An Azure Automation Account has a feature called Update Management that can manage your Windows and Linux Operating System (OS) updates for Azure, On-Premise and other third party Cloud environments. In this post I will explain what Update Management is, how to switch it on and how to add your servers to it.
Update Management is a toggle on feature of Azure Automation Account. Within Update Management, you can add servers from multiple environments and manage both Windows and Linux updates. Microsoft does have a supported Operating Systems list here but I will outline in brief what is supported:
- Windows 2012, 2012 R2, 2016 (excl. core), 2019
- Centos 6, 7, 8 (excl. 7.5)
- Red Hat Enterprise 6, 7, 8
- SUSE Enterprise 12, 15, 15,1
- Ubuntu 14.04, 16.04, 18.04
From within Update Management you can assess servers for missing updates, configure a schedule for updates to run within a maintenance window and configure what to include/exclude from the update cycle.
To enable Update Management you need to create a Automation Account and Log Analytics Workspace. Once you have both of these created:
- Open the Automation Account you created
- Select Update Management from the left side menu
- Here you are presented with a configure window. Select the Log Analytics Workspace you created and click Enable to complete.
Update Management is now enabled and will monitor any servers that have been configured to use the Log Analytics Workspace.
To add an Azure VM, all you need to do is either:
- From within the Update Management blade within the Automation Account resource, select Add Azure VM from the top menu bar
- Select a VM from the list provided (note that you may have to move Log Analytics Workspaces if it reports the VM using an alternative).
- From within the Virtual Machine* select the **Guest + host updates blade from the left side menu
- Now select the Go to Update management option and then select Log Analytics Workspace and the Automation Account to be used for updates.
Once the installer completes, allow 30 minutes for it to appear in Azure. To add the server to Update Management:
- From within the Update Management blade within the Automation Account resource, select Add non-Azure VM from the top menu bar
- Select a server from the list provided.
On Windows you can manage:
- Critical Updates
- Security Updates
- Update Rollups
- Feature Packs
- Service Packs
- Definition Updates
- Critical and Security Updates
- Other Updates (those not specified as Critical or Security)
From within the Update Management blade within the Automation Account, select Schedule update deployment from the top menu. Here you can select:
- The type of OS you want this deployment to apply to (cannot be both Windows and Linux)
- What Virtual Machines or groups containing VMs you want to apply this to
- What update categories you want to apply as part of this schedule
- Any updates to include (leaving this blank means it will do them all) or exclude
- Maintenance Window
- Date and Time to start
- Recurrence (if you want it to repeat)
- Reboot options
Select Create once configured. Use the Deployment tab to monitor the progress or history of a scheduled deployment.