Can someone from Microsoft tell me what the definitive Update Management strategy is for Azure VMs?

Question

Microsoft has now added the new Update Management Center for VM OS updates. This is a completely different approach to Update Management with Azure Automation. Why is there no overarching and consistent approach to update management from Microsoft with Azure VMs? This seems like more confusion for customers.

I'm getting messages that the Log Analytics Agent is going away. It appears that Update Management with Azure Automation requires the Log Analytics Agent. That means that Update Management via Automation will no longer work unless there are plans to move to the new Azure Monitoring Agent to provide this capability for Updates through Automation.

If I try to use the new Update Management Center, that feature is restricted to a number of specific VM SKUs. Most of my VMs are deployed from custom images and will not work with the new Update Management feature.

What is the overarching future strategy on keeping VMs updated in an automated fashion? Why can't Microsoft take a top down approach to provide a fully functional feature for a task as important as automated OS updates in Azure? It seems to me that lots of engineering teams at Microsoft just willy nilly provide their own solutions for many things beyond just this OS update feature in Azure hoping that their solution will be more popular with customers instead of designing an overarching working strategy for the entire Azure environment. It's a nightmare for customers to try and figure out what the correct approach is. This new Update Management feature seems woefully limited and inadequate. What are the future plans to deal with OS updates for custom OS images deployed in Azure?

Answer 1

Hi,

I am not a Microsoft employee, but the general strategy is that over time Update Management Center replaces Azure Update Management. You can think of Update Management Center like v2 of Azure Update Management. Currently Update Management Center does not offer all the functionality available in Azure Update Management but the goal is Update Management Center to be fully on par of what Azure Update Management can do. The main purpose of building Update Management Center was to get rid of the dependencies of Azure Automation account and Log Analytics workspace and to be more native to Azure. Yes, using Azure Update Management requires using Log Analytics agent and the functionality will not be made available in Azure Monitor agent. Log Analytics agent is set to be deprecated but there are a couple of years before that happens. Log Analytics Agent and Azure Monitor agent can be used side by side. This means that if you use certain features of Azure Update Management that are not available in Update Management Center you can continue using Azure Update Management with Log Analytics agent even if you have also Azure Monitor agent installed for other Log Analytics/Sentinel functionalities. In general you can take two paths - wait until Update Management Center is on par of Azure Update Management and Azure Monitor agent is on par with Log Analytics agent and migrate after that or do side by side migration where you migrate over time parts of Azure Update Management, Azure Automation, Log Analytics and Sentinel when they become available in Azure Monitor agent and Update Management Center.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.