How to configure a proxy limited to Windows Update services ?

Julien Sénéchal 6 Reputation points
2024-06-21T14:50:51.73+00:00

Hello,

I am using Azure Arc to manage my On-Premises machines directly in Azure with the help of Azure Update Manager.

For security reasons, I need to restrict my machines' access to the Internet. Therefore, I have implemented a Proxy through which all my Azure Arc agents pass to facilitate access management through the firewall. This way, we can limit management and security errors.

My issue now is that when I want to perform an update assessment on the machines, the requests do not seem to go through the proxy as I expected but are blocked by the firewall.

I need to "route" the Windows Update service requests through my proxy. However, I cannot find a solution that allows me to route only the specific traffic I am interested in without routing all the machine's traffic (http/https ofc).

Could you suggest any solutions?

Thank you in advance.

Best regards,

Azure Arc
Azure Arc
A Microsoft cloud service that enables deployment of Azure services across hybrid and multicloud environments.
365 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,503 questions
Windows Network
Windows Network
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Network: A group of devices that communicate either wirelessly or via a physical connection.
696 questions
Azure Update Manager
Azure Update Manager
An Azure service to centrally manages updates and compliance at scale.
265 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alan La Pietra (CSA) 80 Reputation points Microsoft Employee
    2024-07-01T08:22:01.3666667+00:00

    Hello! It's great to hear that you are using Azure Arc to manage your On-Premises machines directly in Azure with the help of Azure Update Manager. I understand that you need to restrict your machines' access to the Internet and want to route the Windows Update service requests through your proxy. To route only the specific traffic you are interested in without routing all the machine's traffic, you can use the Azure Update Management proxy configuration feature. This feature allows you to configure a proxy server for Windows Update services only. Here are the steps to configure the proxy server for Windows Update services: 1. In the Azure portal, go to your Automation account. 2. Click on the Update Management tab. 3. Click on the Proxy Configuration tab. 4. Select the checkbox for "Use a proxy server for Windows Update services". 5. Enter the proxy server address and port number. 6. Click on Save. After configuring the proxy server for Windows Update services, the requests for Windows Update services will be routed through the proxy server. I hope this helps! Let me know if you have any further questions.