About Azure Update Manager
Important
Both Azure Automation Update Management and the Log Analytics agent it uses has been retired on 31st August 2024. Therefore, if you are using the Automation Update Management solution, we recommend that you move to Azure Update Manager for your software update needs. Follow the guidance to move your machines and schedules from Automation Update Management to Azure Update Manager. For more information, see the FAQs on retirement. You can sign up for monthly live sessions on migration including Q&A sessions.
Update Manager is a unified service to help manage and govern updates for all your machines. You can monitor Windows and Linux update compliance across your machines in Azure and on-premises/on other cloud platforms from a single pane of management. You can also use Update Manager to make real-time updates or schedule them within a defined maintenance window.
You can use Update Manager in Azure to:
- Instantly check for updates or deploy security or critical updates to help secure your machines.
- Enable periodic assessment to check for updates every 24 hours.
- Use flexible patching options such as:
- Customer-defined maintenance schedules for both Azure and Arc-connected machines.
- Automatic virtual machine (VM) guest patching and hot patching for Azure VMs.
Key benefits
Update Manager offers many new features and provides enhanced and native functionalities. Following are some of the benefits:
- Provides native experience with zero on-boarding.
- Built as native functionality on Azure virtual machines and Azure Arc for Servers platforms for ease of use.
- No dependency on Log Analytics and Azure Automation.
- Azure Policy support.
- Availability in most Azure virtual machines and Azure Arc regions.
- Works with Azure roles and identity.
- Granular access control at the per-resource level instead of access control at the level of the Azure Automation account and Log Analytics workspace.
- Update Manager has Azure Resource Manager-based operations. It allows role-based access control and roles based on Azure Resource Manager in Azure.
- Offers enhanced flexibility
- Take immediate action either by installing updates immediately.
- Check updates automatically or on demand.
- Secure machines with new ways of patching such as automatic VM guest patching in Azure, hot patching or custom maintenance schedules.
- Sync patch cycles in relation to patch Tuesday the unofficial term for Microsoft's scheduled security fix release on every second Tuesday of each month.
- Reporting and alerting
- Build custom reporting dashboards through Azure Workbooks to monitor the update compliance of your infrastructure.
- Configure alerts on updates/compliance to be notified or to automate action whenever something requires your attention.