Is there a way to set an Azure Update Mgr maintenance configuration to run based on VM local time?

Question

We would like to have newly provisioned VMs be patched monthly at a given off-hours time (let's say Sunday 2am local VM time). We would like to add the VMs to a maintenance configuration via tagging (using dynamic scoping). It would be easiest to do this by creating one maintenance configuration that it is set to run on the 2nd Sunday at 2am, but it appears it can only be set to a specific time zone. We would like to have the configuration run at 2am on the local VM time since all the VMs are in regions around the globe. Is this possible at all? If not, what is the best alternative that can handle this in an automated fashion?

Answer 1

Hi,

The schedule for the maintenance configurations runs at Azure, it does not run on the VM. On the VM only the patching is started when the maintenance configuration is running and the VM is part of it. So what you want to achieve is not possible. Tag your VMs in a way that each VM in different time zone has different tag values. Create maintenance configuration for each time zone and use the dynamic scoping to filter on the tag for each time zone. You can automate the deployment of maintenance configurations and applying the tags in various ways - Bicep, Terraform, CLI, Azure PowerShell, SDKs, etc. Whatever you feel conformable with.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer 2

If it's only critical and security patches, then use enable automatic guest patching on the VM itself. The Azure platform will install every month, off-peak hours within the VMs time zone, as they become available. See Automatic Guest Patching for Azure Virtual Machines and Scale Sets - Azure Virtual Machines | Microsoft Learn for more info.

However, if you're wanting to remain with a custom maintenance configuration, @Stanislav Zhelyazkov answer of creating multiple configurations is the only course of action.