Update Management
Please take a few minutes to submit your idea or vote up an existing idea. All of the feedback you share in these forums will be monitored and reviewed by the Update Management engineering team.
-
Update/s rollback
Add the ability to rollback specific update/s
70 votesWhile there is no explicit button or option in AUM for rollback. Currently, we have mechanisms in place which customers can use to roll-back updates across machine. You can still achieve the same implicitly today by:
a) In Azure Update Management, setup a pre-script which will execute backup job for the VM. More details on pre/post script here: https://docs.microsoft.com/azure/automation/update-management/pre-post-scripts . Since the pre-script runbook is executed in Azure Automation before patching is done, it will ensure backup is done; which you can later use for rollback. This can be used for Windows & Linux machines – more useful for Linux, where rollback/uninstall of a patch is difficult.
For sample PS, on setting up backup job for a VM – see: https://docs.microsoft.com/azure/backup/quick-backup-vm-powershellb) In Azure Automation, setup independent to Azure Update Management and PowerShell based runbook to uninstall Windows Update KB.
For sample PS, on uninstalling a Windows Update KB… -
The possibility to "pin" a patch set for X number of days
The possibility to "pin" a patch set for X number of days, giving you the possibility of deploying and verifying the same set of patches across individual envs. In other words: same patchset on DEV servers on Monday, Test servers on Tuesday, etc. and Production on Sunday.
53 votesWe’re currently reviewing enhancements around approved and time-delayed patching.
In the interim – there are two ways to achieve your scenario “exactly same updates” in Dev & then Prod, by either manipulating the OS behavior or tweaking the AUM config:
- - Host the updates locally using Microsoft WSUS [https://docs.microsoft.com/azure/automation/automation-configure-windows-update#make-wsus-configuration-settings] or Reposync utility from RedHat [https://access.redhat.com/solutions/23016]or Ubuntu Landscape [https://docs.ubuntu.com/landscape/], etc. And the configure the update service or package manager of all your machines to use the local update source. In this way the updates installed when using Update Management will only be what is available in your local patch server which is running (say) WSUS or RH Reposync. And if the patch server remain unchanged in 2-3 weeks when you start update schedule for Prod, they will also fetch updates from same local patch server and have exactly same updates as your non-prod.
- - Use the…
-
Support for patching Azure VM Scale Sets
Currently I can only patch my regular windows VMs through Update Management. Would be great to support VM Scale Sets too.
45 votesScale Set integration is currently being investigated.
Recommend using Azure Automatic OS image upgrades with Virtual Machine Scale Sets : https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade -
Build Complete Dashboards with Integrated Performance Data, System Updates and SCCM Data
Improve the System Update intelligence Pack: The dashboard should show you which systems are missing updates, tell you whether you have attempted to deploy the update to the servers and reasons for the install failure. For example, there was no space on the C:\ drive and the install fail. The dashboard should be a fully operational solution for pointing out the problems and offering the exact resolution. While it is helpful to know that updates are missing. It is even more helpful to know which servers were attempted and why the updates didn't install. Talk to someone who has attempted…
41 votesWe’re currently making improvements around diagnosability, agent reliability, and platform integration.
-
Create computer patch groups like in SCCM
SCCM has the ability to create patch groups, which you can choose the order in which computers are patched
39 votesWe’ve done some improvements around grouping, including dynamic Azure queries (tag-based) and dynamic saved searches. We’re also still investigating other higher level groupings.
-
Update Management Solution: Installation of updates without providing time zones
It seems to me that it will be very helpful to add the possibility to configure the installation of updates by local time on the client. ie: We have servers (on premise) that are in many time zones and I want them to be in one group and that all installs updates at the same time. This requires creating multiple groups and setting different time zones. It would be ideal to set the time, eg 3.00 am - without time zone configuration - the zone would be read from the client.
32 votesWe’re currently making enhancements to the scheduler and investigating whether integrating local server timezones in scheduling makes sense.
-
Patch order with dependencies
Create patch groups that can run either parallel or dependent on other patch groups. Ensuring certain servers do no patch at the same time or are being patched in a specified order rather than parallel.
29 votesThis is similar to cluster-aware updates but slightly different. We will keep an eye on this to gauge interest and prioritize accordingly.
-
View suppressed updates in portal log
As an engineer
I want to see which updates were not installed because they were ignored by an exclusion rule in the portal output
So that I know why an update has not been appliedWhen a list of exclusions is in place and an update has been released that will be excluded, the yum update process output does not display the updates that will not be installed. Instead it displays output like the following:
Getting available updates...Discovering 'security' packages...
Discovered 5 'security' package entries.List of packages to be updated:
[]I would expect that it would list…
16 votesWe’ll review how we can improve our logging and diagnosability.
-
Why is there still no Auto Start-up operation?
Why is there still no Auto Start-up operation?
11 votes -
Provide opsinsight as PaaS solution for customer to configure inside their own subscriptions
Right now, opsinsight exists and store data for various customers and perhaps map account to the storage in cloud. How about providing it as a seprate service in azure stack and let the user configure it inside their own azure subscription and use their onprem SCOM or MMA to send data to this blob residing in their subscription. I tried my best to explain the idea, if it needs more ground and better clarity, let me know.
9 votesThis is one thing we have been considering for at some point in the future, depending on demand.
-
System Update Assessment and SCCM upto date
I understand that OMS SUA will display a computer being upto date if managed via SCCM and all approved updates in SCCM are installed. This is great for compliance to approved update. What also is needed is to know what updates that are not approved via SCCM, yet are available to be installed for this server. This is how it used to report when using the old system update advisor management pack that you imported into SCOM
7 votesThanks for the feedback.
-
Add ability to remove previous Update Deployments stuck in "In Progress" state
I have two update deployments that are stuck in progress and won't go away. The Automation jobs finished successfully, but they still show in progress. It would be nice if there was an option to remove previous deployments. Or will these disappear with time?
6 votesWe’re planning to purge stuck jobs after 30 days.
-
computer group
Increase the computer group limitations for Update Management. Patching a few hundred to a few thousand machines with this 100 machine limit is not very scalable.
5 votesThanks for the feedback. We support groups up to 500 computers large in the Azure Portal, but we hear that isn’t enough and we can look at increasing this up to “a few thousand”. Please feel free to post your desired maximum group size in this item so we have a good sense of what the requirements are.
-
Ability to adjust Windows Update settings
Hi,
I think it would be useful to be able to configure Windows Update settings through update management, control things like automatic reboot settings, working hours, action to take if users are logged on. I believe the OMS agent could set the relevant registry keys.
4 votesReboot control is tracked here: https://feedback.azure.com/forums/905242-update-management/suggestions/31439491-allow-suppress-reboots-as-an-option
We’re working out if that would include forced reboots or not. Same for working hours.
-
UI Confirmation For Initial Scan
Provide feedback for when the 'baseline state' is captured so that we know when we can start monitoring for changes to the system.
I plan on using this tool to diagnose why installing software on a Linux VM renders it useless upon next boot. Therefore I want to know when the baseline has been established before I start the installation process.
2 votesHow would you ideally like to receive this feedback? For instance, we could potentially send it via a banner or notification.
- Don't see your idea?