Changes coming to the Azure Update Delivery service tag

Originally posted by Microsoft Jun 4, 2024 Uncategorized 0 Comments

If you use the Azure Update Delivery service tag to scan for Windows updates at your organization, get ready for change. Azure Firewall service tags are collections of IP addresses and ranges associated with a named resource. The Azure Update Delivery tag is being deprecated starting July 1, 2024. Instead, we recommend using Azure Firewall application rules. Read a new article that provides further context and next steps for various scenarios. 
 

When will this happen: 
This change goes into effect starting July 1, 2024.  
 
How this will affect your organization: 
You will need to switch from using the Azure Update Delivery service tag to application firewall rules before July 1, 2024. This change will address issues with content download failures while scanning for updates, especially if these downloads come from third-party Content Delivery Networks (CDNs) outside of the Azure network.  
 
What you need to do to prepare: 
Please consult the new article for detailed instructions for the following scenarios:  
  • First, check your Azure Firewall policy network rules to see if you’re using the Azure Update delivery service tag.  
  • If you do, create Windows Update application firewall rules to replace the AzureUpdateDelivery and AzureFrontDoor.FirstParty service tags. 
  • Alternatively, use Microsoft guidance for enterprise firewalls and proxies or Windows Server Update Services. 
 
Additional information: 

Message ID: MC797425

Comments are closed.

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: