To ensure periodic assessments for missing system updates are triggered automatically every 24 hours, the AssessmentMode property should be set to 'AutomaticByPlatform'. Learn more about AssessmentMode property for Windows: https://aka.ms/computevm-windowspatchassessmentmode, for Linux: https://aka.ms/computevm-linuxpatchassessmentmode.
IF (2) Microsoft.Compute/virtualMachines Microsoft.HybridCompute/machines
The following 1 compliance controls are associated with this Policy definition '[Preview]: Machines should be configured to periodically check for missing system updates' (bd876905-5b84-4f73-ab2d-2e7a7c4568d9)
Rapidly and automatically remediate vulnerabilities
Rapidly and automatically deploy patches and updates to remediate vulnerabilities in your cloud resources. Use the appropriate risk-based approach to prioritize the remediation of the vulnerabilities. For example, more severe vulnerabilities in a higher value asset should be addressed as a higher priority.
Use Azure Automation Update Management or a third-party solution to ensure that the most recent security updates are installed on your Windows and Linux VMs. For Windows VMs, ensure Windows Update has been enabled and set to update automatically.
For third-party software, use a third-party patch management solution or System Center Updates Publisher for Configuration Manager.
Prioritize which updates to deploy first using a common risk scoring program (such as Common Vulnerability Scoring System) or the default risk ratings provided by your third-party scanning tool and tailor to your environment. You should also consider which applications present a high security risk and which ones require high uptime.
**Implementation and additional context:**
How to configure Update Management for virtual machines in Azure:
Manage updates and patches for your Azure VMs: