| title | Cross Subscription Patching in Azure Update Manager |
|---|---|
| description | Discover the overview, key benefits, and limitations of cross-subscription patching in Azure Update Manager. Centralize patch management for Windows, Linux, and hybrid environments across multiple Azure subscriptions. |
| ms.service | azure-update-manager |
| ms.date | 02/04/2025 |
| ms.topic | concept-article |
| author | habibaum |
| ms.author | v-uhabiba |
| ms.update-cycle | 1095-days |
Applies to: ✔️ Windows VMs ✔️ Linux VMs ✔️ On-premises environment ✔️ Azure Arc-enabled servers.
Azure Update Management offers a straightforward and efficient solution for managing asset patching within a subscription. The capability is beneficial for organizations with resources distributed across various subscriptions, ensuring consistent and streamlined patch management.
However, its capabilities go well beyond this. With proper configuration, you can manage and apply patches across multiple Azure subscriptions from a centralized location.
- Operational Efficiency: You can centralize the management of patches, reducing the complexity and time required for patch management. This leads to more streamlined operations.
- Improved Reliability: Regular and consistent patching across all subscriptions helps maintain system stability and reduces downtime caused by unpatched vulnerabilities.
-
Azure Resource Manager (Arc)-connected hosts: Non-Azure hosts connected to Azure through Arc, subject to Arc prerequisites and Azure Update Manager supported regions
-
Azure VM - Native virtual machines created in Azure.
-
Windows: Cross-subscription patching supports various versions of Windows Server and Windows operating systems. Ensure that your Windows devices are up-to-date and compatible with the patching process. For more information, see support matrix for Arc-connected hostsand Azure VM for supported images
-
Linux: Cross-subscription patching also supports multiple Linux distributions, including most mainstream distributions like Ubuntu, CentOS, and Red Hat Enterprise Linux (RHEL) etc. Ensure that your Linux devices meet the necessary requirements for patching. For more information, seesupport matrix for Arc-connected hosts and Azure VM for supported images.
Note
If VMs running unsupported images are included in the schedule, the maintenance configuration (i.e., patch job) will fail.
Rate limits - To manage a large number of assets through API/SPN (Service Principal), be mindful of rate limits and distribute the load among multiple Service principals to avoid any throttling issues.
- Learn more on how to enable cross-subscription patching either through Azure CLI or portal.
- Learn more about Dynamic scope, an advanced capability of schedule patching.
- Learn about pre and post events to automatically perform tasks before and after a scheduled maintenance configuration.