Update Management
Please take a few minutes to submit your idea or vote up an existing idea. All of the feedback you share in these forums will be monitored and reviewed by the Update Management engineering team.
-
181 votes
This is a seeded idea we have considered. Please vote if this is the next thing you would like ‘Change Tracking’ to track.
-
Add advanced scheduling to support patch Tuesday
We typically apply patches the weekend after Patch Tuesday but it's not always the second weekend of the month so we can't schedule it with the options available.
57 votes -
3rd Party Patching
3rd Party Patching (Adobe, Java, etc)
54 votesWhat tools are you using today for patching these products?
-
Create an IP to report on DSC drifts / compliance
PowerShell DSC is currently poor in reporting on configuration drifts and compliance levels. Collect this data in Ops Insight to answer questions like:
- which systems are experiencing a configuration drifts and for which DSC policies?
- which is the compliance level for this specific DSC policy / setting?51 votesNice idea, let’s see how many folks vote on this.
-
New Management Pack releases and change tracking
When the OpInsights team releases new IPs/MPs they're automatically downloaded and executed on agents. While I'm sure you're performing all the tests needed, there can be disruptions on the agent side, just like it happens with OpsMgr. The main difference is that with OpsMgr the admin is in full control, with OpsInsights it is not. You should give the user a way to track MP changes, a few ideas:
- use the change tracking IP and add MP tracking
- use a newsfeed / tile on the portal with the latest release for every IP and core management packs. It…38 votesThanks for the idea, Daniele.
What would be the purpose of having such information? What would be the use cases of such information when the user is unable to revert the changes?
-
Change Tracking: Support Windows Firewall changes
Ability to track Windows Firewall Rules
33 votesThis is a seeded idea we have considered. Please vote if this is the next thing you would like ‘Change Tracking’ to track.
Also consider using Security Events that can track changes to the windows Firewall policy – see https://technet.microsoft.com/en-us/library/ff428143(v=ws.10).aspx
-
Create computer patch groups like in SCCM
SCCM has the ability to create patch groups, which you can choose the order in which computers are patched
31 votesThanks for the feedback. Would you want to import existing groups from SCCM? For Azure machines, would you distinguish these groups by tags?
-
Change Tracking should include the user account that completed the change.
I need to be able to see who makes changes.
31 votesThanks for the feedback. We will investigate how this capability can improve the Change Tracking and Inventory features.
-
Integrate to Sys Upd IP with WSUS / ConfigMgr
The current IP is great but, afaik, it just does check for published updates, a true compliance report should be based on authorized updates. I know this isn't going to be easy and probably not possible today without some change on the patching tools, but as a future evolution I think the IP should leverage the customer chosen tool for patching and reporting against authorized updates in addition to published updates.
30 votesThanks for your feedback.
Currently we have not prioritized this, but let’s see how many customers are interested. -
Change Tracking: Active Directory
Track any changes made to Active Directory:
- Delete, Change and creation of users + groups
- Change of security permissions27 votes -
Change Tracking : Need IIS changes also to be tracked under change tracking like app pool settings or any IIS site related changes
Tracking IIS changes will help to know what has change while troubleshooting any IIS related issues like App pool account was changed or any site settings were changed.
25 votesThanks for the idea.
We’d need to see how complex it is to model this in search since IIS config can be quite deeply nested, to do it as ‘first class’ citizen.
Also consider the ‘simpler’ version of this by tracking changes to (XML) files such as machine.config, app.config. web.config, applicationhost and so forth… http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519279-change-tracking-files-and-folders
with that, we were thinking we could have some UI ‘diff’ capabilities for the ‘before’ and ‘after’ file… -
Build Complete Dashboards with Integrated Performance Data, System Updates and SCCM Data
Improve the System Update intelligence Pack: The dashboard should show you which systems are missing updates, tell you whether you have attempted to deploy the update to the servers and reasons for the install failure. For example, there was no space on the C:\ drive and the install fail. The dashboard should be a fully operational solution for pointing out the problems and offering the exact resolution. While it is helpful to know that updates are missing. It is even more helpful to know which servers were attempted and why the updates didn't install. Talk to someone who has attempted…
23 votesThis sounds similar to this other idea http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6662499-integrate-to-sys-upd-ip-with-wsus-configmgr at least as a starting point… plus you are suggesting to add performance data in the mix and do some sort of root cause analysis…
Very interesting vision, but definitely not a small bite chunk we can execute upon as a single item. Let’s see where it lands and/or discuss further requirements offline.
-
23 votes
This is a seeded idea we have considered. Please vote if this is the next thing you would like ‘Change Tracking’ to track, to complement SQL Assessment.
How many need this?
-
Change Tracking for SCOM Configuration
Since there is an intelligence pack to bring SCOM Alert data to Insights, it would help if the changes made to SCOM configuration is also tracked. For Instance, It would help corelate management pack updates to alerts raised in the SCOM environment. or corelating alerts to some administrative change
17 votesLet’s see how many votes this gets.
In general, you might also consider the ‘generic’ approach, i.e. script your own ‘dump’ of configuration settings and MP versions to a file, then the idea about tracking file changes http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519279-change-tracking-files-and-folders might have a broader applicability and therefore be preferred from a product direction standpoint.
Also, using Log Management to collect the ‘Operations Manager’ event log would tell you some other things happening in the environment from an OpsMgr perspective. -
Ability to reinstall
Installed and configured with a workspace which is now gone, the extension is orphaned with no option to reinstall or redeploy. Error shows:
The solution cannot be enabled on this VM because the VM already has the management agent but the workspace associated with the agent cannot be found within the subscription: {guid}
Ability to reinstall or reconfigure to another workspace would help
16 votesAt the very least, the documentation should be more helpful.
-
Collect KB Revision Levels
I want to identify the revision level of a Patch.
i.e. Create a query what shows which machines have which patch and at what revision level that patch is
My clients example is KB3001652. They want to know if they have 201 or 202 (which had issues for them) or 204 (which doesn't have issues, but, is not auto approved)
Thanks.
15 votesI don’t believe this would be trivial: the only information emitted by System Update Assessment is about required updates – we don’t snapshot what IS currently installed.
You can however query based on the published date of each update – see this other idea http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519326-add-an-age-threshold-for-missing-updates
-
Change Tracking: Hyper-V VM settings changes
Ability to tell if John Smith shutdown the VM at this time or Jane Doe added a network connection to a VM at another time. VM X was created with these settings.
15 votesDo you know which Windows Event log does HyperV log this? Or is the idea to rely on VMM’s proxy administration?
-
Disable change tracking for "known" windows services
There are alot of windows services that ship with Windows that flip/flop constantly during the day. This creates noise in the Change Tracking reports. It would be great if we could disable change tracking by choosing from a list of "known" Microsoft-shipped windows services.
Some examples would be "Smart Card", "BITS" and "Windows Update"
12 votesThe Change Tracking team is reviewing this ask specifically for Windows Services.
-
Intune
Please support the integration of Intune, at least from a reporting capacity, to allow a single-pane view for total network security posture.
11 votesCan you elaborate more on the type of integration you’d like to see with Intune?
-
Update assessment show
On some servers, update assessment shows expired / rejected / unavailable updates, e.g. on a 2008R2 server it shows
KB2949927 - this has been rejected according to http://support.microsoft.com/kb/2949927
KB2917500 - description on http://support.microsoft.com/kb/2917500 - KB2813430 is already installed and 2917500 is not available in update catalog.11 votesThanks for letting us know about this Martin. I’ve sent you an e-mail with some additional questions to help troubleshoot this issue.
- Don't see your idea?