Automate Patching through Azure
Patching Automation for Windows and Linux Virtual Machines using Azure Automation Account’s Update Management and Log Analytics Workspace.
Update Management incorporates Azure Monitor Logs to store update appraisals and update deployment results as log data, from doled out Azure and non-Azure machines, both Linux and Windows. To gather this information, the Automation Account and Log Analytics workspace are connected together, and the Log Analytics agent (MMA) for Windows and Linux is required on the machine and designed to report to this workspace.
Configure the VMs for Automated Patching:
Create a Log Analytics Workspace and an Azure Automation Account or use the existing ones.
1. Go to the VM > Updates in the left blade > Select Go to Updates using Automation.
2. Select your Log Analytics Workspace and Automation account and Click on Enable.
3. Do not navigate to another window until the deployment starts.
4. Once the deployment is completed, wait for the machine to be assessed. This will take around 1 hour before everything is in place.
Validate the configurations for Automated Patching:
Go to Automation Account > Update Management > All the VMs that have been added (Both Windows and Linux) will be available here.
Schedule an Update Deployment for Automated Patching:
- In the Automation Account on Update management blade > Click on Schedule Deployment.
2. In the New update deployment, fill in the details like Name, select Operating System and then Select Machines to Update.
3. Select the machines you want to include in this deployment.
4. Customize your selection from the below list of available classifications:
5. In case you want to exclude/ include a specific update, mention the KB Article here:
6. Schedule when to deploy the patches and choose to make that recurring if you want:
7. Provide a maintenance window and select the reboot options as per client approvals and create the schedule:
8. Similarly, a separate schedule can be created for Linux VMs where the exclude/ include option works with Package details instead of KB Articles:
The above configurations will enable the Automation account to push the patches onto both Windows and Linux environments as per the specified schedules automatically.
In case of any questions or concerns, find me at abhibothera.github.io.
Senior Cloud Engineer | 7x Microsoft Azure Certified |Solutions Architect | Azure DevOps | AVD | Security | Former Research Scholar at Georgia Tech.