Update Linux Azure virtual machines to manual patching

Question

Update Linux Azure virtual machines to manual patching

Rajesh Manna 0

Hi team,

In our organisation, we have a patch management tool - 'Ivanti' - that updates all our Azure virtual machines (Windows and Linux). Right now, we're not planning on trying to get Azure to patch automatically.

After some investigation, I have found that for Windows Azure virtual machine, we can set the patch orchestration to 'Manual updates'. However, the same is not allowed for Linux Azure virtual machines.

I have tried using Azure PowerShell & CLI commands. There seems to be no way to set patch orchestration to 'manual updates' on Linux Azure VM.

My question is, is there a workaround where I can completely stop Azure from auto-patching the Linux Azure VMs?

Reference:

dashanan13 930 Reputation points

2023-06-05T09:53:54.81+00:00

Hei @Rajesh Manna ,

Thank you for contacting Microsoft Q and A.

I understand that you want to make sure the Azure Linux VM does not install updates automatically.

You would want the tools used in the organization you work for to take up the task of updating Azure VM.

Update management works with the help of "log analytics workspace (solutions)" and "automation account", if these were to be disconnected or just not enabled, the feature will not exist for the VMs. Essentially the VM needs to remove the update management extension/solution.

A similar question is asked on stackoverflow also

It is possible to use the steps mentioned in this article to remove automatic updates. Remove VMs from Update Management

Optionally, the following steps could be used to achieve the same in a more granular way Remove Update Management from Automation account

Please do make this an answer if it helps you!
kobulloc-MSFT 26,801 Reputation points Microsoft Employee Moderator

2023-06-10T02:57:38.33+00:00

Hello, @Rajesh Manna !

I hope this has been helpful! We appreciate hearing from you and would love to help others who may have the same question. Accepting answers helps increase visibility of this question for other members of the Microsoft Q&A community.

If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
dashanan13 930 Reputation points

2023-07-12T16:48:45.4+00:00

Hei Rajesh Manna

Please do make this an answer if it helps you!

2 answers

Your answer

dashanan13 930 Reputation points

2023-06-05T09:53:54.81+00:00

Hei @Rajesh Manna ,

Thank you for contacting Microsoft Q and A.

I understand that you want to make sure the Azure Linux VM does not install updates automatically.

You would want the tools used in the organization you work for to take up the task of updating Azure VM.

Update management works with the help of "log analytics workspace (solutions)" and "automation account", if these were to be disconnected or just not enabled, the feature will not exist for the VMs. Essentially the VM needs to remove the update management extension/solution.

A similar question is asked on stackoverflow also

It is possible to use the steps mentioned in this article to remove automatic updates. Remove VMs from Update Management

Optionally, the following steps could be used to achieve the same in a more granular way Remove Update Management from Automation account

Please do make this an answer if it helps you!
kobulloc-MSFT 26,801 Reputation points Microsoft Employee Moderator

2023-06-10T02:57:38.33+00:00

Hello, @Rajesh Manna !

I hope this has been helpful! We appreciate hearing from you and would love to help others who may have the same question. Accepting answers helps increase visibility of this question for other members of the Microsoft Q&A community.

If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
dashanan13 930 Reputation points

2023-07-12T16:48:45.4+00:00

Hei Rajesh Manna

Please do make this an answer if it helps you!

Answer 1

Hello, @Rajesh Manna ! I believe what you are looking for is ImageDefault. I'll go into more detail below.

How do I set my Windows or Linux VM to be manually updated?

There are 4 patch orchestration modes for Azure VMs:

AutomaticByPlatform (Windows and Linux): This is Azure-orchestrated patching.
AutomaticByOS (Windows): This enables Automatic Updates in Windows on the Virtual Machine.
Manual (Windows): This disables Automatic Updates in Windows on the Virtual Machine.
ImageDefault (Linux): This honors the default patching configuration on the Linux images used to create the VM.

For more information:

https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching#patch-orchestration-modes

I hope this has been helpful! Please take a moment to accept answers as this helps increase visibility of this question for other members of the Microsoft Q&A community. If you are still running into issues, let us know in the comments. Thank you for helping to improve Microsoft Q&A!

User's image

Answer 2

Deleted

This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Comments have been turned off. Learn more

Share via

Update Linux Azure virtual machines to manual patching

2 answers

Your answer