Azure ARC patch management best practices

appwiz.cpl 21 Reputation points
2022-09-26T13:06:30.26+00:00

Hi,

we want to use azure arc to patch our on premise machines, but this feature is still in preview.
Looks like we cannot really control updates.

So what is the best practices to patch our sensitive servers? Use Azure Arc just for information and patch machines by hand?

Thanks a lot

Azure Arc
Azure Arc
A Microsoft cloud service that enables deployment of Azure services across hybrid and multicloud environments.
412 questions
Azure Update Manager
Azure Update Manager
An Azure service to centrally manages updates and compliance at scale.
304 questions
0 comments
Accepted answer
  1. Maxim Sergeev 6,571 Reputation points Microsoft Employee
    2022-09-27T07:12:34.99+00:00

    You can't uninstall patches if they are failed. This should be covered in your DR plan.

    The fundamentals are the same as before:

    • scope dev, preprod, prod environments (additionally, workload-specific scopes if necessary)
    • set different schedules for each environment
    • rollback strategy could be configured as a standard DR plan, actually this is where Azure Site Recovery+ Backup are great companions
    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Maxim Sergeev 6,571 Reputation points Microsoft Employee
    2022-09-26T22:55:32.877+00:00

    Hi there,

    If you are referring to Azure Update Management Center (Public Preview), yes, currently it's still under preview, but you will have a support on this.
    If you can't use any preview features, you can use a previous version of Update Management based on Azure Automation account. But it requires to install Microsoft Monitoring Agent, configure it with a Log Analytics workspace, etc

    I recommend to start using Update Management Center as a modern way to manage your updates.

    0 comments
  2. appwiz.cpl 21 Reputation points
    2022-09-27T05:26:47.897+00:00

    Hi,

    ok understand, but how we can avoid system failures due windows patches? Yes, we have a backup system, but restore is complex.

    How can I ensure the follwing fundamentals:

    • Do test patches before deploying them
    • rollback strategy (Back out Plan), if patch failes

    Critical environment like SQL Database and Exchange should be full backup and patched particular.

    Is it possible to deinstall patches from Azure Update Management Center, if something failes?

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.