Edit

Share via

What's new with Azure Connected Machine agent

Warning

Effective January 2026, the Azure Connected Machine agent will no longer accept certificates with negative serial numbers, in compliance with RFC 5280 Section 4.1.2.2, which states that "the serial number MUST be a positive integer assigned by the CA to each certificate."

The Azure Connected Machine agent receives improvements on an ongoing basis. To stay up to date with the most recent developments, this article provides you with information about:

  • The latest releases
  • Known issues
  • Bug fixes

This page is updated monthly, so revisit it regularly. If you're looking for items older than six months, you can find them in archive for What's new with Azure Connected Machine agent.

Warning

Only Connected Machine agent versions released within the last year are officially supported by the product group. All customers should update to an agent version within this window or enable automatic agent upgrades (preview). Microsoft recommends staying up to date with the latest agent version whenever possible.

Version 1.55 - August 2025

Download for Windows or Linux

Fixed

  • Improved logic to accurately detect whether the server is Azure Local.

  • Arc proxy no longer requests tokens from HIMDS unless explicitly enabled.

  • [Windows Only] Minor accessibility improvements to the GUI application.

Version 1.54 - July 2025

Download for Windows or Linux

Fixed

  • Fixed issues related to double-free memory errors and updating policy compliance status.

  • [Linux Only] Updated Boost on Linux to resolve service start issues caused by compatibility problems.

  • [Linux Only] Corrected Arc proxy log file permission during upgrade.

  • [Windows Only] Updated local PATH environment variable to resolve service install/delete errors.

New features and enhancements

  • Added support for managed identity-based custom policy downloads.

Version 1.53 - June 2025

Download for Windows or Linux

Fixed

  • [Linux Only] Resolved "No public key" error by adding GPG package signature validation.

New features and enhancements

  • [Linux Only] Replaced the use of daemon-reexec with daemon-reload when setting environment variables.

Version 1.52 - May 2025

Download for Windows or Linux

Fixed

  • Fixed a bug in the installer where the installation would fail if the TPM udev rule could not be created.

New features and enhancements

  • Added --include-all flag to azcmagent check to enable network checks beyond onboarding scenarios.

  • [Linux Only] GC 1.26.90.0: Added HIMDS as a dependent service for the Extension service.

  • [Linux Only] Added journalctl logs to the .zip generated by azcmagent logs.

  • [Windows Only] GC 1.29.95.0: Added dependent DLLs needed to support Windows Server 2012.

  • [Windows Only] Added Windows Event Logs to the .zip generated by azcmagent logs.

Version 1.51 - April 2025

Download for Windows or Linux

Fixed

  • Extension Delete improvements to ensure removal requests are always attempted irrespective of Version mismatches and other out of sync cases

  • Redacted upstream proxy data before sending configuration details to HIS to enhance security.

New features and enhancements

  • Updated Dependencies

    • Upgraded to PowerShell 7.4.7
    • Upgraded to .NET 8.0

  • IP address caching to reduce excessive DNS resolver calls.

  • [Windows only] Optimized PayGo processing for improved efficiency.

  • Enabled Arc proxy to run by default

  • Added detection for SCCM and SCOM

  • Enhanced logging with security annotations in azcmagent and himds logs.

Version 1.50 - March 2025

Download for Windows or Linux

Fixed

  • If an extension package fails to download 10 times, the download request will fail instead of continuing until timeout.
  • Fixed a deadlock issue in the Policy agent that occurred in certain edge cases.

New features and enhancements

  • Tags Input: Now supports escaped characters using backslashes when running azcmagent connect.
  • Location Flag: Automatically removes spaces from user-provided values for --___location.
  • Request Logging: The optional Client-Id header is now logged for requests made to HIMDS.

Version 1.49 - February 2025

Download for Windows or Linux

Fixed

  • Added retry logic for reading the status file before sending a report if the agent fails to deserialize it the first time.
  • Suppressed terminal error due to a certificate having a negative serial number. This error will be reenabled in January 2026; customers should update their certificates before then, especially if using SSL inspection.

New features and enhancements

  • Increased package size limit for AMA only.
  • Preserved HandlerManifest.json file during deletion to prevent extension removal failures.
  • Added detection for PostgreSQL and MySQL.
  • Compressed archived logs.
  • Display certificate chain information for failed requests (if the TLS handshake reaches the cert stage).
  • Display absolute path for log zip files to improve visibility.
  • Updated recommended actions for failures to reach Service endpoints.
  • Windows only:
    • The agent now saves MSI certificates both on disk and in the Windows cert store (only for Windows Servers 2019 (10.0.17763) and newer).
    • Added authentication option to use certificates from the Windows cert store for azcmagent connect and azcmagent disconnect.

Note

This article contains updates covering the past six months. For earlier releases, see Archive for What's new with Azure Connected Machine agent

Next steps

  • Before evaluating or enabling Azure Arc-enabled servers across multiple hybrid machines, read Connected Machine agent overview to understand requirements, technical details about the agent, and deployment methods.
  • Review the Planning and deployment guide to plan for deploying Azure Arc-enabled servers at any scale and implement centralized management and monitoring.