Enabling periodic assessment automatically for the VM

Varma 1,380 Reputation points
2024-03-30T06:29:25.4+00:00

After creating the VM, I should see that periodic assesment option to be enabled a when I navigate to update section. how it can be achieved?

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
912 questions
Azure Update Manager
Azure Update Manager
An Azure service to centrally manages updates and compliance at scale.
313 questions
0 comments No comments
{count} votes

Accepted answer
  1. Deepanshukatara-6769 10,130 Reputation points
    2024-03-30T11:14:17.15+00:00

    Hi , Thanks to reaching us

    Enable Periodic Assessment for your Azure machines by using Azure Policy

    1. Go to Policy in the Azure portal and select Authoring > Definitions.
    2. From the Category dropdown, select Update Manager. Select Configure periodic checking for missing system updates on Azure virtual machines for Azure machines.
    3. When Policy definition opens, select Assign.
    4. On the Basics tab, select your subscription as your scope. You can also specify a resource group within your subscription as the scope. Select Next.
    5. On the Parameters tab, clear Only show parameters that need input or review so that you can see the values of parameters. In Assessment mode, select AutomaticByPlatform > Operating system > Next. You need to create separate policies for Windows and Linux.
    6. On the Remediation tab, select Create a remediation task so that periodic assessment is enabled on your machines. Select Next.
    7. On the Non-compliance message tab, provide the message that you want to see if there was noncompliance. For example, use Your machine doesn't have periodic assessment enabled. Select Review + Create.
    8. On the Review + Create tab, select Create to trigger Assignment and Remediation Task creation, which can take a minute or so.

    You can monitor the compliance of resources under Compliance and remediation status under Remediation on the Azure Policy home page.

                                                **OR** 
    

    Also, you can do from Update Manager to control the update settings on your Azure virtual machines (VMs) a for one or more machines.

    1. Sign in to the Azure portal.
    2. In Azure Update Manager, select Overview, select your Subscription, and select Update settings.
    3. In Change update settings, select +Add machine to select the machine for which you want to change the update settings.
    4. In Select resources, select the machine and select Add.
    5. In the Change update settings page, you will see the machine classified as per the operating system with the list of following updates that you can select and apply. Screenshot that shows highlighting the Update settings to change option in the Azure portal. The following update settings are available for configuration for the selected machines: Periodic assessment: The periodic assessment is set to run every 24 hours. You can either enable or disable this setting.

    Please find the docs https://learn.microsoft.com/en-us/azure/update-manager/manage-update-settings?tabs=manage-single-overview%2Cmanage-scale-overview

    https://learn.microsoft.com/en-us/azure/update-manager/periodic-assessment-at-scale

    Kindly accept answer , if it helps , Thanks!


1 additional answer

Sort by: Most helpful
  1. Abhimanyu Varma 85 Reputation points Microsoft Employee
    2024-03-30T15:47:48.1733333+00:00

    In addition to the azure policy and update setting routes in portal, you can setup an automation like Azure automation runbooks, Azure Functions to periodically check if any vms are there with periodic assessment not enabled. If yes, please trigger api calls to enable periodic assessment.

    You can also setup a log search alert rule to query vms which do not have periodic assessment set, so whenever this is found, an alert will fire and as an action on that alert trigger an automation runbook/azure function/webhook etc. via action groups to enable periodic assessment. You can also receive emails/sms etc. via action groups.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.