Share via

Azure Update Manager and GPO

Matteo Vivenzi 21 Reputation points
2026-02-02T16:03:15.52+00:00

Good morning,

I'm setting up Azure Update Manager for a customer. I have Azure VMs and on-prem servers in the console via Azure Arc. The on-prem servers are all in an AD domain. Now I'd like these servers to download and install updates, some on the third and some on the fourth Sunday, from 2 PM to 6 PM. To do this, I've created the appropriate Maintenance Configurations and associated them with the servers. To ensure the on-prem servers don't reboot during the week, I need to set up GPOs.

Configure Automatic Updates -> Notify for download and install

With GPOs set up this way, are updates installed via Azure Update Manager Maintenance Configurations?

Azure Update Manager
Azure Update Manager

An Azure service to centrally manages updates and compliance at scale.

Answer accepted by question author

  1. Bharath Y P 8,495 Reputation points Microsoft External Staff Moderator
    2026-02-02T18:48:32.64+00:00

    Hello Matteo Vivenzi, It sounds like you're working to integrate Azure Update Manager with your on-prem servers while leveraging Group Policy for update management. Here's how to proceed with your setup:

    Azure Update Manager & GPO Integration

    1. Group Policy Settings: You've indicated you're using the GPO setting Configure Automatic Updates set to "Notify for download and install." This is indeed a suitable configuration, as it allows Azure Update Manager to manage the installation timing while still enabling your servers to download updates beforehand. By setting this to notification, you create a scenario where the update manager can take control during the maintenance window you've defined.
    2. Impact on Azure Update Manager: With these GPO settings, Azure Update Manager will still handle the installation of updates according to the maintenance configurations you’ve created. However, it’s important to ensure there are no conflicting settings elsewhere in your GPO that might affect the behavior of the Windows Update client.
    3. Avoiding Conflicts: To ensure Azure Update Manager functions correctly, review the following:
      • Confirm that no other Group Policies are conflicting with the AUOptions value. Ideally, all settings should align with Update Manager's expectations.
      • Watch out for other GPOs that might enable automatic reboots or specify different update sources that could conflict with Azure Update Manager.

    Recommendations:

    • Pre-Download Update Setting: Although you want to manage reboot settings, it’s beneficial to set the GPO for automatic downloads (AUOptions 3), which enables updates to be downloaded before deployment action, mitigating issues related to maintenance windows being exceeded.
    • Test Your Configuration: After setting everything up, conduct tests to ensure updates are successfully downloaded and installed during your scheduled maintenance windows without unexpected restarts.

    Follow-Up Questions:

    1. Have you enabled any conflicting settings in other GPOs that might affect Azure Update Manager's operation?
    2. Could you clarify whether all your on-prem servers have internet access or are they configured to use WSUS?
    3. Are you experiencing any specific errors or issues after implementing these settings?

    References

    I hope this helps! If you need further assistance, feel free to ask! If the provided answer was helpful, please click Accept the Answer and upvote if the above was helpful.

    Thanks

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-02-02T16:03:25.4766667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Azure Update Manager operates independently of Group Policy Objects (GPOs) when it comes to managing updates. If you have configured your on-prem servers to use GPOs for automatic updates (e.g., set to "Notify for download and install"), this setting will not interfere with the updates managed by Azure Update Manager.

    Azure Update Manager will apply the updates according to the Maintenance Configurations you have created, regardless of the GPO settings. This means that updates scheduled for installation during the specified windows (third and fourth Sundays from 2 PM to 6 PM) will still be installed even if the GPO is set to notify rather than automatically download and install updates.

    However, it's important to ensure that the GPO settings do not conflict with the maintenance windows you have configured in Azure Update Manager, particularly regarding reboots. You may want to configure the GPO to prevent reboots during the week to align with your maintenance schedule.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.