Azure Update Management is included when you setup an Azure Virtual Machine. The service runs by using an Azure Automation account and a log analytics workspace to store the update logs. When you enable update management, it runs an assessment and gathers a list of missing windows updates. Using the list you can setup and schedule an updates deployment to the virtual machine. Alerts can be setup on the Azure Automation account so you can recieve emails/SMS on the updates deployment status. The update management service is included with your Azure Virtual Machines but you are responsible for the low cost of the log analytics storage.
Lets get started and setup an example VM for Azure Update Management.
Enable Azure Update Managment:
In the Azure Portal go to Virtual machines.
Select your Virtual Machine and select Update Managment.
You can select to enable for a specific VM or all VMs in a subscription. This example will enable for just a single virtual machine. Next, enter your Log Analytics Workspace and Azure Automation Account.
Click Enable. The ‘Update Management’ solution can take from a few minutes up to 15 minutes to enable.
If you currently use Operations Manager and Operation Management Suite (OMS) with a log analytics workspace you need to select the same workspace or you will get the following error.
| { “status”: “Failed”, “error”: { “code”: “ResourceDeploymentFailure”, “message”: “The resource operation completed with terminal provisioning state ‘Failed’.”, “details”: [ { “code”: “DeploymentFailed”, “message”: “At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.”, “details”: [ { “code”: “Conflict”, “message”: “{\r\n \”status\”: \”Failed\”,\r\n \”error\”: {\r\n \”code\”: \”ResourceDeploymentFailure\”,\r\n \”message\”: \”The resource operation completed with terminal provisioning state ‘Failed’.\”,\r\n \”details\”: [\r\n {\r\n \”code\”: \”VMExtensionProvisioningError\”,\r\n \”message\”: \”VM has reported a failure when processing extension ‘MicrosoftMonitoringAgent’. Error message: \\\”This machine is already connected to another Log Analytics workspace, or managed by System Center Operations Manager. Please set stopOnMultipleConnections to false in public settings or remove this property, so this machine can connect to new workspaces. Note that this machine may be billed multiple times for each workspace it report to. (MMAEXTENSION_ERROR_MULTIPLECONNECTIONS)\\\”.\”\r\n }\r\n ]\r\n }\r\n}” } ] } ] } } |
View update Assesment:
Now that update management is enabled you can view the assessment of missing updates for your virtual machines. Go to Automation Accounts and select the account you used in the previous section and then select Update management. It can take 30 minutes to 6 hours according to Microsoft for the evaluation to complete so your section may still be empty.
From this pane you can schedule an update deployment to coincide with your maintenance window.
Click Schedule update deployment. Here you can customize your deployment for the desired updates and set your schedule. You can also select to suppress the reboots if needed.
Once your scheduled deployment starts, you can see the status for that deployment on the Update deployments tab under Update management.
Setup Alerts for Update Management:
With your Automation account select Alerts from the monitoring section and then select New alert rule.
Now select Add condition and choose:
Total Update Deployment Runs used to alert on the overall status of an update deployment.
Total Update Deployment Machine Runs used to alert on the status of an update deployment targeted at specific machines.
Select your deployment name and status. Note you may want to setup one alert for informational successful deployments and a second alert for failed deployments.
Under alert logic select 1 and then select done.
Select your Action Group and alert preference such as email.
Set your Alert Details now with the severity you want.
Click Create Alert Rule. You now have alerts setup for your scheduled deployment.
