adaptive.run TECH BLOG

Cloud can be tricky sometimes. Find out what scenarios we've ran into that are worth being mentioned and explained.

Centralized Management in Azure: Ensuring Up-to-Date Azure VMs

Level: 300
Publishing date: 17-Jan-2023
Author: Catalin Popa

With the increased attention on information security and the consequences of security breaches and ransomware attacks for companies in terms of revenue loss, security has become a critical aspect of IT. This has made it essential for IT departments to be diligent in their efforts to patch systems and address vulnerabilities as soon as they are discovered.

Traditional patch management processes, which involve testing patches in a test environment before deploying to production, can be slow and time-consuming. As we saw with the Log4J vulnerability, exploits can occur just days after a vulnerability is disclosed to the public.
IT departments typically use systems or third-party solutions to manage patching of servers. However, with the migration to the cloud, the cost of lift and shift for these solutions can be prohibitive.

Microsoft offers a solution to this challenge with its free Azure Update Management with Azure Automation. This SaaS solution provides a more cost-effective alternative to traditional patch management solutions and can be used to replace the patch management component of on-premise solutions like SCCM.

Maintaining Up-to-Date Systems with Azure Update Management
Enabling Update Management is simple and can be done from the Azure portal's Virtual Machines overview. To get started, go to the Azure portal, select Virtual Machines from the menu on the left:

Next you have to select the VMs you want to enable it for. Then, go to the top menu, click the three dots, select Services, and finally, choose Update Management.
Here you have the option to let Azure automatically set up a Log Analytics workspace and automation account, or you can choose pre-existing resources. You will also receive a summary that indicates the status of Azure Update Management support for your selected VMs. If all of the chosen VMs are supported, simply click the Enable button to proceed.
Once you click Enable, the deployment process will begin, which may take some time as Azure installs the necessary extension on your VMs and registers them as ready.

When the onboarding process is complete, you will have access to a comprehensive dashboard that displays your machines' compliance status, allowing you to see which machines are missing updates. To install updates, simply click on "Schedule Update Deployment" and specify the updates you want to install, as well as any exclusions or specific patches. Additionally, you can specify other maintenance window steps, such as rebooting servers or performing extra pre- or post-configuration tasks on your VMs.

Alternatives for Automated Patching in Azure
In this article, I have primarily discussed Update Management with Azure Automation, but it's not the only solution for automating security updates on your Azure VMs. There is an option that provides full automation. With Automatic VM Guest Patching, you just need to activate the feature on your VMs, and Azure will automatically install all the necessary critical and security patches.

Although there are pros and cons to automating the entire patching process, it might be the right choice for some. The main advantage is that it's completely hands-off from start to finish. On the other hand, you give up control over the updates being installed, such as what updates are installed and when.

Since Azure automatically installs all patches deemed critical or security-related, you won't have the ability to opt out of any of these updates. This could lead to issues such as bugs that affect printing or performance problems. So, if you're okay with sacrificing control for ease, Automatic VM Guest Patching may be a suitable option for you.

To conclude, Azure Update Management with Azure Automation offers a free and efficient alternative to on-premise patch management solutions, providing a comprehensive dashboard that displays the compliance status of your machines, and allowing you to schedule update deployment and specify maintenance window steps.

adaptive.run

Transform your business.
Run adaptive.

Contact

Phone: +40 73 523 0005
Email: hello@adaptive.run

Legal and Privacy

Privacy Policy - PPD
A.N.P.C.
A.N.P.C - SAL

© Copyright  2019-2024 adaptive.run- All Rights Reserved