Apply system updates in Azure Security Center

Azure Security Center monitors daily Windows and Linux virtual machines (VMs) and computers for missing operating system updates. Security Center retrieves a list of available security and critical updates from Windows Update or Windows Server Update Services (WSUS), depending on which service is configured on a Windows computer. Security Center also checks for the latest updates in Linux systems. If your VM or computer is missing a system update, Security Center will recommend that you apply system updates.

Implement the recommendation

Apply system updates is presented as a recommendation in Security Center. If your VM or computer is missing a system update, this recommendation will be displayed under Recommendations and under Compute. Selecting the recommendation opens the Apply system updates dashboard.

In this example, we will use Compute.

  1. Select Compute under the Security Center main menu.

    Select Compute

  2. Under Compute, select Missing system updates. The Apply system updates dashboard opens.

    Apply system updates dashboard

    The top of the dashboard provides:

    • The total number of Windows and Linux VMs and computers missing system updates.
    • The total number of critical updates missing across your VMs and computers.
    • The total number of security updates missing across your VMs and computers.

    The bottom of the dashboard lists all missing updates across your VMs and computers, and the severity of the missing update. The list includes:

    • NAME: Name of the missing update.

    • NO. OF VMs & COMPUTERS: Total number of VMs and computers that are missing this update.

    • STATE: The current state of the recommendation:

      • Open: The recommendation has not been addressed yet.
      • In Progress: The recommendation is currently being applied to those resources, and no action is required by you.
      • Resolved: The recommendation was already finished. (When the issue has been resolved, the entry is dimmed).
    • SEVERITY: Describes the severity of that particular recommendation:

      • High: A vulnerability exists with a meaningful resource (application, virtual machine, or network security group) and requires attention.
      • Medium: Non-critical or additional steps are required to complete a process or eliminate a vulnerability.
      • Low: A vulnerability should be addressed but does not require immediate attention. (By default, low recommendations are not presented, but you can filter on low recommendations if you want to view them.)
  3. Select a missing update in the list to view details.

    Missing security update

  4. Select the Search icon in the top ribbon. An Azure Monitor logs search query opens filtered to the computers missing the update.

    Azure Monitor logs search

  5. Select a computer from the list for more information. Another search result opens with information filtered only for that computer.

    Azure Monitor logs search

Next steps

To learn more about Security Center, see the following: