Azure Update Management is an Azure Automation Account feature that enables you to orchestrate Windows Server and Linux updates. From Azure Update Management you can schedule update deployment and you can target machines or groups. However, without any configuration, you have to add manually machines to jobs or computer groups.
Computer groups can be populated automatically from a KQL request. Azure Update Management comes from an inventory engine that can get information from a registry (Windows Server) or from a file system. In this topic, I’ll show you how to get information from the registry and then populate computer groups.
From my Windows Server, I created a registry key that contains the day and the time of the update.
Configure inventory to get registry key
Open your Azure Automation Account and navigate to Inventory. Click on Edit Settings.
Select Windows Registry and click on Add.
Specify an item name, a group, and copy past the Windows Registry key which contains the values containing the day and the time of update.
After 5 minutes, the registry keys are visible in the inventory. Now we can create a KQL request to make a computer group. To do that, click on Log Analytics.
Create a computer group from KQL request
I have written a request to get computers where registry values are set to:
- Day: Saturday
- Time: 05:00
1 2 3 4 5 6 7 8 9 |
ConfigurationData | where ConfigDataType == "Registry" | where ValueName =="Day" or ValueName == "Time" | where ValueData == "Saturday" or ValueData == "05:00" | distinct Computer |
Run this request and look at the result. Be sure computers are shown. Now click on Save and select Save as function.
Specify a group name (function name) and a legacy category. Don’t forget to enable Save as computer group.
Create a schedule update deployment from group
Open your Azure Automation Account and navigate to Update management. Click on Schedule update deployment.
Specify a name and click on Groups to update.
Select Non-Azure VM and add the group you have previously created.
You can click on Preview to check computers that are in the group.
Now, in Schedule, configure settings related to the registry values you set previously.
You can create several update deployment jobs to orchestrate the updates of your datacenter. But be sure that you don’t have more than 1,000 machines in a group because it is not supported. For a Linux server, instead of using a registry key, you can use a file inventory.