Muokkaa

Jaa


Enable Update Management from an Automation account

Important

Automation Update Management has retired on 31 August 2024 and we recommend that you use Azure Update Manager. Follow the guidelines for migration from Automation Update Management to Azure Update Manager.

This article describes how you can use your Automation account to enable the Update Management feature for VMs in your environment, including machines or servers registered with Azure Arc-enabled servers. To enable Azure VMs at scale, you must enable an existing Azure VM using Update Management.

Note

  • Azure Update Management onboarding via the portal is no longer available, as the service was retired on August 31, 2024. Existing virtual machines (VMs) utilizing Azure Update Management with the legacy agent will remain operational until February 1, 2025. We recommend that you configure periodic assessment or patch schedules using Azure Update Manager.
  • When enabling Update Management, only certain regions are supported for linking a Log Analytics workspace and an Automation account. For a list of the supported mapping pairs, see Region mapping for Automation account and Log Analytics workspace.

Prerequisites

Sign in to Azure

Sign in to the Azure portal.

Enable Update Management

  1. In your Automation account, select Update management under Update management.

  2. Choose the Log Analytics workspace and Automation account and select Enable to enable Update Management. The setup takes up to 15 minutes to complete.

    Enable Update Management

Enable Azure VMs

  1. From your Automation account select Update management under Update management.

  2. Select + Add Azure VMs and select one or more VMs from the list. Virtual machines that can't be enabled are grayed out and unable to be selected. Azure VMs can exist in any region no matter the location of your Automation account.

  3. Select Enable to add the selected VMs to the computer group saved search for the feature.

    Enable Azure VMs

Enable non-Azure VMs

For machines or servers hosted outside of Azure, including the ones registered with Azure Arc-enabled servers, perform the following steps to enable them with Update Management.

  1. From your Automation account, select Update management under Update management.

  2. Select Add non-Azure machine. This action opens a new browser window with instructions to install and configure the Log Analytics agent for Windows so that the machine can begin reporting to Update Management. If you're enabling a machine that's currently managed by Operations Manager, a new agent isn't required. The workspace information is added to the agents configuration.

Enable machines in the workspace

Manually installed machines or machines already reporting to your workspace must to be added to Azure Automation for Update Management to be enabled.

  1. From your Automation account, select Update management under Update management.

  2. Select Manage machines. The Manage machines button might be grayed out if you previously chose the option Enable on all available and future machines

    Saved searches

  3. To enable Update Management for all available machines reporting to the workspace, select Enable on all available machines on the Manage Machines page. This action disables the control to add machines individually and adds all of the machines reporting to the workspace to the computer group saved search query MicrosoftDefaultComputerGroup. When selected, this action disables the Manage Machines option.

  4. To enable the feature for all available machines and future machines, select Enable on all available and future machines. This option deletes the saved search and scope configuration from the workspace, and permits the feature to include all Azure and non-Azure machines that currently or in the future, report to the workspace. When selected, this action disables the Manage Machines option permanently, as there's no scope configuration available.

    Note

    Because this option deletes the saved search and scope configuration within Log Analytics, it's important to remove any deletion locks on the Log Analytics Workspace before you select this option. If you don't, the option will fail to remove the configurations and you must remove them manually.

  5. If necessary, you can add the scope configuration back by re-adding the initial saved search query. For more information, see Limit Update Management deployment scope.

  6. To enable the feature for one or more machines, select Enable on selected machines and select Add next to each machine. This task adds the selected machine names to the computer group saved search query for the feature.

Next steps