About Dynamic Scoping
Applies to: ✔️ Windows VMs ✔️ Linux VMs ✔️ On-premises environment ✔️ Azure VMs ✔️ Azure Arc-enabled servers.
Dynamic Scoping is an advanced capability of schedule patching that allows users to:
- Group machines based on criteria such as subscription, resource group, location, resource type, OS Type, and Tags. This becomes the definition of the scope.
- Associate the scope to a schedule/maintenance configuration to apply updates at scale as per a pre-defined scope.
The criteria will be evaluated at the scheduled run time, which will be the final list of machines that will be patched by the schedule. The machines evaluated during create or edit phase may differ from the group at schedule run time.
Key benefits
At Scale and simplified patching - You don't have to manually change associations between machines and schedules. For example, if you want to remove a machine from a schedule and your scope was defined based on tag(s) criteria, removing the tag on the machine will automatically drop the association. These associations can be dropped and added for multiple machines at scale.
Note
Subscription is mandatory for the creation of dynamic scope and you can't edit it after the dynamic scope is created.
Reusability of the same schedule - You can associate a schedule to multiple machines dynamically, statically, or both.
Prerequisites
- Patch Orchestration must be set to Customer Managed Schedules. This sets patch mode to AutomaticByPlatform and the BypassPlatformSafetyChecksOnUserSchedule = True.
- Associate a Schedule with the VM.
Permissions
For Dynamic Scoping and configuration assignment, ensure that you have the following permissions:
- Write permissions at subscription level to create or modify a schedule.
- Read permissions at subscription level to assign or read a schedule.
Service limits
The following are the Dynamic scope recommended limits for each dynamic scope.
Resource | Limit |
---|---|
Resource associations | 1000 |
Number of tag filters | 50 |
Number of Resource Group filters | 50 |
Note
The above limits are for Dynamic scope in the Guest scope only.
For more information, see service limits for scheduled patching.
Next steps
- Learn more about how to Configure schedule patching on Azure VMs for business continuity.
- Follow the instructions on how to manage various operations of Dynamic scope
- Learn on how to automatically installs the updates according to the created schedule both for a single VM and at scale.
- Learn about pre and post events to automatically perform tasks before and after a scheduled maintenance configuration.