Automated patching AVD multi-session hosts

Copper Contributor

Hello community,

We are using Azure Automation Update Management currently to patch Azure Virtual Desktop (AVD) hosts. It's marked to retire on 31st of august 2024 and it's advised to migrate to Azure Update Manager.

Azure Update Manager however doesn't list Windows 10 or 11 as a supported OS :(


When scaling the environment we don't want hosts to start patching when they are powered on once a month when there is a high demand.


Currently Windows Client is listed as an unsupported OS: Azure Update Manager support matrix | Microsoft Learn
Is this also the case for Windows 10/11 multisession OS?


Is there a preferred way to manage updates for AVD hosts, besides working with a golden image (which also needs maintenance)?

The alternative would have to be Intune. Only option than are a bunch of Windows Update For Business settings in Intune. But the logic to auto-start/stop before/after patching would have to be rebuild = step backwards @microsoft.

How are you installing Windows Updates on your session hosts. Anyone in the same situation or with the same question?


Kind regards,


4 Replies



Yes you are right that Windows 10 or 11 are not supported by Azure Update Management at the moment and we cannot see the roadmap yet



Thank you for your feedback. Could you give some advice what would be the recommended approach for Intune joined (hybrid Entra ID /Entra ID) session hosts running multi-session OS?

Windows Update for Business in Intune has a subset of policies that can be used to manage updates. Is this the way to go than? But how to orchestrate this in an automated way as this could be done with Azure Automation Update Management?

This is also what I'm reading in the docs: Azure Automation Update Management Supported Clients | Microsoft Learn


I'm quite surprised that Configuration manager is the recommended method from now on.

Azure Automation Update Management didn't support Windows 10/11 either.
But in fact I also see no other convenient way to handle the updates while scaling AVD SessionHosts and have a fixed maintenance window, so we have to migrate to it. Intune lacks so many features for us on this side.
The new Azure Update Manager also updates Windows 10 and 11 machines even though it is not officially supported. The CMDlets to automate the update assignments seem to be buggy at the moment unfortunately.
A downside of the new Update Manager is that if you have machines in availability sets they won't get patched parallel and it would exceed every maintenance window.