Windows Server 2022: Update KB5031364 installs Azure Arc Setup

Windows[German]Microsoft is using security update KB5031364 from October 10, 2023, once again to ship bloatware to Windows Server 2022 and causing frustration on the administrators side, struggling with an unwanted feature. People were quite surprised when an icon for Azure Arc Setup appeared in the taskbar after the update installation. Those who will be managing Azure instances from Windows Server 2022 should perhaps welcome this optional feature. But those who don't use Azure will be annoyed by the new bloatware from Redmond on Windows Server 2022. In the meantime, therefore, there is anger and frustration among server administrators about this latest detour from Redmond.

Azure ARC Setup via Update KB5031364

Cumulative update KB5031364 was released for Windows Server 2022 on October 10, 2023. I hadn't really caught it when I reported on this update in the blog post Patchday: Windows 11/Server 2022 Updates (October 10, 2023). But Microsoft's update description includes the following note:

  • New! This update adds an Azure Arc Setup Optional Component. It includes a new Azure Arc system tray icon and a new Server Manager entry for Azure Arc Management. There is also a graphical installer for the Azure Connected Machine agent. Now, you can turn on Azure Arc using just a few clicks. You do not need to run a PowerShell script. To learn more, see Connect Windows Server machines to Azure through Azure Arc Setup.

Azure Arc announced days after shipping

The guys and gals from Redmond are "pretty quick", their announcement of the installation of this goodie came on October 13, 2023 in the Techcommunity post Easily enable Azure Arc on Windows Server 2022, while update KB5031364 was already rolled out on October 10, 2023.

The astonished reader learns that a "number of new inbox experiences" have also come to Windows Server 2022 with security update KB5031364. This includes Azure Arc, as the update prepares Windows Server 2022 to connect to Azure Arc. Azure Arc is Microsoft's management platform for on-premises and multi-cloud servers.

From Microsoft there is this support article on Learn Microsoft to Microsoft Arc. From Microsoft it says there:

Windows Server machines can be onboarded directly to Azure Arc through a graphical wizard included in Windows Server. The wizard automates the onboarding process by checking the necessary prerequisites for successful Azure Arc onboarding and fetching and installing the latest version of the Azure Connected Machine (AzCM) agent. Once the wizard process completes, you're directed to your Window Server machine in the Azure portal, where it can be viewed and managed like any other Azure Arc-enabled resource.

Onboarding to Azure Arc is not needed if the Windows Server machine is already running in Azure.

So, with security update KB5031364, Microsoft pushes Azure Arc connectivity onto the server platform, regardless of whether it's needed or not. You can paraphrase it as "the next bloatware dumped onto the system." Microsoft opined that the first change administrators would notice is a new icon in the taskbar. This should make it easier to get started with Azure Arc if you're not already using it.

Those who choose to set up Azure Arc can now do the entire process – downloading, installing and configuring the Azure Connected Machine agent – using graphical wizards on the server. Administrators no longer have to go to the Azure portal, create a script and run it in PowerShell. When Azure Arc is installed on the server, both the taskbar icon and Server Manager show the status of the connection to Azure and allow administrators to perform common agent management tasks.

Microsoft is confident itself

Microsoft expresses confidence that "these experiences" will help admins by providing a "convenient, interactive set of experiences for using Azure Arc with Windows Servers that include the desktop experience." For more information, see Microsoft's post Connect Windows Server machines to Azure through Azure Arc Setup.

According to my observations, Microsoft's "self confidence" do not really match practice. For administrators who don't use the Azure cloud on their Windows Server 2023 installations, for example, it is stupid that an unwanted feature is simply pushed, installed and set up on the server. The criticism crystallizes in numerous "voices" within my German blog and on the Internet.

The admins are simply pissed off

Has somehow something of "well meant is not well done", because shortly after the release of the updates already first readers reported in comments here on the blog, because they were annoyed about the additions of the update package in the form of the Azure Arc setup. PeDe writes in this German comment (translated):

Hi,

with Server 2022 Microsoft sneaks the "Azure Arc-Setup" into the systray. To remove this you have to uninstall the "Azure Arc-Setup" feature which requires a reboot!

After Windows Backup App the next stroke of genius.

I had written something about the "Backup App" in the blog post Windows 10 update KB5030211 ships backup app to LTSC versions and frustrates LTSC users. In another comment German reader Steve asks whether it could be possible, that a feature "Azure Arc Setup" has been shipped with October 2023 security update to Windows Server 2022? And in the German blog post Patchday: Windows 11/Server 2022-Updates (10. Oktober 2023) an anonymous user sums it up with the following words in a comment.

Update via Standard Windows Update on Windows Server 2022 installs and activates (icon in Autostart) a new feature without being asked: Azure Arc Setup.

For the uninstallation it then needs a second "lap of honor" (reboot) or pastes "Remove-WindowsFeature AzureArcSetup" before the reboot.

Thank you MS…

Broad criticism of Microsoft's approach

Michael Niehaus, an Ex Microsoft employee, has addressed the issue on his blog and posted the following screenshot of the status bar (tray) with the new entry (lower left icon in the popup) for Azure Arc.

Taskbar tray with Azure Arc icon
Taskbar with Azure Arc icon in popup

Niehaus criticizes rolling out a feature on Windows Server 2022 as part of a Patch Tuesday update and then, to make matters worse, adding a taskbar tray icon to launch the feature. In other words, Redmond has lost focus on what administrators want and what works.

Azure Arc in taskbar

George Markou also highlighted this again on X in the above tweet, complete with screenshot, etching, "Exciting news! Latest Windows update introduces in-box Azure Arc Experiences for Windows Server 2022!". In this blog post, an administrator also takes off on the new snap idea from Redmond. It states there:

The October 2023 (security) update for Windows Server 2022 (KB5031364) adds a new optional component to the list of Windows features: "Azure Arc Setup". Not only does it get added, but it also gets pre-installed, activated, updated, and then automatically launched for you in a systray icon, as well as entered at the top of the Start menu.

To top it all off, you then get a very helpful notification from Windows informing you that AzureArcSysTRay.exe is now configured to run at login.

On reddit.com, the criticism of Microsoft's decision is articulated here – and within this post, a Microsoft employee apologizes that it "wasn't the best idea to roll out this feature via update without announcement". The responses to this post are enlightening – it is not only the lack of announcement that is quoted negative, but the fact that this feature is coming to the systems via a (security) update and then also pushed as an icon in the status bar is facing negative comments. The term bloatware is used from some administrators.

On Facebook, an administrator in a server group commented on my German blog post. that he believes this "move by Microsoft" will not only make administrators uncomfortable who don't use/need the feature on their servers, but also many who do use Azure Arc. He wrote that he prefers to use a script to set this up automatically during scheduled maintenance. The "clicky-clicky server stuff" for servers would not be used by any professional (not much can be automated there). In addition, the reader notes that you probably need at least one or two restarts to get rid of the newest "Microsoft goody".

Once again, what Redmond did on patchday was a "missed precision landing" in terms of administrator satisfaction. I get the feeling that Microsoft is a ghost driver somewhere in the universe with its "desktop experience" expectation, and has lost traction. The feature could have easily been offered as an optional package to add in the Server Manager, so that administrators who think they need it could add it manually as a feature/role.

Block or uninstall Azure Arc setup

German blog reader PeWe left this comment and wrote that the optional Azure Arc feature for executions can be suppressed via registry entra in the DisallowRun key. He specified the registry entries in question there to block the setup from starting.

Remove Azure Arc Setup

Michael Niehaus describes in this blog post the Azure Arc setup and how to get rid of this optional feature via the Server Manager (requires a restart) – the reference to his post was already circulating on the patchmanagement.org mailing list last week – but I had also seen the whole thing on Twitter (but couldn't or didn't want to react immediately due to vacation).

Remove Azure Arc Setup in Server ManagerRemove Azure Arc Setup in Server Manager; Source: Michael Niehaus

Alternatively, according to Michael Niehaus, the following PowerShell command can also be used to uninstall:

Remove-WindowsFeature AzureArcSetup

In this article Microsoft's Azure Arc Setup is not only described, but also how to remove the optional feature.

Disable-WindowsOptionalFeature -Online -FeatureName AzureArcSetup

However, uninstalling it requires at least a server restart to complete the process.

In this reddit.com comment, someone gives a reference to a pastebin configuration to remove the optional component via GPO (but haven't looked at the details). And in this article someone describes how to remove the tray icon – the auto-run entry is removed in the registry.

Similar articles:
Microsoft Security Update Summary (October 10, 2023)
Patchday: Windows 10 Updates (October 10, 2023)
Windows 10 update KB5030211 ships backup app to LTSC versions and frustrates LTSC users

This entry was posted in Cloud, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *