CASE STUDY
Bayside Council Modernises Patch Management with move from WSUS to Azure Update Manager (AUM)
OVERVIEW
Bayside Council, located in the rapidly growing southern region of Sydney, Australia, is a forward-thinking local government body responsible for delivering a wide array of essential services to its 29 suburbs.
Bayside Council relies on a robust operational backbone to support daily activities and long-term strategic planning. Its IT department is tasked with supporting a large team of Council employees and Council led technology initiatives.
CHALLENGES
The limitations of legacy patch management with Windows Server Update Services (WSUS).
Bayside Council faced significant hurdles with its existing patch management solution, Windows Server Update Services (WSUS). While WSUS had served its purpose for many years, it no longer aligned with The Council’s evolving needs in a hybrid IT landscape.
“The patching tool became a real burden for our team. We were spending more time managing the actual tool, than then installing and managing updates.”
Luciano Vieira
IT Operations Lead, Bayside Council
The primary challenges included:
Lack of Cloud Integration
WSUS lacked native integration with cloud platforms like Azure. In a world where cloud-first is the default, this posed a significant operational and strategic problem for managing updates.
High Manual Overheads
The process was labour-intensive, requiring extensive manual effort for approving updates, troubleshooting synchronisation failures, and frequently managing database space. The IT team was spending more time managing the actual patching tool than on installing and managing updates, highlighting how WSUS had become a burdensome chore rather than an enabler.
Limited Visibility and Reporting
WSUS provided minimal real-time insights or robust reporting capabilities, making it difficult to track patch compliance and prepare for audits. Real-time insights and compliance tracking were needed, along with the ability to generate reports for auditors and show adherence to security frameworks such as Essential Eight.
No Linux Support
The Council’s increasing adoption of Linux servers meant parallel, manual patching processes, adding to the workload and inconsistency.
Scalability Issues
WSUS proved inefficient and difficult to scale, keeping the IT team in a constant reactive mode rather than focusing on strategic initiatives. This time-consuming cycle prevented the IT team from concentrating on more valuable work at Bayside Council.
SOLUTIONS
Migrating from WSUS to Azure Update Manager (AUM) and Azure Arc for more efficient patch management.
Bayside Council partnered with Codify to migrate from WSUS to Azure Update Manager (AUM), leveraging Azure Arc to extend cloud management capabilities to their on-premise infrastructure. The solution focused on achieving automation, comprehensive reporting, and seamless hybrid patch management.
“With Azure Update Management, it’s designed to work seamlessly across hybrid and on-premises. It supports both Windows and Linux, and in our case that was a big plus.”
Luciano Vieira
IT Operations Lead, Bayside Council
Azure Update Manager: a unified and automated approach.
The core of Bayside Council’s new strategy was the adoption of Azure Update Manager or AUM, a cloud-native service designed for automated patching across diverse environments.
Seamless Hybrid Integration
AUM provides unified patch management for both Windows and Linux servers, whether they reside in Azure, on-premise, or even in other cloud providers like AWS, through Azure Arc. This eliminated the need for separate tools and manual processes.
Cloud-Native Efficiency
By running entirely in the cloud, AUM removes the operational overhead associated with managing dedicated patching servers, storage, and databases. This ensures scalability and reliability.
Flexible and Controlled Scheduling
AUM offers granular control over patching schedules, allowing Bayside Council to define maintenance windows based on server criticality (e.g., development, production, DMZ) and application impact (low, medium, high). This minimises disruption to essential services and supports continuous compliance.
Robust Reporting and Visibility
AUM’s built-in dashboards and detailed compliance reviews provide real-time insights into patch status. The ability to quickly generate reports for auditors became a significant improvement. This capability is crucial for meeting Essential Eight compliance in Australia.
Comprehensive Automation
AUM automates the entire patching lifecycle, from scanning for missing updates to deployment, rebooting, and success validation. This hands-off approach frees up the IT team from routine tasks, allowing them to focus on higher-value work.
Azure Arc capable of bridging on-premise and cloud management.
Azure Arc was instrumental in extending AUM’s capabilities to Bayside Council’s on-premise servers. As a lightweight agent, Azure Arc connects non-Azure machines to the Azure management plane, enabling centralised control and governance.
Unified Management Plane
Azure Arc creates a representation of on-premise servers within Azure, allowing Bayside Council to manage them alongside Azure virtual machines from a single portal.
Enhanced Cybersecurity
Beyond patching, Azure Arc facilitates the application of Azure policies, integration with Defender for Cloud, and other security services, significantly strengthening the council’s overall cybersecurity posture.
Automated Onboarding
After an initial pilot, Bayside Council implemented automated onboarding for new servers using Group Policy Objects (GPOs), ensuring that all new machines are seamlessly integrated into the Azure Update Manager regime.
AUM implementation best practices and lessons learned.
Codify guided Bayside Council through a meticulous implementation process, incorporating key best practices.
Careful WSUS Decommissioning
Thoroughly backing out existing WSUS GPOs and registry configurations was critical to prevent conflicts and unintended reboots during the transition.
Linux Updater Management
Disabling native Linux updaters was essential to allow the Azure Arc agent to manage patching through AUM’s defined maintenance windows.
Prioritising Reboots
Emphasising the importance of reboots for full patch application was crucial, as many vulnerabilities remain unresolved until a system restart.
Custom Essential Eight Reporting
While AUM provides strong data, Codify helped build custom reports using Microsoft Graph data to specifically align with Essential Eight compliance requirements, differentiating between internet-facing (48-hour patch window) and internal systems (fortnightly window).
Addressing Patching Deficits
For any severely outdated systems, Codify recommended a manual “catch-up” patching process before onboarding to AUM, ensuring a stable baseline.
RESULTS
A future-ready, secure, and efficient IT environment with modern patch management thanks to Azure Update Manager.
The migration to Azure Update Manager with Codify’s assistance delivered transformative results for Bayside Council:
Significant Automation and Efficiency Gains
The entire patching lifecycle is now largely automated, drastically reducing the manual effort previously spent on WSUS. This has freed up the IT team to concentrate on strategic initiatives such as migrating home drives to OneDrive and other critical workloads to Azure.
Strengthened Cybersecurity and Compliance
Bayside Council now boasts a robust cybersecurity posture, actively meeting and demonstrating Essential Eight compliance in Australia. The ability to rapidly generate accurate patch status reports for auditors has been a significant win.
Enhanced Visibility and Control
With AUM’s centralised dashboards, Bayside Council has unparalleled visibility into their patching environment, both on-premise and in the cloud, from a single pane of glass.
Future-Proofing IT Infrastructure
The adoption of AUM and Azure Arc is not merely a technical upgrade; it’s a foundational step in Bayside Council’s broader IT modernisation journey. It creates an IT environment that supports the way they work now and prepares them for what’s ahead, offering more flexibility, stronger security, reduced overheads, and a better experience for their users.
Reduced Operational Burden
The shift to a cloud-native patching engine has eliminated the need to manage underlying infrastructure for patching, allowing the IT team to feel more satisfied and less burdened by manual tasks.
By embracing Azure Update Manager and Azure Arc, Bayside Council has successfully transitioned from a reactive, manual patch management approach to a proactive, automated, and highly secure system. This strategic move, supported by Codify’s expertise, has not only optimised their current operations but also laid a strong foundation for their ongoing cloud adoption and long-term digital resilience.
“My team and I, we can focus on building the future instead of constantly patching the past…
We’re not just patching for the sake of compliance, we are patching smarter, faster and more securely.”
Luciano Vieira
IT Operations Lead, Bayside Council
Why Bayside Council partnered with Codify for patch management modernisation?
Codify’s deep expertise in Azure cloud solutions and its strategic approach enabled Bayside Council to transform its legacy patch management into a highly automated, secure, and future-ready system.
As a trusted partner, Codify continues to empower local governments like Bayside Council to embrace cloud capabilities, enhance cybersecurity, and drive operational excellence.
“The transition was about more than just keeping the systems up to date; it was minimising attack surface, streamlining our operations, and most importantly, freeing up our teams to focus on big projects, such as migrating to the cloud.“
Luciano Vieira
IT Operations Lead, Bayside Council
