Keeping your Microsoft environment up to date with Unified Microsoft Updates

United Kingdom, Jul 28, 2023

Written by Michael Pickstock, Hybrid Cloud Solution Architect

Keeping your IT environment secure and up to date is a challenge that requires a reliable and efficient solution.


Microsoft offers Windows Server Update Services (WSUS) as an on-premises role that lets you download and distribute updates for Windows and other Microsoft products to your network computers. You can also use WSUS to approve or remove updates as needed.

Over time, as server estates have grown to include a mixture of Hybrid servers that span across on-premises, edge, and cloud platforms, you may have ended up using different update solutions (and, possibly, different admin teams) for each platform. The result is, at best, inconsistency and added complexity.



Microsoft Azure introduces 2 features which can help bring this back under control:

  1. With Azure Arc, you can bring Azure management and services to any infrastructure, whether it's on-premises, edge, or other clouds.
  2. With Azure Update Management, you can manage and report on update schedules for devices that are enrolled in Azure.

By combining WSUS and Azure Update Management, along with Azure Arc, you can benefit from both services for any device, regardless of its location or platform. For instance, you can use WSUS to approve and make available updates for your devices and use Azure Update Management to schedule and monitor the installation of those updates.



Azure Update Management enables you to assess and remediate the compliance status of your machines, no matter where they are. You can also create dynamic groups based on criteria such as operating system, update classification, or compliance status, and apply different update policies to each group.

By using WSUS with Azure Update Management, you can enhance the security and performance of your machines, minimize the bandwidth consumption and network traffic for downloading updates, and streamline the update management process across your hybrid environment.

One of the benefits of using WSUS and Azure Update Manager together is that you can simplify and optimize the update management process for your servers, whether they are on-premises or in the cloud. Some of the advantages are:

  • Fewer Admin Consoles: You can manage update approvals from a single application console (WSUS) and update schedules from a single web-based console (Azure Update Manager).
  • Lower Bandwidth Usage: WSUS lets you download updates only once from Microsoft and then distribute them to servers on the same network or to downstream servers for onward distribution to WAN network devices, saving bandwidth and reducing costs. You can also use a local cache or an Azure storage account to store the updates, minimizing the traffic between your on-premises network and the cloud.
  • Centralised Management: WSUS gives you a console where you can view and approve updates for your servers, regardless of their location. You can also create groups and policies to control which updates are applied to which servers, and when. Azure Update Manager works with WSUS and allows you to schedule and monitor the update deployments from the Azure portal or using PowerShell commands.
  • Enhanced Security: WSUS and Azure Update Manager help you keep your servers up to date with the latest security patches and bug fixes, reducing the risk of vulnerabilities and breaches. You can also use WSUS to block unwanted or problematic updates and use Azure Update Manager to roll back updates if they cause issues

Logicalis collaborates with numerous hybrid cloud clients aiming to streamline their digital environment's operation and management. Azure Arc is a powerful and extensible service and is one of the technologies we work with to help customers achieve this.

To learn more about Azure Update Manager, Azure Arc and WSUS, please visit the following links:

Update Management overview

Azure Arc overview

Windows Server Update Services (WSUS)


Related Insights