Update Management
Please take a few minutes to submit your idea or vote up an existing idea. All of the feedback you share in these forums will be monitored and reviewed by the Update Management engineering team.
-
183 votes
This is a seeded idea we have considered. Please vote if this is the next thing you would like ‘Change Tracking’ to track.
-
Dynamic Update Deployments
Update deployments needs to be dynamic. As of now if we target a group of 5 servers the deployment is static and will always target only these 5 servers, even if the group changes and have 100 servers in it. The update deployment should be able to evaluate the group membership at each runtime.
70 votesWe’ve GA’d dynamic groups for Azure, and dynamic groups (dynamic saved searches) for non-Azure machines is in public preview.
-
3rd Party Patching
3rd Party Patching (Adobe, Java, etc)
57 votesWe’re still evaluating the best option to support 3rd party patching.
-
Create an IP to report on DSC drifts / compliance
PowerShell DSC is currently poor in reporting on configuration drifts and compliance levels. Collect this data in Ops Insight to answer questions like:
- which systems are experiencing a configuration drifts and for which DSC policies?
- which is the compliance level for this specific DSC policy / setting?52 votes -
New Management Pack releases and change tracking
When the OpInsights team releases new IPs/MPs they're automatically downloaded and executed on agents. While I'm sure you're performing all the tests needed, there can be disruptions on the agent side, just like it happens with OpsMgr. The main difference is that with OpsMgr the admin is in full control, with OpsInsights it is not. You should give the user a way to track MP changes, a few ideas:
- use the change tracking IP and add MP tracking
- use a newsfeed / tile on the portal with the latest release for every IP and core management packs. It…39 votesThanks for the idea, Daniele.
What would be the purpose of having such information? What would be the use cases of such information when the user is unable to revert the changes?
-
Change Tracking: Support Windows Firewall changes
Ability to track Windows Firewall Rules
35 votesThis is a seeded idea we have considered. Please vote if this is the next thing you would like ‘Change Tracking’ to track.
Also consider using Security Events that can track changes to the windows Firewall policy – see https://technet.microsoft.com/en-us/library/ff428143(v=ws.10).aspx
-
Change Tracking should include the user account that completed the change.
I need to be able to see who makes changes.
32 votesThanks for the feedback. We will investigate how this capability can improve the Change Tracking and Inventory features.
-
Integrate to Sys Upd IP with WSUS / ConfigMgr
The current IP is great but, afaik, it just does check for published updates, a true compliance report should be based on authorized updates. I know this isn't going to be easy and probably not possible today without some change on the patching tools, but as a future evolution I think the IP should leverage the customer chosen tool for patching and reporting against authorized updates in addition to published updates.
31 votesWe’re currently enhancing our compliance functionality.
-
Change Tracking: Active Directory
Track any changes made to Active Directory:
- Delete, Change and creation of users + groups
- Change of security permissions30 votes -
Change Tracking : Need IIS changes also to be tracked under change tracking like app pool settings or any IIS site related changes
Tracking IIS changes will help to know what has change while troubleshooting any IIS related issues like App pool account was changed or any site settings were changed.
26 votesThanks for the idea.
We’d need to see how complex it is to model this in search since IIS config can be quite deeply nested, to do it as ‘first class’ citizen.
Also consider the ‘simpler’ version of this by tracking changes to (XML) files such as machine.config, app.config. web.config, applicationhost and so forth… http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519279-change-tracking-files-and-folders
with that, we were thinking we could have some UI ‘diff’ capabilities for the ‘before’ and ‘after’ file… -
Support for patching Azure VM Scale Sets
Currently I can only patch my regular windows VMs through Update Management. Would be great to support VM Scale Sets too.
25 votesScale Set integration is currently being investigated.
-
25 votes
This is a seeded idea we have considered. Please vote if this is the next thing you would like ‘Change Tracking’ to track, to complement SQL Assessment.
How many need this?
-
Build Complete Dashboards with Integrated Performance Data, System Updates and SCCM Data
Improve the System Update intelligence Pack: The dashboard should show you which systems are missing updates, tell you whether you have attempted to deploy the update to the servers and reasons for the install failure. For example, there was no space on the C:\ drive and the install fail. The dashboard should be a fully operational solution for pointing out the problems and offering the exact resolution. While it is helpful to know that updates are missing. It is even more helpful to know which servers were attempted and why the updates didn't install. Talk to someone who has attempted…
24 votesWe’re currently making improvements around diagnosability, agent reliability, and platform integration.
-
Change Tracking for SCOM Configuration
Since there is an intelligence pack to bring SCOM Alert data to Insights, it would help if the changes made to SCOM configuration is also tracked. For Instance, It would help corelate management pack updates to alerts raised in the SCOM environment. or corelating alerts to some administrative change
18 votesLet’s see how many votes this gets.
In general, you might also consider the ‘generic’ approach, i.e. script your own ‘dump’ of configuration settings and MP versions to a file, then the idea about tracking file changes http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519279-change-tracking-files-and-folders might have a broader applicability and therefore be preferred from a product direction standpoint.
Also, using Log Management to collect the ‘Operations Manager’ event log would tell you some other things happening in the environment from an OpsMgr perspective. -
Change Tracking: Hyper-V VM settings changes
Ability to tell if John Smith shutdown the VM at this time or Jane Doe added a network connection to a VM at another time. VM X was created with these settings.
16 votes -
Updates older than 30 days Tile - We need that back
Updates older than 30 days Tile - We need that back for Windows and Linux. This helps operations knock out the low hanging trouble-makers
14 votesNot currently planned, though we are doing at-scale UX work and will keep this suggestion in mind during design.
-
Disable change tracking for "known" windows services
There are alot of windows services that ship with Windows that flip/flop constantly during the day. This creates noise in the Change Tracking reports. It would be great if we could disable change tracking by choosing from a list of "known" Microsoft-shipped windows services.
Some examples would be "Smart Card", "BITS" and "Windows Update"
13 votesThe Change Tracking team is reviewing this ask specifically for Windows Services.
-
Intune
Please support the integration of Intune, at least from a reporting capacity, to allow a single-pane view for total network security posture.
12 votesCan you elaborate more on the type of integration you’d like to see with Intune?
-
Update assessment show
On some servers, update assessment shows expired / rejected / unavailable updates, e.g. on a 2008R2 server it shows
KB2949927 - this has been rejected according to http://support.microsoft.com/kb/2949927
KB2917500 - description on http://support.microsoft.com/kb/2917500 - KB2813430 is already installed and 2917500 is not available in update catalog.12 votesThanks for letting us know about this Martin. I’ve sent you an e-mail with some additional questions to help troubleshoot this issue.
-
Fix OMS Update Management to allow patch deployment to Server Core
Per documentation at: https://docs.microsoft.com/en-us/azure/operations-management-suite/oms-solution-update-management
"Server Core and Nano Server installation options are not supported."
Please fix this so that Server Core is supposed for patch deployments. (At least 2016 Server Core, with Server 2012R2 being appreciated!)
11 votes
- Don't see your idea?