Update management center in Azure

Update management center in Azure
Photo by Clint Patterson / Unsplash

What is Update management center?

Update management center is a new feature which is still only in preview in Azure that can come to replace our update management handling in Azure. I have seen solutions that use Azure Automation, logic apps or even Azure Functions for automatic updates that run on a schedule with complex scripts that just feels awkward.  

It is a single dashboard for managing both Windows & Linux virtual machines that lets you do some key features:

  • Manage all your virtual machines and their updates in Azure, on-premise and even other cloud providers
  • Lets you trigger assessments and one-time updates in the Azure Portal. This lets you instantly deploy critical updates if there for example is a zero-day patch released

This new service does not have dependencies towards Azure Automation or Azure Monitor Logs to handle updates either, which is a relief.

The service works using a Virtual Machine Extension that gets installed automatically when you run any operation such as:

  • Check for updates
  • Install one-time update
  • Periodic assessment of your virtual machine

Configure the service

First we need to ensure that our Virtual machines are set with the correct patch orchestration, which is the setting that allows us to control how patches will be applied to our virtual machines. Under Updates on a virtual machine we can set the following:

Patch orchestration must be set to Azure-orchestrated

This will allow Azure and the update management center service to manage updates for the virtual machine.

Then we would want to configure a maintenance configuration which is that we use to tie machines to and configure a schedule.

  1. Login to the Azure Portal
  2. Search for Update management center (preview)
  3. Under Manage select Machines and you will see all of your virtual machines and their status
  4. Next we want to select Browse maintenance configurations found in the upper-right corner
  5. Select Create
  6. Enter the required information under the Basics tab, here you can also create your Schedule
Maintenance scope in this case needs to be set to Guest (Azure VM, Arc-enabled VMs/Servers)

7.  Under Machines select Add machines

8.  Select your VM and click ok

9. Click Review + create -> Create

We could also include/exclude certain KBs in this wizard but is not in scope for this guide.

Now if you go back to Update management center in the Azure Portal you can view a lot of important information such as a list of all virtual machines, their update status, operating system and which schedule they are connected to.

You can also view the history of past assessments and install operations.

Recommendations

Obviously you do not want to create just the one maintenance configuration with one schedule and have all the virtual machines in there.

You should create at least two so you can spread out your workloads over different update schedules. For example you would not want to have all your domain controllers or SQL servers that support one cluster to be updated and risk downtime at the same time, assign them different schedules.

Reference

Update management center (preview) overview
The article tells what update management center (preview) in Azure is and the system updates for your Windows and Linux machines in Azure, on-premises, and other cloud environments.

About the author

About me
If you have landed on my page you will have already understood my passion for tech, but obviously there is more to life than that. Here I will try and outline a few of my other hobbies. Strength training I am a person who loves to move around and challenge