About Azure Update Manager

Quan trọng

Both Azure Automation Update Management and the Log Analytics agent it uses have been retired on 31st August 2024. Therefore, if you are using the Automation Update Management solution, we recommend that you move to Azure Update Manager for your software update needs. Follow the guidance to move your machines and schedules from Automation Update Management to Azure Update Manager. For more information, see the FAQs on retirement.

Update Manager is a unified service to help manage and govern updates for all your machines (running a server operating system). You can monitor Windows and Linux update compliance across your machines in Azure, and on-premises or other cloud environments (connected by Azure Arc) from a single pane of management. You can also use Update Manager to make real-time updates or schedule them within a defined maintenance window.

You can use Azure Update Manager for :

• Unified Update Management - Monitor update compliance across Windows and Linux machines (running a server operating system) from a single dashboard, including machines in Azure, and on-premises or other cloud environments (connected by Azure Arc).
• Flexible patching options:
  • Schedule updates within customer-defined maintenance , for both Azure and Arc-connected machines.
  • Apply updates in real-time
  • Use Automatic VM guest patching, to automatically apply updates to Azure VMs without requiring manual intervention.
  • Use hotpatching, to apply critical updates to Azure VMs without requiring a reboot, minimizing downtime
• Security and Compliance tracking - Apply security and critical patches with enhanced security measures and compliance tracking.
• Periodic update Assessments - Enable periodic assessments to check for updates every 24 hours.
• Dynamic Scoping - Group machines based on criteria and apply updates at scale.
• Custom Reporting and Alerts - Build custom dashboards to report update status and configure alerts to notify you of update statuses and any issues that arise.
• Granular Access Control - Use role-based access control (RBAC) to delegate permissions for patch management tasks at a per-resource level.
• Software updates including application updates:
  • That are available in Microsoft Updates
  • That are available in Linux packages
  • That are published to Windows Server Update Services (WSUS)
• Patching diverse resources
  • Azure Virtual Machines (VMs): both Windows and Linux VMs in Azure (including SQL servers). VMs also include the ones which are created by Azure Migrate, Azure Backup, and Azure Site Recovery.
  • Hybrid machines (including SQL Arc servers) and Windows IoT Enterprise on Arc enabled servers
  • VMware machines
  • System Center Virtual Machine Manager (SCVMM) machines
  • Azure Local clusters
  • Cross-subscription-patching

These features make Azure Update Manager a powerful tool for maintaining the security and performance of your IT infrastructure.

Key benefits

Update Manager offers many new features and provides enhanced and native functionalities. Following are some of the benefits:

• Provides native experience with zero on-boarding.
  • Built as native functionality on Azure virtual machines and Azure Arc for Servers platforms for ease of use.
  • No dependency on Log Analytics and Azure Automation.
  • Azure Policy support.
  • Availability in most Azure virtual machines and Azure Arc regions.
• Works with Azure roles and identity.
  • Granular access control at the per-resource level instead of access control at the level of the Azure Automation account and Log Analytics workspace.
  • Update Manager has Azure Resource Manager-based operations. It allows role-based access control and roles based on Azure Resource Manager in Azure.
  • Offers enhanced flexibility
    • Take immediate action either by installing updates immediately or scheduling them for a later date.
    • Check updates automatically or on demand.
    • Secure machines with new ways of patching such as automatic VM guest patching in Azure, hotpatching or custom maintenance schedules.
    • Sync patch cycles in relation to patch Tuesday the unofficial term for Microsoft's scheduled security fix release on every second Tuesday of each month.
• Reporting and alerting
  • Build custom reporting dashboards through Azure Workbooks to monitor the update compliance of your infrastructure.
  • Configure alerts on updates/compliance to be notified or to automate action whenever something requires your attention.

Next steps

• How Update Manager works
• Prerequisites of Update Manager
• View updates for a single machine.
• Deploy updates now (on-demand) for a single machine.
• Enable periodic assessment at scale using policy.
• Schedule recurring updates
• Manage update settings via the portal.
• Manage multiple machines by using Update Manager.