Automatic updates are enabled

Security · Virtual Machine · Rule · 2020_06 · Important

Ensure automatic updates are enabled at deployment.

Description

Window virtual machines (VMs) have automatic updates turned on at deployment time by default. The option can be enabled/ disabled at deployment time or updated for VM scale sets.

Enabling this option does not prevent automatic updates being disabled or reconfigured within the operating system after deployment.

Recommendation

Enable automatic updates at deployment time, then reconfigure as required to meet patch management requirements.

Links

• SE:08 Hardening resources
• Automatic Guest Patching for Azure Virtual Machines and Scale Sets
• Azure deployment reference

Comments