You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-machines/automatic-vm-guest-patching.md
+6Lines changed: 6 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -146,20 +146,23 @@ VMs on Azure now support the following patch orchestration modes:
146
146
- For Windows VMs, setting this mode also disables the native Automatic Updates on the Windows virtual machine to avoid duplication.
147
147
- To use this mode on Linux VMs, set the property `osProfile.linuxConfiguration.patchSettings.patchMode=AutomaticByPlatform` in the VM template.
148
148
- To use this mode on Windows VMs, set the property `osProfile.windowsConfiguration.patchSettings.patchMode=AutomaticByPlatform` in the VM template.
149
+
- Enabling this mode will set the SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate RegKey to 1
149
150
150
151
**AutomaticByOS:**
151
152
- This mode is supported only for Windows VMs.
152
153
- This mode enables Automatic Updates on the Windows virtual machine, and patches are installed on the VM through Automatic Updates.
153
154
- This mode does not support availability-first patching.
154
155
- This mode is set by default if no other patch mode is specified for a Windows VM.
155
156
- To use this mode on Windows VMs, set the property `osProfile.windowsConfiguration.enableAutomaticUpdates=true`, and set the property `osProfile.windowsConfiguration.patchSettings.patchMode=AutomaticByOS` in the VM template.
157
+
- Enabling this mode will set the SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate RegKey to 0
156
158
157
159
**Manual:**
158
160
- This mode is supported only for Windows VMs.
159
161
- This mode disables Automatic Updates on the Windows virtual machine. When deploying a VM using CLI or PowerShell, setting `--enable-auto-updates` to `false` will also set `patchMode` to `manual` and will disable Automatic Updates.
160
162
- This mode does not support availability-first patching.
161
163
- This mode should be set when using custom patching solutions.
162
164
- To use this mode on Windows VMs, set the property `osProfile.windowsConfiguration.enableAutomaticUpdates=false`, and set the property `osProfile.windowsConfiguration.patchSettings.patchMode=Manual` in the VM template.
165
+
- Enabling this mode will set the SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate RegKey to 1
163
166
164
167
**ImageDefault:**
165
168
- This mode is supported only for Linux VMs.
@@ -180,6 +183,7 @@ VMs on Azure now support the following patch orchestration modes:
180
183
- The virtual machine must be able to access the configured update endpoints. If your virtual machine is configured to use private repositories for Linux or Windows Server Update Services (WSUS) for Windows VMs, the relevant update endpoints must be accessible.
181
184
- Use Compute API version 2021-03-01 or higher to access all functionality including on-demand assessment and on-demand patching.
182
185
- Custom images aren't currently supported.
186
+
- VMSS Flexible Orchestration require the installation of [Application Health extension](../virtual-machine-scale-sets/virtual-machine-scale-sets-health-extension.md). This is optional for IaaS VMs.
183
187
184
188
## Enable automatic VM guest patching
185
189
Automatic VM guest patching can be enabled on any Windows or Linux VM that is created from a supported platform image.
@@ -274,6 +278,8 @@ When automatic VM guest patching is enabled for a VM, a VM extension of type `Mi
274
278
275
279
It can take more than three hours to enable automatic VM guest updates on a VM, as the enablement is completed during the VM's off-peak hours. The extension is also installed and updated during off-peak hours for the VM. If the VM's off-peak hours end before enablement can be completed, the enablement process will resume during the next available off-peak time.
276
280
281
+
Please note that the platform will make periodic patching configuration calls to ensure alignment when model changes are detected on IaaS VMs or VMSS Flexible orchestration. Certain model changes such as, but not limited to, updating assessment mode, patch mode, and extension update may trigger a patching configuration call.
282
+
277
283
Automatic updates are disabled in most scenarios, and patch installation is done through the extension going forward. The following conditions apply.
278
284
- If a Windows VM previously had Automatic Windows Update turned on through the AutomaticByOS patch mode, then Automatic Windows Update is turned off for the VM when the extension is installed.
279
285
- For Ubuntu VMs, the default automatic updates are disabled automatically when Automatic VM Guest Patching completes enablement.
0 commit comments