You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# Automatic Guest Patching for Azure Virtual Machines and Scale Sets
14
14
15
15
> [!CAUTION]
16
16
> This article references CentOS, a Linux distribution that is nearing End Of Life (EOL) status. Please consider your use and plan accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md).
17
17
18
18
**Applies to:**:heavy_check_mark: Linux VMs :heavy_check_mark: Windows VMs :heavy_check_mark: Flexible scale sets
19
19
20
-
Enabling automatic VM guest patching for your Azure VMs helps ease update management by safely and automatically patching virtual machines to maintain security compliance, while limiting the blast radius of VMs.
20
+
Enabling automatic guest patching for your Azure Virtual Machines (VMs) and Scale Sets (VMSS) helps ease update management by safely and automatically patching virtual machines to maintain security compliance, while limiting the blast radius of VMs.
21
21
22
22
Automatic VM guest patching has the following characteristics:
23
23
- Patches classified as *Critical* or *Security* are automatically downloaded and applied on the VM.
24
24
- Patches are applied during off-peak hours for IaaS VMs in the VM's time zone.
25
25
- Patches are applied during all hours for VMSS Flex.
26
-
-Patch orchestration is managed by Azure and patches are applied following[availability-first principles](#availability-first-updates).
26
+
-Azure manages the patch orchestration and follows[availability-first principles](#availability-first-updates).
27
27
- Virtual machine health, as determined through platform health signals, is monitored to detect patching failures.
28
28
- Application health can be monitored through the [Application Health extension](../virtual-machine-scale-sets/virtual-machine-scale-sets-health-extension.md).
29
29
- Works for all VM sizes.
@@ -34,7 +34,7 @@ If automatic VM guest patching is enabled on a VM, then the available *Critical*
34
34
35
35
The VM is assessed periodically every few days and multiple times within any 30-day period to determine the applicable patches for that VM. The patches can be installed any day on the VM during off-peak hours for the VM. This automatic assessment ensures that any missing patches are discovered at the earliest possible opportunity.
36
36
37
-
Patches are installed within 30 days of the monthly patch releases, following availability-first orchestration described below. Patches are installed only during off-peak hours for the VM, depending on the time zone of the VM. The VM must be running during the off-peak hours for patches to be automatically installed. If a VM is powered off during a periodic assessment, the VM will be automatically assessed and applicable patches will be installed automatically during the next periodic assessment (usually within a few days) when the VM is powered on.
37
+
Patches are installed within 30 days of the monthly patch releases, following availability-first orchestration. Patches are installed only during off-peak hours for the VM, depending on the time zone of the VM. The VM must be running during the off-peak hours for patches to be automatically installed. If a VM is powered off during a periodic assessment, the platform will automatically assess and apply patches (if required) during the next periodic assessment (usually within a few days) when the VM is powered on.
38
38
39
39
Definition updates and other patches not classified as *Critical* or *Security* won't be installed through automatic VM guest patching. To install patches with other patch classifications or schedule patch installation within your own custom maintenance window, you can use [Update Management](./windows/tutorial-config-management.md#manage-windows-updates).
0 commit comments