Update Management
Please take a few minutes to submit your idea or vote up an existing idea. All of the feedback you share in these forums will be monitored and reviewed by the Update Management engineering team.
-
Dynamic Update Deployments
Update deployments needs to be dynamic. As of now if we target a group of 5 servers the deployment is static and will always target only these 5 servers, even if the group changes and have 100 servers in it. The update deployment should be able to evaluate the group membership at each runtime.
75 votesWe have GA’d dynamic groups for Azure, and dynamic groups (dynamic saved searches) for non-Azure machines is in public preview.
-
3rd Party Patching
3rd Party Patching (Adobe, Java, etc)
62 votes -
Integrate to Sys Upd IP with WSUS / ConfigMgr
The current IP is great but, afaik, it just does check for published updates, a true compliance report should be based on authorized updates. I know this isn't going to be easy and probably not possible today without some change on the patching tools, but as a future evolution I think the IP should leverage the customer chosen tool for patching and reporting against authorized updates in addition to published updates.
31 votesWe’re currently enhancing our compliance functionality.
-
Support for patching Azure VM Scale Sets
Currently I can only patch my regular windows VMs through Update Management. Would be great to support VM Scale Sets too.
28 votesScale Set integration is currently being investigated.
-
Build Complete Dashboards with Integrated Performance Data, System Updates and SCCM Data
Improve the System Update intelligence Pack: The dashboard should show you which systems are missing updates, tell you whether you have attempted to deploy the update to the servers and reasons for the install failure. For example, there was no space on the C:\ drive and the install fail. The dashboard should be a fully operational solution for pointing out the problems and offering the exact resolution. While it is helpful to know that updates are missing. It is even more helpful to know which servers were attempted and why the updates didn't install. Talk to someone who has attempted…
24 votesWe’re currently making improvements around diagnosability, agent reliability, and platform integration.
-
Updates older than 30 days Tile - We need that back
Updates older than 30 days Tile - We need that back for Windows and Linux. This helps operations knock out the low hanging trouble-makers
14 votesNot currently planned, though we are doing at-scale UX work and will keep this suggestion in mind during design.
-
Patch order with dependencies
Create patch groups that can run either parallel or dependent on other patch groups. Ensuring certain servers do no patch at the same time or are being patched in a specified order rather than parallel.
13 votesThis is similar to cluster-aware updates but slightly different. We will keep an eye on this to gauge interest and prioritize accordingly.
-
Fix OMS Update Management to allow patch deployment to Server Core
Per documentation at: https://docs.microsoft.com/en-us/azure/operations-management-suite/oms-solution-update-management
"Server Core and Nano Server installation options are not supported."
Please fix this so that Server Core is supposed for patch deployments. (At least 2016 Server Core, with Server 2012R2 being appreciated!)
12 votes -
Ability to deploy optional updates
We would like the ability to push optional updates just like you can with WSUS.
10 votesWe respect machine settings, so if you follow the instructions here https://docs.microsoft.com/en-us/azure/automation/automation-update-management#enable-updates-for-other-microsoft-products you will be able to achieve this.
-
Add fully patched computers to Update Management Tile
The update management tile on the home page does not include my computers that have all the updates. It only has Computers missing Critical, Computers missing Security, and Computers missing other. I liked also seeing a blue chunk for the fully patched machines. This is using the Edge Browser on 14393.202
9 votes -
Provide opsinsight as PaaS solution for customer to configure inside their own subscriptions
Right now, opsinsight exists and store data for various customers and perhaps map account to the storage in cloud. How about providing it as a seprate service in azure stack and let the user configure it inside their own azure subscription and use their onprem SCOM or MMA to send data to this blob residing in their subscription. I tried my best to explain the idea, if it needs more ground and better clarity, let me know.
9 votesThis is one thing we have been considering for at some point in the future, depending on demand.
-
Update Pipeline
It would be really helpful if you could describe a pipleine in Update Management, and get the updates to flow through that pipeline.
e.g. You have a Dev, Test and Production Environment.
You want to keep machines up to date, but do not want to affect Production users with faulty pathes.If you could describe an update pipleine, saying, deploy any updates to Dev, then to test then to prod, this would ensure updates can be developed and tested against before they reach production.
When patch tuesday arrives, these patches would be available for your 1st environment in the pipleine,…
7 votesThanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
-
Wrong values in System Update Assessment solution dashboard
System Update Assessment solution dashboard is displaying wrong values.
If i try to make a query directly in search it returns the right values7 votesThe circled field is number of computers missing any critical updates, e.g. there are six computers which haven’t been patched.
The underlined fields are the numbers of patches missing on those computers. So computer one is missing a total of 47 critical patches, computer two is missing a total of 9 critical patches, etc.Leaving this as “needs feedback” until we can confirm it’s by design.
-
System Update Assessment and SCCM upto date
I understand that OMS SUA will display a computer being upto date if managed via SCCM and all approved updates in SCCM are installed. This is great for compliance to approved update. What also is needed is to know what updates that are not approved via SCCM, yet are available to be installed for this server. This is how it used to report when using the old system update advisor management pack that you imported into SCOM
7 votesThanks for the feedback.
-
Add a Set-AzAutomationSoftwareUpdateConfiguration cmdlet to modify an existing Update Management configuration
'New-' and 'Remove-' cmdlets already exist, however, currently there isn't a cmdlet to 'Set-' to modify existing configurations.
6 votesThanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
-
Support Update Management for Windows client
Azure Automation and OMS currently do not support deploying\collecting updates to Windows client.
We can deploy OMS agents on the Windows client and they are reporting compliance status in the Update Management blade of the Automation Account and to OMS. Please officially support Windows client https://docs.microsoft.com/en-us/azure/automation/automation-update-management#clients6 votes -
Add Support for Raspbian
I would like to see support for Raspbian, which would allow me to manage updates on Raspberry Pi devices.
6 votes -
Why is there still no Auto Start-up operation?
Why is there still no Auto Start-up operation?
6 votes -
System Update Assessment looks for Manual windows update setting
The query in the Common Update Queries section labelled "Critical or security updates needed by machines where updates are manually applied" queries machines where Type=UpdateSummary and WindowsUpdateSetting=Manual. The problem is, I dont see any windows machines where WindowsUpdateSetting is Manual. I see Scheduled installation, Notify before installation, Notify before download and Disabled. Where can you configure a windows server to Manual?
And just wondering if this could be modifed as I'd consider the servers set to Notify are "manual"
Maybe this?
Type=Update OSType!=Linux UpdateState=Needed Optional=false (Classification="Security Updates" OR Classification="Critical Updates") Computer IN {Type=UpdateSummary WindowsUpdateSetting=*Notify* | Distinct Computer}Thanks
6 votes -
Create service tag for update mangement
Seemingly the AzureMonitor service tag contains everything needed to be able to run update management without needing to enable outbound access to the entire Internet, with the exception of eus2-jobruntimedata-prod-su1.azure-automation.net. Our security team doesn't like outbound any rules - a service tag to cover updating would be nice
5 votesThanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
- Don't see your idea?