Most of you will probably know that Update Management is a free* solution that is available as part of Azure Automation and which allows you to manage operating system (OS) updates for your Windows and Linux virtual machines (VMs) running in Azure, on-premises (also physical servers), and even in other cloud environments.
By using Update management, you can quickly asses the status of available updates and patches, schedule update deployments, and even review update deployment results. Next to that it is also fully integrated with Azure Arc and Microsoft Defender for Cloud which allows you to fully optimize and manage the OS updates and patches for all your hybrid-running and non-Azure resources.
* Update management does not have any license cost to use the solution for Azure VMs or Azure Arc-enabled servers. But keep in mind that you still need to pay for log data stored in the Azure Log Analytics service.
There are different ways to onboard and enable Azure VMs or non-Azure machines to Azure Update management, like enabling it from an Azure VM or from a runbook. But the best way to do this is by using automatic enablement for all available and future machines.
With that setting set, Azure and non-Azure machines, which are already connected to your Log Analytics workspace, but also the machines which get added in the future, will be automatically added to the Update Management solution.
Whit this Azure tip blog post, I will show you how easy it is to configure this.
- An Azure subscription.
- An Azure Administrator account with the necessary RBAC roles.
- A Log Analytics workspace.
- An Azure Automation Account.
- Update Management should be enabled.
- Azure VMs or Azure Arc-enabled servers which are connected to the Log Analytics workspace.
Enable the Azure Automation Update management solution for all available and future machines
Logon to the Azure Portal and type in “automation” in the Global search bar. Then click on Automation Accounts.
In the Automation Accounts screen (blade), select your Automation Account.
Select Update Management and click on Manage machines.
To enable the feature for all available machines and future machines, select Enable on all available and future machines. Click Enable.
Just keep in mind that when selected, this action will disable the Manage Machines option permanently, as there will be no scope configuration available anymore.
Hope this tip helps you and comes in handy!