About Azure Update Manager

Update Manager is a unified service to help manage and govern updates for all your machines (running a server operating system). You can monitor Windows and Linux update compliance across your machines in Azure, and on-premises or other cloud environments from a single pane of management. You can also use Update Manager to make real-time updates or schedule them within a defined maintenance window.

You can use Azure Update Manager for:

• Unified Update Management - Monitor update compliance across Windows and Linux machines (running a server operating system) from a single dashboard, including machines in Azure, and on-premises or other cloud environments (connected by Azure Arc).
• Flexible patching options:
• Instantly check for updates or deploy security or critical updates to help secure your machines.
  • Apply updates in real-time
  • Use Automatic VM guest patching, to automatically apply updates to Azure VMs without requiring manual intervention.
  • Use hotpatching, to apply critical updates to Azure VMs without requiring a reboot, minimizing downtime
• Security and Compliance tracking - Apply security and critical patches with enhanced security measures and compliance tracking.
• Periodic update Assessments - Enable periodic assessments to check for updates every 24 hours.
• Dynamic Scoping - Group machines based on criteria and apply updates at scale.
• Custom Reporting and Alerts - Build custom dashboards to report update status and configure alerts to notify you of update statuses and any issues that arise.
• Granular Access Control - Use role-based access control (RBAC) to delegate permissions for patch management tasks at a per-resource level.
• Software updates including application updates:
  • That are available in Microsoft Updates
  • That are available in Linux packages
  • That are published to Windows Server Update Services (WSUS)

These features make Azure Update Manager a powerful tool for maintaining the security and performance of your IT infrastructure.

Update Manager offers many new features and provides enhanced and native functionalities. Following are some of the benefits:

• Provides native experience with zero on-boarding.
  • Built as native functionality on Azure virtual machines and Azure Arc for Servers platforms for ease of use.
  • No dependency on Log Analytics and Azure Automation.
  • Azure Policy support.
  • Availability in most Azure virtual machines and Azure Arc regions.
• Works with Azure roles and identity.
  • Granular access control at the per-resource level instead of access control at the level of the Azure Automation account and Log Analytics workspace.
  • Update Manager has Azure Resource Manager-based operations. It allows role-based access control and roles based on Azure Resource Manager in Azure.
  • Offers enhanced flexibility
    • Take immediate action either by installing updates immediately.
    • Check updates automatically or on demand.
    • Secure machines with new ways of patching such as automatic VM guest patching in Azure, hot patching or custom maintenance schedules.
    • Sync patch cycles in relation to patch Tuesday the unofficial term for Microsoft's scheduled security fix release on every second Tuesday of each month.
• Reporting and alerting
  • Build custom reporting dashboards through Azure Workbooks to monitor the update compliance of your infrastructure.
  • Configure alerts on updates/compliance to be notified or to automate action whenever something requires your attention.

• How Update Manager works
• Prerequisites of Update Manager
• View updates for a single machine.
• Deploy updates now (on-demand) for a single machine.
• Enable periodic assessment at scale using policy.
• Manage update settings via the portal.
• Manage multiple machines by using Update Manager.