The possibility to "pin" a patch set for X number of days
The possibility to "pin" a patch set for X number of days, giving you the possibility of deploying and verifying the same set of patches across individual envs. In other words: same patchset on DEV servers on Monday, Test servers on Tuesday, etc. and Production on Sunday.
We’re currently reviewing enhancements around approved and time-delayed patching.
ivan borghetti commented
the selection of patches that we want to include is a good option however i think the request is different , i will put an example in Linux since i am not very experienced with Windows. Lets say i patch my dev environment today and we have 50 patches in the repo that i apply to my servers. In 2 weeks i will need to patch my prod servers however in the repo there are now 60 patches and in some cases there are also new versions for patches that i applied in dev. A good example would be a kernel versión. In this case it would be really difficult to be able to manage all those variables which today in onprem or with different tolos are managed with local repos (sccm , red hat satellite , tanium ) or with the package reléase dates , for instance , apply the packahes released from x to y only .
Guy Gibson commented
We are looking for something similar. Tiues to Patch tuesday. So for example starting on the 3rd monday of the month we want to apply 7 update sets across 1 Monday night, 2 Tues, 2 Wed and 3 Thurs night. in that order.
Recuring 3 rd (MTWTFSS) every month doesnt't work. If the month starts on a Wed, then the acutal order above will end up being 2 Wed, 2 Thur, 1 Mon, 2 Tues.
We'd like to say: 'update the system with all packages that were available on the 1st of March, at 00:01'. In this way, we could run the update on the 5th of March for DEV, 12th of March on ACC, etcetera, but the result would be the same.
The same functionality is for example available if you use Red Hat Satellite (or Spacewalk), but it would be much more preferable to integrate this within Azure Patch Management.
Javier Negro Dieste commented
It's a bit cumbersome to have update warning and have to see that they are antivirus definition lists of the same day.
It would be great if we could allow how many days/hours until the solution warns us of missing updates of 'definition' classification.