About Azure Update Manager

Important

Both Azure Automation Update Management and the Log Analytics agent it uses has been retired on 31st August 2024. Therefore, if you are using the Automation Update Management solution, we recommend that you move to Azure Update Manager for your software update needs. Follow the guidance to move your machines and schedules from Automation Update Management to Azure Update Manager. For more information, see the FAQs on retirement. You can sign up for monthly live sessions on migration including Q&A sessions.

Update Manager is a unified service to help manage and govern updates for all your machines. You can monitor Windows and Linux update compliance across your machines in Azure and on-premises/on other cloud platforms (connected by Azure Arc) from a single pane of management. You can also use Update Manager to make real-time updates or schedule them within a defined maintenance window.

You can use Update Manager in Azure to:

• Instantly check for updates or deploy security or critical updates to help secure your machines.
• Enable periodic assessment to check for updates every 24 hours.
• Use flexible patching options such as:
  • Customer-defined maintenance schedules for both Azure and Arc-connected machines.
  • Automatic virtual machine (VM) guest patching and hot patching for Azure VMs.
• Build custom reporting dashboards for reporting update status and configure alerts on certain conditions.
• Oversee update compliance for your entire fleet of machines in Azure and on-premises/in other cloud environments connected by Azure Arc through a single pane. The different types of machines that can be managed are:
• • Hybrid machines
  • VMWare machines
  • SCVMM machines
  • Azure Stack HCI VMs

Key benefits

Update Manager offers many new features and provides enhanced and native functionalities. Following are some of the benefits:

• Provides native experience with zero on-boarding.
  • Built as native functionality on Azure virtual machines and Azure Arc for Servers platforms for ease of use.
  • No dependency on Log Analytics and Azure Automation.
  • Azure Policy support.
  • Availability in most Azure virtual machines and Azure Arc regions.
• Works with Azure roles and identity.
  • Granular access control at the per-resource level instead of access control at the level of the Azure Automation account and Log Analytics workspace.
  • Update Manager has Azure Resource Manager-based operations. It allows role-based access control and roles based on Azure Resource Manager in Azure.
  • Offers enhanced flexibility
    • Take immediate action either by installing updates immediately or scheduling them for a later date.
    • Check updates automatically or on demand.
    • Secure machines with new ways of patching such as automatic VM guest patching in Azure, hot patching or custom maintenance schedules.
    • Sync patch cycles in relation to patch Tuesday the unofficial term for Microsoft's scheduled security fix release on every second Tuesday of each month.
• Reporting and alerting
  • Build custom reporting dashboards through Azure Workbooks to monitor the update compliance of your infrastructure.
  • Configure alerts on updates/compliance to be notified or to automate action whenever something requires your attention.

Next steps

• How Update Manager works
• Prerequisites of Update Manager
• View updates for a single machine.
• Deploy updates now (on-demand) for a single machine.
• Enable periodic assessment at scale using policy.
• Schedule recurring updates
• Manage update settings via the portal.
• Manage multiple machines by using Update Manager.