Remediate system updates and patches recommendations
System updates and patches are crucial for keeping the security and health of your servers. Updates often contain security patches for vulnerabilities that, if left unfixed, are exploitable by attackers.
Microsoft Defender for Cloud provides security recommendations to improve your organizational security posture and reduce risk. An important element in risk reduction is to harden machines across your business environment.
As part of the hardening strategy, Defender for Cloud assesses machines to check that the latest system updates are installed, and issues security recommendations if they're not.
Note
- Information about missing machine updates is now gathered using Azure Update Manager.
- The Log Analytics agent (also known as the Microsoft Monitoring Agent (MMA)) method to gather data, has been deprecated in August 2024.
Prerequisites
You must enable Defender for Servers Plan 2 on your subscription.
On-premises machines must be connected to Azure Arc.
Multicloud machines must be onboarded with Azure Arc when you connect AWS or GCP.
Enable the periodic assessment updates settings on your machines.
If you're using Defender for Servers Plan 2, there's no extra cost for assessing, remediating, and patching system updates on supported Azure VMs and Azure Arc VMs.
If Defender for Servers Plan 2 isn't enabled on your subscription or multicloud connector, assessments for Azure Arc-enabled machines VMs in the subscription are subject to Azure Update Manager charges.
Locate and remediate the recommendations
Defender for Cloud automatically assesses the security of your machines and provides recommendations to ensure the latest security and critical OS updates are installed on your machines. If your machines aren't up to date, Defender for Cloud generates the following recommendations to ensure the latest security and critical OS updates are installed on your machines:
- Machines should be configured to periodically check for missing system updates
- System updates should be installed on your machines (powered by Azure Update Manager)
These recommendations rely on Azure Update Manager, which uses a VM extension.
Enable periodic assessment on your machines
Be sure to remediate the recommendation that enables the periodic assessment update setting on machines, so that Update Manager can fetch the latest updates to the machines, and you can view the latest machine compliance status.
Sign in to the Azure portal.
Navigate to Microsoft Defender for Cloud > Recommendations.
Select the recommendation
Machines should be configured to periodically check for missing system updates (powered by Azure Update Manager).- Under Remediation steps, review quick fix and manual fix details. If you follow the quick fix, the periodic assessment update setting is enabled on machines.
- In the Unhealthy resources list, you can drill to see resource details
Select the Fix option.
Select the relevant machine.
Select Fix 1 resource.
Periodic assessment can also be enabled at scale with Azure Policy.
Remediate system updates findings
Sign in to the Azure portal.
Navigate to Microsoft Defender for Cloud > Recommendations.
Select the
System updates should be installed on your machines (powered by Azure Update Manager)recommendation.Select the Fix option to perform a one-time installation of any missing updates through the Update Manager portal.
By protecting your machines with the latest security updates, you can reduce the risk of security breaches and ensure your machines are protected against the latest threats.
Remediate the recommendations at scale
You also have the ability to remediate system updates and patches recommendations on multiple machines at scale.
Sign in to the Azure portal.
Navigate to Microsoft Defender for Cloud > Recommendations.
Search for and select one of the above recommendations.
Select view recommendation for all resources.
Select all relevant machines.
Select Fix.
