Merge pull request #301165 from habibaum/11Jun-suppotability-updates

Supportability updates

Author: v-ccolin

articles/update-manager/updates-maintenance-schedules.md

@@ -2,7 +2,7 @@
 title: Updates and maintenance in Azure Update Manager
 description: This article describes the updates and maintenance options available in Azure Update Manager.
 ms.service: azure-update-manager
-ms.date: 10/28/2024
+ms.date: 06/11/2025
 ms.topic: overview
 author: habibaum
 ms.author: v-uhabiba
@@ -12,6 +12,10 @@ ms.author: v-uhabiba
 
 **Applies to:** :heavy_check_mark: Windows VMs :heavy_check_mark: Linux VMs :heavy_check_mark: On-premises environment :heavy_check_mark: Azure Arc-enabled servers.
 
+>[!IMPORTANT]
+> - For a seamless scheduled patching experience, we recommend that for all Azure virtual machines (VMs), you update the patch orchestration to **Customer Managed Schedules**. 
+> - For Arc-enabled servers, the updates and maintenance options such as Automatic VM Guest patching in Azure, Windows automatic updates and Hotpatching aren't supported.
+
 This article provides an overview of the various update options and orchestration in Azure Update Manager.
 
 ## Update Options
@@ -39,12 +43,12 @@ Automatic OS upgrade has the following characteristics:
 
 ### Automatic VM guest patching
 
-When you enable [automatic VM guest patching](/azure/virtual-machines/automatic-vm-guest-patching) on your Azure VMs, it helps ease Azure Update Manager to safely and automatically patch virtual machines to maintain security compliance.
+When you enable [automatic VM guest patching](/azure/virtual-machines/automatic-vm-guest-patching) on your Azure VMs, patching of Security and Critical updates to your VMs will be handled by Azure, and you will not control the timing nor choose which classifications or updates to install.
 
 Automatic VM guest patching has the following characteristics:
 - Patches classified as *Critical* or *Security* are automatically downloaded and applied on the VM.
-- Patches are applied during off-peak hours for IaaS VMs in the time zone of the datacenter hosting the VM.
-- Patches are applied during all hours for Azure Virtual Machine Scale Sets [VMSS Flexible orchestration](/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-orchestration-modes#scale-sets-with-flexible-orchestration).
+- Patches are applied during off-peak hours for IaaS VMs in the VM's time zone of the datacenter where they are hosted.
+- Patches are applied during all hours for Azure Virtual Machine Scale Sets [Virtual Machine Scale Sets Flexible orchestration](/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-orchestration-modes#scale-sets-with-flexible-orchestration).
 - Patch orchestration is managed by Azure and patches are applied following [availability-first principles](/azure/virtual-machines/automatic-vm-guest-patching#availability-first-updates).
 - Virtual machine health, as determined through platform health signals, is monitored to detect patching failures.
 -  You can monitor application health through the [Application Health Extension](/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-health-extension).
@@ -67,7 +71,7 @@ To enable the VM property, follow these steps:
 
 ## Hotpatching
 
-[Hotpatching](/windows-server/get-started/hotpatch?context=%2Fazure%2Fvirtual-machines%2Fcontext%2Fcontext) allows you to install OS security updates on supported *Windows Server Datacenter: Azure Edition* virtual machines that don't require a reboot after installation. It works by patching the in-memory code of running processes without the need to restart the process. With Hotpatching, reboots will be typically be required for the installation of patches on every third month rather than every month.
+[Hotpatching](/windows-server/get-started/hotpatch?context=%2Fazure%2Fvirtual-machines%2Fcontext%2Fcontext) allows you to install OS security updates on supported *Windows Server Datacenter: Azure Edition* virtual machines that don't require a reboot after installation. It works by patching the in-memory code of running processes without the need to restart the process. With Hotpatching, reboots will typically be required for the installation of patches on every third month rather than every month.
 
 Following are the features of Hotpatching:
 
@@ -98,8 +102,7 @@ Automatic Extension Upgrade has the following features:
 This mode of patching allows operating system to automatically install updates on Windows VMs as soon as they're available. It uses the VM property that is enabled by setting the patch orchestration to OS orchestrated/Automatic by OS.
 
 > [!NOTE]
-> - Windows automatic updates is not an Azure Update Manager setting but a Windows level setting.
-> - Azure Update Manager doesn't support [In-place upgrade for VMs running Windows Server in Azure](/azure/virtual-machines/windows-in-place-upgrade).
+> - Windows automatic updates are not an Azure Update Manager setting, but a Windows-level setting.
 
 ## Update or Patch orchestration
 
@@ -122,7 +125,7 @@ Use [scheduled patching](scheduled-patching.md) to create and save recurring dep
 > Patch orchestration property for Azure machines should be set to **Customer Managed Schedules** as it is a prerequisite for scheduled patching. For more information, see the [list of prerequisites](scheduled-patching.md#prerequisites-for-scheduled-patching).
 
 > [!IMPORTANT]
-> - It is not possible to configure Patch Settings for Arc-enabled servers.
+> - For a seamless scheduled patching experience, we recommend that for all Azure VMs, you must update the patch orchestration to **Customer Managed Schedules**. If you fail to update the patch orchestration, you can experience a disruption in business continuity because the schedules will fail to patch the VMs. [Learn more](prerequsite-for-schedule-patching.md).
  
 
 ## Next steps