoft Update during the installation when checking the option below, this will also set the above registry key.
This will also set our toggle switch with “Receive updates for other Microsoft products when you update Windows” to On but can take a few seconds.
I will trigger an assessment again to see if Azure Update Manager now finally finds new updates for the SQL Server installation on the virtual machine.
See there now it will suddenly find a cumulative update and security update for the SQL Server 2019.
I will now perform a One-time update to see if our SQL Server 2019 will be updated successfully.
On the Azure Update Manager a few minutes later we can see that the installation of the updates is switching from 5 pending updates into no pending updates and finally finished the installation.
One update couldn’t be installed.
We can see that now the version changed from 15.0.2000.5 (RTM initial release) into 15.0.4435.7 (SQL Server 2019 GDR build release date July 08, 2025, as of today the latest version).
A General Distribution Release (GDR) branch that contains only security and other critical fixes.
A cumulative update (CU) branch that contains security and other critical fixes plus all other fixes for the baseline.Source: https://learn.microsoft.com/en-us/troubleshoot/sql/releases/new-mu-servicing-model
SELECT
SERVERPROPERTY('ProductVersion') AS ProductVersion,
SERVERPROPERTY('ProductLevel') AS ProductLevel,
SERVERPROPERTY('Edition') AS Edition,
SERVERPROPERTY('EngineEdition') AS EngineEdition;
After the update we can see that the update history is just shown on the old control panel under Programs and Features – Installed Updates but not in the new settings under Windows Updates -> View update history as shown below.
The Control Panel’s “Installed Updates” section provides a more comprehensive and enduring record of all updates, including those installed manually or from sources other than Windows Update.
Windows Settings’ “Update History,” on the other hand, offers a more current and streamlined view of updates specifically retrieved through Windows Update.
More about the Azure Update Manager you will find in my following post.
About how to quickly onboard a new virtual machine to Azure Update Manager, you will see in the next section.
Onboarding Virtual Machines to Azure Update Manager
To onboard new virtual machines to Azure Update Manager, we need to select the virtual machine within the Azure Update Manger under Resources -> Machines and click on Update settings.
To onboard virtual machines to Azure Update Manager we can also use Azure Policy as shown in my following post https://blog.matrixpost.net/mastering-azure-update-manager-part-2/.
To onboard a new virtual machine to Azure Update Manager we need to adjust the update settings for the virtual machine.
When an Azure Update Manager operation(AUM) is enabled or triggered on our Azure or Arc-enabled servers, like performing an assessment or patch operation, the AUM installs an Azure extension or Arc-enabled servers extensions on the virtual machine to manage the updates.
Azure Update Manager does not install a visible Azure VM extension, but it uses the Azure VM Guest Agent to orchestrate updates and may inject a platform-managed component during assessment or patch runs, this is not shown in the Extensions UI.
This will finally onboard the virtual machine to Azure Update Manager.
So to finally onboard the new virtual machine to Azure Update Manager, I will trigger an assessment below by clicking on Check for updates.
The assessment is now in progress and as mentioned, this will also trigger to install an Azure extension on the virtual machine.
A few minutes later the virtual machine is onboarded to Azure Update Manager and the “Receive updates for other Microsoft products when you update Windows” option now is greyed out as shown below.
Azure Update Manager registers the VM for update orchestration, and depending on the configuration, locks the Microsoft Update setting.
Links
Register Windows SQL Server VM with SQL IaaS Agent extension
https://learn.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/sql-agent-extension-manually-register-single-vm?view=azuresql&tabs=azure-portalAutomated Patching for SQL Server on Azure virtual machines
https://docs.azure.cn/en-us/azure-sql/virtual-machines/windows/automated-patchingKB4518398 – SQL Server 2019 build versions
https://learn.microsoft.com/en-us/troubleshoot/sql/releases/sqlserver-2019/build-versions
