Update Management
Please take a few minutes to submit your idea or vote up an existing idea. All of the feedback you share in these forums will be monitored and reviewed by the Update Management engineering team.
-
181 votes
This is a seeded idea we have considered. Please vote if this is the next thing you would like ‘Change Tracking’ to track.
-
Dynamic Update Deployments
Update deployments needs to be dynamic. As of now if we target a group of 5 servers the deployment is static and will always target only these 5 servers, even if the group changes and have 100 servers in it. The update deployment should be able to evaluate the group membership at each runtime.
69 votesThis feature is now in public preview. https://docs.microsoft.com/en-us/azure/automation/automation-update-management#using-dynamic-groups
-
3rd Party Patching
3rd Party Patching (Adobe, Java, etc)
54 votesWhat tools are you using today for patching these products?
-
Create an IP to report on DSC drifts / compliance
PowerShell DSC is currently poor in reporting on configuration drifts and compliance levels. Collect this data in Ops Insight to answer questions like:
- which systems are experiencing a configuration drifts and for which DSC policies?
- which is the compliance level for this specific DSC policy / setting?51 votesNice idea, let’s see how many folks vote on this.
-
Ability to apply updates on VMs in multiple subscriptions
Our large enterprise customers has large number of VMs in large number of subscriptions. We manage automation via a central Azure Automation accounts. Currently Update Management appears to work only on VMs in the subscription containing Azure Automation account. Ability is needed so that we can target Azure Automation Update Management to work on VMs in multiple subscription.
50 votesYou can now enroll machines from multiple subscriptions into a single Automation Account. https://docs.microsoft.com/en-us/azure/automation/automation-onboard-solutions-from-browse
However, we still have the requirement that machines enrolled in Update Management only enroll into a single Log Analytics workspace.
-
New Management Pack releases and change tracking
When the OpInsights team releases new IPs/MPs they're automatically downloaded and executed on agents. While I'm sure you're performing all the tests needed, there can be disruptions on the agent side, just like it happens with OpsMgr. The main difference is that with OpsMgr the admin is in full control, with OpsInsights it is not. You should give the user a way to track MP changes, a few ideas:
- use the change tracking IP and add MP tracking
- use a newsfeed / tile on the portal with the latest release for every IP and core management packs. It…38 votesThanks for the idea, Daniele.
What would be the purpose of having such information? What would be the use cases of such information when the user is unable to revert the changes?
-
Change Tracking: Support Windows Firewall changes
Ability to track Windows Firewall Rules
33 votesThis is a seeded idea we have considered. Please vote if this is the next thing you would like ‘Change Tracking’ to track.
Also consider using Security Events that can track changes to the windows Firewall policy – see https://technet.microsoft.com/en-us/library/ff428143(v=ws.10).aspx
-
Change Tracking should include the user account that completed the change.
I need to be able to see who makes changes.
31 votesThanks for the feedback. We will investigate how this capability can improve the Change Tracking and Inventory features.
-
Integrate to Sys Upd IP with WSUS / ConfigMgr
The current IP is great but, afaik, it just does check for published updates, a true compliance report should be based on authorized updates. I know this isn't going to be easy and probably not possible today without some change on the patching tools, but as a future evolution I think the IP should leverage the customer chosen tool for patching and reporting against authorized updates in addition to published updates.
30 votesThanks for your feedback.
Currently we have not prioritized this, but let’s see how many customers are interested. -
Change Tracking: Active Directory
Track any changes made to Active Directory:
- Delete, Change and creation of users + groups
- Change of security permissions27 votes -
Change Tracking : Need IIS changes also to be tracked under change tracking like app pool settings or any IIS site related changes
Tracking IIS changes will help to know what has change while troubleshooting any IIS related issues like App pool account was changed or any site settings were changed.
25 votesThanks for the idea.
We’d need to see how complex it is to model this in search since IIS config can be quite deeply nested, to do it as ‘first class’ citizen.
Also consider the ‘simpler’ version of this by tracking changes to (XML) files such as machine.config, app.config. web.config, applicationhost and so forth… http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519279-change-tracking-files-and-folders
with that, we were thinking we could have some UI ‘diff’ capabilities for the ‘before’ and ‘after’ file… -
Build Complete Dashboards with Integrated Performance Data, System Updates and SCCM Data
Improve the System Update intelligence Pack: The dashboard should show you which systems are missing updates, tell you whether you have attempted to deploy the update to the servers and reasons for the install failure. For example, there was no space on the C:\ drive and the install fail. The dashboard should be a fully operational solution for pointing out the problems and offering the exact resolution. While it is helpful to know that updates are missing. It is even more helpful to know which servers were attempted and why the updates didn't install. Talk to someone who has attempted…
23 votesThis sounds similar to this other idea http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6662499-integrate-to-sys-upd-ip-with-wsus-configmgr at least as a starting point… plus you are suggesting to add performance data in the mix and do some sort of root cause analysis…
Very interesting vision, but definitely not a small bite chunk we can execute upon as a single item. Let’s see where it lands and/or discuss further requirements offline.
-
23 votes
This is a seeded idea we have considered. Please vote if this is the next thing you would like ‘Change Tracking’ to track, to complement SQL Assessment.
How many need this?
-
Support for patching Azure VM Scale Sets
Currently I can only patch my regular windows VMs through Update Management. Would be great to support VM Scale Sets too.
20 votes -
Change Tracking for SCOM Configuration
Since there is an intelligence pack to bring SCOM Alert data to Insights, it would help if the changes made to SCOM configuration is also tracked. For Instance, It would help corelate management pack updates to alerts raised in the SCOM environment. or corelating alerts to some administrative change
17 votesLet’s see how many votes this gets.
In general, you might also consider the ‘generic’ approach, i.e. script your own ‘dump’ of configuration settings and MP versions to a file, then the idea about tracking file changes http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519279-change-tracking-files-and-folders might have a broader applicability and therefore be preferred from a product direction standpoint.
Also, using Log Management to collect the ‘Operations Manager’ event log would tell you some other things happening in the environment from an OpsMgr perspective. -
Collect KB Revision Levels
I want to identify the revision level of a Patch.
i.e. Create a query what shows which machines have which patch and at what revision level that patch is
My clients example is KB3001652. They want to know if they have 201 or 202 (which had issues for them) or 204 (which doesn't have issues, but, is not auto approved)
Thanks.
15 votesI don’t believe this would be trivial: the only information emitted by System Update Assessment is about required updates – we don’t snapshot what IS currently installed.
You can however query based on the published date of each update – see this other idea http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519326-add-an-age-threshold-for-missing-updates
-
Change Tracking: Hyper-V VM settings changes
Ability to tell if John Smith shutdown the VM at this time or Jane Doe added a network connection to a VM at another time. VM X was created with these settings.
15 votesDo you know which Windows Event log does HyperV log this? Or is the idea to rely on VMM’s proxy administration?
-
Updates older than 30 days Tile - We need that back
Updates older than 30 days Tile - We need that back for Windows and Linux. This helps operations knock out the low hanging trouble-makers
13 votes -
Disable change tracking for "known" windows services
There are alot of windows services that ship with Windows that flip/flop constantly during the day. This creates noise in the Change Tracking reports. It would be great if we could disable change tracking by choosing from a list of "known" Microsoft-shipped windows services.
Some examples would be "Smart Card", "BITS" and "Windows Update"
12 votesThe Change Tracking team is reviewing this ask specifically for Windows Services.
-
Intune
Please support the integration of Intune, at least from a reporting capacity, to allow a single-pane view for total network security posture.
11 votesCan you elaborate more on the type of integration you’d like to see with Intune?
- Don't see your idea?