We are planning to implement Azure Update Manager in an on-premises environment consisting of approximately 200 virtual machines, all joined to the abc.local domain. These VMs are currently managed within our local infrastructure and are not configured to communicate directly with the internet due to bandwidth constraints and high traffic sensitivity.
To ensure efficient patching and update management without saturating our outbound connection, we require a solution where a single on-premises server acts as a control point or proxy for update orchestration. The goal is to centralize communication with Azure Update Manager through this server, minimizing direct internet traffic from individual VMs.
We are seeking guidance on:
Recommended architecture for Azure Update Manager in this scenario.
Whether a proxy or gateway server can be configured to relay update metadata and instructions.
Network and firewall requirements to support this setup.
Integration considerations with our existing domain (abc.local) and group policies.
Best practices for update deployment scheduling and bandwidth optimization.
Thank you for your support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 49%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELG%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 12%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)