- Digital Workplace
- Microsoft
Development is racing ahead at a historic pace, and new winds are blowing. Not least at Microsoft, where changes are coming in rapid succession. Some smaller, others larger and more profound.
On that note, Microsoft has announced that server updates through Windows Server Update Service (WSUS) are now on the list of products being phased out. The vision is for a more simple Windows administration from the cloud. What does this mean for you? What opportunities do you have? Here’s an overview.
There are, however, other options and direct alternatives to WSUS – and they are easy to access, says Jesper Graff Ebbesen, Senior Cloud Architect at Danoffice IT.
"The recommendation, both from Microsoft and from us, is to switch to update tools such as Windows Autopatch and Intune for client update management. And for managing server updates, Azure Update Manager is recommended," he explains and continues:
"The key here is Azure Update Manager because it simply offers more than WSUS. The core of it all is visibility, monitoring, and management. It’s about gaining insight. And about having an overview over your updates. There are several parameters where it is better than WSUS. It comes with visibility, monitoring, and flexible patching options. And you get many opportunities to set up efficient automation."
"It’s about gaining insight. And about having an overview over your updates. There are several parameters where Azure Update Manager is better than WSUS. It comes with visibility, monitoring, and flexible patching options. And you get many opportunities to set up efficient automation."
Jesper Graff Ebbesen, Senior Cloud Architect, Danoffice IT
Get an Overview of Updates
We don’t need to say it out loud: A secure IT environment requires having a clear overview of your updates at all times. "We continue to see that people don’t have a good overview of their server updates, and with WSUS, you're limited in your options – at least with a present and future-oriented perspective. That’s why it makes sense to switch to Azure Update Manager, where you have a tool that is up-to-date and future-proof. The monitoring that comes with it is a huge advantage, as it provides completely new insights for the customer," says Jesper Graff Ebbesen.
"Update practices vary widely. We often see that it’s done sporadically. Unfortunately, many don’t have the proper overview, and it can be an eye-opener for them to see the possibilities that actually exist with the Update Manager, as there is a high degree of automation, which means they can avoid manual processes," he adds.
What is Azure Update Manager?
Azure Update Manager is a comprehensive service designed to manage and control software updates for all your servers, whether they run on Windows or Linux, across Azure, on-premises, and other cloud environments connected through Azure Arc.
Selected Key Features:
-
Unified Update Management: Monitor update compliance across all your servers from a single dashboard
-
Flexible Patch Options: Schedule updates in defined windows, apply updates in real-time. Automatic VM guest patching for Azure VMs without manual intervention
-
Security and Compliance Tracking: Apply security and critical patches with enhanced compliance tracking
-
Custom Reporting and Alerts: Build custom dashboards for reporting and alerts
-
Granular Access Control: Role-based access control for patch management
A New Link
Azure Update Manager uses an agent, Azure Arc, which is installed on the servers that the company wants to include in Azure. From Microsoft's side, it is meant to act as a link. But according to Jesper, there is an important point of attention here. "If you have deployed Azure Arc in your environment, you actually already have Azure Update Manager available, but it needs to be set up correctly," emphasizes Jesper Graff Ebbesen.
"Azure Arc is a platform that allows you to manage, secure, and control resources across on-premises environments, edge, and multiple cloud environments by extending Azure services. However, many are not fully aware of what the Azure Arc agent has access to. Therefore, it’s important to decide what Arc should be used for and configure it for that purpose. If you don’t do that, Azure may be able to perform elevated actions against the local OS. In other words, there could be gaps if you have deployed Azure Arc at some point, and you need to get control over that – our specialists can help with that."
FAQ WSUS vs Azure Update Manager
Which operating systems are supported by Azure Update Manager?
All Windows Server operating systems from version 2012 and onward. Additionally, there is support for a wide range of Linux operating systems.
What is Azure Arc – Hybrid and Multicloud Management?
Azure Arc is a platform that enables you to manage, secure, and control resources across on-premises environments, edge, and multiple cloud environments by extending Azure services. It provides a consistent management experience and allows you to apply Azure services such as Azure Policy, Azure Monitor, and Azure Security Center across different environments.
Is WSUS completely obsolete?
No, WSUS remains available in Windows Server 2025 and will be supported at least until 2035.
What if we’re NOT in Azure?
We can run this entirely independently. There's no need to worry about Azure Landing Zones or networks. However, we do use the best practices from Azure, including proper naming conventions.
How should security be handled with Azure Arc?
It’s important to critically assess your Azure Arc implementation and consider the following elements:
-
Whitelisting extensions
-
Reflection of any On-Prem Tiering implementation
-
Maintenance of the Azure Connected Machine Agent (Arc Agent)
How much does Azure Update Manager cost?
For Azure VMs and Arc-enabled servers with active Software Assurance (SA), Azure Update Manager is free. For all other operating systems, the list price is $5 per server per month.
Proactive Security
The automated processes that are part of Azure Update Manager create new efficiency within the company. "We know of companies that update all their servers at once, once a month, outside of working hours. Not particularly efficient. So, if your WSUS or update process is manual, then Update Manager is an obvious solution," explains Jesper.
"This product has so many benefits, and the common denominator is being proactive and efficient. In Update Manager, we push updates virtually hour by hour. All updates that do not require a reboot of the customer's system – and which the customer doesn't have to handle manually," he adds. However, since no two starting points are the same, he emphasizes that there are many customization options. "We can set up a wide range of dynamic rules for both manual and automatic updates. And because Azure Update Manager provides both us and the customer with a much better overview of errors and missing updates, this solution puts you in a very strong position," concludes Jesper Graff Ebbesen, Senior Cloud Architect at Danoffice IT.
MORE WITH MICROSOFT
-
Windows 10-11 migrationThe window is closing in October. Microsoft is closing down Windows 10 for good and with that, they are inviting the users over to Windows 11. -
An updated overview?Microsoft announced that server updates through Windows Server Update Service, WSUS, are now on the list of products being phased out. What does this mean for you?
-
Microsoft 365 Security Baseline:Security Baseline is a review of your overall security in Microsoft 365. However, the premise is that we view it all in the context of an actual threat. We look at what the status is as of today and why it is crucial to revisit your security parameters.
-
Microsoft brings an end to Cloud Only Enterprise licensesIt is now public that all clients with Cloud only-plans on Microsoft’s long-running Enterprise Agreement License program are looking into a new future. Existing contracts are to be transferred to new plans and programs as of January 2025.
-
CASE: Intelligent Line ClearanceDiscover how to revolutionize your pharmaceutical manufacturing processes and achieve a significant 50% reduction in line clearance time.
-
New Licensing StructureAs a result of the changes in the licensing structure by Microsoft, we are getting a lot of calls for help to break free from partnerships that are locked in.
-
Guaranteed the right helpSystem administrators have poor options when a critical breakdown hit their IT infrastructure We offer the concept of Microsoft Critical Preparedness.
-
Take-Off with CopilotMicrosoft Copilot is now available and many have started their AI journey. We share 5 great tips and how we can help you get well on your way.
-
Free Microsoft Premier SupportWe go the extra mile to protect our Microsoft customers. We actually provide free Microsoft Premier Support on the products we supply to ensure that you are secure.
-
CASE: Lenovo for InfomediaWalking hand-in-hand and having each other’s back is the be-all and end-all when forming a great relationship between two parties in business.
-
Microsoft’s prices are increasingThis is no longer news to some of us, but to many people, this is a change they are not prepared to face. As of April 1, the prices of all Microsoft licenses are increasing by 11%.
