OPUS turns Azure patching into a structured, governed process — from a guided monthly workflow to a fully autonomous mode. Audit-ready compliance evidence for frameworks including Cyber Essentials, on demand. No agents. No complex setup. From a single IT team to an MSP managing thousands of devices across multiple tenants.
90-day free trial. No payment details required.
Azure Update Manager is powerful — but managing it at scale, across multiple environments and tenants, without structure, is a grind.
Manually checking assessment results, managing maintenance windows, chasing non-compliant devices — repeated across every tenant, every cycle.
Unmanaged devices, expired exemptions, and missed patch windows go unnoticed until an audit — or an incident — surfaces them.
Managing five client tenants with the same manual process as one means five times the work. There's no leverage without structure.
OPUS isn't just a scheduler. It's a governance layer — with structured workflows, human-controlled curation, and compliance evidence built in from the start.
Real-time compliance status across every device in every tenant. Non-compliant devices are scored by CVE severity data from Microsoft — so you always know which gaps carry the most risk, not just how many there are.
Every phase of the patch cycle — assessment, maintenance window creation, device management, compliance review — delivered as a step-by-step guided workflow. Nothing skipped, nothing forgotten, every action logged.
Before a single patch runs, OPUS presents the full list of available updates for your review. Approve, defer, or exclude individual KBs — with risk context surfaced from Microsoft's security data — before committing to your maintenance window.
No feature gating between tiers. Every customer gets every capability from day one.
Unlimited tenants, each fully isolated with their own credentials, governance settings, and compliance history.
Configure your maintenance windows and governance rules once — OPUS handles the rest on schedule.
Discover every VM across your subscriptions and validate patch governance tag coverage instantly.
Time-limited or permanent exemptions with full Azure tag write-back. Expired exemptions flag for action — never silently removed.
Install or uninstall specific KBs across your estate outside the regular schedule — for emergency patches or rollbacks.
Create, manage, and audit maintenance configurations across all environments with full confirmation before any Azure change.
OS and SQL Server patching governed from one interface, including SQL IaaS extension registration tooling.
Pre-patch health checks — pending reboots, disk space, Windows Update service status. Surface blockers before they become failures.
Connect Azure Automation runbooks into your patch workflow for power management and pre/post-patch scripting.
Full patch governance for Azure Arc-enabled servers alongside your Azure VMs — discovered automatically, no additional setup.
Per-tenant, per-month log of every mutating operation. Exportable — a complete audit trail for any compliance review.
Validates resource provider registrations, SP permissions, VM patch modes, and Resource Graph accessibility before your first run.
OPUS monitors compliance continuously and can notify your ITSM system the moment a non-compliance threshold is breached — no manual checking, no missed incidents.
Scheduler runs in the background — incidents are raised without anyone having to check a dashboard.
Notification includes tenant name, device count, compliance percentage, and patch month — everything your team needs to act.
Runs on OPUS's background heartbeat — no external dependencies, no cron jobs, nothing to configure outside of OPUS.
OPUS is self-hosted and clientless. There's nothing to install on your managed servers — just point it at your Azure tenant and go.
Deploy OPUS as a Windows Service on any server in your environment. Create a Service Principal in Azure, assign the Contributor role, and configure your first tenant in minutes.
Define your environments, subscriptions, and patch schedule. OPUS builds your monthly workflow automatically — SQL, remediation, and runbook phases appear when you enable them.
Follow the guided workflow each month, or switch to autonomous mode and let OPUS run it unattended. Either way, compliance history and reports are always current.
OPUS is entirely self-hosted. No tenant data is ever transmitted to Cloudframe Solutions or any third party. Azure communication is directly between OPUS and Microsoft's APIs.
OPUS runs as a Windows Service using the built-in Kestrel web server. Administrators access it via browser — no additional web server infrastructure needed.
OPUS works exclusively on the free Azure Update Manager tier. No additional Microsoft licensing required — just an Azure subscription you already have.
Pay only for the devices you manage. Monthly billing with no lock-in — or save 20% with annual prepayment.
Custom pricing available. Get in touch for a tailored quote with hands-on onboarding.
Monthly billing suits MSPs with fluctuating device counts. Annual saves 20% and locks in your rate.
OPUS works on the free Azure Update Manager tier. No additional Microsoft licensing required.
Most tools give you 14 days. OPUS gives you three months — enough time to embed it into your operational workflow, build up compliance history, and see exactly what it's worth before spending a penny.
No payment details required to start. If your trial ends mid-cycle, a 14-day read-only grace period ensures it completes. OPUS never leaves your estate semi-compliant.
OPUS is built by an infrastructure engineer who has run enterprise patching at scale. If your estate has a specific shape, get in touch — we'll tell you honestly whether OPUS is the right fit.
hello@opus-orchestrator.co.ukUsually replied to within one business day.