![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 0%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
Azure Update Manager
An Azure service to centrally manages updates and compliance at scale.
376 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 4%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Hello Jagadish B,
Welcome to the Microsoft Q&A and thank you for posting your questions here.
I understand that you would like to get the PowerShell scripts that support and create a maintenance configuration for Azure virtual machines with guest scope.
You must have enabled PowerShell Modules and ensure they are running with latest module: For example.
Install-Module -Name PowerShellGet -Repository PSGallery -Force
Install-Module -Name Az.Maintenance
# Confirm that you’re running the latest version of Az.Maintenance (version 1.2.0)
Get-Module -ListAvailable -Name Az.Maintenance
To answer the specific questions:
- Creating maintenance configuration for azure virtual machines with guest scope
#trigger an update assessment on your Azure VM
az vm assess-patches -g MyResourceGroup -n MyVm
# Create the maintenance configuration
New-AzUpdateManagementMaintenanceConfiguration -ResourceGroupName $resourceGroupName `
-Name $maintenanceConfigName `
-Location $location `
-Schedule $schedule `
-MaintenanceWindow $maintenanceWindow `
-Scope "Guest"
Change MyResourceGroup and MyVm with your actual resource group and VM names
- Add specific VMs of a resource group to it.
# Combine the following commands into a script to create an update schedule
New-AzAutomationSchedule
New-AzAutomationUpdateManagementAzureQuery
New-AzAutomationSoftwareUpdateConfiguration
# Create a new automation schedule
$schedule = New-AzAutomationSchedule -Name "MyUpdateSchedule" -ResourceGroupName "MyResourceGroup" -AutomationAccountName "MyAutomationAccount" -StartTime (Get-Date).AddDays(1) -DayInterval 7
# Define an Azure query to select the VMs
$query = New-AzAutomationUpdateManagementAzureQuery -ResourceGroupName "MyResourceGroup" -Name "MyQuery" -Schedule $schedule
# Create a new software update configuration
New-AzAutomationSoftwareUpdateConfiguration -ResourceGroupName "MyResourceGroup" -AutomationAccountName "MyAutomationAccount" -Name "MyUpdateConfiguration" -UpdateConfiguration $query
# Add VMs to the maintenance configuration
foreach ($vmName in $vmNames) {
Add-AzUpdateManagementMaintenanceConfigurationVM `
-ResourceGroupName $resourceGroupName `
-MaintenanceConfiguration $maintenanceConfig `
-VirtualMachineName $vmName
}
- Remove vms from existing configuration
No specific command, but you can create a new configuration without the VMs you want to exclude and apply it to the remaining VMs. In some cases, you will find the below snippet to work.
# Create a new configuration excluding specific VMs
$newConfig = New-AzAutomationSoftwareUpdateConfiguration -ResourceGroupName "MyResourceGroup" -AutomationAccountName "MyAutomationAccount" -Name "NewUpdateConfiguration" -UpdateConfiguration $query
# Apply the new configuration to the remaining VMs
# (You will need to adjust the scope or parameters to exclude certain VMs.)
#Alternatively:
# Define variables
$resourceGroupName = "YourResourceGroupName"
$maintenanceConfigName = "YourMaintenanceConfigName"
$vmNames = @("VM1", "VM2") # Names of the VMs you want to remove
# Get the maintenance configuration
$maintenanceConfig = Get-AzUpdateManagementMaintenanceConfiguration `
-ResourceGroupName $resourceGroupName `
-Name $maintenanceConfigName
# Remove VMs from the maintenance configuration
foreach ($vmName in $vmNames) {
Remove-AzUpdateManagementMaintenanceConfigurationVM `
-ResourceGroupName $resourceGroupName `
-MaintenanceConfiguration $maintenanceConfig `
-VirtualMachineName $vmName
}
Accept Answer
I hope this is helpful! Do not hesitate to let me know if you have any other questions.
** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful ** so that others in the community facing similar issues can easily find the solution.
Best Regards,
Sina Salam