With VMM 2019 we got the possibility to setup Azure Update Management for all new VM’s being deployed with VM Templates in VMM.
I see a great value in this as you do not need to setup a local WSUS server to do patching. And for any hoster you can easy have 1 single pane of glass in Azure to monitor and update the VM’s in your environment.
Pre Req
To set this up you will need 2 things in Azure
A Log Analytics Workspace and a Automation Account. Go trough the wizards in Azure, create a new resource group for this. And name them something in the line of AzureVMMAutomation
Once that is done, link the Log Analytics workspace with the Automation Account. Go to the Update Management Tab and choose your new Log Analytics Workspace.
Configure VMM
Once this finishes let’s head over to VMM. Go Library and click on Azure Profiles and right click and click add. Fill out the information, find your subscription ID in Azure and enter it into the window. Choose the Azure Update Management.
Fill in the Azure Automation Account, the Resource Group. Find your Workspace ID and Workspace Key in the Log Analytics Workspace under Advanced Settings and Connected windows sources.
Now click next and finish, and you should have a Azure Profile Setup
VM Template
Once we have linked everything, let’s update our VM template to use the new Azure Update Management. Head to the VM Template and go into properties.
Choose the extensions Tab, and click on enable Azure Update Management
Click OK, now we are ready to deploy a VM from the template.
Once the deployment is done you can check in on your automation account and go into the update management. It can take a few minutes for the VM to come in, but once it does it will say on the top
1 machine does not have ‘Update Management’ enabled , click on the link next to it to enable Update Management.
You have a few options
Enable on all Available Machines
Enable on all Available and future machines
Enable on selected machines
Im choosing the 2nd option as i wan’t it to enable it on all future machines as well.
After a while the machines you have enabled for updates will come up in the Update Management view
Patch Schedule
To create patch windows click on the Schedule Update Deployment at the top right corner.
Fill in the information you need, for on-prem servers choose Machines to Update and add the VM or physical machine to it.
Choose a time, if it’s recurring or not.
You can also define some pre and post scripts to run while patching.
And that’s it, thanks for reading and hope you wan’t to start using this new cool feature for patch management.