Automatic guest patching for Azure virtual machines

Applies to: ✔️ Linux VMs ✔️ Windows VMs

By enabling automatic guest patching for your Azure Virtual Machines (VMs), you can automatically and securely patch your VMs to ensure they remain compliant with security standards."

Supported OS images

Automatic VM guest patching, on-demand patch assessment and on-demand patch installation are supported only on VMs created from images with the exact combination of publisher, offer and sku combinations listed in the supported OS images. Custom images or any other Publisher, Offer, SKU combinations aren't supported. The list of supported images is updated regularly..

If automatic VM guest patching is enabled on a VM, then the available Critical and Security patches are downloaded and applied automatically on the VM.

Note

Only x64 operating systems are currently supported. Neither ARM64 nor x86 are supported for any operating system.

Customized images

For VMs created from customized images even if the Patch orchestration mode is set to Azure Orchestrated/AutomaticByPlatform, automatic VM guest patching doesn't work. We recommend that you use scheduled patching to patch the machines by defining your own schedules or install updates on-demand.

Next steps