Generally Available: Azure Update Manager

With the evolution of the IT landscape, there is a growing demand for seamless management of resources across the cloud and edge. We are pleased to announce that Azure Update Manager, previously known as Update Management Center, is now generally available.

Azure Update Manager provides a SaaS solution to manage and govern software updates to Windows and Linux machines across Azure, on-premises, and multi cloud environments. It is an evolution of Azure Automation Update management solution with new features and functionality, for assessment and deployment of software updates on a single machine or on multiple machines at scale.

• Oversee update compliance for your entire fleet of machines in Azure (Azure VMs), on-premises, and multi cloud environments (Arc-enabled Servers).
• View and deploy pending updates to secure your machines instantly.
• Manage extended security updates (ESUs) for your Azure Arc-enabled Windows Server 2012/2012 R2 machines. Get consistent experience for deployment of ESUs and other updates.
• Define recurring time windows during which your machines receive updates and may undergo reboots using scheduled patching. Enforce machines grouped together based on standard Azure constructs (Subscription, Location, Resource Group, Tags etc.) to have common patch schedules using dynamic scoping.
• Enable incremental rollout of updates to Azure VMs in off-peak hours using automatic VM guest patching and reduce reboots by enabling hotpatching.
• Automatically assess machines for pending updates every 24 hours, and flag machines that are out of compliance. Enforce enabling periodic assessments on multiple machines at scale using Azure Policy.
• Create custom reports for deeper understanding of the updates data of the environment.

Benefits

Azure Update Manager has been redesigned to offer new capabilities without a dependency on Log Analytics agent or Azure Monitor agent. It relies on the Microsoft Azure VM agent for managing update workflows on the Azure VMs and the Azure Connected Machine agent for managing Arc-enabled servers. When an update operation is performed for the first time on a machine, an extension is pushed to the machine that interacts with these agents to assess missing updates and deploy updates. The native design on Azure Compute and Azure Arc for Servers platform enables zero-step onboarding and simplifies operations on an ongoing basis.

Additionally, Update Manager provides following benefits also.

• Global availability in all Azure Compute and Azure Arc regions
  • Manage updates to Azure Virtual Machines and Arc-enabled Servers in all Azure regions.
• Granular access management to Azure resources with Azure roles and identity.
  • Update Manager inherits Azure RBAC configured on the machines to control who can perform update operations and edit schedules.
• Sync patch schedules for Windows machines in relation to patch Tuesday, the unofficial term for Microsoft's scheduled security fix release on the second Tuesday of each month.

Notable notes

• The Azure Log Analytics agent, also known as the Microsoft Monitoring Agent (MMA) will be retired in August 2024. Azure Automation Update management solution relies on this agent and may encounter issues once the agent is retired. It does not work with Azure Monitoring (AMA) Agent. Therefore, customers of the solution are encouraged to move to Azure Update Manager for their software update needs. All capabilities of Azure Automation Update Management Solution will be available on Azure Update Manager before the retirement date. Learn more.
• Azure Update Manager is available at no additional charge for managing Azure VMs. For Arc-enabled Servers, the price is up to $5 per server per month.

Getting Started

To get started by searching for Azure Update Manager in the portal.

or from the Updates blade of the virtual machine resource

Coming soon!!!

• Manage SQL updates to Azure SQL VMs along with OS updates are managed using Azure Update Manager.
• Built in ability to execute scripts before or after deploying updates to machines as a part of a schedule (aka pre and post tasks).
• Create alerts based on updates data for your environment.

Learn More

• Azure Update Manager
• Follow us on X (@AzureUpdateMgmt) to interact and get updates