Support matrix for Azure Update Manager
Caution
This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Azure Update Manager will soon cease to support it. Please consider your use and planning accordingly.
This article details the Windows and Linux operating systems supported and system requirements for machines or servers managed by Azure Update Manager. The article includes the supported regions and specific versions of the Windows Server and Linux operating systems running on Azure virtual machines (VMs) or machines managed by Azure Arc-enabled servers.
Supported operating systems
Note
- All operating systems are assumed to be x64. For this reason, x86 isn't supported for any operating system.
Support for automatic VM Guest patching
If automatic VM guest patching is enabled on a VM, then the available Critical and Security patches are downloaded and applied automatically on the VM.
- For marketplace images, see the list of supported OS images.
- For VMs created from customized images even if the Patch orchestration mode is set to
Azure Orchestrated/AutomaticByPlatform
, automatic VM guest patching doesn't work. We recommend that you use scheduled patching to patch the machines by defining your own schedules or install updates on-demand.
Support for Check for Updates/One time Update/Periodic assessment and Scheduled patching
Azure Marketplace/PIR images
The Azure Marketplace image has the following attributes:
- Publisher: The organization that creates the image. Examples are
Canonical
andMicrosoftWindowsServer
. - Offer: The name of the group of related images created by the publisher. Examples are
UbuntuServer
andWindowsServer
. - SKU: An instance of an offer, such as a major release of a distribution. Examples are
18.04LTS
and2019-Datacenter
. - Version: The version number of an image SKU.
Update Manager supports the following operating system versions on VMs for all operations except automatic VM guest patching. You might experience failures if there are any configuration changes on the VMs, such as package or repository.
Following is the list of supported images and no other marketplace images released by any other publisher are supported for use with Azure Update Manager.
Supported Windows OS versions
Publisher | Offer | Plan | Unsupported image(s) |
---|---|---|---|
center-for-internet-security-inc | cis-windows-server-2012-r2-v2-2-1-l2 | cis-ws2012-r2-l2 | |
center-for-internet-security-inc | cis-windows-server-2016-v1-0-0-l1 | cis--l1 | |
center-for-internet-security-inc | cis-windows-server-2016-v1-0-0-l2 | cis-ws2016-l2 | |
center-for-internet-security-inc | cis-windows-server-2019-v1-0-0-l1 | cis-ws2019-l1 | |
center-for-internet-security-inc | cis-windows-server-2019-v1-0-0-l2 | cis-ws2019-l2 | |
center-for-internet-security-inc | cis-windows-server-2022-l1 | cis-windows-server-2022-l1 cis-windows-server-2022-l1-gen2 |
|
center-for-internet-security-inc | cis-windows-server-2022-l2 | cis-windows-server-2022-l2 cis-windows-server-2022-l2-gen2 |
|
center-for-internet-security-inc | cis-windows-server | cis-windows-server2016-l1-gen1 cis-windows-server2019-l1-gen1 cis-windows-server2019-l1-gen2 cis-windows-server2019-l2-gen1 cis-windows-server2022-l1-gen2 cis-windows-server2022-l2-gen2 cis-windows-server2022-l1-gen1 |
|
hpc2019-windows-server-2019 | hpc2019-windows-server-2019 | ||
sql2016sp2-ws2016 | standard | ||
sql2017-ws2016 | enterprise | ||
sql2017-ws2016 | standard | ||
sql2019-ws2019 | enterprise | ||
sql2019-ws2019 | sqldev | ||
sql2019-ws2019 | standard | ||
sql2019-ws2019 | standard-gen2 | ||
cognosys | sql-server-2016-sp2-std-win2016-debug-utilities | sql-server-2016-sp2-std-win2016-debug-utilities | |
filemagellc | filemage-gateway-vm-win | filemage-gateway-vm-win-001 filemage-gateway-vm-win-002 |
|
github | github-enterprise | github-enterprise | |
matillion | matillion | matillion-etl-for-snowflake | |
microsoft-ads | windows-data-science-vm | windows2016 windows2016byol |
|
microsoft-dsvm | ubuntu-1804 | 1804-gen2 | |
microsoft-dvsm | dsvm-windows dsvm-win-2019 dsvm-win-2022 |
* * * |
|
microsoftazuresiterecovery | process-server | windows-2012-r2-datacenter | |
microsoftbiztalkserver | biztalk-server | * | |
microsoftdynamicsax | dynamics | * | |
microsoftpowerbi | * | * | |
microsoftsharepoint | microsoftsharepointserver | * | |
microsoftsqlserver | sql2016sp1-ws2016 | standard | |
microsoftvisualstudio | Visualstudio* | *-ws2012r2 *-ws2016-ws2019 *-ws2022 |
|
microsoftwindowsserver | windows server | windowsserver 2008 | |
microsoftwindowsserver | windows-cvm | * | |
microsoftwindowsserver | windowsserver-gen2preview | * | |
microsoftwindowsserver | windowsserverdotnet | * | |
microsoftwindowsserver | windowsserverupgrade | * | |
microsoftwindowsserverhpcpack | windowsserverhpcpack | * | |
netapp | netapp-oncommand-cloud-manager | occm-byol |
Supported Linux OS versions
Publisher | Offer | Plan | Unsupported image(s) |
---|---|---|---|
ad-dc-2016 | ad-dc-2016 | ||
ad-dc-2019 | ad-dc-2019 | ||
ad-dc-2022 | ad-dc-2022 | ||
almalinux-hpc | 8_6-hpc, 8_6-hpc-gen2 | ||
aviatrix-companion-gateway-v9 | aviatrix-companion-gateway-v9 | ||
aviatrix-companion-gateway-v10 | aviatrix-companion-gateway-v10, aviatrix-companion-gateway-v10u |
||
aviatrix-companion-gateway-v12 | aviatrix-companion-gateway-v12 | ||
aviatrix-companion-gateway-v13 | aviatrix-companion-gateway-v13, aviatrix-companion-gateway-v13u |
||
aviatrix-companion-gateway-v14 | aviatrix-companion-gateway-v14, aviatrix-companion-gateway-v14u |
||
aviatrix-companion-gateway-v16 | aviatrix-companion-gateway-v16 | ||
aviatrix-copilot | avx-cplt-byol-01, avx-cplt-byol-02 | ||
centos-ci | 7-ci | ||
centos-hpc | 7.1, 7.3, 7.4 | ||
centos-lvm | 7-lvm-gen2 | ||
centos-lvm | 7-lvm, 8-lvm | ||
center-for-internet-security-inc | cis-oracle-linux-8-l1 | cis-oracle8-l1 | |
center-for-internet-security-inc | |||
cis-rhel | cis-redhat7-l1-gen1 cis-redhat8-l1-gen1 cis-redhat8-l2-gen1 cis-redhat9-l1-gen1 cis-redhat9-l1-gen2 |
||
center-for-internet-security-inc | |||
cis-rhel-7-l2 | cis-rhel7-l2 | ||
center-for-internet-security-inc | |||
cis-rhel-8-l1 | |||
center-for-internet-security-inc | |||
cis-rhel-8-l2 | cis-rhel8-l2 | ||
center-for-internet-security-inc | |||
cis-rhel9-l1 | cis-rhel9-l1 cis-rhel9-l1-gen2 |
||
center-for-internet-security-inc | cis-ubuntu | cis-ubuntu1804-l1 cis-ubuntulinux2004-l1-gen1 cis-ubuntulinux2204-l1-gen1 cis-ubuntulinux2204-l1-gen2 |
|
cis-ubuntu-linux-1804-l1 | cis-ubuntu1804-l1 | ||
cis-ubuntu-linux-2004-l1 | cis-ubuntu2004-l1 cis-ubuntu-linux-2204-l1-gen2 |
||
center-for-internet-security-inc | cis-ubuntu-linux-2004-l1 | cis-ubuntu2004-l1 | |
center-for-internet-security-inc | cis-ubuntu-linux-2204-l1 | cis-ubuntu-linux-2204-l1 cis-ubuntu-linux-2204-l1-gen2 |
|
debian-10-daily | 10, 10-gen2, 10-backports, 10-backports-gen2 |
||
debian-11 | 11, 11-gen2, 11-backports, 11-backports-gen2 |
||
debian-11-daily | 11, 11-gen2, 11-backports, 11-backports-gen2 |
||
dns-ubuntu-2004 | dns-ubuntu-2004 | ||
oracle-database | oracle_db_21 | ||
oracle-database-19-3 | oracle-database-19-0904 | ||
rhel-ha | 9_2, 9_2-gen2 | ||
rhel-sap-apps | 9_0, 90sapapps-gen2, 9_2, 92sapapps-gen2 | ||
rhel-sap-ha | 9_2, 92sapha-gen2 | ||
servercore-2019 | servercore-2019 | ||
sftp-2016 | sftp-2016 | ||
sle-hpc-15-sp4 | gen1, gen2 | ||
sle-hpc-15-sp4-byos | gen1, gen2 | ||
sle-hpc-15-sp5 | gen1, gen 2 | ||
sle-hpc-15-sp5-byos | gen1, gen 2 | ||
sles-15-sp1-sapcal | gen1, gen2 | ||
sles-15-sp2-basic | gen2 | ||
sles-15-sp2-hpc | gen2 | ||
sles-15-sp3-sapcal | gen1, gen2 | ||
sles-15-sp4 | gen1, gen2 | ||
sles-15-sp4-byos | gen1, gen2 | ||
sles-15-sp4-chost-byos | gen1, gen 2 | ||
sles-15-sp4-hardened-byos | gen1, gen2 | ||
sles-15-sp5 | gen1, gen2 | ||
sles-15-sp5-basic | gen1, gen2 | ||
sles-15-sp5-byos | gen1, gen2 | ||
sles-15-sp5-hardened-byos | gen1, gen2 | ||
sles-15-sp5-sapcal | gen1, gen2 | ||
sles-byos | 12-sp4, 12-sp4-gen2 | ||
sles-sap | 12-sp4, 12-sp4-gen2 | ||
sles-sap-15-sp4-byos | gen1, gen2 | ||
sles-sap-15-sp4-hardened-byos | gen1, gen2 | ||
sles-sap-15-sp5-byos | gen1, gen2 | ||
sles-sap-15-sp5-hardened-byos | gen1, gen2 | ||
sles-sap-byos | 12-sp4, 12-sp4-gen2, gen2-12-sp4 | ||
sles-sapcal | 12-sp3 | ||
sles-standard | 12-sp4-gen2 | ||
sles | 12-sp4-gen2 | ||
squid-ubuntu-2004 | squid-ubuntu-2004 | ||
ubuntu-2004 | 2004, 2004-gen2 | ||
ubuntu-hpc | 1804, 2004-preview-ndv5, 2004, 2204, 2204-preview-ndv5 | ||
sles-15-sp5-chost-byos | gen1, gen2 | ||
almalinux | almalinux |
8-gen1, 8-gen2, 9-gen1, 9-gen2 | |
almalinux | almalinux-x86_64 | 8-gen1, 8-gen2, 8_7-gen2, 9-gen1, 9-gen2 | |
aviatrix-systems | aviatrix-bundle-payg | aviatrix-enterprise-bundle-byol | |
belindaczsro1588885355210 | belvmsrv01 | belvmsrv003 | |
canonical | * | * | |
cloud-infrastructure-services | rds-farm-2019 | rds-farm-2019 | |
cloudera | cloudera-centos-os | 7_5 | |
cncf-upstream | capi | ubuntu-1804-gen1, ubuntu-2004-gen1, ubuntu-2204-gen1 | |
credativ | debian | 9, 9-backports | |
debian | debian-10 | 10, 10-gen2, 10-backports, 10-backports-gen2 |
|
esri | arcgis-enterprise-107 | byol-1071 | |
esri | pro-byol | pro-byol-29 | |
esri | arcgis-enterprise | byol-108 byol-109 byol-111 byol-1081 byol-1091 |
|
esri | arcgis-enterprise-106 | byol-1061 | |
erockyenterprisesoftwarefoundationinc1653071250513 | rockylinux | free | |
erockyenterprisesoftwarefoundationinc1653071250513 | rockylinux-9 | rockylinux-9 | |
microsoft-aks | aks | aks-engine-ubuntu-1804-202112 | |
microsoft-dsvm | aml-workstation | ubuntu-20, ubuntu-20-gen2 | |
microsoft-dsvm | aml-workstation | ubuntu | |
microsoftcblmariner | cbl-mariner | cbl-mariner-1 1-gen2 cbl-mariner-2 cbl-mariner-2-gen2. |
|
microsoftcblmariner | cbl-mariner | cbl-mariner-1,1-gen2, cbl-mariner-2, cbl-mariner-2-gen2 | |
microsoftsqlserver | * | * | Offers: sql2019-sles* sql2019-rhel7 sql2017-rhel 7 Example Publisher: microsoftsqlserver Offer: sql2019-sles12sp5 sku:webARM Publisher: microsoftsqlserver Offer: sql2019-rhel7 sku: web-ARM |
microsoftsqlserver | * | * | Offers: sql2019-sles* sql2019-rhel7 sql2017-rhel7 |
nginxinc | nginx-plus-ent-v1 | nginx-plus-ent-centos7 | |
ntegralinc1586961136942 | ntg_oracle_8_7 | ntg_oracle_8_7 | |
openlogic | centos | 7.2, 7.3, 7.4, 7.5, 7.6, 7_8, 7_9, 7_9-gen2 | |
oracle | oracle-linux | 7*, ol7*, ol8*, ol9*, ol9-lvm*, 8, 8-ci, 81, 81-ci, 81-gen2 | |
procomputers | almalinux-8-7 | almalinux-8-7 | |
procomputers | rhel-8-2 | rhel-8-2 | |
redhat | rhel | 8.1 | |
redhat | rhel | 89-gen2 | |
redhat | rhel-sap | 7.4 | |
redhat | rhel-sap | 7.7 | |
redHat | rhel | 8_9 | |
redhat | rhel-byos | rhel-lvm79 rhel-lvm79-gen2 rhel-lvm8 rhel-lvm82-gen2 rhel-lvm83 rhel-lvm84 rhel-lvm84-gen2 rhel-lvm85-gen2 rhel-lvm86 rhel-lvm86-gen2 rhel-lvm87-gen2 rhel-raw76 |
|
redhat | rhel-byos | rhel-lvm88 rhel-lvm88-gent2 rhel-lvm92 rhel-lvm92-gen2 |
|
redhat | rhel-ha | 8* | 81_gen2 |
redhat | rhel-raw | 7*,8*,9* | |
redhat | rhel-sap | 7* | |
redhat | rhel-sap-apps | 90sapapps-gen2 | |
redhat | rhel-sap-ha | 90sapha-gen2 | |
redhat | rhel-sap-ha | 7*, 8* | |
redhat | rhel-sap* | 9_0 | |
redhat | rhel | 7*,8*,9* | |
redhat | sap-apps | 7*, 8* | |
southrivertech1586314123192 | tn-ent-payg | Tnentpayg | |
southrivertech1586314123192 | tn-sftp-payg | Tnsftppayg | |
suse | opensuse-leap-15-* | gen* | |
suse | sles-12-sp5 | gen1, gen2 | |
suse | sles-12-sp5-* | gen* | |
suse | sles-15-sp2 | gen1, gen2 | |
suse | sles-15-sp5 | gen2 | |
suse | sles-sap-12-sp5* | gen* | |
suse | sles-sap-15-* | gen* Offer: sles-sap-15-*-byos Sku: gen* Example Publisher: suse Offer: sles-sap-15-sp3-byos sku: gen1-ARM |
|
suse | sles-sap-15-sp2-byos | gen2 | |
talend | talend_re_image | tlnd_re | |
thorntechnologiesllc | sftpgateway | Sftpgateway | |
veeam | office365backup | veeamoffice365backup | |
veeam | veeam-backup-replication | veeam-backup-replication-v11 | |
zscaler | zscaler-private-access | zpa-con-azure |
Custom images
We support VMs created from customized images (including images uploaded to Azure Compute gallery) and the following table lists the operating systems that we support for all Azure Update Manager operations except automatic VM guest patching. For instructions on how to use Update Manager to manage updates on VMs created from custom images, see Manage updates for custom images.
Windows operating system |
---|
Windows Server 2022 |
Windows Server 2019 |
Windows Server 2016 |
Windows Server 2012 R2 |
Windows Server 2012 |
Linux operating system |
---|
Oracle Linux 7.x, 8x |
Red Hat Enterprise 7, 8, 9 |
SUSE Linux Enterprise Server 12.x, 15.0-15.4 |
Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS |
Unsupported workloads
The following table lists the workloads that aren't supported.
Workloads | Notes |
---|---|
Windows client | For client operating systems such as Windows 10 and Windows 11, we recommend Microsoft Intune to manage updates. |
Virtual Machine Scale Sets | We recommend that you use Automatic upgrades to patch the Virtual Machine Scale Sets. |
Azure Kubernetes Service nodes | We recommend the patching described in Apply security and kernel updates to Linux nodes in Azure Kubernetes Service (AKS). |
As Update Manager depends on your machine's OS package manager or update service, ensure that the Linux package manager or Windows Update client is enabled and can connect with an update source or repository. If you're running a Windows Server OS on your machine, see Configure Windows Update settings.
Supported regions
Update Manager scales to all regions for both Azure VMs and Azure Arc-enabled servers. The following table lists the Azure public cloud where you can use Update Manager.
Geography | Supported regions | Details |
---|---|---|
China | ChinaEast ChinaEast3 ChinaNorth ChinaNorth3 ChinaEast2 ChinaNorth2 |
For Azure VMs only For Azure VMs only For Azure VMs only For both Azure VMs and Azure Arc-enabled servers For both Azure VMs and Azure Arc-enabled servers For both Azure VMs and Azure Arc-enabled servers. |
Supported update sources
For more information, see the supported update sources.
Supported update types
The following types of updates are supported.
Operating system updates
Update Manager supports operating system updates for both Windows and Linux.
Update Manager doesn't support driver updates.
Extended Security Updates (ESU) for Windows Server
Using Azure Update Manager, you can deploy Extended Security Updates for your Azure Arc-enabled Windows Server 2012 / R2 machines. ESUs are available by default to Azure Virtual machines. To enroll in Windows Server 2012 Extended Security Updates on Arc connected machines, follow the guidance on How to get Extended Security Updates (ESU) for Windows Server 2012 and 2012 R2 via Azure Arc.
Microsoft application updates on Windows
By default, the Windows Update client is configured to provide updates only for the Windows operating system.
If you enable the Give me updates for other Microsoft products when I update Windows setting, you also receive updates for other Microsoft products. Updates include security patches for Microsoft SQL Server and other Microsoft software.
Use one of the following options to perform the settings change at scale:
• For all Windows Servers running on an earlier operating system than Windows Server 2016, run the following PowerShell script on the server you want to change:
$ServiceManager = (New-Object -com "Microsoft.Update.ServiceManager")
$ServiceManager.Services
$ServiceID = "7971f918-a847-4430-9279-4a52d1efe18d"
$ServiceManager.AddService2($ServiceId,7,"")
• For servers running Windows Server 2016 or later, you can use Group Policy to control this process by downloading and using the latest Group Policy Administrative template files.
Note
Run the following PowerShell script on the server to disable Microsoft applications updates:
$ServiceManager = (New-Object -com "Microsoft.Update.ServiceManager")
$ServiceManager.Services
$ServiceID = "7971f918-a847-4430-9279-4a52d1efe18d"
$ServiceManager.RemoveService($ServiceId)
Third party application updates
Update Manager relies on the locally configured update repository to update supported Windows systems, either WSUS or Windows Update. Tools such as System Center Updates Publisher allow you to import and publish custom updates with WSUS. This scenario allows Update Manager to update machines that use Configuration Manager as their update repository with third party software. To learn how to configure Updates Publisher, see Install Updates Publisher.
As Update Manager depends on your machine's OS package manager or update service, ensure that the Linux package manager or Windows Update client is enabled and can connect with an update source or repository. If you're running a Windows Server OS on your machine, see Configure Windows Update settings.