If you need a simple and effective way to manage Windows updates from the cloud, look no further than Azure Update Management. As part of an Azure subscription, Update Management allows you to schedule and monitor update compliance for Azure virtual machines, and VMs hosted on-premises or by other cloud providers. Update Management provides an overview of all your VMs, including their compliance status.
Update Management is available for both Windows and Linux. The solution uses the Microsoft Monitoring Agent (MMA) for Windows or Linux, PowerShell Desired State Configuration (DSC) for Linux, an Automation Hybrid Runbook Worker, and Microsoft Update or Windows Server Update Services (WSUS) for Windows servers. Update Management reports how up-to-date each VM is based on where it is configured to synchronize updates from. For example, if the VM is configured to pull updates from Windows Server Update Services (WSUS), then the results might differ from a device that synchronizes directly with Microsoft Update, depending on when WSUS last synced with Microsoft Update.
If VMs are running Windows Server 2008 or Windows Server 2008 R2 RTM, Update Management only supports update assessments. Windows Server 2008 R2 SP1 and later support the full feature set. Windows clients and Nano Server are not supported. Update Management supports the following versions of Linux:
For more detailed technical information about Azure Update Management, see Microsoft’s website here.
Adding an existing Azure virtual machine (VM) to Update Management is easy. If you don’t already have an Azure Automation account and a log analytics workspace, Azure will walk you through the process of setting those up. To perform the following instructions, you will need an Azure subscription. If you don’t already have an Azure subscription and virtual machine, take a look at Create a Virtual Machine in the Azure Cloud on Petri.
Enabling Update Management on a VM can take up to 15 minutes. You’ll get a notification in the top right of the management portal when the process is complete.
In the second part of this two-part series, I’ll show you how to schedule updates, check update compliance, and enable Update Management on non-Azure VMs.