How to secure aging on-premises infrastructure with Azure Arc and Extended Security Updates

Matthew Hache, Infrastructure Solutions Consultant, Pax8
Azure Arc Extended Security Blog

As technology evolves at an unprecedented pace, many organizations grapple with aging on-premises infrastructure. While still critical to business operations, these legacy systems often pose significant security risks due to the discontinuation of support and updates from their respective vendors. However, there is a solution that can help protect these aging assets and bridge the gap between the past and the future: Azure Arc and Extended Security Updates.

In this blog post, we will explore the challenges posed by aging on-premises infrastructure, the role of Azure Arc in managing and securing these assets, and how Extended Security Updates can extend the life of these systems while maintaining their security.

The challenge of aging on-premises infrastructure

Aging on-premises infrastructure can be a ticking time bomb for organizations. These systems may be running outdated operating systems, unsupported software, and no longer manufactured hardware. The risks associated with such infrastructure are numerous, including:

  1. Security vulnerabilities: Unsupported operating systems and software are vulnerable to security threats and exploits. Hackers often target legacy systems because they know they are more likely to find vulnerabilities.
  2. Compliance issues: Many industries have strict regulatory requirements regarding the security of data and IT systems. Aging infrastructure may not meet these compliance standards, leading to potential legal and financial consequences.
  3. Operational inefficiencies: Outdated hardware and software can lead to performance issues, downtime, and increased maintenance costs. This can have a detrimental impact on productivity and customer satisfaction.
  4. Lack of scalability: Aging infrastructure may not support the scalability needs of modern businesses, making it difficult to adapt to changing demands.

Azure Arc: bringing legacy infrastructure into the cloud era

Azure Arc is a game-changer in managing and securing aging on-premises infrastructure. It extends Azure management and security services to any infrastructure, including on-premises data centers, edge environments, and even multicloud environments.

Here’s how Azure Arc can help:

  1. Centralized management: Azure Arc provides a unified management platform, allowing organizations to manage all their resources, regardless of location, from a single pane of glass. This simplifies management tasks and reduces operational overhead.
  2. Security and compliance: Azure Arc enables organizations to apply Azure security and compliance policies to on-premises infrastructure. This ensures that aging systems are brought up to modern security standards.
  3. Automation and orchestration: With Azure Arc, you can automate deployment, configuration, and scaling of resources, even for on-premises infrastructure. This improves efficiency and reduces the risk of human error.

Extended security updates: protecting aging systems

Extended Security Updates (ESU) is a service offered by Microsoft that provides security updates for aging Windows Server and SQL Server versions beyond their end-of-support dates. By enrolling in ESU, organizations can benefit in the following ways:

  1. Critical security updates: ESU provides access to critical security updates, which are essential for protecting aging infrastructure from emerging threats.
  2. Continued compliance: Staying compliant with industry regulations often requires keeping systems up to date with security patches. ESU helps organizations maintain compliance.
  3. Reduced risk: By receiving security updates, organizations can reduce the risk of data breaches and downtime associated with security incidents.

Up until recently, ESUs were delivered by purchasing yearly SKUs from specific volume licensing programs. With the recent changes, however, cloud solution providers (CSPs) and small- to medium-sized businesses (SMBs) couldn’t purchase the latest Windows Server 2012 R2 or the SQL 2012, opening a major risk to businesses that didn’t have the opportunity to modernize. The only option available was to migrate the workload into Azure.

Enter Azure Arc; in addition to the previously mentioned benefits, it was announced at Ignite 2023 that delivering Extended Security Updates to on-premise infrastructure via Azure Arc and the licensing would be rolled into an existing Azure Subscription. This recent change has provided a window of opportunity for MSPs to protect their clients into the future, buying them time to modernize.

The requirements for Azure Arc are as follows:

  1. An Azure Plan Subscription
  2. An Azure Arc deployment, connected to the systems to be protected
  3. An Extended Security Update Licensing pool (deployed in Azure)
  4. An active Windows Operating System with active software assurance or subscription license (CSP-based licensing applicable)

This deployment allows for licensing through either the physical core or virtual core. Which one you choose will ultimately depend on your existing licensing and current requirements.


Information continues to become available on pricing in extended markets, but the preliminary prices have been released in Partner Center Announcements for the U.S. markets (prices are subject to change). The ESU infrastructure is now available to be deployed and can be activated as of October 10, 2023, as needed.

As organizations grapple with the challenges of aging on-premises infrastructure, Azure Arc and Extended Security Updates offer a lifeline. Azure Arc enables centralized management and security for these systems, while Extended Security Updates protect them with critical security patches. Together, these technologies empower organizations to secure their legacy assets, bridge the gap between the past and the future, and continue to drive business success in an ever-evolving digital landscape. It’s a win-win solution for organizations looking to safeguard their investments in aging infrastructure.

Explore Microsoft solutions


About Matthew Hache
With more than a decade of experience in cloud architecture and optimization, Matthew Hache helps unlock the full potential of the cloud. With a passion for crafting innovative solutions and a knack for untangling complexities, Matthew is dedicated to helping businesses thrive in the digital age.