Merge pull request #294585 from SnehaSudhirG/13Feb-SupportMatrixUpdate

Revise the support matrix article

Author: v-ccolin

articles/update-manager/configure-wu-agent.md

@@ -2,7 +2,7 @@
 title: Configure Windows Update settings in Azure Update Manager
 description: This article tells how to configure Windows update settings to work with Azure Update Manager.
 ms.service: azure-update-manager
-ms.date: 12/11/2024
+ms.date: 02/27/2025
 ms.topic: how-to
 author: SnehaSudhirG
 ms.author: sudhirsneha

articles/update-manager/cross-subscription-patching.md

@@ -25,15 +25,15 @@ However, its capabilities go well beyond this. With proper configuration, you ca
 
 # [Supported resource type](#tab/sup-resource)
 
-- **Azure Resource Manager (Arc)-connected hosts**: Non-Azure hosts connected to Azure through Arc, subject to [Arc prerequisites](/azure/azure-arc/servers/prerequisites) and Azure Update Manager [supported regions](support-matrix.md#azure-arc-enabled-servers)
+- **Azure Resource Manager (Arc)-connected hosts**: Non-Azure hosts connected to Azure through Arc, subject to [Arc prerequisites](/azure/azure-arc/servers/prerequisites) and Azure Update Manager [supported regions](supported-regions.md#azure-public-cloud)
 
 - **Azure VM** - Native virtual machines created in Azure.
 
 # [Supported OS type](#tab/sup-os)
 
-- **Windows**: Cross-subscription patching supports various versions of Windows Server and Windows operating systems. Ensure that your Windows devices are up-to-date and compatible with the patching process. For more information, see [support matrix for Arc-connected hosts](support-matrix-updates.md#azure-arc-enabled-servers)and [Azure VM for supported images](support-matrix-updates.md#supported-windows-os-images). 
+- **Windows**: Cross-subscription patching supports various versions of Windows Server and Windows operating systems. Ensure that your Windows devices are up-to-date and compatible with the patching process. For more information, see [support matrix for Arc-connected hosts](support-matrix-updates.md#azure-arc-enabled-servers)and [Azure VM for supported images](support-matrix-updates.md#azure-marketplacepir-images)
 
-- **Linux**: Cross-subscription patching also supports multiple Linux distributions, including most mainstream distributions like Ubuntu, CentOS, and Red Hat Enterprise Linux (RHEL) etc. Ensure that your Linux devices meet the necessary requirements for patching. For more information, see[support matrix for Arc-connected hosts](support-matrix-updates.md#azure-arc-enabled-servers) and [Azure VM for supported images](support-matrix-updates.md#supported-linux-os-images). 
+- **Linux**: Cross-subscription patching also supports multiple Linux distributions, including most mainstream distributions like Ubuntu, CentOS, and Red Hat Enterprise Linux (RHEL) etc. Ensure that your Linux devices meet the necessary requirements for patching. For more information, see[support matrix for Arc-connected hosts](support-matrix-updates.md#azure-arc-enabled-servers) and [Azure VM for supported images](support-matrix-updates.md#azure-marketplacepir-images). 
 
 ---
 

articles/update-manager/deploy-updates.md

@@ -2,7 +2,7 @@
 title: Deploy updates and track results in Azure Update Manager
 description: This article details how to use Azure Update Manager in the Azure portal to deploy updates and view results for supported machines.
 ms.service: azure-update-manager
-ms.date: 02/26/2024
+ms.date: 03/07/2025
 ms.topic: how-to
 author: SnehaSudhirG
 ms.author: sudhirsneha
@@ -22,7 +22,7 @@ See the following sections for more information:
 
 ## Supported regions
 
-Update Manager is available in all [Azure public regions](support-matrix.md#supported-regions). 
+Update Manager is available in all [Azure public regions](supported-regions.md#azure-public-cloud). 
 
 ## Configure reboot settings
 
@@ -59,7 +59,7 @@ To install one-time updates on a single VM:
 
       :::image type="content" source="./media/deploy-updates/include-update-classification-inline.png" alt-text="Screenshot that shows update classification." lightbox="./media/deploy-updates/include-update-classification-expanded.png":::
 
-   - Select **Include KB ID/package** to include in the updates. You can add multiple KB IDs and package names. When you add KB ID/package name, the next row appears. The package can have both name and version. . For example, use `3103696` or `3134815`. For Windows, you can refer to the [MSRC webpage](https://msrc.microsoft.com/update-guide/deployments) to get the details of the latest Knowledge Base release. For supported Linux distros, you specify a comma separated list of packages by the package name, and you can include wildcards. For example, use `kernel*`, `glibc`, or `libc=1.0.1`. Based on the options specified, Update Manager shows a preview of OS updates under the **Selected Updates** section.
+   - Select **Include KB ID/package** to include in the updates. You can add multiple KB IDs and package names. When you add KB ID/package name, the next row appears. The package can have both name and version. For example, use `3103696` or `3134815`. For Windows, you can refer to the [MSRC webpage](https://msrc.microsoft.com/update-guide/deployments) to get the details of the latest Knowledge Base release. For supported Linux distros, you specify a comma separated list of packages by the package name, and you can include wildcards. For example, use `kernel*`, `glibc`, or `libc=1.0.1`. Based on the options specified, Update Manager shows a preview of OS updates under the **Selected Updates** section.
    - To exclude updates that you don't want to install, select **Exclude KB ID/package**. We recommend selecting this option because updates that aren't displayed here might be installed, as newer updates might be available. You can exclude multiple KB IDs and package names.
    - To ensure that the updates published are on or before a specific date, select **Include by maximum patch publish date**. Select the date and select **Add** > **Next**.
 

articles/update-manager/extended-security-updates.md

@@ -0,0 +1,31 @@
+---
+title: Extended Security Updates (ESU) for Windows Server with Azure Update Manager
+description: Information on enrolling and managing Extended Security Updates (ESU) for Windows Server 2012 and 2012 R2 using Azure Update Manager.
+ms.service: azure-update-manager
+author: SnehaSudhirG
+ms.author: sudhirsneha
+ms.date: 02/26/2025
+ms.topic: overview
+---
+
+# Extended Security Updates (ESU) for Windows Server
+
+This article provides information on ESU on Azure VMs and Azure Arc machines.
+
+ESUs are available by default to Azure Virtual machines Azure ESU. Using Azure Update Manager, you can deploy Extended Security Updates for your Azure Arc-enabled Windows Server 2012 / R2 machines. 
+
+## Enroll Windows Server 2012 ESU on Arc machines
+
+To enroll in Windows Server 2012 Extended Security Updates on Arc connected machines, follow the guidance on [How to get Extended Security Updates (ESU) for Windows Server 2012 and 2012 R2 via Azure Arc](/windows-server/get-started/extended-security-updates-deploy#extended-security-updates-enabled-by-azure-arc).
+
+
+## Next steps
+
+- Learn about the [supported regions for Azure VMs and Arc-enabled servers](supported-regions.md).
+- Learn on the [Update sources, types](support-matrix.md) managed by Azure Update Manger.
+- Know more on [supported OS and system requirements for machines managed by Azure Update Manager](support-matrix-updates.md).
+- Learn on [Automatic VM guest patching](support-matrix-automatic-guest-patching.md).
+- Learn more on [unsupported OS and Custom VM images](unsupported-workloads.md).
+- Learn more on how to [configure Windows Update settings](configure-wu-agent.md) to work with Azure Update Manager.
+- Learn about [security vulnerabilities and Ubuntu Pro support](security-awareness-ubuntu-support.md).
+

articles/update-manager/manage-arc-enabled-servers-programmatically.md

@@ -74,7 +74,7 @@ The following table describes the elements of the request body:
 | `windowsParameters - kbNumbersToExclude` | List of Windows Update KB Ids that are available to the machine and that should **not** be installed. If you've included any 'classificationsToInclude', the KBs available in the category will be installed. 'kbNumbersToExclude' is an option to provide list of specific KB IDs that you want to ensure don't get installed. For example: `5678`  |
 | `maxPatchPublishDate` | This is used to install patches that were published on or before this given max published date.| 
 | `linuxParameters` | Parameter options for Guest OS update when machine is running supported Linux distribution |
-| `linuxParameters - classificationsToInclude` | List of categories or classifications of OS updates to apply, as supported & provided by Linux OS's package manager used. Acceptable values are: `Critical, Security, Others`. For more information, see [Linux package manager and OS support](./support-matrix.md#supported-operating-systems). |
+| `linuxParameters - classificationsToInclude` | List of categories or classifications of OS updates to apply, as supported & provided by Linux OS's package manager used. Acceptable values are: `Critical, Security, Others`. For more information, see [Linux package manager and OS support](support-matrix-updates.md#azure-marketplacepir-images). |
 | `linuxParameters - packageNameMasksToInclude` | List of Linux packages that are available to the machine and need to be installed. If you've included any 'classificationsToInclude', the packages available in the category will be installed. 'packageNameMasksToInclude' is an option to provide list of packages over and above that you want to get installed. For example: `mysql, libc=1.0.1.1, kernel*` |
 | `linuxParameters - packageNameMasksToExclude` | List of Linux packages that are available to the machine and should **not** be installed. If you've included any 'classificationsToInclude', the packages available in the category will be installed. 'packageNameMasksToExclude' is an option to provide list of specific packages that you want to ensure don't get installed. For example: `mysql, libc=1.0.1.1, kernel*` |
 
@@ -193,7 +193,7 @@ The following table describes the elements of the request body:
 | `properties.maintenanceScope` | Gets or sets maintenanceScope of the configuration |
 | `properties.maintenanceWindow.duration` | Duration of the maintenance window in HH:mm format. If not provided, default value will be used based on maintenance scope provided. Example: 05:00. |
 | `properties.maintenanceWindow.expirationDateTime` | Effective expiration date of the maintenance window in YYYY-MM-DD hh:MM format. The window is created in the time zone provided to daylight savings according to that time zone. You must set the expiration date to a future date. If not provided, it will be set to the maximum datetime 9999-12-31 23:59:59. |
-| `properties.maintenanceWindow.recurEvery` | Rate at which a Maintenance window is expected to recur. The rate can be expressed as daily, weekly, or monthly schedules. You can format daily schedules as recurEvery: [Frequency as integer]['Day(s)']. If no frequency is provided, the default frequency is 1. Daily schedule examples are recurEvery: Day, recurEvery: 3Days. Weekly schedule are formatted as recurEvery: [Frequency as integer]['Week(s)'] [Optional comma separated list of weekdays Monday-Sunday]. Weekly schedule examples are recurEvery: 3Weeks, recurEvery: Week Saturday, Sunday. You can format monthly schedules as [Frequency as integer]['Month(s)'] [Comma separated list of month days] or [Frequency as integer]['Month(s)'] [Week of Month (First, Second, Third, Fourth, Last)] [Weekday Monday-Sunday]. Monthly schedule examples are recurEvery: Month, recurEvery: 2Months, recurEvery: Month day23, day24, recurEvery: Month Last Sunday, recurEvery: Month Fourth Monday. |
+| `properties.maintenanceWindow.recurEvery` | Rate at which a Maintenance window is expected to recur. The rate can be expressed as daily, weekly, or monthly schedules. You can format daily schedules as recurEvery: [Frequency as integer]['Day(s)']. If no frequency is provided, the default frequency is 1. Daily schedule examples are recurEvery: Day, recurEvery: 3Days. Weekly schedules are formatted as recurEvery: [Frequency as integer]['Week(s)'] [Optional comma separated list of weekdays Monday-Sunday]. Weekly schedule examples are recurEvery: 3Weeks, recurEvery: Week Saturday, Sunday. You can format monthly schedules as [Frequency as integer]['Month(s)'] [Comma separated list of month days] or [Frequency as integer]['Month(s)'] [Week of Month (First, Second, Third, Fourth, Last)] [Weekday Monday-Sunday]. Monthly schedule examples are recurEvery: Month, recurEvery: 2Months, recurEvery: Month day23, day24, recurEvery: Month Last Sunday, recurEvery: Month Fourth Monday. |
 | `properties.maintenanceWindow.startDateTime` | 	Effective start date of the maintenance window in YYYY-MM-DD hh:mm format. You can set the start date to either the current date or future date. The window will be created in the time zone provided and adjusted to daylight savings according to that time zone. |
 | `properties.maintenanceWindow.timeZone` |	Name of the timezone. You can obtain the list of timezones by executing [System.TimeZoneInfo]:GetSystemTimeZones() in PowerShell. Example: Pacific Standard Time, UTC, W. Europe Standard Time, Korea Standard Time, Cen. Australia Standard Time. |
 | `properties.namespace` | 	Gets or sets namespace of the resource |

articles/update-manager/security-awareness-ubuntu-support.md

@@ -4,7 +4,7 @@ description: Guidance on security awareness and Ubuntu Pro support in Azure Upda
 author: snehasudhirG
 ms.service: azure-update-manager
 ms.topic: overview
-ms.date: 09/06/2024
+ms.date: 02/26/2025
 ms.author: sudhirsneha
 ---
 
@@ -34,7 +34,10 @@ You can continue to use the Azure Update Manager [capabilities](updates-maintena
 
 
 ## Next steps
-- [An overview on Azure Update Manager](overview.md)
-- [View updates for single machine](view-updates.md) 
-- [Deploy updates now (on-demand) for single machine](deploy-updates.md) 
-- [Schedule recurring updates](scheduled-patching.md)
+-- Learn about the [supported regions for Azure VMs and Arc-enabled servers](supported-regions.md).
+- Learn on the [Update sources, types](support-matrix.md) managed by Azure Update Manger.
+- Know more on [supported OS and system requirements for machines managed by Azure Update Manager](support-matrix-updates.md).
+- Learn on [Automatic VM guest patching](support-matrix-automatic-guest-patching.md).
+- Learn more on [unsupported OS and Custom VM images](unsupported-workloads.md).
+- Learn more on how to [configure Windows Update settings](configure-wu-agent.md) to work with Azure Update Manager. 
+- Learn about [Extended Security Updates (ESU) using Azure Update Manager](extended-security-updates.md).

articles/update-manager/support-matrix-automatic-guest-patching.md

@@ -0,0 +1,37 @@
+---
+title: Automatic Guest Patching for Azure Virtual Machines
+description: Learn how to automatically patch your Azure Virtual Machines and Scale Sets using Azure Update Manager. This article provides an overview of supported OS images, configuration steps, and best practices for maintaining security compliance through automatic guest patching.
+ms.service: azure-update-manager
+author: SnehaSudhirG
+ms.author: sudhirsneha
+ms.date: 03/07/2025
+ms.topic: overview
+---
+# Automatic guest patching for Azure virtual machines
+
+**Applies to:** :heavy_check_mark: Linux VMs :heavy_check_mark: Windows VMs
+
+By enabling automatic guest patching for your Azure Virtual Machines (VMs), you can automatically and securely patch your VMs to ensure they remain compliant with security standards."
+
+## Supported OS images
+
+Automatic VM guest patching, on-demand patch assessment and on-demand patch installation are supported only on VMs created from images with the exact combination of publisher, offer and sku from the below supported OS images list. Custom images or any other publisher, offer, sku combinations aren't supported. More images are added periodically. Don't see your SKU in the list? Request support by filing out [Image Support Request](https://forms.microsoft.com/r/6vfSgT0mFx).
+
+If [automatic VM guest patching](/azure/virtual-machines/automatic-vm-guest-patching) is enabled on a VM, then the available Critical and Security patches are downloaded and applied automatically on the VM.
+
+>[!NOTE]
+> Only x64 operating systems are currently supported. Neither ARM64 nor x86 are supported for any operating system.
+
+## Customized images
+
+For VMs created from customized images even if the Patch orchestration mode is set to `Azure Orchestrated/AutomaticByPlatform`, automatic VM guest patching doesn't work. We recommend that you use scheduled patching to patch the machines by defining your own schedules or install updates on-demand.
+
+## Next steps
+
+- Learn about the [supported regions for Azure VMs and Arc-enabled servers](supported-regions.md).
+- Learn on the [Update sources, types](support-matrix.md) managed by Azure Update Manger.
+- Know more on [supported OS and system requirements for machines managed by Azure Update Manager](support-matrix-updates.md).
+- Learn more on [unsupported OS and Custom VM images](unsupported-workloads.md).
+- Learn more on how to [configure Windows Update settings](configure-wu-agent.md) to work with Azure Update Manager. 
+- Learn about [Extended Security Updates (ESU) using Azure Update Manager](extended-security-updates.md).
+- Learn about [security vulnerabilities and Ubuntu Pro support](security-awareness-ubuntu-support.md).