Share via

Azure Update Manager and Periodic Assessments

Russ Meyer 0 Reputation points
2025-06-15T17:49:08.9566667+00:00

Been looking at azure update manager as a possible solution for patching servers. Since we are mostly cloud it makes sense, and we have boxes joined with Azure Arc. Created different policies based on the needs of the systems ie side A, side B, general, definition updates, backup systems, etc.

while its knocking out sec intelligence updates without issue, it seems to be skipping the periodic assessments which should be done every 24 hrs (and they are enabled on all boxes). Also noticing that sometimes the schedule doesnt run at all yet the policy was in there a week ahead of time.

Anyone else have had issues with Azure Arc and multiple schedules?

Azure Update Manager
Azure Update Manager
An Azure service to centrally manages updates and compliance at scale.

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ashok Gandhi Kotnana 10,430 Reputation points Microsoft External Staff Moderator
    2025-06-16T09:55:12.6166667+00:00

    Hi @Russ Meyer,

    Make sure the Azure Connected Machine agent (on your Arc servers) is fully up-to-date and healthy. If the agent is offline or having communication issues, it might cause the schedule to be missed.

    reference: https://learn.microsoft.com/en-us/azure/azure-arc/servers/agent-release-notes

    In some cases, the machine itself may prevent successful assessments. One real-world example: a Windows server had a Group Policy/registry setting forcing Windows Update to use an internal WSUS server (UseWUServer=1) but that WSUS was not reachable, causing Azure Update Manager’s assessment to fail each time with an error. The error code was 0x80244022 (HTTP 503 from Windows Update) meaning the update service was unavailable.

    Resolution: Once the registry was changed to Use WUServer=0 (allow direct Microsoft Update), Azure Update Manager could assess and patch the machine successfully66. Lesson: Ensure the server’s update source settings allow it to reach Microsoft Update (or the configured source is online) so the assessment can query updates.

     Review Logs and History: In the Azure Portal, check the Update Manager -> History or the particular maintenance configuration’s history around the expected run time. See if the attempt is succeeded or any error.

     Azure Policy for Compliance: Leverage Azure Policy to enforce patch settings. Microsoft provides built-in policies such as “Machines should be configured to periodically check for missing updates” and policies to require a maintenance schedule on VMs. By assigning these, you can get a compliance report of how many machines adhere to your update policy.

     If you relied on a policy assignment and notice some VMs still not assessing every 24h, manually remediate or enable the setting on those machines.

    reference: https://learn.microsoft.com/en-us/azure/update-manager/update-manager-faq

    Hope this helps!

    let us know if any help, we will always help as you needed.!

    User's image

    Please do not forget to "Accept the answer” and upvote it wherever the information provided helps you, this can be beneficial to other community members.it would be greatly appreciated and helpful to others.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.