Create computer patch groups like in SCCM
SCCM has the ability to create patch groups, which you can choose the order in which computers are patched
We’ve done some improvements around grouping, including dynamic Azure queries (tag-based) and dynamic saved searches. We’re also still investigating other higher level groupings.
Bryan Dam commented
You might consider integration with Cluster Aware Updating. It ticks off most of the requirements but lacks tooling in Azure.
Matt Woodruff commented
I'm leveraging the groups to update (preview) by leveraging the tagging today in our dev environment. That works well, but I agree the ability to choose the order (of reboot at a minimum) is critical for multi-VM applications. Maybe implement something like site recovery where you specify priority 1, 2, 3, etc? We do have some applications that have 20+ IaaS VM's in them, so just a 1-3 wouldn't suffice, a full ordering would be best, with the ability to specify the reboot delay period. Meaning, if I have 3 VM's to be patched in a group, I prioritize them 1-3, and the reboots don't start until all 3 report that they're ready, and I can configure a 2 minute delay between VM 1 and 2, and another 2 minute delay between VM 2 and 3. That would be a great benefit. I'm specifically looking at Azure based VM's. We do use SCCM for on-prem today, but am looking to cut the cord so to speak moving to Azure.
group by tags is a must to have.
There should be an ability to create server groups(Non Azure servers, Servers on AWS, Servers on premise) based on their OU structure. We have a .jason file placed on each server with some properties i.e. Environment, Patch Schedule etc.
So, for example if the "Patch Schedule" property contains "A", Azure should be able to group all the computers that have the "Patch Schedule" property mentioned as "A". This needs to be done dynamically.
Secondly, if we can have the "tags" feature for Non-Azure servers, Servers on AWS, Servers on premise that'd be great!
Jeff Bryant commented
I would like to see groups based on tags first, then the ability to import groups from SCCM.