Operating systems supported by Update Management
This article details the Windows and Linux operating systems supported and system requirements for machines or servers managed by Update Management.
Important
Automation Update Management has retired on 31 August 2024 and we recommend that you use Azure Update Manager. Follow the guidelines for migration from Automation Update Management to Azure Update Manager.
Supported operating systems
The following table lists the supported operating systems for update assessments and patching. Patching requires a system Hybrid Runbook Worker, which is automatically installed when you enable the virtual machine or server for management by Update Management. For information on Hybrid Runbook Worker system requirements, see Deploy a Windows Hybrid Runbook Worker and Deploy a Linux Hybrid Runbook Worker.
All operating systems are assumed to be x64. x86 is not supported for any operating system.
Note
- Update assessment of Linux machines is only supported in certain regions as listed in the Automation account and Log Analytics workspace mappings table.
- Update Management does not support CIS hardened images.
Operating system | Notes |
---|---|
Windows Server 2022 (Datacenter) | |
Windows Server 2019 (Datacenter/Standard including Server Core) Windows Server 2016 (Datacenter/Standard excluding Server Core) Windows Server 2012 R2(Datacenter/Standard) Windows Server 2012 |
|
Windows Server 2008 R2 (RTM and SP1 Standard) | Update Management supports assessments and patching for this operating system. The Hybrid Runbook Worker is supported for Windows Server 2008 R2. |
Note
Update Management does not support automating update management across all instances in an Azure virtual machine scale set. Automatic OS image upgrades is the recommended method for managing OS image upgrades on your scale set.
Unsupported operating systems
The following table lists operating systems not supported by Update Management:
Operating system | Notes |
---|---|
Windows client | Client operating systems (such as Windows 7 and Windows 10) aren't supported. For Azure Virtual Desktop, the recommended method to manage updates is Microsoft Configuration Manager for Windows 10 client machine patch management. |
Windows Server 2016 Nano Server | Not supported. |
Azure Kubernetes Service Nodes | Not supported. Use the patching process described in Apply security and kernel updates to Linux nodes in Azure Kubernetes Service (AKS) |
System requirements
The section describes operating system-specific requirements. For additional guidance, see Network planning. To understand requirements for TLS 1.2 or higher, see TLS for Azure Automation.
Software Requirements:
- .NET Framework 4.6 or later is required. (Download the .NET Framework.
- Windows PowerShell 5.1 is required (Download Windows Management Framework 5.1.)
- The Update Management feature depends on the system Hybrid Runbook Worker role, and you should confirm its system requirements.
Windows Update agents must be configured to communicate with a Windows Server Update Services (WSUS) server, or they require access to Microsoft Update. For hybrid machines, we recommend installing the Log Analytics agent for Windows by first connecting your machine to Azure Arc-enabled servers, and then use Azure Policy to assign the Deploy Log Analytics agent to Microsoft Azure Arc machines built-in policy definition. Alternatively, if you plan to monitor the machines with VM insights, instead use the Enable Enable VM insights initiative.
You can use Update Management with Microsoft Configuration Manager. To learn more about integration scenarios, see Integrate Update Management with Windows Configuration Manager. The Log Analytics agent for Windows is required for Windows servers managed by sites in your Configuration Manager environment.
By default, Windows VMs that are deployed from Azure Marketplace are set to receive automatic updates from Windows Update Service. This behavior doesn't change when you add Windows VMs to your workspace. If you don't actively manage updates by using Update Management, the default behavior (to automatically apply updates) applies.
Note
You can modify Group Policy so that machine reboots can be performed only by the user, not by the system. Managed machines can get stuck if Update Management doesn't have rights to reboot the machine without manual interaction from the user. For more information, see Configure Group Policy settings for Automatic Updates.