Azure Update Manager Commercially Released

Microsoft will be replacing the Azure Automation Update management solution.

Microsoft this week announced that Azure Update Manager reached "general availability," or commercial rollout status.

Azure Update Manager was "previously known as Update Management Center." It provides a means for managing Windows and Linux software updates on Azure virtual machines (VMs) and VMs on other cloud platforms, plus on-premises infrastructure. It supports features such as "automatic VM guest patching in Azure, hot patching, and customer-defined maintenance schedules," Microsoft explained in this document. It also enables the role-based access controls of Azure Resource Manager.

Azure Update Manager was also described as "an evolution of Azure Automation Update management solution with new features and functionality, for assessment and deployment of software updates on a single machine or on multiple machines at scale."

Unlike its predecessors, Azure Update Manager no longer has "a dependency on Log Analytics agent or Azure Monitor agent." Instead, it uses "the Microsoft Azure VM agent for managing update workflows on the Azure VMs and the Azure Connected Machine agent for managing Arc-enabled servers," Microsoft explained.

Move to Azure Update Manager?
Azure Update Manager being at the general availability stage means that it is deemed ready for use in production environments. Update 9/20: Microsoft has updated its document, dated Sept. 19, 2023, which now suggests that IT pros not switch from Azure Automation Update management until getting further notice and migration guidance. Here are those key notions:

  • Guidance for migrating from Automation Update management to Update manager will be provided to customers once the latter is Generally Available.
  • For customers using Automation Update management, we recommend continuing to use the Log Analytics agent and NOT migrate to Azure Monitoring agent until migration guidance is provided for Update management or else Automation Update management will not work.
  • The Log Analytics agent would not be deprecated before moving all Automation Update management customers to Update Manager.

Azure Update Manager and Azure Arc-Enabled Servers
It's possible to use Azure Update Manager for multicloud update management when using Azure Arc-enabled servers. However, Microsoft charges extra. Here's its statement to that effect:

Azure Update Manager is available at no additional charge for managing Azure VMs. For Arc-enabled Servers, the price is up to $5 per server per month.

Many of the comments in Microsoft's announcement expressed concern or confusion about this extra cost, as it was said to have been free with Microsoft's earlier management product. Microsoft did respond to one comment in that respect, saying that "this cost is not included as part of the Machine Configuration cost and is a separate cost for Azure Arc."

Update 9/25: Microsoft has published an FAQ document on Azure Update Manager, with pricing details.

Azure Update Manager Perks
Azure Update Manager has lots of perks. It can be used to "manage Extended Security Updates for Azure Arc-enabled Windows Server 2012/2012 R2 machines," for instance. Microsoft this week announced that Azure Arc-managed ESUs are now available at the GA level.

Also, IT pros can "define recurring time windows during which your machines receive updates and may undergo reboots using scheduled patching" using Azure Update Manager. It's possible to "sync patch schedules for Windows machines in relation to patch Tuesday" as well.

It has an automatic assessment capability that can check machines for patch compliance every 24 hours. Also, IT pros can create custom reports on the status of updates.

Retirement Plans for Azure Automation Update Management
There's an added incentive for organizations to start using Azure Update Manager (although see the bulleted caveat above). Microsoft is planning to retire an agent next year that's currently used by the Azure Automation Update management solution.

Here's Microsoft's statement to that effect:

The Azure Log Analytics agent, also known as the Microsoft Monitoring Agent (MMA) will be retired in August 2024. Azure Automation Update management solution relies on this agent and may encounter issues once the agent is retired. It does not work with Azure Monitoring (AMA) Agent. Therefore, customers of the solution are encouraged to move to Azure Update Manager for their software update needs. All capabilities of Azure Automation Update Management Solution will be available on Azure Update Manager before the retirement date. Learn more.

Azure Update Manager Access
IT pros can access Azure Update Manager in the Azure Portal by searching for it, or it is available from the "Updates blade of the virtual machine resource."

Azure Update Manager also can be used to manage updates to Azure SQL VMs, but that capability is currently at the preview stage. Also yet to come will be the ability to execute scripts "before or after deploying updates to machines as part of a schedule." The ability to create alerts based on update data is also in the works.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube