Using Azure to Revolutionize Microsoft Patch Management

Using Azure to Revolutionize Microsoft Patch Management



Microsoft’s Digital Employee Experience (MDEE) has transitioned to Azure Update Management for patch management across their global system. The move to a decentralized DevOps model has streamlined operations while maintaining enterprise-level governance. With Azure Update Management, engineering teams can now take ownership of their server upgrades and patching, enhancing agility and meeting compliance goals month after month.

The journey to Azure Update Management began in January 2017, when Microsoft’s digital management team decided to shift away from the centralized IT patching service and System Center Configuration Manager. The goal was to reduce operational costs, simplify services, and increase agility by leveraging native Azure solutions. Azure Update Management provides visibility and scalability for patching across Windows and Linux servers, on-premises and in the cloud.

By leveraging advanced capabilities like maintenance windows, pre- and post-scripts, and control server restart options, Microsoft Digital was able to improve compliance reporting and ensure that 95 percent of servers met vulnerability scanning requirements. A Power BI report linked compliance scan results with configuration database details, enabling quick remediation and accurate reporting.

The transition to Azure Update Management involved providing demos and toolsets to engineering teams, demonstrating scalability, and eventually deactivating Configuration Manager as the patch engine for the centralized service. Compliance was closely monitored post-transition, with consistent achievement of the 95 percent compliance goal.

Looking ahead, Microsoft Digital Employee Experience is focused on refining their update management process. Automated notifications for out-of-compliance servers have been implemented, improving the end-to-end patching experience. The organization continues to evaluate and adapt to new features in Azure Update Management to optimize operational costs and enhance compliance.

Overall, the shift to Azure Update Management has allowed Microsoft Digital to streamline their patch management process, improve compliance reporting, and enhance server security practices across their system. By embracing a decentralized DevOps model and leveraging Azure’s native solutions, they have achieved greater agility and efficiency in their operations.

Article Source
https://www.microsoft.com/insidetrack/blog/how-microsoft-is-transforming-its-own-patch-management-with-azure/