Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Update Management

Please take a few minutes to submit your idea or vote up an existing idea. All of the feedback you share in these forums will be monitored and reviewed by the Update Management engineering team.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Update/s rollback

    Add the ability to rollback specific update/s

    73 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →

    While there is no explicit button or option in AUM for rollback. Currently, we have mechanisms in place which customers can use to roll-back updates across machine. You can still achieve the same implicitly today by:

    a) In Azure Update Management, setup a pre-script which will execute backup job for the VM. More details on pre/post script here: https://docs.microsoft.com/azure/automation/update-management/pre-post-scripts . Since the pre-script runbook is executed in Azure Automation before patching is done, it will ensure backup is done; which you can later use for rollback. This can be used for Windows & Linux machines – more useful for Linux, where rollback/uninstall of a patch is difficult.
    For sample PS, on setting up backup job for a VM – see: https://docs.microsoft.com/azure/backup/quick-backup-vm-powershell

    b) In Azure Automation, setup independent to Azure Update Management and PowerShell based runbook to uninstall Windows Update KB.
    For sample PS, on uninstalling a Windows Update KB…

  2. The possibility to "pin" a patch set for X number of days

    The possibility to "pin" a patch set for X number of days, giving you the possibility of deploying and verifying the same set of patches across individual envs. In other words: same patchset on DEV servers on Monday, Test servers on Tuesday, etc. and Production on Sunday.

    53 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →

    We’re currently reviewing enhancements around approved and time-delayed patching.

    In the interim – there are two ways to achieve your scenario “exactly same updates” in Dev & then Prod, by either manipulating the OS behavior or tweaking the AUM config:

    1. - Host the updates locally using Microsoft WSUS [https://docs.microsoft.com/azure/automation/automation-configure-windows-update#make-wsus-configuration-settings] or Reposync utility from RedHat [https://access.redhat.com/solutions/23016]or Ubuntu Landscape [https://docs.ubuntu.com/landscape/], etc. And the configure the update service or package manager of all your machines to use the local update source. In this way the updates installed when using Update Management will only be what is available in your local patch server which is running (say) WSUS or RH Reposync. And if the patch server remain unchanged in 2-3 weeks when you start update schedule for Prod, they will also fetch updates from same local patch server and have exactly same updates as your non-prod.
    1. - Use the…
  3. Email when updates finish with summary or attachment of results

    Need an email notification when the deployment is complete with summary of which servers were successful/failed. I do not want an email per server.

    47 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Create computer patch groups like in SCCM

    SCCM has the ability to create patch groups, which you can choose the order in which computers are patched

    39 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →
  5. cluster-aware updating

    The agent should check if all cluster nodes are up and running, befor a update is started

    34 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Make it possible to run Update Management pre and post scripts on Hybrid Workers

    The new pre and post scripts feature for Update Management is great:
    https://azure.microsoft.com/en-us/updates/update-management-dynamic-groups-prepost/

    However, having to use wrapper/parent runbooks for running runbooks on non-Azure machines makes it tedious, especially for those not familiar with using Azure PowerShell to interact with Azure Automation.
    https://docs.microsoft.com/en-us/azure/automation/pre-post-scripts#interacting-with-non-azure-machines

    It would be very convenient and more user friendly if pre and post script could be invoked directly on Hybrid Workers, just like regular runbooks can.

    23 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support for "Optional" Update Deployment

    Azure Update Management does not currently consider updates that are flagged as "Optional" by Microsoft. When pointing clients to Windows Update or Microsoft Update, SQL Server Service Packs come in as "Optional". As such, when using Azure Update Management + Microsoft Update (NOT WSUS) the SQL Server Service Packs are not deployed. They need to be installed via another means (SCCM, manually etc.)

    Please add support for Optional Updates in Azure Update Management so we can deploy SQL SP's this way.

    This only applies to full SQL SP's and not SP Updates which are not flagged as optional in Microsoft…

    22 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →

    Update Management solution is a wrapper for the OS & its update service. You can configure your machines to allow Windows Update Service to also fetch updates from Microsoft. Doing so, will also make the optional MS updates to be listed on UM – just like on the said machine. For more details, see: https://docs.microsoft.com/azure/automation/update-management/configure-wuagent#enable-updates-for-other-microsoft-products

  8. Use Availability Set Update Domain for auto grouping

    If deploying updates to VMs that are part of an Availability Set, it would be great to be able to create one schedule for all VMs in the set, then have Update Management use the AV set Update Domain to apply updates to VMs in groups based on the Update Domain.

    19 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  9. Ability to reinstall

    Installed and configured with a workspace which is now gone, the extension is orphaned with no option to reinstall or redeploy. Error shows:

    The solution cannot be enabled on this VM because the VM already has the management agent but the workspace associated with the agent cannot be found within the subscription: {guid}

    Ability to reinstall or reconfigure to another workspace would help

    19 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Azure Update Management - Critical and Security Patching on CentOS

    If Azure Update Management is able to identify Critical and Security Patching on CentOS, why it relies on "yum -q --security check-update" to install them? I would like to suggest to instead of using that command, the automation can just get all the packages and the version it needs to update and do it by yum install package-version package2-version

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →

    Update Management solution on Automation is a wrapper around your machine’s OS package manager – like YUM on CentOS. The solution doesn’t reinvent the wheel and instead utilizes the underpinnings of the OS.

    The CentOS yum repositories do not contain the necessary metadata to indicate if they are security updates or not. This is by design and not within Microsoft control. So running “sudo yum -q —security check-update” on a CentOS client will not install the patches, and as that is what we do in our solution selecting only Security and Critical patches will not work.

    The reason we can display the classifications of the missing patches in our Solution is due to “data enrichment in the cloud”. As CentOS is essentially a free version of RedHat, what our solution does is to “enrich” the information we hold in cloud using the RedHat classification information. That means we can show…

  11. Sort Order and Filter

    Need the ability to sort the list of computers alphabetically when adding to a scheduled deployment. The current list is random and makes it really hard to select specific machines. Also, having a filter options would be nice when the list is very long.

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →
  12. retry option for failed server

    when a deployment fails because of one or few servers failed,, please provide an option to retry them later again. We can fix the underlying issue with the servers (like connectivity, server hang, access etc) first and then patch those individual servers to make the report success.

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  13. Support SharePoint updates or don't attempt to apply them

    The service currently detects missing SharePoint updates and will attempt to apply them, however, this reliably fails with error code 0x80240020. This appears to be a known issue in general when installing SharePoint updates remotely, with the best practice being to install SharePoint updates manually due to the requirement to run PSConfig after installation. Further, when the updates fail, the service attempts to install the failed updates again around 40 times. These all fail, and result in a "bloated" Windows Update history of install failures.

    SharePoint updates should either be supported by this service or explicitly blacklisted so that updates…

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Export Deployment Run Report

    It would be helpful to be able to export a deployment run report directly from the update management blade. Also, It would be helpful to have the same export function on the Update Management dashboard for multiple machines. The export from OMS/Log analytics can be used but usually needs to be manipulated to show the same story.

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Reboot notification to end users

    Add a customized time for notifications of pending reboots if a reboot is needed after patches is done if a user is detected logged onto a server.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →
  16. 7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Update of on premises Hyper-V and or S2D Cluster

    An Hyper-V / S2D Cluster needs an tailored mechanism for patching. Otherwise you will disrupt your on premises workload with a scheduled update management deployment.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →
  18. add the possibility to approve updates

    Now, the only thing you can do is allow only ALL updates from one or more categories. We like to have more control over which updates will be installed. Basically the same as you can do in WSUS by approving or declining specific updates.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add ability to remove previous Update Deployments stuck in "In Progress" state

    I have two update deployments that are stuck in progress and won't go away. The Automation jobs finished successfully, but they still show in progress. It would be nice if there was an option to remove previous deployments. Or will these disappear with time?

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow enabling of Update Management (Preview) when OMS is already enabled

    Error message when attempting to enable Update Management (Preview) when OMS is already onfigured:
    {"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": \"Failed\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": \"The resource operation completed with terminal provisioning state 'Failed'.\",\r\n \"details\": [\r\n {\r\n \"code\": \"DeploymentFailed\",\r\n \"message\": \"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.\",\r\n \"details\": [\r\n {\r\n \"code\": \"BadRequest\",\r\n \"message\": \"{\r\n \\"error\\": {\r\n \\"code\\": \\"BadRequest\\",\r\n \\"message\\": \\"Multiple VMExtensions per handler not supported for OS type 'Windows'. VMExtension 'MMAExtension' with handler…

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Update Management

Categories

Feedback and Knowledge Base