Automatic guest patching for Azure virtual machines

Applies to: ✔️ Linux VMs ✔️ Windows VMs

By enabling automatic guest patching for your Azure Virtual Machines (VMs), you can automatically and securely patch your VMs to ensure they remain compliant with security standards."

Supported OS images

Automatic VM guest patching, on-demand patch assessment and on-demand patch installation are supported only on VMs created from images with the exact combination of publisher, offer and sku from the below supported OS images list. Custom images or any other publisher, offer, sku combinations aren't supported. More images are added periodically. Don't see your SKU in the list? Request support by filing out Image Support Request.

If automatic VM guest patching is enabled on a VM, then the available Critical and Security patches are downloaded and applied automatically on the VM.

Note

Only x64 operating systems are currently supported. Neither ARM64 nor x86 are supported for any operating system.

Customized images

For VMs created from customized images even if the Patch orchestration mode is set to Azure Orchestrated/AutomaticByPlatform, automatic VM guest patching doesn't work. We recommend that you use scheduled patching to patch the machines by defining your own schedules or install updates on-demand.

Next steps

• Learn about the supported regions for Azure VMs and Arc-enabled servers.
• Learn on the Update sources, types managed by Azure Update Manger.
• Know more on supported OS and system requirements for machines managed by Azure Update Manager.
• Learn more on unsupported OS and Custom VM images.
• Learn more on how to configure Windows Update settings to work with Azure Update Manager.
• Learn about Extended Security Updates (ESU) using Azure Update Manager.
• Learn about security vulnerabilities and Ubuntu Pro support.