Update management center in Azure
What is Update management center?
Update management center is a new feature which is still only in preview in Azure that can come to replace our update management handling in Azure. I have seen solutions that use Azure Automation, logic apps or even Azure Functions for automatic updates that run on a schedule with complex scripts that just feels awkward.

It is a single dashboard for managing both Windows & Linux virtual machines that lets you do some key features:
- Manage all your virtual machines and their updates in Azure, on-premise and even other cloud providers
- Lets you trigger assessments and one-time updates in the Azure Portal. This lets you instantly deploy critical updates if there for example is a zero-day patch released
This new service does not have dependencies towards Azure Automation or Azure Monitor Logs to handle updates either, which is a relief.
The service works using a Virtual Machine Extension that gets installed automatically when you run any operation such as:
- Check for updates
- Install one-time update
- Periodic assessment of your virtual machine
Configure the service
First we need to ensure that our Virtual machines are set with the correct patch orchestration, which is the setting that allows us to control how patches will be applied to our virtual machines. Under Updates on a virtual machine we can set the following:

This will allow Azure and the update management center service to manage updates for the virtual machine.
Then we would want to configure a maintenance configuration which is that we use to tie machines to and configure a schedule.
- Login to the Azure Portal
- Search for Update management center (preview)
- Under Manage select Machines and you will see all of your virtual machines and their status
- Next we want to select Browse maintenance configurations found in the upper-right corner
- Select Create
- Enter the required information under the Basics tab, here you can also create your Schedule

7. Under Machines select Add machines
8. Select your VM and click ok
9. Click Review + create -> Create
We could also include/exclude certain KBs in this wizard but is not in scope for this guide.
Now if you go back to Update management center in the Azure Portal you can view a lot of important information such as a list of all virtual machines, their update status, operating system and which schedule they are connected to.
You can also view the history of past assessments and install operations.
Recommendations
Obviously you do not want to create just the one maintenance configuration with one schedule and have all the virtual machines in there.
You should create at least two so you can spread out your workloads over different update schedules. For example you would not want to have all your domain controllers or SQL servers that support one cluster to be updated and risk downtime at the same time, assign them different schedules.
Reference

About the author
