Operating systems supported by Update Management

This article details the Windows and Linux operating systems supported and system requirements for machines or servers managed by Update Management.

Supported operating systems

The following table lists the supported operating systems for update assessments and patching. Patching requires a system Hybrid Runbook Worker, which is automatically installed when you enable the virtual machine or server for management by Update Management. For information on Hybrid Runbook Worker system requirements, see Deploy a Windows Hybrid Runbook Worker and Deploy a Linux Hybrid Runbook Worker.

All operating systems are assumed to be x64. x86 is not supported for any operating system.

Note

Update assessment of Linux machines is only supported in certain regions as listed in the Automation account and Log Analytics workspace mappings table.

Operating system Notes
Windows Server 2019 (Datacenter/Standard including Server Core)

Windows Server 2016 (Datacenter/Standard excluding Server Core)

Windows Server 2012 R2(Datacenter/Standard)

Windows Server 2012
Windows Server 2008 R2 (RTM and SP1 Standard) Update Management supports assessments and patching for this operating system. The Hybrid Runbook Worker is supported for Windows Server 2008 R2.
CentOS 6, 7, and 8 Linux agents require access to an update repository. Classification-based patching requires yum to return security data that CentOS doesn't have in its RTM releases. For more information on classification-based patching on CentOS, see Update classifications on Linux.
Oracle Linux 6.x, 7.x, 8x Linux agents require access to an update repository.
Red Hat Enterprise 6, 7, and 8 Linux agents require access to an update repository.
SUSE Linux Enterprise Server 12, 15, 15.1, and 15.2 Linux agents require access to an update repository.
Ubuntu 14.04 LTS, 16.04 LTS, 18.04 LTS, and 20.04 LTS Linux agents require access to an update repository.

Note

Update Management does not support safely automating update management across all instances in an Azure virtual machine scale set. Automatic OS image upgrades is the recommended method for managing OS image upgrades on your scale set.

Unsupported operating systems

The following table lists operating systems not supported by Update Management:

Operating system Notes
Windows client Client operating systems (such as Windows 7 and Windows 10) aren't supported.
For Azure Windows Virtual Desktop (WVD), the recommended method
to manage updates is Microsoft Endpoint Configuration Manager for Windows 10 client machine patch management.
Windows Server 2016 Nano Server Not supported.
Azure Kubernetes Service Nodes Not supported. Use the patching process described in Apply security and kernel updates to Linux nodes in Azure Kubernetes Service (AKS)

System requirements

The following information describes operating system-specific requirements. For additional guidance, see Network planning. To understand requirements for TLS 1.2, see TLS 1.2 for Azure Automation.

Windows

Software Requirements:

Windows Update agents must be configured to communicate with a Windows Server Update Services (WSUS) server, or they require access to Microsoft Update. For hybrid machines, we recommend installing the Log Analytics agent for Windows by first connecting your machine to Azure Arc-enabled servers, and then use Azure Policy to assign the Deploy Log Analytics agent to Windows Azure Arc machines built-in policy definition. Alternatively, if you plan to monitor the machines with VM insights, instead use the Enable Enable VM insights initiative.

You can use Update Management with Microsoft Endpoint Configuration Manager. To learn more about integration scenarios, see Integrate Update Management with Windows Endpoint Configuration Manager. The Log Analytics agent for Windows is required for Windows servers managed by sites in your Configuration Manager environment.

By default, Windows VMs that are deployed from Azure Marketplace are set to receive automatic updates from Windows Update Service. This behavior doesn't change when you add Windows VMs to your workspace. If you don't actively manage updates by using Update Management, the default behavior (to automatically apply updates) applies.

Note

You can modify Group Policy so that machine reboots can be performed only by the user, not by the system. Managed machines can get stuck if Update Management doesn't have rights to reboot the machine without manual interaction from the user. For more information, see Configure Group Policy settings for Automatic Updates.

Linux

Software Requirements:

  • The machine requires access to an update repository, either private or public.
  • TLS 1.1 or TLS 1.2 is required to interact with Update Management.
  • The Update Management feature depends on the system Hybrid Runbook Worker role, and you should confirm its system requirements. Because Update Management uses Automation runbooks to initiate assessment and update of your machines, review the version of Python required for your supported Linux distro.

Note

Update assessment of Linux machines is only supported in certain regions. See the Automation account and Log Analytics workspace mappings table.

For hybrid machines, we recommend installing the Log Analytics agent for Linux by first connecting your machine to Azure Arc-enabled servers, and then use Azure Policy to assign the Deploy Log Analytics agent to Linux Azure Arc machines built-in policy definition. Alternatively, if you plan to monitor the machines with Azure Monitor for VMs, instead use the Enable Azure Monitor for VMs initiative.

Next steps

Before you enable and use Update Management, review Plan your Update Management deployment.