Azure Update Manager
Azure Update Manager is a unified service to help manage and govern updates for all machines. It can monitor Windows and Linux update compliance across deployments in Azure, other cloud platforms, and on-prem, from a single dashboard. Azure Update Manager can be used to make real-time updates or schedule them within a defined maintenance window.
Azure patching
There are several possible patching solutions available. Patch on Schedule is the solution we have chosen because it is easier to manage from Azure UI and it is not necessary to create virtual machines with a new image after the installation of all the classifications. With this solution, it is possible to know when the patches are going to be installed, and no reboot is required.
Patch on schedule
Maintenance Configurations provides the ability to control and manage updates for many Azure virtual machine resources, because Azure frequently updates its infrastructure to improve reliability, performance, and security, or to launch new features.
To create a new Maintenance Configuration, use the Never Reboot option and create a schedule that occurs every week on Wednesday. Assign it to the corresponding hub machine and include all the available patch classifications (Critical, Security, UpdateRollup, FeaturePack, ServicePack, Definition, Tools, Updates).
Patching settings
|
Setting |
Status |
|---|---|
|
Don't need to update VM image |
✅ |
|
Auto patching managed by provider |
❌ |
|
Include all patch classifications |
✅ |
|
Manage the reboot option |
✅ |
|
Include HotPatching |
❌ |
|
Determine the time for the patches to be installed |
✅ |