Update Management

Please take a few minutes to submit your idea or vote up an existing idea. All of the feedback you share in these forums will be monitored and reviewed by the Update Management engineering team.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Update Management: enable creating schedules for offline VMs

    We have machines that are periodically offline, but still should be patched. Currently, Update Management does not allow us to target VMs that have been offline for more than 12h. This blocks at least 10% of our population from being scheduled.

    From an operations perspective, this does not make a lot of sense. Why not enable targeting all VMs that are registered as a HWG? You could do the 12h check with an optional override like "yes I know it has not reported for 12h or more, but I want to schedule it anyway". Of course, we would need this…

    23 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Scheduling  ·  Flag idea as inappropriate…  ·  Admin →

    We’re currently re-evaluating a number of our timeouts. We’ll likely bump this up to 96 hours; this is enough time to account for long weekends while at the same time not keeping old potentially de-allocated machines visible in the experience.

  2. Systems that get an error when scanning via WSUS should be reported as 'not assessed' instead of 'compliant' if scan fails for x days

    When the app pool for a WSUS server is stopped or not running, and a client computer scans against it, it fails with an error. This error does not get surfaced in the AUM dashboard. Systems experiencing this error are listed as 'compliant', they should be listed as 'not assessed'.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Assessments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Ability to run scripts throughout patching

    We can run pre/post scripts, but that is not useful when patching a web farm, cluster, or complex application that needs careful handling. It would be great to have the ability to run scripts throughout patching; pre patching a node, pre/post reboot, post patching a node... this way I can start/restart services, validate functionality after patching a node, or even manage cluster nodes myself throughout a patch cycle.

    With pre/post scripts I cannot suspend/resume cluster nodes as I patch through them in a group, nor can I ensure my services are stopped/started as required by my app owners. There is…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  General  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  4. Update Pipeline

    It would be really helpful if you could describe a pipleine in Update Management, and get the updates to flow through that pipeline.

    e.g. You have a Dev, Test and Production Environment.
    You want to keep machines up to date, but do not want to affect Production users with faulty pathes.

    If you could describe an update pipleine, saying, deploy any updates to Dev, then to test then to prod, this would ensure updates can be developed and tested against before they reach production.

    When patch tuesday arrives, these patches would be available for your 1st environment in the pipleine,…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  General  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  5. servers with pending reboot should not show as compliant

    Don't turn a recently patched server to compliant before the server has been rebooted (after patching). the existing implementation turns a recently patched server to compliant before it's restarted and can lead a person to forget to restart the server and leaving the patches not yet applied.

    31 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Assessments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Email compliance reports

    Have the option to automatically schedule compliance reports to be sent via email from Update Management. This would be good to be able to do on both a generic high-level account view, encompassing all VM's, as well as on completion of a Deployment Schedule. This would be similar to how you can schedule email compliance reports with both ConfigMgr and WSUS. Our customers love using Azure Update Management, however, the lack of email reporting is an issue for many of them.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  7. Issue with New-AzAutomationSoftwareUpdateConfiguration - not registered VM

    Hello,

    i currently have a problem with onboarding vms to the updatemanagement. I have this issue also in other tenants.

    Steps to reproduce:
    - Deployment of the Automation Account and LogAnalytics
    - Adding the VM to the UpdateManagment
    - Use New-AzAutomationSoftwareUpdateConfiguration to create a update configuration.

    Then there is the error:

    You have requested to create an update configuration on a machine that is not registered for Update Management. Assure that the machine is registered for Update Management. Machine Name(s) or Id(s): /subscriptions/xxxxxx/resourceGroups/xxxx/providers/Microsoft.Compute/virtualMachines/xxxxxxx/subscriptions/xxxxxxx/resourceGroups/xxxxx/providers/Microsoft.Compute/virtualMachines/xxxxx.

    According to the Add-AzureVM window to update management, the VM is already enabled.

    At the moment we…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  8. Exclude a patch through by mentioning word like OFFICE along with current KB number option

    Currently in our SCCM, part of monthly server patch Tuesday deployment, we do exclude Office and Webapps related patches. There is a option in SCCM deplement where We do write the word OFFICE, WEBAPPS under the option that the patches with this word be excluded. Wherein currently at AZURE UPDATE MANAGEMENT, we do not have option to exclude a specific patches by mentioning the patch that has specific word instead they only have option to exclude a SPECIFIC KB by mentioning its KB number. Can we have my additional requirement that is excluding by a "specific word" of patch like…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →
  9. I enabled update management 2 vms

    on first vm it is showing November patch for updates but for 2nd VMs it is not showing only showing 0 patch

    So how can i update November patch on 2nd VM using update management
    i also check from update history on VM, only October patch installed so i want to install Nov Patch using update management.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Enable Update approval

    It would be great to have a option to approve / decline updates directly in the Update Management UI

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add a Set-AzAutomationSoftwareUpdateConfiguration cmdlet to modify an existing Update Management configuration

    'New-' and 'Remove-' cmdlets already exist, however, currently there isn't a cmdlet to 'Set-' to modify existing configurations.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  12. Ability to install updates in parallel instead of sequential

    Right now Update Management uses the WUA agent to kick off installs of updates, and I understand that can only to this sequentially per update. I would be great to leverage the SCCM agent (when possible) to kick off patching in parallel (it is possible), otherwise it will take forever to just get a few updates installed and my MW's arent long enough.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  13. Be able to sort by subscription

    We have VM from various subscriptions in our workspace. It would be nice to be able to see their compliance by subscription.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  14. Use Availability Set Update Domain for auto grouping

    If deploying updates to VMs that are part of an Availability Set, it would be great to be able to create one schedule for all VMs in the set, then have Update Management use the AV set Update Domain to apply updates to VMs in groups based on the Update Domain.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  15. Automatically start and stop virtual machines in conjunction with the Update Deployment Maintenance Window

    Many of our customers use automation to stop VM's overnight and start them again the following morning. Obviously, Update Management cannot work against VM's which are stopped meaning we must manually suspend the start/stop automation when an Update Management deployment is scheduled.

    Having the ability for Update Management to automatically start VM's at the beginning of the maintenance window and stop them again at the end would be brilliant.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Patching Report issue.

    Ability to get patching reports. Filter servers by TAG and export patching report to csv, pdf, etc.. In other word, fast way to get patching report for Organization management.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature

  17. Remove Non-Azure Machine

    How do I delete Non-Azure machines from UI?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    triaged  ·  1 comment  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  18. Update Management Solution: Installation of updates without providing time zones

    It seems to me that it will be very helpful to add the possibility to configure the installation of updates by local time on the client. ie: We have servers (on premise) that are in many time zones and I want them to be in one group and that all installs updates at the same time. This requires creating multiple groups and setting different time zones. It would be ideal to set the time, eg 3.00 am - without time zone configuration - the zone would be read from the client.

    23 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Scheduling  ·  Flag idea as inappropriate…  ·  Admin →
  19. Remove restrictions of maintenance window for update deployment job

    Currently, the maintenace window can't be less than 30 minutes and no more that 6 hours. Some customers would like to set the window more longer since they wonder that some update programs coundn't be deployed during the windw. It would be nice if you could remove this restriction.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Deployments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  20. Patch order with dependencies

    Create patch groups that can run either parallel or dependent on other patch groups. Ensuring certain servers do no patch at the same time or are being patched in a specified order rather than parallel.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7
  • Don't see your idea?

Update Management

Categories

Feedback and Knowledge Base