Update Management
Please take a few minutes to submit your idea or vote up an existing idea. All of the feedback you share in these forums will be monitored and reviewed by the Update Management engineering team.
-
Dynamic Update Deployments
Update deployments needs to be dynamic. As of now if we target a group of 5 servers the deployment is static and will always target only these 5 servers, even if the group changes and have 100 servers in it. The update deployment should be able to evaluate the group membership at each runtime.
85 votesWe have GA’d dynamic groups for Azure, and dynamic groups (dynamic saved searches) for non-Azure machines is in public preview.
-
3rd Party Patching
3rd Party Patching (Adobe, Java, etc)
76 votes -
Support for patching Azure VM Scale Sets
Currently I can only patch my regular windows VMs through Update Management. Would be great to support VM Scale Sets too.
37 votesScale Set integration is currently being investigated.
-
Build Complete Dashboards with Integrated Performance Data, System Updates and SCCM Data
Improve the System Update intelligence Pack: The dashboard should show you which systems are missing updates, tell you whether you have attempted to deploy the update to the servers and reasons for the install failure. For example, there was no space on the C:\ drive and the install fail. The dashboard should be a fully operational solution for pointing out the problems and offering the exact resolution. While it is helpful to know that updates are missing. It is even more helpful to know which servers were attempted and why the updates didn't install. Talk to someone who has attempted…
34 votesWe’re currently making improvements around diagnosability, agent reliability, and platform integration.
-
Integrate to Sys Upd IP with WSUS / ConfigMgr
The current IP is great but, afaik, it just does check for published updates, a true compliance report should be based on authorized updates. I know this isn't going to be easy and probably not possible today without some change on the patching tools, but as a future evolution I think the IP should leverage the customer chosen tool for patching and reporting against authorized updates in addition to published updates.
34 votesWe’re currently enhancing our compliance functionality.
-
Add Linux patch details such as version in include feature of Update Management
This is a good request , most customers need make sure test servers and prod servers have the same version installed . However, the latest version may be upgraded in the repository frequently , and when it’s time to patch the prod servers, the latest patch version may be different.
Per my test, we can’t include “version info” in the include list. For example, 'gzip-1.5-9.el7.x8664' is not supported but 'gzip.x8664' works fine .
Also, better if we can cover “package issued date/updated date filter” as well.
There are few articles from redhat which is covering how they do…
29 votes -
Patch order with dependencies
Create patch groups that can run either parallel or dependent on other patch groups. Ensuring certain servers do no patch at the same time or are being patched in a specified order rather than parallel.
21 votesThis is similar to cluster-aware updates but slightly different. We will keep an eye on this to gauge interest and prioritize accordingly.
-
Create service tag for update mangement
Seemingly the AzureMonitor service tag contains everything needed to be able to run update management without needing to enable outbound access to the entire Internet, with the exception of eus2-jobruntimedata-prod-su1.azure-automation.net. Our security team doesn't like outbound any rules - a service tag to cover updating would be nice
17 votesThanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
-
Email compliance reports
Have the option to automatically schedule compliance reports to be sent via email from Update Management. This would be good to be able to do on both a generic high-level account view, encompassing all VM's, as well as on completion of a Deployment Schedule. This would be similar to how you can schedule email compliance reports with both ConfigMgr and WSUS. Our customers love using Azure Update Management, however, the lack of email reporting is an issue for many of them.
15 votesThanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
-
Updates older than 30 days Tile - We need that back
Updates older than 30 days Tile - We need that back for Windows and Linux. This helps operations knock out the low hanging trouble-makers
15 votesNot currently planned, though we are doing at-scale UX work and will keep this suggestion in mind during design.
-
Add a Set-AzAutomationSoftwareUpdateConfiguration cmdlet to modify an existing Update Management configuration
'New-' and 'Remove-' cmdlets already exist, however, currently there isn't a cmdlet to 'Set-' to modify existing configurations.
14 votesThanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
-
Fix OMS Update Management to allow patch deployment to Server Core
Per documentation at: https://docs.microsoft.com/en-us/azure/operations-management-suite/oms-solution-update-management
"Server Core and Nano Server installation options are not supported."
Please fix this so that Server Core is supposed for patch deployments. (At least 2016 Server Core, with Server 2012R2 being appreciated!)
12 votes -
Support Update Management for Windows client
Azure Automation and OMS currently do not support deploying\collecting updates to Windows client.
We can deploy OMS agents on the Windows client and they are reporting compliance status in the Update Management blade of the Automation Account and to OMS. Please officially support Windows client https://docs.microsoft.com/en-us/azure/automation/automation-update-management#clients11 votes -
Ability to deploy optional updates
We would like the ability to push optional updates just like you can with WSUS.
11 votesWe respect machine settings, so if you follow the instructions here https://docs.microsoft.com/en-us/azure/automation/automation-update-management#enable-updates-for-other-microsoft-products you will be able to achieve this.
-
Update Pipeline
It would be really helpful if you could describe a pipleine in Update Management, and get the updates to flow through that pipeline.
e.g. You have a Dev, Test and Production Environment.
You want to keep machines up to date, but do not want to affect Production users with faulty pathes.If you could describe an update pipleine, saying, deploy any updates to Dev, then to test then to prod, this would ensure updates can be developed and tested against before they reach production.
When patch tuesday arrives, these patches would be available for your 1st environment in the pipleine,…
10 votesThanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
-
Add fully patched computers to Update Management Tile
The update management tile on the home page does not include my computers that have all the updates. It only has Computers missing Critical, Computers missing Security, and Computers missing other. I liked also seeing a blue chunk for the fully patched machines. This is using the Edge Browser on 14393.202
9 votes -
Provide opsinsight as PaaS solution for customer to configure inside their own subscriptions
Right now, opsinsight exists and store data for various customers and perhaps map account to the storage in cloud. How about providing it as a seprate service in azure stack and let the user configure it inside their own azure subscription and use their onprem SCOM or MMA to send data to this blob residing in their subscription. I tried my best to explain the idea, if it needs more ground and better clarity, let me know.
9 votesThis is one thing we have been considering for at some point in the future, depending on demand.
-
Ability to run scripts throughout patching
We can run pre/post scripts, but that is not useful when patching a web farm, cluster, or complex application that needs careful handling. It would be great to have the ability to run scripts throughout patching; pre patching a node, pre/post reboot, post patching a node... this way I can start/restart services, validate functionality after patching a node, or even manage cluster nodes myself throughout a patch cycle.
With pre/post scripts I cannot suspend/resume cluster nodes as I patch through them in a group, nor can I ensure my services are stopped/started as required by my app owners. There is…
7 votesThanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
-
Add Support for Raspbian
I would like to see support for Raspbian, which would allow me to manage updates on Raspberry Pi devices.
7 votes -
Why is there still no Auto Start-up operation?
Why is there still no Auto Start-up operation?
7 votes
- Don't see your idea?