Manage Update configuration settings

Applies to: ✔️ Windows VMs ✔️ Linux VMs ✔️ On-premises environment ✔️ Azure Arc-enabled servers.

The article describes how to configure update settings from Update management center (preview) in Azure, to control the update settings on your Azure VMs and Arc-enabled servers for one or more machines.

Configure settings on single VM

To configure update settings on your machines on a single VM, follow these steps:

Note

You can schedule updates from the Overview blade or Machines blade in update management center (preview) page or from the selected VM.

From Overview blade

1. Sign in to the Azure portal.

2. In Update management center, select Overview, select your Subscription, and select Update settings.

3. In Change update settings, select +Add machine to select the machine for which you want to change the update settings.

4. In Select resources, select the machine and select Add.

5. In the Change update settings page, you will see the machine classified as per the operating system with the list of following updates that you can select and apply.

   

   The following update settings are available for configuration for the selected machine(s):

   • Periodic assessment - The periodic Assessment is set to run every 24 hours. You can either enable or disable this setting.

   • Hot patch - You can enable hot patching for Windows Server Azure Edition Virtual Machines (VMs). Hot patching is a new way to install updates on supported Windows Server Azure Edition virtual machines that doesn't require a reboot after installation. You can use update management center (preview) to install other patches by scheduling patch installation or triggering immediate patch deployment. You can enable, disable or reset this setting.

   • Patch orchestration option provides the following:

     • Automatic by OS (Windows Automatic Updates) - When the workload running on the VM doesn't have to meet availability targets, the operating system updates are automatically downloaded and installed. Machines are rebooted as needed.

     • Azure-orchestrated - Patch orchestration set to Azure-orchestrated for an Azure VM (not applicable for Arc-enabled server) has two different implications depending on whether customer schedule is attached to it or not.

       Patch orchestration type	Description
       Azure-orchestrated with no schedule attached	Machine is enabled for automatic VM guest patching. It implies that the available Critical and Security patches are downloaded and applied automatically on the Azure VM. This process kicks off automatically every month when new patches are released. Patch assessment and installation are automatic, and the process includes rebooting the VM as required.
       Azure-orchestrated with schedule attached	Patching will happen according to the schedule and automatic VM guest patching will not take effect on the machine. Patch orchestration set to Azure-orchestrated is a necessary pre-condition for enabling schedules. You cannot enable a machine for custom schedule unless you set Patch orchestration to Azure-orchestrated.

     • Available Critical and Security patches are downloaded and applied automatically on the Azure VM using automatic VM guest patching. This process kicks off automatically every month when new patches are released. Patch assessment and installation are automatic, and the process includes rebooting the VM as required.

     • Manual updates - This mode disables Windows automatic updates on VMs. Patches are installed manually or using a different solution.

     • Image Default - Only supported for Linux Virtual Machines, this mode uses the default patching configuration in the image used to create the VM.

6. After you make the selection, select Save.

From Machines blade

1. Sign in to the Azure portal.
2. In Update management center, select Machines > your subscription.
3. Select the checkbox of your machine from the list and select Update settings.
4. Select Update Settings to proceed with the type of update for your machine.
5. In Change update settings, select +Add machine to select the machine for which you want to change the update settings.
6. In Select resources, select the machine and select Add and follow the procedure from step 5 listed in From Overview blade of Configure settings on single VM.

From a selected VM

1. Select your virtual machine and the virtual machines | Updates page opens.
2. Under Operations, select Updates.
3. In Updates (Preview), select Update Settings.
4. In Change update settings, you can select the update settings that you want to change for your machine and follow the procedure from step 3 listed in From Overview blade of Configure settings on single VM.

A notification appears to confirm that the update settings are successfully changed.

Configure settings at scale

To configure update settings on your machines at scale, follow these steps:

Note

You can schedule updates from the Overview blade or Machines blade.

From Overview blade

1. Sign in to the Azure portal.

2. In Update management center, select Overview, select your Subscription and select Update settings.

3. In Change update settings, select the update settings that you want to change for your machines. Follow the procedure from step 3 listed in From Overview blade of Configure settings on single VM.

From Machines blade

1. Sign in to the Azure portal.
2. In Update management center, select Machines > your subscription, and select the checkbox for all your machines from the list.
3. Select Update Settings to proceed with the type of update for your machines.
4. In Change update settings, you can select the update settings that you want to change for your machine and follow the procedure from step 3 listed in From Overview blade of Configure settings on single VM.

A notification appears to confirm that the update settings are successfully changed.

Next steps

• View assessment compliance and deploy updates for a selected Azure VM or Arc-enabled server, or across multiple machines in your subscription in the Azure portal.
• To view update assessment and deployment logs generated by update management center (preview), see query logs.
• To troubleshoot issues, see the Troubleshoot update management center (preview).