How do you patch/update your infrastructure in Azure, AWS, On-Premises? There are many ways, of course, including manually, built-in scheduled update, Group Policy, locally scripted, ConfigMgr, custom Azure Automation, WSUS, and so on.
Somewhat recently, another option “Azure Update Management” has become available, and it is FREE*. This is an expanded offering of what used to be OMS Update Management, integrated into the main Azure Portal and visible on each VM under the “Update Management” node.
Rather than regurgitate the existing documentation and tutorial, I want to highlight some of the finer points:
- Yes, supports Windows and Linux
- Requires ‘supported’ versions of Windows or Linux
- Does not support ‘client’ versions e.g. Windows 7/8/8.1/10
- Requires .NET Framework 4.5 and Windows Management Framework 5.0 or later on Windows 2008R2 SP1
- Windows Server 2008 or 2008 R2 without SP1 won’t apply updates, just scan/assess
- Update targets must have access to an update repository
- WSUS, ConfigMgr SUP, or Microsoft Update
- Linux package repository, either locally managed, or the OS default
- Integration with ConfigMgr requires current branch 1606 or newer
Caveats
- If an update reports that it requires a reboot, the VM will reboot. Currently there appears to be no way to avoid/defer a reboot
- Windows VMs only scan for updates every 12 hours
- Linux VMs scan for updates every 3 hours
I was about to build a WSUS server in an Azure subscription to address a number of manually updated or otherwise unmanaged Azure VMs, which was going to cost a minimum of about AUD $200 per month. This appears to be a nearly ideal solution to me and very attractive to the client at the ‘nearly free’ price point.
This is my new ‘go-to’ for update management; I hope it looks as good to you, and simplifies an important part of your environment.
FREE*
- Requires a Log Analytics storage account, which does cost a small amount for ingestion and storage for 31 days (https://azure.microsoft.com/en-us/pricing/details/log-analytics/). The first 5 GB ingestion per month is free, which should be good for 50-100 VMs, leaving about 20c/GB/Month for storage costs – so maybe $1 per month for up to 100 VMs!
- No further costs involved for Azure VMs
- Non-Azure VMs/Computers could incur further charges, depending on your environment, use of extra Azure Automation/Configuration Management features, etc
Sample Update Status (Server name column removed)
Hi Robin,
I am currently implementing this solutions as well for both Azure VMs and On-Premise Servers. Testing phase complete. Do you manage your machines manually in Azure Portal or have you implemented some kind of automation?
Also, do you know the costs per non-azure machines in OMS/Update Management?
Good article!