The Azure Update Management service is included as part of an Azure Subscription. Update management allows you to manage updates and patches for your machines. With Update management, you can quickly assess the status of available updates, schedule installation of required updates, and review deployment results to verify updates that apply successfully. This is possible whether your machines are Azure VMs, hosted by other cloud providers, or on premise.
To use Update Management, you will need to take care of a few prerequisites. If you already have an Azure VM, this process is simple:
Navigate to your VM and choose Update management from the left-hand menu.
On the next screen, click the Enable button. This creates a log analytics workspace and Automation account using default values. If you have an existing workspace or Automation account, you can choose those as well.
Once this is completed, you will see the Update Management view. Although it will take some time for data to populate, this view will give you information about a single VM. There is also a multi-machine view which you can access by clicking Manage multiple computers
You can easily add more machines from this view by selecting either Add Azure VM or Add Non-Azure Computer.
Get visibility into your Update Compliance with Update Management
By enrolling machines in Update Management, you have access to dashboards reporting on the state of your machines. This is possible whether your machines are Azure VMs, AWS VMs, other cloud providers, or on premise.
Deploy Security Updates
To deploy patches to machines, select Schedule update deployment from the multi-machine view.
This shows a new blade.
In this blade, you can select computers which should receive updates. If you wish, you can filter Update classifications to only apply security updates. The update run can be scheduled to run once or on a recurring basis. The maintenance window defines how long the update process can run on the machine.