Wednesday, 24 January 2018

Keeping your environment secure with Update Management

The Azure Update Management service is included as part of an Azure Subscription. Update management allows you to manage updates and patches for your machines. With Update management, you can quickly assess the status of available updates, schedule installation of required updates, and review deployment results to verify updates that apply successfully. This is possible whether your machines are Azure VMs, hosted by other cloud providers, or on premise.

To use Update Management, you will need to take care of a few prerequisites. If you already have an Azure VM, this process is simple:

Navigate to your VM and choose Update management from the left-hand menu.

Microsoft Tutorials and Materials, Microsoft Certifications, Microsoft Guides, Microsoft Secure

Click the banner that says, "The Update management solution is not enabled on this virtual machine". Click there to learn more and enable.

On the next screen, click the Enable button. This creates a log analytics workspace and Automation account using default values. If you have an existing workspace or Automation account, you can choose those as well.

Microsoft Tutorials and Materials, Microsoft Certifications, Microsoft Guides, Microsoft Secure

Once this is completed, you will see the Update Management view. Although it will take some time for data to populate, this view will give you information about a single VM. There is also a multi-machine view which you can access by clicking Manage multiple computers

Microsoft Tutorials and Materials, Microsoft Certifications, Microsoft Guides, Microsoft Secure

You can easily add more machines from this view by selecting either Add Azure VM or Add Non-Azure Computer.

Microsoft Tutorials and Materials, Microsoft Certifications, Microsoft Guides, Microsoft Secure

Get visibility into your Update Compliance with Update Management


By enrolling machines in Update Management, you have access to dashboards reporting on the state of your machines. This is possible whether your machines are Azure VMs, AWS VMs, other cloud providers, or on premise.

Deploy Security Updates

To deploy patches to machines, select Schedule update deployment from the multi-machine view.

Microsoft Tutorials and Materials, Microsoft Certifications, Microsoft Guides, Microsoft Secure

This shows a new blade.

Microsoft Tutorials and Materials, Microsoft Certifications, Microsoft Guides, Microsoft Secure

In this blade, you can select computers which should receive updates. If you wish, you can filter Update classifications to only apply security updates. The update run can be scheduled to run once or on a recurring basis. The maintenance window defines how long the update process can run on the machine.

Related Posts

0 comments:

Post a Comment