Confused About Azure Update Manager and Missing Updates

0
2
Asked By TechieBeagle42 On

I've been trying to get a better grasp of Azure Update Manager, but I think I'm just not quite understanding how it works. This year, we moved over 250 clients from our local WSUS to Intune, and that transition has gone pretty well. All the machines are getting their updates and rebooting on schedule. We also upgraded six servers to Server 2025, and since I have Software Assurance, I've enabled Arc for those servers to hopefully eliminate our WSUS server altogether. I created a group called "Company On-Prem Servers," added the six servers into it, and followed the wizard to set it up with defaults. Periodic assessment is enabled, but I haven't configured much else.

Every month, I manually install the required updates and reboot during downtime. For instance, this month the servers received several updates, but when I did a manual check for updates directly from Microsoft, I noticed some updates that Azure Update Manager didn't automatically include.

In particular, I got updates like the AzureConnectedMachineAgent Version 1.55 and a Windows Security platform update that I didn't see in Azure Update Manager. Why aren't those updates included automatically, and what can I do to ensure they are? Also, I noticed the servers are still reporting to WSUS, even though clients have stopped since moving to Intune. Should I adjust the GPO settings for updates to prevent them from reporting to WSUS?

1 Answer

Answered By CloudyDayDreamer On

To resolve the update issue, you'll need to create a maintenance configuration and select the classifications you want for updates. Patches classified as critical or security get downloaded automatically. You can check out the official Microsoft documentation on Azure Update Manager for further guidance.

CuriousCoder21 -

I created my default configuration and set it to never reboot with all classifications. After testing on a machine, it successfully found the AzureConnectedMachineAgent update that wasn’t visible before. I still can't figure out why the Windows Security platform update didn’t pop up in the Azure Update Manager. Might be worth checking if KB5007651 is considered a regular update.

MysteryMan88 -

I appreciate the tip! I had actually been through that process and set up a 'Default_Maintenance_Configuration' but felt something was off. I’ll revisit that. Any thoughts on how to handle the WSUS reporting?

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.