Azure Update Delivery will be deprecated, and Azure Firewall will be impacted

The service will be deprecated on July 1st, 2024.

3 min. read

Published onJune 3, 2024

published onJune 3, 2024

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Do you know about future changes to the Azure Update Delivery service tag? If you use Azure Firewall to handle Windows updates, there is significant news that you should be aware of. From July 1st, 2024, the Azure Update Delivery service tag will no longer exist, according tothe official blog postpublished by the Redmond-based tech giant last week.

This signifies that if your setup depends on this service tag for receiving Windows updates, now is an ideal time to alter course and employ Azure Firewall application rules. Let us delve deeper into what this implies and how you can shift seamlessly without interruption.

Using Azure Firewall service tags has helped make firewall configurations easier to handle. These tags are like groups containing IP addresses and ranges linked with certain Azure resources; they automatically update whenever a change occurs.

This feature proves very handy when ensuring Windows devices can connect securely to Microsoft Windows Update services without constantly adjusting the firewall rules. For instance, the AzureUpdateDelivery service tag has allowed devices to scan for updates like operating system enhancements and driver and application patches by recognizing IP addresses used by Microsoft’s scanning services.

But change is happening. The method of content downloads is changing, too. Downloads are now more often coming from reliable third-party Content Delivery Networks (CDNs), which don’t have service tags, and this might interrupt the update process at a stage when content gets downloaded.

The answer is to stop using service tags such as AzureUpdateDelivery and AzureFrontDoor.FirstParty, and start using Azure Firewall application rules with Fully Qualified Domain Name (FQDN) filtering.

It is time to take action if you have explicitly used these service tags in your Azure Firewall rules. You should review your Azure Firewall policy network rules to verify their usage and begin planning the migration.

For affected individuals, the action suggested involves establishing Azure Firewall application rules set for the Windows Update FQDN tag.

This method ensures that your firewall recognizes precisely which hosts are reliable to scan and get update content from, maintaining security without needing you to manually update IP addresses.

But what if I’m using my own firewall or proxy services? Don’t worry; Microsoft assists with setting up these services to work well with Windows Update services.

For people who like to limit updates only inside the network boundary, there is another option called Windows Server Update Services (WSUS). This lets devices search and get updates without touching the internet at all.

The deprecation date is near, so it’s necessary to start moving forward with these new methods. The reason for this change isn’t merely to keep pace; it’s about guaranteeing that your environment stays safe and current.

In other news, Microsoft also released the capabilities of the Azure Web Application Firewall (WAF) andAzure Firewallinto theCopilot for Securitylast monthin a public preview.

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Azure Update Delivery will be deprecated, and Azure Firewall will be impacted#

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Azure Update Delivery will be deprecated, and Azure Firewall will be impacted