cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Automated patching AVD multi-session hosts

thomasdw
Copper Contributor

‎Mar 28 2024 07:20 AM - edited ‎Mar 28 2024 07:22 AM

‎Mar 28 2024 07:20 AM - edited ‎Mar 28 2024 07:22 AM

Automated patching AVD multi-session hosts

Hello community,

We are using Azure Automation Update Management currently to patch Azure Virtual Desktop (AVD) hosts. It's marked to retire on 31st of august 2024 and it's advised to migrate to Azure Update Manager.

Azure Update Manager however doesn't list Windows 10 or 11 as a supported OS :(

 

When scaling the environment we don't want hosts to start patching when they are powered on once a month when there is a high demand.

 

Currently Windows Client is listed as an unsupported OS: Azure Update Manager support matrix | Microsoft Learn
Is this also the case for Windows 10/11 multisession OS?

 

Is there a preferred way to manage updates for AVD hosts, besides working with a golden image (which also needs maintenance)?

The alternative would have to be Intune. Only option than are a bunch of Windows Update For Business settings in Intune. But the logic to auto-start/stop before/after patching would have to be rebuild = step backwards @microsoft.

How are you installing Windows Updates on your session hosts. Anyone in the same situation or with the same question?

 

Kind regards,

Thomas

480 Views
0 Likes
4 Replies
Reply
4 Replies
Kidd_Ip

‎Apr 01 2024 06:21 PM

‎Apr 01 2024 06:21 PM

Re: Automated patching AVD multi-session hosts

@thomasdw 

 

Yes you are right that Windows 10 or 11 are not supported by Azure Update Management at the moment and we cannot see the roadmap yet

0 Likes
Reply
thomasdw

‎Apr 03 2024 01:19 AM - edited ‎Apr 03 2024 01:20 AM

‎Apr 03 2024 01:19 AM - edited ‎Apr 03 2024 01:20 AM

Re: Automated patching AVD multi-session hosts

@Kidd_Ip 

 

Thank you for your feedback. Could you give some advice what would be the recommended approach for Intune joined (hybrid Entra ID /Entra ID) session hosts running multi-session OS?

Windows Update for Business in Intune has a subset of policies that can be used to manage updates. Is this the way to go than? But how to orchestrate this in an automated way as this could be done with Azure Automation Update Management?

This is also what I'm reading in the docs: Azure Automation Update Management Supported Clients | Microsoft Learn

thomasdw_0-1712131919635.png

I'm quite surprised that Configuration manager is the recommended method from now on.


0 Likes
Reply
denis89

‎Apr 05 2024 12:28 AM

‎Apr 05 2024 12:28 AM

Re: Automated patching AVD multi-session hosts

Azure Automation Update Management didn't support Windows 10/11 either.
But in fact I also see no other convenient way to handle the updates while scaling AVD SessionHosts and have a fixed maintenance window, so we have to migrate to it. Intune lacks so many features for us on this side.
The new Azure Update Manager also updates Windows 10 and 11 machines even though it is not officially supported. The CMDlets to automate the update assignments seem to be buggy at the moment unfortunately.
A downside of the new Update Manager is that if you have machines in availability sets they won't get patched parallel and it would exceed every maintenance window.
0 Likes
Reply