你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站，请访问 https://docs.azure.cn。

Cross-subscription patching in Azure Update Manager

Applies to: ✔️ Windows VMs ✔️ Linux VMs ✔️ On-premises environment ✔️ Azure Arc-enabled servers.

Azure Update Management offers a straightforward and efficient solution for managing asset patching within a subscription. The capability is beneficial for organizations with resources distributed across various subscriptions, ensuring consistent and streamlined patch management.

However, its capabilities go well beyond this. With proper configuration, you can manage and apply patches across multiple Azure subscriptions from a centralized location.

Key benefits of Cross-subscription patching

• Operational Efficiency: You can centralize the management of patches, reducing the complexity and time required for patch management. This leads to more streamlined operations.
• Improved Reliability: Regular and consistent patching across all subscriptions helps maintain system stability and reduces downtime caused by unpatched vulnerabilities.

Supported workloads

Supported resource type

• Azure Resource Manager (Arc)-connected hosts: Non-Azure hosts connected to Azure through Arc, subject to Arc prerequisites and Azure Update Manager supported regions

• Azure VM - Native virtual machines created in Azure.

Supported OS type

• Windows: Cross-subscription patching supports various versions of Windows Server and Windows operating systems. Ensure that your Windows devices are up-to-date and compatible with the patching process. For more information, see support matrix for Arc-connected hostsand Azure VM for supported images.

• Linux: Cross-subscription patching also supports multiple Linux distributions, including most mainstream distributions like Ubuntu, CentOS, and Red Hat Enterprise Linux (RHEL) etc. Ensure that your Linux devices meet the necessary requirements for patching. For more information, seesupport matrix for Arc-connected hosts and Azure VM for supported images.

备注

If VMs running unsupported images are included in the schedule, the maintenance configuration (i.e., patch job) will fail.

Limitations

Rate limits - To manage a large number of assets through API/SPN (Service Principal), be mindful of rate limits and distribute the load among multiple Service principals to avoid any throttling issues.

Next steps

• Learn more on how to enable cross-subscription patching either through Azure CLI or portal.
• Learn more about Dynamic scope, an advanced capability of schedule patching.
• Learn about pre and post events to automatically perform tasks before and after a scheduled maintenance configuration.