Update Management
Please take a few minutes to submit your idea or vote up an existing idea. All of the feedback you share in these forums will be monitored and reviewed by the Update Management engineering team.
-
Modify Update Deployments
The ability to modify Update Deployments, currently it is only possible to Add or Remove.
133 votesYou can now edit existing update deployments by selecting the deployment in the “Scheduled Update Deployments” view.
-
Dynamic Update Deployments
Update deployments needs to be dynamic. As of now if we target a group of 5 servers the deployment is static and will always target only these 5 servers, even if the group changes and have 100 servers in it. The update deployment should be able to evaluate the group membership at each runtime.
86 votesAvailable now in GA. See: https://docs.microsoft.com/azure/automation/update-management/update-mgmt-groups
-
Ability to apply updates on VMs in multiple subscriptions
Our large enterprise customers has large number of VMs in large number of subscriptions. We manage automation via a central Azure Automation accounts. Currently Update Management appears to work only on VMs in the subscription containing Azure Automation account. Ability is needed so that we can target Azure Automation Update Management to work on VMs in multiple subscription.
53 votesYou can now enroll machines from multiple subscriptions into a single Automation Account. https://docs.microsoft.com/en-us/azure/automation/automation-onboard-solutions-from-browse
-
Upon scheduling an update deployment, message "....virtual machine being configured....", persists forever, no updates actually scheduled
Message "The components for the 'Update management' solution have been enabled, and now this virtual machine is being configured. Please be patient, as this can sometimes take up to 15 minutes." persists
47 votesThank you for your feedback. We have released a deployment to address this issue. Please let us know if you have additional comments or questions.
-
Ability to allow startup of VM's prior to running updates.
In our environment all large amount of vm's is not started all the time. But need to be up to date. I could create runbooks to start the vm just before the scheduled update and deallocate at the end. But controlling this from the schedule itself could be helpfull.
45 votesThis is now possible with pre/post steps (https://docs.microsoft.com/en-us/azure/automation/pre-post-scripts) and the examples here:
https://gallery.technet.microsoft.com/Update-Management-Turn-On-ffadfc26
https://gallery.technet.microsoft.com/Update-Management-Turn-Off-be60ed99 -
36 votes
We updated our cmdlets to include some missing functionality missed below, such as Reboot and groups https://docs.microsoft.com/en-us/powershell/module/az.automation/New-AzAutomationSoftwareUpdateConfiguration?view=azps-1.6.0
-
Allow Suppress Reboots as an Option
A simple check mark to allow reboot suppression when creating a deployment
33 votesUpdate deployments now have Reboot options which allow for reboot suppression.
-
able to select patches we just need
able to select patches we just need, not apply all of them
22 votesThis is now possible with Update Inclusion: https://docs.microsoft.com/en-us/azure/automation/automation-update-management#inclusion-behavior
-
Domain joined VMs are not visible in New Update Deployment
Only workgroup machines can be updated by this service.
Please allow domain joined machine to be updated too through this solution.18 votesIf you are still experiencing problems, refer to the previous steps for re-onboarding your machines.
-
add capacity for patching Linux Servers and simplify patching Windows Servers
Add patch management for Windows and Linux servers. We can just see the status of patches on Windows Servers today. It would be great to be able to patch on-prem and cloud deployed servers without using complex PowerShell modules and Scripting to achieve that purpose using automation. Today we can use hybrid worker and PowerShell modules in automation to patch Windows servers only. This is complex to implement. It would be great having a graphical solution for that
Thanks,
Christophe10 votes -
Pre & Post Check
Inside of the configuration for Update Management, a 'Pre and Post' check assessment that can be configured to check specific services. Or the ability to call a runbook to check these things.
6 votes -
Select individual updates
Enable selection of updates to push in Update Management and allow Update Management to be enabled when OMS is in a different workspace
5 votesAble to select individual updates: https://docs.microsoft.com/en-us/azure/automation/automation-update-management#inclusion-behavior
-
Allow Forced Reboot when using Update Management
Just used the Update Management blade in the automation account, and it works very well.
I did run into one issue where the Patch-MicrosoftOMSComputers didn't reboot a machine that had users logged into it. This was inconvenient, since the maintenance window had been previously communicated to the users, and we were authorized to reboot the machine at that time.
Can a checkbox be added to allow a shutdown when users are logged in?
As an aside, I was also surprised to see that the Microsoft-provided Azure Runbook Patch-MicrosoftOMSComputers was calling the command shell command 'shutdown'. I would have at least…
5 votesWe now have forced reboot options available as part of the deployment.
-
Support update management in Azure China
We have some servers in Azure CN where no update management is available. Please bring this feature for Azure CN, too.
4 votesUpdate Management has been made available in Azure China East2 region. See: https://docs.microsoft.com/azure/automation/how-to/region-mappings
-
Scheduled update deployments timezone?
Scheduled update deployments overview times do not correspond with planned times, or it only displays scheduled times in GMT.
3 votesWe did have a bug in this area. It should be fixed. Please leave a comment if you still see the issue.
-
Reuse Scheduled Update Deployments
Sometimes, on managing update deployments, I have to create custom groups of servers, and I plan to deploy just once. But later on, it would be useful to re use that deployment sheduled to plan another schedule, in order to do not add manually again all those servers included in that deployment
2 votesYou can now edit Update Deployments
-
Compliance Column Updates Randomly (Or Not At All)
The Update Management screen under automation accounts either updates randomly (windows machines going green and then gray) or not at all (Linux machines never get assessed).
Linux OMS agents have a heartbeat according to logs, and the overview shows assessment summary, but drilling in returns no data and logs on the machine are inconclusive at best (503 errors show up).
It doesn't seem like a firewall issue since Windows machines work (though IP Tables is a possibility, though assessments showed up when agent was initially installed, just not after update)There needs to be a way to a) force assessment…
2 votesWe have made improvements to the UX to display more detailed statuses such as “not ready” and providing the last assessed time. In the backend we have also made substantial improvements to the logging.
If you are interested in forced assessment from the portal, please support the feedback item dedicated to that item (https://feedback.azure.com/forums/905242/suggestions/32252446).
-
Fix update deployment duration (blank isn't an option)
Currently Update Deployments in Update Management has you enter in a total time, per "If Duration is left blank, no time limit will be placed on this update run. If a duration is specified, remaining unapplied updates will not be started after time expires. In progress updates will finish being applied." If you leave it blank or set it to zero, you'll be met with a message (upon clicking Save) that "Duration must be at least 30 minutes and less than a day." Please either allow zero/blank for duration or change the "If Duration is left blank..." message.
2 votesWe have changed this in the Azure portal.
-
Update Management: Allow the use of further metadata (such as IP address) while scheduling a new deployment, or allow the use of groups
HI, Really liking the product but a couple more things would make things even better.
I have a lot of computers with the same sort short name. This means that in the new portal experience for Update Management I see a lot of computers with the same way and absolutely no way to differentiate them. That's something that can be fixed by changing the short name, but it is making onboarding a lot harder.
Please add the ability to use computer groups again for management of updates.
For example, now I have to update one of those computers which has…
1 votethe functionality to deploy updates to groups are released. You can create searches based on metadata to populate groups.
-
Unable to stop a running update deployment which never ends
while trying to download the "Cumulative Update for Windows Server 2016 for x64-based Systems (KB4051033)" the update process is still running after 7 hours (it was set to a maximum of 6 hours). I cannot find the way to stop the process. Any suggestion?
1 vote
- Don't see your idea?