Support matrix for Azure Update Manager
This article details the Windows and Linux operating systems supported and system requirements for machines or servers managed by Update Manager including the supported regions and specific versions of the Windows Server and Linux operating systems running on Azure VMs or machines managed by Arc-enabled servers.
Update sources supported
Windows: Windows Update Agent (WUA) reports to Microsoft Update by default, but you can configure it to report to Windows Server Update Services (WSUS). If you configure WUA to report to WSUS, based on the WSUS's last synchronization with Microsoft update, the results in the Update Manager might differ to what the Microsoft update shows. You can specify sources for scanning and downloading updates using specify intranet Microsoft Update service location. To restrict machines to the internal update service, see Do not connect to any Windows Update Internet locations
Linux: You can configure Linux machines to report to a local or public YUM or APT package repository. The results shown in Update Manager depend on where the machines are configured to report.
Types of updates supported
Operating system updates
Update Manager supports operating system updates for both Windows and Linux.
Note
Update Manager doesn't support driver Updates.
First party updates on Windows
By default, the Windows Update client is configured to provide updates only for Windows operating system. If you enable the Give me updates for other Microsoft products when I update Windows setting, you also receive updates for other Microsoft products, including security patches for Microsoft SQL Server and other Microsoft software.
Use one of the following options to perform the settings change at scale:
For Servers configured to patch on a schedule from Update Manager (that has the VM PatchSettings set to AutomaticByPlatform = Azure-Orchestrated), and for all Windows Servers running on an earlier operating system than server 2016, Run the following PowerShell script on the server you want to change.
$ServiceManager = (New-Object -com "Microsoft.Update.ServiceManager") $ServiceManager.Services $ServiceID = "7971f918-a847-4430-9279-4a52d1efe18d" $ServiceManager.AddService2($ServiceId,7,"")For servers running Server 2016 or later which aren't using Update Manager scheduled patching (that has the VM PatchSettings set to AutomaticByOS = Azure-Orchestrated) you can use Group Policy to control this by downloading and using the latest Group Policy Administrative template files.
Note
Run the following PowerShell script on the server to disable first party updates.
$ServiceManager = (New-Object -com "Microsoft.Update.ServiceManager")
$ServiceManager.Services
$ServiceID = "7971f918-a847-4430-9279-4a52d1efe18d"
$ServiceManager.RemoveService($ServiceId)
Third-party updates
Windows: Update Manager relies on the locally configured update repository to update supported Windows systems, either WSUS or Windows Update. Tools such as System Center Updates Publisher allow you to import and publish custom updates with WSUS. This scenario allows Update Manager to update machines that use Configuration Manager as their update repository with third-party software. To learn how to configure Updates Publisher, see Install Updates Publisher.
Linux: If you include a specific third party software repository in the Linux package manager repository location, it's scanned when it performs software update operations. The package won't be available for assessment and installation if you remove it.
Note
Update Manager does not support managing the Microsoft Configuration Manager client.
Supported regions
Update Manager will scale to all regions for both Azure VMs and Azure Arc-enabled servers. Listed below are the Azure public cloud where you can use Update Manager.
Azure Update Manager is available in all Azure public regions where compute virtual machines are available.
Supported operating systems
Note
- All operating systems are assumed to be x64. x86 isn't supported for any operating system.
- Update Manager doesn't support CIS hardened images.
Note
Currently, Azure Update Manager has the following limitation regarding the operating system support:
- Specialized images and VMs created by Azure Migrate, Azure Backup, Azure Site Recovery aren't fully supported for now. However, you can use on-demand operations such as one-time update and check for updates in Update Manager.
For the above limitation, we recommend that you use Automation Update management till the support is available in Update Manager.
Marketplace/PIR images
The Marketplace image in Azure has the following attributes:
- Publisher - The organization that creates the image. Examples: Canonical, MicrosoftWindowsServer
- Offer- The name of the group of related images created by the publisher. Examples: UbuntuServer, WindowsServer
- SKU- An instance of an offer, such as a major release of a distribution. Examples: 18.04LTS, 2019-Datacenter
- Version - The version number of an image SKU.
Azure Update Manager supports the following operating system versions. However, you could experience failures if there are any configuration changes on the VMs such as package or repository.
Windows operating systems
| Publisher | Versions(s) |
|---|---|
| Microsoft Windows Server | 1709, 1803, 1809, 2012, 2016, 2019, 2022 |
| Microsoft Windows Server HPC Pack | 2012, 2016, 2019 |
| Microsoft SQL Server | 2008, 2012, 2014, 2016, 2017, 2019, 2022 |
| Microsoft Visual Studio | ws2012r2, ws2016, ws2019, ws2022 |
| Microsoft Azure Site Recovery | Windows 2012 |
| Microsoft Biz Talk Server | 2016, 2020 |
| Microsoft DynamicsAx | ax7 |
| Microsoft Power BI | 2016, 2017, 2019, 2022 |
| Microsoft Sharepoint | sp* |
Linux operating systems
| Publisher | Versions(s) |
|---|---|
| Canonical | Ubuntu 16.04, 18.04, 20.04, 22.04 |
| RedHat | RHEL 7,8,9 |
| Openlogic | CentOS 7 |
| SUSE 12 | sles, sles-byos, sap, sap-byos, sapcal, sles-standard |
| SUSE 15 | basic, hpc, opensuse, sles, sap, sapcal |
| Oracle Linux | 7*, ol7*, ol8*, ol9* |
| Oracle Database | 21, 19-0904, 18.* |
Unsupported Operating systems
The following table lists the operating systems for marketplace images that aren't supported:
| Publisher | OS Offer | SKU |
|---|---|---|
| OpenLogic | CentOS | 8* |
| OpenLogic | centos-hpc | * |
| Oracle | Oracle-Linux | 8, 8-ci, 81, 81-ci , 81-gen2, ol82, ol8_2-gen2,ol82-gen2, ol83-lvm, ol83-lvm-gen2, ol84-lvm,ol84-lvm-gen2 |
| Red Hat | RHEL | 74-gen2 |
| Red Hat | RHEL-HANA | 7.4, 7.5, 7.6, 8.1, 81_gen2 |
| Red Hat | RHEL-SAP | 7.4, 7.5, 7.7 |
| Red Hat | RHEL-SAP-HANA | 7.5 |
| Microsoft SQL Server | SQL 2019-SLES* | * |
| Microsoft SQL Server | SQL 2019-RHEL7 | * |
| Microsoft SQL Server | SQL 2017-RHEL7 | * |
| Microsoft | microsoft-ads | . |
| SUSE | sles-sap-15-*-byos | gen * |
Custom images
We support generalized custom images. Table below lists the operating systems that we support for generalized images. Refer to custom images (preview) for instructions on how to start using Update Manager to manage updates on custom images.
| Windows Operating System |
|---|
| Windows Server 2022 |
| Windows Server 2019 |
| Windows Server 2016 |
| Windows Server 2012 R2 |
| Windows Server 2012 |
| Windows Server 2008 R2 (RTM and SP1 Standard) |
| Linux Operating System |
|---|
| CentOS 7, 8 |
| Oracle Linux 7.x, 8x |
| Red Hat Enterprise 7, 8, 9 |
| SUSE Linux Enterprise Server 12.x, 15.0-15.4 |
| Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS |
Unsupported Operating systems
The following table lists the operating systems that aren't supported:
| Operating system | Notes |
|---|---|
| Windows client | For client operating systems such as Windows 10 and Windows 11, we recommend Microsoft Intune to manage updates. |
| Virtual machine scale sets | We recommend that you use Automatic upgrades to patch the virtual machine scale sets. |
| Azure Kubernetes Nodes | We recommend the patching described in Apply security and kernel updates to Linux nodes in Azure Kubernetes Service (AKS). |
As the Azure Update Manager depends on your machine's OS package manager or update service, ensure that the Linux package manager, or Windows Update client are enabled and can connect with an update source or repository. If you're running a Windows Server OS on your machine, see configure Windows Update settings.
Next steps
Feedback
Submit and view feedback for