Posted in How To

How do I configure Azure Update Management with Azure Portal or Powershell?

   March 5, 2023

Sure, here’s how you can configure Azure Update Management using both the Azure Portal and PowerShell:

Using Azure Portal:

  1. Navigate to the Azure portal and select the Azure Automation account you want to use for update management.
  2. Under the Update Management section of the account, click on “Enable.”
  3. On the “Enable Update Management” page, select the virtual machines and servers you want to manage updates for, and configure settings such as update schedules and update classifications.
  4. Click “Save” to enable update management for the selected virtual machines and servers.

Using PowerShell:

  1. Create an Azure Automation account if you haven’t already done so. Here’s an example PowerShell script to create an automation account:
PowerShell
New-AzAutomationAccount -ResourceGroupName "ResourceGroup01" -Name "AutomationAccount01" -Location "eastus"
  1. Get the workspace ID for the Log Analytics workspace that you want to use with Update Management. Here’s an example PowerShell script to get the workspace ID:
PowerShell
$workspace = Get-AzOperationalInsightsWorkspace -ResourceGroupName "ResourceGroup01" -Name "LogAnalyticsWorkspace01"
$workspaceId = $workspace.ResourceId
  1. Enable Update Management for the Azure Automation account. Here’s an example PowerShell script to enable Update Management:
PowerShell
$automationAccount = Get-AzAutomationAccount -ResourceGroupName "ResourceGroup01" -Name "AutomationAccount01"
Set-AzAutomationAccount -ResourceGroupName "ResourceGroup01" -Name "AutomationAccount01" -UpdateManagement $true -UpdateManagementLogAnalyticsWorkspaceId $workspaceId
  1. Configure settings for Update Management. Here’s an example PowerShell script to configure Update Management settings:
PowerShell
$computerGroup = Get-AzAutomationDscNodeConfiguration -ResourceGroupName "ResourceGroup01" -AutomationAccountName "AutomationAccount01" -Name "AllComputers"
$patchInstallationBehavior = "AutomaticByOS"
$weekDays = "Monday","Wednesday"
Set-AzAutomationSoftwareUpdateConfiguration -ResourceGroupName "ResourceGroup01" -AutomationAccountName "AutomationAccount01" -Windows -AzureVirtualMachines -TargetComputerGroup $computerGroup -PatchInstallationBehavior $patchInstallationBehavior -WeekDays $weekDays

In this example, we get the computer group that includes all computers, configure patch installation behavior, and specify the days of the week to install updates.

Share: TwitterFacebookPinterestLinkedin
Author: tonyhughes