Azure Azure Arc Azure Automation Update Management

Azure Tip: Set Azure Update Management scope configuration to Enable on all available and future machines

Most of you will probably know that Update Management is a free* solution that is available as part of Azure Automation and which allows you to manage operating system (OS) updates for your Windows and Linux virtual machines (VMs) running in Azure, on-premises (also physical servers), and even in other cloud environments.

By using Update management, you can quickly asses the status of available updates and patches, schedule update deployments, and even review update deployment results. Next to that it is also fully integrated with Azure Arc and Microsoft Defender for Cloud which allows you to fully optimize and manage the OS updates and patches for all your hybrid-running and non-Azure resources.

* Update management does not have any license cost to use the solution for Azure VMs or Azure Arc-enabled servers. But keep in mind that you still need to pay for log data stored in the Azure Log Analytics service.

There are different ways to onboard and enable Azure VMs or non-Azure machines to Azure Update management, like enabling it from an Azure VM or from a runbook. But the best way to do this is by using automatic enablement for all available and future machines.

With that setting set, Azure and non-Azure machines, which are already connected to your Log Analytics workspace, but also the machines which get added in the future, will be automatically added to the Update Management solution.

Whit this Azure tip blog post, I will show you how easy it is to configure this.


  • An Azure subscription.
  • An Azure Administrator account with the necessary RBAC roles.
  • A Log Analytics workspace.
  • An Azure Automation Account.
  • Update Management should be enabled.
  • Azure VMs or Azure Arc-enabled servers which are connected to the Log Analytics workspace.

Enable the Azure Automation Update management solution for all available and future machines

Logon to the Azure Portal and type in “automation” in the Global search bar. Then click on Automation Accounts.

In the Automation Accounts screen (blade), select your Automation Account.

Select Update Management and click on Manage machines.

To enable the feature for all available machines and future machines, select Enable on all available and future machines. Click Enable.

Just keep in mind that when selected, this action will disable the Manage Machines option permanently, as there will be no scope configuration available anymore.

Hope this tip helps you and comes in handy!

1 comment on “Azure Tip: Set Azure Update Management scope configuration to Enable on all available and future machines

  1. Pingback: Azure Spring Clean 2022: Govern and manage your hybrid servers with Azure Arc-enabled servers – Wim Matthyssen

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: