Update Management
Please take a few minutes to submit your idea or vote up an existing idea. All of the feedback you share in these forums will be monitored and reviewed by the Update Management engineering team.
-
3rd Party Patching
3rd Party Patching (Adobe, Java, etc)
97 votesUpdate Management is a wrapper which uses your machine’s OS update service or package manager – to fetch & install updates.
On Windows Server OS – the Microsoft Update Service can be configured fetch & updates for MS products. And hence UM, then can allow installing MS updates as well. More details here: https://docs.microsoft.com/azure/automation/update-management/configure-wuagent#enable-updates-for-other-microsoft-products
Microsoft Update Service on Windows Server OS doesn’t update 3rd party software say Adobe or Java. Hence update management solution can’t also in-turn do the same. Unless tools like Wsus Package Publisher ( https://github.com/DCourtel/Wsus_Package_Publisher ) is used which can publish third-party applications into your WSUS.
-
Support for patching Azure VM Scale Sets
Currently I can only patch my regular windows VMs through Update Management. Would be great to support VM Scale Sets too.
45 votesScale Set integration is currently being investigated.
Recommend using Azure Automatic OS image upgrades with Virtual Machine Scale Sets : https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade -
Build Complete Dashboards with Integrated Performance Data, System Updates and SCCM Data
Improve the System Update intelligence Pack: The dashboard should show you which systems are missing updates, tell you whether you have attempted to deploy the update to the servers and reasons for the install failure. For example, there was no space on the C:\ drive and the install fail. The dashboard should be a fully operational solution for pointing out the problems and offering the exact resolution. While it is helpful to know that updates are missing. It is even more helpful to know which servers were attempted and why the updates didn't install. Talk to someone who has attempted…
43 votesWe’re currently making improvements around diagnosability, agent reliability, and platform integration.
-
Add Linux patch details such as version in include feature of Update Management
This is a good request , most customers need make sure test servers and prod servers have the same version installed . However, the latest version may be upgraded in the repository frequently , and when it’s time to patch the prod servers, the latest patch version may be different.
Per my test, we can’t include “version info” in the include list. For example, 'gzip-1.5-9.el7.x8664' is not supported but 'gzip.x8664' works fine .
Also, better if we can cover “package issued date/updated date filter” as well.
There are few articles from redhat which is covering how they do…
39 votes -
Email compliance reports
Have the option to automatically schedule compliance reports to be sent via email from Update Management. This would be good to be able to do on both a generic high-level account view, encompassing all VM's, as well as on completion of a Deployment Schedule. This would be similar to how you can schedule email compliance reports with both ConfigMgr and WSUS. Our customers love using Azure Update Management, however, the lack of email reporting is an issue for many of them.
37 votesThanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
-
Integrate to Sys Upd IP with WSUS / ConfigMgr
The current IP is great but, afaik, it just does check for published updates, a true compliance report should be based on authorized updates. I know this isn't going to be easy and probably not possible today without some change on the patching tools, but as a future evolution I think the IP should leverage the customer chosen tool for patching and reporting against authorized updates in addition to published updates.
35 votesWe’re currently enhancing our compliance functionality.
-
Patch order with dependencies
Create patch groups that can run either parallel or dependent on other patch groups. Ensuring certain servers do no patch at the same time or are being patched in a specified order rather than parallel.
29 votesThis is similar to cluster-aware updates but slightly different. We will keep an eye on this to gauge interest and prioritize accordingly.
-
Add a Set-AzAutomationSoftwareUpdateConfiguration cmdlet to modify an existing Update Management configuration
'New-' and 'Remove-' cmdlets already exist, however, currently there isn't a cmdlet to 'Set-' to modify existing configurations.
20 votesThanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
-
Updates older than 30 days Tile - We need that back
Updates older than 30 days Tile - We need that back for Windows and Linux. This helps operations knock out the low hanging trouble-makers
18 votesNot currently planned, though we are doing at-scale UX work and will keep this suggestion in mind during design.
-
Update Pipeline
It would be really helpful if you could describe a pipleine in Update Management, and get the updates to flow through that pipeline.
e.g. You have a Dev, Test and Production Environment.
You want to keep machines up to date, but do not want to affect Production users with faulty pathes.If you could describe an update pipleine, saying, deploy any updates to Dev, then to test then to prod, this would ensure updates can be developed and tested against before they reach production.
When patch tuesday arrives, these patches would be available for your 1st environment in the pipleine,…
15 votesUpdate Management solution of Azure Automation is a free tool to allow basic patch management by triggering the machine’s OS to install updates as per provided configuration at stated time.
Hence there are two ways to achieve your scenario “exactly same updates” in test & then prod, by either manipulating the OS behavior or tweaking the AUM config:
- - Host the updates locally using Microsoft WSUS [https://docs.microsoft.com/azure/automation/automation-configure-windows-update#make-wsus-configuration-settings] or Reposync utility from RedHat [https://access.redhat.com/solutions/23016]or Ubuntu Landscape [https://docs.ubuntu.com/landscape/], etc. And the configure the update service or package manager of all your machines to use the local update source. In this way the updates installed when using Update Management will only be what is available in your local patch server which is running (say) WSUS or RH Reposync. And if the patch server remain unchanged in 2-3 weeks when you start update schedule for Prod, they will also…
-
Ability to deploy optional updates
We would like the ability to push optional updates just like you can with WSUS.
15 votesWe respect machine settings, so if you follow the instructions here https://docs.microsoft.com/en-us/azure/automation/automation-update-management#enable-updates-for-other-microsoft-products you will be able to achieve this.
-
Support Update Management for Windows client
Azure Automation and OMS currently do not support deploying\collecting updates to Windows client.
We can deploy OMS agents on the Windows client and they are reporting compliance status in the Update Management blade of the Automation Account and to OMS. Please officially support Windows client https://docs.microsoft.com/en-us/azure/automation/automation-update-management#clients12 votesThe go to product from Microsoft for the client management is InTune / Endpoint Manager product line. And the prescribed solution from Azure WVD team for software updates is here: https://docs.microsoft.com/azure/virtual-desktop/configure-automatic-updates
Focus for Update Management solution is on Server OSes & use-cases. And client/Win10 ecosystem haven’t been explored.
-
Fix OMS Update Management to allow patch deployment to Server Core
Per documentation at: https://docs.microsoft.com/en-us/azure/operations-management-suite/oms-solution-update-management
"Server Core and Nano Server installation options are not supported."
Please fix this so that Server Core is supposed for patch deployments. (At least 2016 Server Core, with Server 2012R2 being appreciated!)
12 votes -
Support Update Management in Japan West
Currently using Automation Account is GA in Japan West.
But Update Management is not available in Japan West.
Please enable the Update Management feature for Japan West region.11 votes -
Why is there still no Auto Start-up operation?
Why is there still no Auto Start-up operation?
11 votes -
Ability to run scripts throughout patching
We can run pre/post scripts, but that is not useful when patching a web farm, cluster, or complex application that needs careful handling. It would be great to have the ability to run scripts throughout patching; pre patching a node, pre/post reboot, post patching a node... this way I can start/restart services, validate functionality after patching a node, or even manage cluster nodes myself throughout a patch cycle.
With pre/post scripts I cannot suspend/resume cluster nodes as I patch through them in a group, nor can I ensure my services are stopped/started as required by my app owners. There is…
10 votesThanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
-
Add fully patched computers to Update Management Tile
The update management tile on the home page does not include my computers that have all the updates. It only has Computers missing Critical, Computers missing Security, and Computers missing other. I liked also seeing a blue chunk for the fully patched machines. This is using the Edge Browser on 14393.202
9 votes -
Provide opsinsight as PaaS solution for customer to configure inside their own subscriptions
Right now, opsinsight exists and store data for various customers and perhaps map account to the storage in cloud. How about providing it as a seprate service in azure stack and let the user configure it inside their own azure subscription and use their onprem SCOM or MMA to send data to this blob residing in their subscription. I tried my best to explain the idea, if it needs more ground and better clarity, let me know.
9 votesThis is one thing we have been considering for at some point in the future, depending on demand.
-
Add support/feature to invoke a Cluster Aware Update (CAU) run via Update Management
A feature to invoke a CAU run or patch clustered servers not setup for CAU.
Today we use Azure Runbooks to invoke CAUs or we stagger the update management schedule times for each cluster node. It's an ad-hoc workaround and it would be nice if this was something supported out-of-box with Update Management.
7 votes -
export
Every report that is run on AZURE portal should have an EXPORT function.
7 votes
- Don't see your idea?