Azure VM update management Non-Compliant VMs

Question

What is the reason for an azure vm to become non-compliant after update deployment?

1. Is it because there are any critical or security updates missing?
2. Does having Other updates missing cause a vm to become non-compliant
3. There were no documentation to clarify this, only with the current statistics, I came into this conclusion. If there are any documentation to prove that, appreciate your help.

Answer 1

yes, there may be a chance for missing some critical or security updates.Before you deploy software updates to your machines, review the update compliance assessment results for enabled machines. For each software update, its compliance state is recorded and then after the evaluation is complete, it is collected and forwarded in bulk to Azure Monitor logs.

On a Windows machine, the compliance scan is run every 12 hours by default, and is initiated within 15 minutes of the Log Analytics agent for Windows is restarted. The assessment data is then forwarded to the workspace and refreshes the Updates table. Before and after update installation, an update compliance scan is performed to identify missing updates, but the results are not used to update the assessment data in the table.it is important to review recommendations on how to configure the windows Update client

After reviewing the compliance results, the software update deployment phase is the process of deploying software updates. To install updates, schedule a deployment that aligns with your release schedule and service window.

After the deployment is complete, review the process to determine the success of the update deployment by machine or target group.Check deployment status