1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Configuring Azure VM and Container Security

Configuring System Updates for Virtual Machines

Start course

This course focuses on implementing security controls, maintaining the security posture of an Azure environment, and protecting data, applications, and networks, showing you how to configure security for your containers and virtual machines.

The content of this course is ideally suited to those looking to become certified Azure security engineers.

For any feedback, queries, or suggestions relating to this course, please contact us at support@cloudacademy.com.

Learning Objectives

  • Understand how to configure VM security including VM endpoints and system updates
  • Configure baselines
  • Understand key Azure networking components
  • Configure AKS security
  • Obtain a basic understanding of Azure Container Registry and how to create registries in Azure
  • Manage vulnerabilities in Azure

Intended Audience

This course is intended for people who want to become Microsoft certified Azure security engineers, or those who are tasked with implementing security controls, maintaining the security posture of an Azure environment, or protecting data, applications, and networks.


To get the most from this course, you should have a moderate understanding of Microsoft Azure and of basic security principles.


Hi there! Welcome to Configuring System Updates for Virtual Machines. Azure Update Management is a service that's included with each Azure subscription. This service allows you to assess your update status across your entire environment and to manage updates for both on-prem and Azure-hosted Windows servers and Linux servers from a single location.

The Azure Update Management service is a free offering. The only costs that you incur are for the log data that Azure Log Analytics stores. To use Azure Update Management, all you need to do is browse to the VM tab in Azure, and then enable Update Management for one or more virtual machines. Update Management can also be enabled from your Azure Automation account.

Computers that are managed by the Azure Update Management service use the services and features that you see on your screen to perform assessments and to update deployments. They include:

  • Microsoft Monitoring Agent for Windows or Linux 
  • Desired State Configuration in Windows PowerShell for Linux 
  • Hybrid Runbook Worker in Azure Automation 
  • Microsoft Update for Windows computers
  • Windows Server Update Services for Windows computers

Azure Automation uses Runbooks to install updates. Essentially, what happens, is when an update deployment is created, a schedule is also created. That schedule starts a master update runbook at the specified time for the included computers. The master runbook, in turn, starts a child runbook on each agent. This child runbook on each agent installs the required updates.

The diagram that you see on your screen depicts the flow and how the solution assesses and applies security updates.

In the upcoming demonstration, I'll show you how to start a runbook from the Azure portal.

Welcome back. In this quick demonstration, I'm going to show you how to start a runbook from the Azure portal. On the screen here, you can see I'm logged in to my Azure portal as my administrator.

To start my runbook, what I'm going to do here is go into Automation, and we'll select myautomationaccount. Now, from myautomationaccount, I simply select Runbooks under Process Automation and then, I can either create a new runbook or I can run an existing runbook simply by selecting the runbook and then clicking Start. Go ahead and click Yes to start the runbook. And then from the job page here, I can view the status of my runbook job. I can view any input, any output, errors, warnings, any kind of logs and any exceptions. And that's all it really takes to manually run a runbook from the Azure portal.


Introduction - Configuring Endpoint Security within VMs - Configuring and Monitoring Antimalmare for VMs - Configuring Virtual Machine Security - Hardening Virtual Machines - Starting a Runbook from the Azure Portal - Configuring Baselines - Azure Networking - Configuring Authentication - Container Isolation - AKS Security - Azure Container Registry - Creating a Container Registry - Implementing Vulnerability Management - Conclusion

About the Author
Thomas Mitchell
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.