Hey everyone! I'm currently looking for feedback on managing Windows Server updates in a hybrid environment using Azure Update Manager through Azure Arc for our on-premise servers. We have Windows Server versions 2016, 2019, and 2022 (the 2016 ones are on a decommissioning plan but still need patching).
I'd love to hear from anyone who is actively using Azure Update Manager for their Arc-enabled servers. Specifically, I'm curious about these aspects:
1. How consistently do your scheduled Maintenance Configurations run and complete?
2. Have you noticed any differences in handling updates between the different server versions?
3. How effective is the centralized reporting for compliance? Is the built-in reporting good enough, or do you need to rely heavily on Log Analytics/KQL?
4. Is Azure Update Manager included in the server's license, and are you actually paying the ~$5/server/month fee, or is it free for you due to Software Assurance or Microsoft Defender for Servers?
5. Are there any hidden details or costs you wish you had known before diving in?
I appreciate any insights you can share!
2 Answers
From what I've seen, Azure Update Manager can be free if you have the Defender for Servers license or Software Assurance in place, but that could vary now. Regarding stability, I generally wouldn’t expect big differences between the 2016 to 2022 versions since they're all built on core Windows 10 technology. But things might shift with Server 2025. I’ve noticed that while updates usually come as a single .cab file for the older versions, the future ones could look different with various file types involved.
Honestly, my experience has been pretty solid with Azure Update Manager. We run it with an on-prem WSUS as an update source, and most of the time, the maintenance schedules go off without a hitch. If something doesn’t work, it’s usually my mistake for not configuring it right, but troubleshooting is often straightforward.
I really like how you can handle ad-hoc patching quickly, especially with urgent updates. However, the reporting leaves something to be desired. It's a hassle to pull together monthly reports, and I wish there was a built-in notification system for maintenance schedules. Keeping things simple with maintenance configurations has been key here, especially when dealing with various application owners who don’t fully trust automation yet.
Thanks for sharing your experience! Good to know that troubleshooting is manageable, but I agree that customizable notifications should be a priority for improvements.
Also, you mentioned using WSUS as an update source; if you decide to move away from it, would transitioning to Azure Update Manager as a sole orchestrator require a lot of adjustments on the server side?
If you’re preparing for Server 2025, be aware that hot-patching might also come at an additional cost, so plan accordingly!