Sure, here’s how you can configure Azure Update Management using both the Azure Portal and PowerShell:
Using Azure Portal:
- Navigate to the Azure portal and select the Azure Automation account you want to use for update management.
- Under the Update Management section of the account, click on “Enable.”
- On the “Enable Update Management” page, select the virtual machines and servers you want to manage updates for, and configure settings such as update schedules and update classifications.
- Click “Save” to enable update management for the selected virtual machines and servers.
Using PowerShell:
- Create an Azure Automation account if you haven’t already done so. Here’s an example PowerShell script to create an automation account:
PowerShell
New-AzAutomationAccount -ResourceGroupName "ResourceGroup01" -Name "AutomationAccount01" -Location "eastus"
- Get the workspace ID for the Log Analytics workspace that you want to use with Update Management. Here’s an example PowerShell script to get the workspace ID:
PowerShell
$workspace = Get-AzOperationalInsightsWorkspace -ResourceGroupName "ResourceGroup01" -Name "LogAnalyticsWorkspace01"
$workspaceId = $workspace.ResourceId
- Enable Update Management for the Azure Automation account. Here’s an example PowerShell script to enable Update Management:
PowerShell
$automationAccount = Get-AzAutomationAccount -ResourceGroupName "ResourceGroup01" -Name "AutomationAccount01"
Set-AzAutomationAccount -ResourceGroupName "ResourceGroup01" -Name "AutomationAccount01" -UpdateManagement $true -UpdateManagementLogAnalyticsWorkspaceId $workspaceId
- Configure settings for Update Management. Here’s an example PowerShell script to configure Update Management settings:
PowerShell
$computerGroup = Get-AzAutomationDscNodeConfiguration -ResourceGroupName "ResourceGroup01" -AutomationAccountName "AutomationAccount01" -Name "AllComputers"
$patchInstallationBehavior = "AutomaticByOS"
$weekDays = "Monday","Wednesday"
Set-AzAutomationSoftwareUpdateConfiguration -ResourceGroupName "ResourceGroup01" -AutomationAccountName "AutomationAccount01" -Windows -AzureVirtualMachines -TargetComputerGroup $computerGroup -PatchInstallationBehavior $patchInstallationBehavior -WeekDays $weekDays
In this example, we get the computer group that includes all computers, configure patch installation behavior, and specify the days of the week to install updates.