Forum Discussion
Automated patching AVD multi-session hosts
Hello community,
We are using Azure Automation Update Management currently to patch Azure Virtual Desktop (AVD) hosts. It's marked to retire on 31st of august 2024 and it's advised to migrate to Azure Update Manager.
Azure Update Manager however doesn't list Windows 10 or 11 as a supported OS 😞
When scaling the environment we don't want hosts to start patching when they are powered on once a month when there is a high demand.
Currently Windows Client is listed as an unsupported OS: https://learn.microsoft.com/en-us/azure/update-manager/support-matrix?tabs=azurevm%2Cazurevm-os#unsupported-workloads
Is this also the case for Windows 10/11 multisession OS?
Is there a preferred way to manage updates for AVD hosts, besides working with a golden image (which also needs maintenance)?
The alternative would have to be Intune. Only option than are a bunch of Windows Update For Business settings in Intune. But the logic to auto-start/stop before/after patching would have to be rebuild = step backwards Deleted.
How are you installing Windows Updates on your session hosts. Anyone in the same situation or with the same question?
Kind regards,
Thomas
6 Replies
- shaikhsamimCopper ContributorAs a Managed Service Provider, we've encountered similar issues across 100+ session hosts from various customers. We've successfully implemented automated patching using our RMM tool. 
- denis89Brass ContributorAzure Automation Update Management didn't support Windows 10/11 either.
 But in fact I also see no other convenient way to handle the updates while scaling AVD SessionHosts and have a fixed maintenance window, so we have to migrate to it. Intune lacks so many features for us on this side.
 The new Azure Update Manager also updates Windows 10 and 11 machines even though it is not officially supported. The CMDlets to automate the update assignments seem to be buggy at the moment unfortunately.
 A downside of the new Update Manager is that if you have machines in availability sets they won't get patched parallel and it would exceed every maintenance window.- 22MT22Copper ContributorI'm also in the same position. What did you do in the end. Currently working on moving our avd hosts to intune, and I assume we will need to create a configuration profile for windows update for business. To be honest I think it's quite poor that they haven't added support for avd hosts. 
 
- Yes you are right that Windows 10 or 11 are not supported by Azure Update Management at the moment and we cannot see the roadmap yet - thomasdwCopper ContributorThank you for your feedback. Could you give some advice what would be the recommended approach for Intune joined (hybrid Entra ID /Entra ID) session hosts running multi-session OS? 
 Windows Update for Business in Intune has a subset of policies that can be used to manage updates. Is this the way to go than? But how to orchestrate this in an automated way as this could be done with Azure Automation Update Management?
 This is also what I'm reading in the docs: https://learn.microsoft.com/en-us/azure/automation/update-management/operating-system-requirements?tabs=os-win%2Csr-win#unsupported-operating-systemsI'm quite surprised that Configuration manager is the recommended method from now on.