Update Management
Please take a few minutes to submit your idea or vote up an existing idea. All of the feedback you share in these forums will be monitored and reviewed by the Update Management engineering team.
-
Add advanced scheduling to support patch Tuesday
We typically apply patches the weekend after Patch Tuesday but it's not always the second weekend of the month so we can't schedule it with the options available.
63 votesStill under review. This is something we’ll probably add in the next release.
-
New Management Pack releases and change tracking
When the OpInsights team releases new IPs/MPs they're automatically downloaded and executed on agents. While I'm sure you're performing all the tests needed, there can be disruptions on the agent side, just like it happens with OpsMgr. The main difference is that with OpsMgr the admin is in full control, with OpsInsights it is not. You should give the user a way to track MP changes, a few ideas:
- use the change tracking IP and add MP tracking
- use a newsfeed / tile on the portal with the latest release for every IP and core management packs. It…39 votesThanks for the idea, Daniele.
What would be the purpose of having such information? What would be the use cases of such information when the user is unable to revert the changes?
-
Create computer patch groups like in SCCM
SCCM has the ability to create patch groups, which you can choose the order in which computers are patched
32 votesWe’ve done some improvements around grouping, including dynamic Azure queries (tag-based) and dynamic saved searches. We’re also still investigating other higher level groupings.
-
Change Tracking should include the user account that completed the change.
I need to be able to see who makes changes.
32 votesThanks for the feedback. we are starting to better understand this scenario and will update the community if it’s picked up in the next cycle.
-
Change Tracking: Active Directory
Track any changes made to Active Directory:
- Delete, Change and creation of users + groups
- Change of security permissions30 votesAzure Active Directory has some of these capabilities included. Our current roadmap and strategy is more aligned with Change-tracking for Azure virtual machines. Please continue to share related feedback to help us determine if this is something we should consider investing in.
-
The possibility to "pin" a patch set for X number of days
The possibility to "pin" a patch set for X number of days, giving you the possibility of deploying and verifying the same set of patches across individual envs. In other words: same patchset on DEV servers on Monday, Test servers on Tuesday, etc. and Production on Sunday.
25 votesWe’re currently reviewing enhancements around approved and time-delayed patching.
-
Support for patching Azure VM Scale Sets
Currently I can only patch my regular windows VMs through Update Management. Would be great to support VM Scale Sets too.
25 votesScale Set integration is currently being investigated.
-
Build Complete Dashboards with Integrated Performance Data, System Updates and SCCM Data
Improve the System Update intelligence Pack: The dashboard should show you which systems are missing updates, tell you whether you have attempted to deploy the update to the servers and reasons for the install failure. For example, there was no space on the C:\ drive and the install fail. The dashboard should be a fully operational solution for pointing out the problems and offering the exact resolution. While it is helpful to know that updates are missing. It is even more helpful to know which servers were attempted and why the updates didn't install. Talk to someone who has attempted…
24 votesWe’re currently making improvements around diagnosability, agent reliability, and platform integration.
-
Update/s rollback
Add the ability to rollback specific update/s
23 votesOptions for supporting rollback are currently under review.
-
Update Management Solution: Installation of updates without providing time zones
It seems to me that it will be very helpful to add the possibility to configure the installation of updates by local time on the client. ie: We have servers (on premise) that are in many time zones and I want them to be in one group and that all installs updates at the same time. This requires creating multiple groups and setting different time zones. It would be ideal to set the time, eg 3.00 am - without time zone configuration - the zone would be read from the client.
20 votesWe’re currently making enhancements to the scheduler and investigating whether integrating local server timezones in scheduling makes sense.
-
Ability to reinstall
Installed and configured with a workspace which is now gone, the extension is orphaned with no option to reinstall or redeploy. Error shows:
The solution cannot be enabled on this VM because the VM already has the management agent but the workspace associated with the agent cannot be found within the subscription: {guid}
Ability to reinstall or reconfigure to another workspace would help
17 votesAt the very least, the documentation should be more helpful.
-
Change Tracking: Hyper-V VM settings changes
Ability to tell if John Smith shutdown the VM at this time or Jane Doe added a network connection to a VM at another time. VM X was created with these settings.
16 votes -
View suppressed updates in portal log
As an engineer
I want to see which updates were not installed because they were ignored by an exclusion rule in the portal output
So that I know why an update has not been appliedWhen a list of exclusions is in place and an update has been released that will be excluded, the yum update process output does not display the updates that will not be installed. Instead it displays output like the following:
Getting available updates...
Discovering 'security' packages...
Discovered 5 'security' package entries.
List of packages to be updated:
[]I would expect that it would list…
15 votesWe’ll review how we can improve our logging and diagnosability.
-
Disable change tracking for "known" windows services
There are alot of windows services that ship with Windows that flip/flop constantly during the day. This creates noise in the Change Tracking reports. It would be great if we could disable change tracking by choosing from a list of "known" Microsoft-shipped windows services.
Some examples would be "Smart Card", "BITS" and "Windows Update"
13 voteswe are investigating overall noise-reduction techniques for change-tracking. This remains in our product backlog.
-
Intune
Please support the integration of Intune, at least from a reporting capacity, to allow a single-pane view for total network security posture.
12 votesCan you elaborate more on the type of integration you’d like to see with Intune?
-
Update assessment show
On some servers, update assessment shows expired / rejected / unavailable updates, e.g. on a 2008R2 server it shows
KB2949927 - this has been rejected according to http://support.microsoft.com/kb/2949927
KB2917500 - description on http://support.microsoft.com/kb/2917500 - KB2813430 is already installed and 2917500 is not available in update catalog.12 votesThanks for letting us know about this Martin. I’ve sent you an e-mail with some additional questions to help troubleshoot this issue.
-
Provide opsinsight as PaaS solution for customer to configure inside their own subscriptions
Right now, opsinsight exists and store data for various customers and perhaps map account to the storage in cloud. How about providing it as a seprate service in azure stack and let the user configure it inside their own azure subscription and use their onprem SCOM or MMA to send data to this blob residing in their subscription. I tried my best to explain the idea, if it needs more ground and better clarity, let me know.
9 votesThis is one thing we have been considering for at some point in the future, depending on demand.
-
System Update Assessment and SCCM upto date
I understand that OMS SUA will display a computer being upto date if managed via SCCM and all approved updates in SCCM are installed. This is great for compliance to approved update. What also is needed is to know what updates that are not approved via SCCM, yet are available to be installed for this server. This is how it used to report when using the old system update advisor management pack that you imported into SCOM
7 votesThanks for the feedback.
-
Why is there still no Auto Start-up operation?
Why is there still no Auto Start-up operation?
5 votes -
Add ability to remove previous Update Deployments stuck in "In Progress" state
I have two update deployments that are stuck in progress and won't go away. The Automation jobs finished successfully, but they still show in progress. It would be nice if there was an option to remove previous deployments. Or will these disappear with time?
4 votesWe’re planning to purge stuck jobs after 30 days.
- Don't see your idea?