Apply system updates in Azure Security Center
Azure Security Center monitors daily Windows and Linux virtual machines (VMs) and computers for missing operating system updates. Security Center retrieves a list of available security and critical updates from Windows Update or Windows Server Update Services (WSUS), depending on which service is configured on a Windows computer. Security Center also checks for the latest updates in Linux systems. If your VM or computer is missing a system update, Security Center will recommend that you apply system updates.
Implement the recommendation
Apply system updates is presented as a recommendation in Security Center. If your VM or computer is missing a system update, this recommendation will be displayed under Recommendations and under Compute. Selecting the recommendation opens the Apply system updates dashboard.
In this example, we will use Compute.
Select Compute under the Security Center main menu.
Under Compute, select Missing system updates. The Apply system updates dashboard opens.
The top of the dashboard provides:
- The total number of Windows and Linux VMs and computers missing system updates.
- The total number of critical updates missing across your VMs and computers.
- The total number of security updates missing across your VMs and computers.
The bottom of the dashboard lists all missing updates across your VMs and computers, and the severity of the missing update. The list includes:
NAME: Name of the missing update.
NO. OF VMs & COMPUTERS: Total number of VMs and computers that are missing this update.
STATE: The current state of the recommendation:
- Open: The recommendation has not been addressed yet.
- In Progress: The recommendation is currently being applied to those resources, and no action is required by you.
- Resolved: The recommendation was already finished. (When the issue has been resolved, the entry is dimmed).
SEVERITY: Describes the severity of that particular recommendation:
- High: A vulnerability exists with a meaningful resource (application, virtual machine, or network security group) and requires attention.
- Medium: Non-critical or additional steps are required to complete a process or eliminate a vulnerability.
- Low: A vulnerability should be addressed but does not require immediate attention. (By default, low recommendations are not presented, but you can filter on low recommendations if you want to view them.)
Select a missing update in the list to view details.
Select the Search icon in the top ribbon. An Azure Monitor logs search query opens filtered to the computers missing the update.
Select a computer from the list for more information. Another search result opens with information filtered only for that computer.
To learn more about Security Center, see the following:
- Setting security policies in Azure Security Center -- Learn how to configure security policies for your Azure subscriptions and resource groups.
- Managing security recommendations in Azure Security Center -- Learn how recommendations help you protect your Azure resources.
- Security health monitoring in Azure Security Center -- Learn how to monitor the health of your Azure resources.
- Managing and responding to security alerts in Azure Security Center -- Learn how to manage and respond to security alerts.
- Monitoring partner solutions with Azure Security Center -- Learn how to monitor the health status of your partner solutions.
- Azure Security Center FAQ -- Find frequently asked questions about using the service.
- Azure Security blog -- Find blog posts about Azure security and compliance.