Update Management in Azure

Azure update management is a cloud-based modern management tool which can help manage the operating system updates for Windows and Linux operating systems in Azure and On-Premises servers. in this blog post we will discuss the configuration of Azure Update Management in Azure portal.

Folowing onfigurations are used for Update Managemnet 

  • Microsoft Monitoring Agent (MMA) for Windows or Linux
  • PowerShell Desired State Configuration (DSC) for Linux
  • Automation Hybrid Runbook Worker
Azure update management cycle

Supported Operating Systems 

  • Windows 2008 only supports update assessment 
  • Windows 2008 R2 SP1 and later 
  • Cent OS 6 (x86/x64) and 7 (x64)
  • Red Hat Enterprise 6 (x86/x64) and 7 (x64)
  • SUSE Linux Enterprise Server 11 (x86/x64) and 12 (x64)
  • Ubuntu 14.04 LTS, 16.04 LTS, and 18.04 (x86/x64)

Collection Frequency 

  • Windows – Every 12 hours 
  • Linux – Every Three hours 

How to Enable Azure Auto Update Management 

Select VM > Update Management > Update Management – Enable for this VM

Once update management is enabled, it will create a new automation account and log analytics workspace (if you didn’t have any already), after few minutes you can see the update agent readiness will show it green

you can also troubleshoot update agent readiness by clicking on to the troubleshooting option to run a series of checks

Troubleshoot Update Management

How to configure and schedule the Update Deployment process in your organization

Automation Accounts > Select your automation account > Update Management 

Update Management

Schedule Update Management by selecting “Schedule update deployment” and then create a group by selecting subscription and all the resource groups > Add > Ok

Defining a group of Azure VMs
Types of updates
Include/Exclude updates

Once the schedule is configured, you will find it under Schedule. You can further modify a schedule under Automation Account > Shared Resources > Schedule > Select the schedule you want to modify

Schedules for update management

Once a schedule is configured, VMs will be assessed and patched based on the schedule configuration.  you can also see the missing updates for your VMs under VM Name > Update Management

Missing Updates