Windows Updates Delivery Solutions

Question

Hoping for some guidance here. I am looking for couple of best alternatives for managing patching on Windows Servers and Linux, but primarily Windows. I have a mix of different environments, I have a bunch on Azure cloud, a few workloads on AWS and a few more on-prem running on VMware. The primary requirements is that I need to be able to set it and forget it but also be able to fine tune to exclude feature packls or SPs, etc. Ability to email report if possible, and a single pane of glass will be nice. All these environments are isolaed, meaning different Ad/ domains with no trust or connectivity to eachother. I am fully aware of a few options such as GPO, SCOM, Intune, ManageEngine; but none of those are options we want to expore. As per Azure, does anyone know if the Azure Windows UPdate offering can work on-prem as well, and how good is it and steps to configure ? Thanks community.

Answer 1

Hi,
Azure Update management Center (Preview) is the latest service to be able to patch servers. For servers located outside of Azure you can use Azure Arc for servers to have the same functionality you have for Azure servers. You can create schedules to apply updates to apply specific categories of updates. Update management Center provides single pane of glass on updates across multiple servers no matter if they are located in Azure or outside of it. On reporting you will have to make something custom to query the data and e-mail the results. Azure offers different kind of services for automation like Azure Automation, Logic App or Functions. You can also check Azure Update Management which works in similar way, but it requires creating Azure Automation and Log Analytics resources. Azure Update management Center (Preview) will replace Azure Update Management at some point but currently missing some features that are available in the latter service.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.