Azure Update Manager Configuration

Question

Azure Update Manager Configuration

HandinataTanudjaja-6677 380

Hi everyone,

We know Update Manager could do Critical and Security Updates with the Maintenance Configuration that cover VM's OS and OS security update..

Is this enough to control the update?
Or do I need to do anything else to set this up?
Like for example this one with the group policy:
https://learn.microsoft.com/en-us/azure/update-manager/configure-wu-agent

Thank you

Accepted answer

0 additional answers

Your answer

Answer 1

Vinod Pittala 2,320 Microsoft External Staff Moderator

Hello Handinata Tanudjaja,

To configure Azure Update Manager for controlling your VM's OS and OS security updates, as shown below enabling Critical updates and Security updates in the Maintenance Configuration's Update classification is a good enough as this will ensure that important updates are applied to maintain the security and functionality of your VMs. User's image

However, as you mentioned, you may also want to consider additional configurations to ensure comprehensive control over updates. i.e., you can manage Windows update settings through Group Policy or by editing the registry, which allows for more granular control over how updates are applied. This includes settings for automatic updates and specifying the update repository.

Certainly, Group Policy helps ensure that all VMs within a specified scope (such as a subscription, resource group, or specific tags) adhere to the same update policies. This automation reduces the need for manual intervention and ensures consistency across your environment

Refer this link: https://learn.microsoft.com/en-us/azure/update-manager/configure-wu-agent#edit-the-registry

In summary, while enabling Critical and Security updates is essential, reviewing and potentially configuring additional settings through Group Policy or registry edits can enhance your control over the update process.

Please do not forget to "Accept the answer” and “upvote it” wherever the information provided helps you, this can be beneficial to other community members.it would be greatly appreciated and helpful to others.

Thanks

HandinataTanudjaja-6677 380 Reputation points

2025-05-08T22:29:20.0133333+00:00

Thank you @Vinod Pittala
It seems that the update control can be from Maintenance Configuration and/or Group Policy.
But I think it will be better choose one (Maintenance configuration or Group Policy) instead of having both so it will avoid confusion in trying to remember what update behavior is being enforced.

I can see group policy offers more granular control due to the automatic updating options (Auto download and notify for install, etc) it offers but it's tedious that you have to get into the VM and update this.
And there's no Azure interface and/or Script to update the group policy.

Am I understanding it correctly?
Vinod Pittala 2,320 Reputation points Microsoft External Staff Moderator

2025-05-08T23:36:59.2066667+00:00

Hello Handinata Tanudjaja,

It seems that the update control can be from Maintenance Configuration and/or Group Policy. But I think it will be better choose one (Maintenance configuration or Group Policy) instead of having both so it will avoid confusion in trying to remember what update behavior is being enforced.

Using both Maintenance Configuration and Group Policy together can provide a layered approach to update management. Maintenance Configuration ensures that updates are applied during specified maintenance windows, while Group Policy provides additional control over how and when updates are applied. However, choosing one in both depends on your requirement.

I can see group policy offers more granular control due to the automatic updating options (Auto download and notify for install, etc) it offers but it's tedious that you have to get into the VM and update this. And there's no Azure interface and/or Script to update the group policy.

yes. it's true. additionally, you can refer to the below article for more details.

https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates

Please do not forget to "Accept the answer” and “upvote it” wherever the information provided helps you, this can be beneficial to other community members.it would be greatly appreciated and helpful to others.

Thanks
HandinataTanudjaja-6677 380 Reputation points

2025-05-09T00:09:04.0333333+00:00

Thank you very much!
As of now, group policy doesn't work well for us due to lack of configuration interface and script. Hopefully that will change later on.
Vinod Pittala 2,320 Reputation points Microsoft External Staff Moderator

2025-05-09T00:21:10.92+00:00

Hello Handinata Tanudjaja,

Thanks for your feedback. its glad that the provided solution has helped for you.

Share via

Azure Update Manager Configuration

0 additional answers

Your answer