You can use the Update Management solution to manage updates and patches for your Windows and Linux virtual machines. From your Azure Automation account, you can:
- Onboard virtual machines
- Assess the status of available updates
- Schedule installation of required updates
- Review deployment results to verify that updates were applied successfully to all virtual machines for which Update Management is enabled
Prerequisites
To use Update Management, you need:
- An Azure Automation Run As account. To learn how to create one, see Getting started with Azure Automation.
- A virtual machine or computer with one of the supported operating systems installed.
Supported operating systems
Update Management is supported on the following operating systems:
| Operating system | Notes |
| Windows Server 2008, Windows Server 2008 R2 RTM | Supports only update assessments. |
| Windows Server 2008 R2 SP1 and later | Windows PowerShell 4.0 or later is required. (Download WMF 4.0) Windows PowerShell 5.1 is recommended for increased reliability. (Download WMF 5.1) |
| CentOS 6 (x86/x64) and 7 (x64) | Linux agents must have access to an update repository. |
| Red Hat Enterprise 6 (x86/x64) and 7 (x64) | Linux agents must have access to an update repository. |
| SUSE Linux Enterprise Server 11 (x86/x64) and 12 (x64) | Linux agents must have access to an update repository. |
| Ubuntu 12.04 LTS, 14.04 LTS, and 16.04 LTS (x86/x64) | Linux agents must have access to an update repository. |
Enable Update Management for Azure virtual machines
From the left-hand side panel, click on Update Management. 
In the Azure portal, open your Automation account, and then select Update management.
Once Click the under the VM update management data under Update Management panel show the particular VM Update Information. If you need to Manage More VM Add and Manage multiple machine Click Top of the Update Management “manage multiple machines” option.
Select Update Management “manage multiple machines” option
Select Add Azure VMs.
Select a virtual machine to onboard.
Under Enable Update Management, select Enable to onboard the virtual machine. (for Enable the Machine VM Status should be Running if VM is Stopped you cannot Enable.
Enable Update Management for non-Azure virtual machines and computers
To learn how to enable Update Management for non-Azure Windows virtual machines and computers, see Connect Windows computers to the Log Analytics service in Azure.
To learn how to enable Update Management for non-Azure Linux virtual machines and computers, see Connect your Linux computers to Log Analytics.
View computers attached to your Automation account
After you enable Update Management for your machines, you can view machine information by selecting Computers. You can see information about machine name, compliance status, environment, OS type, critical and security updates installed, other updates installed, and update agent readiness for your computers.
Here’s a list of possible values for compliance state:
- Compliant: Computers that are not missing critical or security updates.
- Non-compliant: Computers that are missing at least one critical or security update.
- Not assessed: The update assessment data hasn’t been received from the computer within the expected timeframe. For Linux computers, the expect timeframe is in the last 3 hours. For Windows computers, the expected timeframe is in the last 12 hours.
Install a Hybrid Runbook Worker
Hybrid Runbook Workers allow you to run runbooks within your Azure, non-Azure, and on-premises machines. Use a hybrid runbook worker to manage on-premises resources using runbooks from your Automation account. You can also use the hybrid runbook worker to run scripts within the machine to manage machine and application configuration, to audit state, and to troubleshoot and remediate machine or application issues.
Schedule an update deployment
To install updates, schedule a deployment that aligns with your release schedule and service window. You can choose which update types to include in the deployment. For example, you can include critical or security updates and exclude update rollups.
To schedule a new update deployment for one or more virtual machines, under Update management, select Schedule update deployment.
In the New update deployment pane, specify the following information:
- Name: Enter a unique name to identify the update deployment.
- Operating system: Select Windows or Linux.
- Machines to update: Select the virtual machines that you want to update. The readiness of the machine is shown in the UPDATE AGENT READINESS column. You can see the health state of the machine before you schedule the update deployment.
- Update classification: Select the types of software to include in the update deployment. For a description of the classification types, see Update classifications. The classification types are:
- Updates to exclude: Selecting this option opens the Exclude page. Enter the KB articles or package names to exclude.
- Schedule settings: You can accept the default date and time, which is 30 minutes after the current time. You can also specify a different time.
You can also specify whether the deployment occurs once or on a recurring schedule. To set up a recurring schedule, under Recurrence, select Recurring.
Once the schedule is created we can see it under Scheduled update deployments tab.
