What is the difference between Enabling Windows Updates vs. Update Management from an Azure VM?

Question

If my understanding is accurate, when Windows Updates are enabled for an Azure VM, all the patches and updates get installed on a scheduled basis.

Azure offers Update Management which is in public preview currently, also does the patch management and OS updates. I am trying to understand the difference between these two.

Is Azure Update Management leveraged to centrally manage and track the status of patching for VMs, instead of logging into each VM to check? Or Does it do any thing different from Windows Updates?

One of the prerequisite for Azure Update Management is to turn off Windows updates on a VM, this is confusing to me.

Any help is greatly appreciated.

Answer 1

The Azure Update Management Automation is intended to allow you manage updates across several agent machines and manage the process of installing the required updates for servers. This automation tool is designed for the use case where you have several VMs in Azure and you want to ensure they don't all update at the same time (this would cause downtime) or you want to do a phased rollout of your updates i.e update VM1 to Update X then update VM2 etc.

Windows Update is the standard update tool for all Windows 10 / Server OS, it doesn't have the ability to sync update status with another machine or provide information externally regarding its current update state.

To summarize the core benefits of the Update Management Extensions are:

1. To provide you the update state for your VM externally to it (you don't have to go into the VM as the info is piped out via the extension)
2. Allow you to manage the rollout of Updates Across several VMs
3. Manage the updates for Linux VMs (Windows Update doesn't exist on Linux)

For more see this doc.