About Azure Update Manager

Update Manager is a unified service to help manage and govern updates for all your machines (running a server operating system). You can monitor Windows and Linux update compliance across your machines in Azure, and on-premises or other cloud environments from a single pane of management. You can also use Update Manager to make real-time updates or schedule them within a defined maintenance window.

You can use Update Manager for:

• Unified Update Management - Monitor update compliance across Windows and Linux machines (running a server operating system) from a single dashboard, including machines in Azure, and on-premises or other cloud environments (connected by Azure Arc).
• Flexible patching options:
• Instantly check for updates or deploy security or critical updates to help secure your machines.
  • Apply updates in real-time
  • Use Automatic VM guest patching, to automatically apply updates to Azure VMs without requiring manual intervention.
• Security and Compliance tracking - Apply security and critical patches with enhanced security measures and compliance tracking.
• Periodic update Assessments - Enable periodic assessments to check for updates every 24 hours.
• Dynamic Scoping - Group machines based on criteria and apply updates at scale.
• Custom Reporting and Alerts - Build custom dashboards to report update status and configure alerts to notify you of update statuses and any issues that arise.
• Granular Access Control - Use role-based access control (RBAC) to delegate permissions for patch management tasks at a per-resource level.
• Software updates including application updates:
  • That are available in Microsoft Updates
  • That are available in Linux packages
  • That are published to Windows Server Update Services (WSUS)
• Patching diverse resources
  • Azure Virtual Machines (VMs): both Windows and Linux VMs in Azure (including SQL servers). VMs also include the ones which are created by Azure Migrate, Azure Backup, and Azure Site Recovery. These features make Azure Update Manager a powerful tool for maintaining the security and performance of your IT infrastructure.

Update Manager offers many new features and provides enhanced and native functionalities. Following are some of the benefits:

• Provides native experience with zero on-boarding.
  • Built as native functionality on Azure virtual machines and Azure Arc for Servers platforms for ease of use.
  • No dependency on Log Analytics and Azure Automation.
  • Azure Policy support.
  • Availability in most Azure virtual machines and Azure Arc regions.
• Works with Azure roles and identity.
  • Granular access control at the per-resource level instead of access control at the level of the Azure Automation account and Log Analytics workspace.
  • Update Manager has Azure Resource Manager-based operations. It allows role-based access control and roles based on Azure Resource Manager in Azure.
  • Offers enhanced flexibility
    • Take immediate action either by installing updates immediately.
    • Check updates automatically or on demand.
    • Secure machines with new ways of patching such as automatic VM guest patching in Azure, hot patching or custom maintenance schedules.
    • Sync patch cycles in relation to patch Tuesday the unofficial term for Microsoft's scheduled security fix release on every second Tuesday of each month.
• Reporting and alerting
  • Build custom reporting dashboards through Azure Workbooks to monitor the update compliance of your infrastructure.
  • Configure alerts on updates/compliance to be notified or to automate action whenever something requires your attention.

• How Update Manager works
• Prerequisites of Update Manager
• View updates for a single machine.
• Deploy updates now (on-demand) for a single machine.
• Enable periodic assessment at scale using policy.
• Manage update settings via the portal.
• Manage multiple machines by using Update Manager.