Share via

How to create Update Management deployment schedules using CLI or REST API?

sac16 50 Reputation points
2023-05-06T20:43:14.92+00:00

I am trying to create an automated patching solution for Azure VMs that will automatically pull VMs into a deployment schedule based on two tags that will exist on each VM (Patch_Window and Patch_Group). The patch groups will be either Windows or Linux. The patch windows will be 32 day/time slots:Screenshot 2023-05-06 154944

So based on this design, I need to create 64 monthly deployment schedules (32 Windows, 32 Linux) that each contain a dynamic Azure group that filters on two tags. I would ultimately like to create a script that can create these schedules rather than having to manually create them one at a time in the Azure Portal. In efforts to accomplish this, I have a few questions:

  1. Is it currently possible to create deployment schedules through either the Azure CLI, REST API, or PowerShell?
  2. The tags are new and VMs do not have these tag values assigned yet. Is it possible to create a dynamic group that filters on a tag value that hasn't been assigned to a resource yet?

Also, I am open to other suggestions if there is a better way to accomplish what I'm trying to do besides using deployment schedules.

Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,196 questions
Azure Update Manager
Azure Update Manager
An Azure service to centrally manages updates and compliance at scale.
272 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. AnuragSingh-MSFT 21,251 Reputation points
    2023-05-09T07:31:29.7766667+00:00

    @sac16 , Based on the question and details provided in the question, as you rightly mentioned - it will require scripting to be used for performing these tasks.

    One of the options available is to use Azure's newly launched and currently in preview "Update Management Center". While the Azure Automation Update Management relied on Log Analytics Agent and Hybrid worker to be installed, the Update management center (Preview) is the v2 version of Automation Update management and the future of Update management in Azure. UMC is a native service in Azure and does not rely on Log Analytics agent or Azure Monitor agent. For more details see - About Update management center (preview)

    Here are some resources that should help you get familiarized with the concepts required for your use case:

    To answer your question:

    1. Is it currently possible to create deployment schedules through either the Azure CLI, REST API, or PowerShell?
      Yes, Update Management Center (Preview) provides various options (REST API, Azure PowerShell and CLI) to apply update schedule to VMs. For more details, see How to programmatically manage updates for Azure VMs
    2. The tags are new and VMs do not have these tag values assigned yet. Is it possible to create a dynamic group that filters on a tag value that hasn't been assigned to a resource yet?
      I don't think this is available yet. One of the ways to implement such a solution would be to create and include this logic in the script itself which runs periodically to query VMs based on particular tag --> create list/Array --> and iterate over such array to schedule the update.

    Given the custom requirement that you have (dynamic update of schedule of VM's update, multiple schedules etc.) I think the creating a script and performing such operation will be one of the options. Other options (similar to this only) would require custom automation implementation using Function App, Logic Apps or Azure Automation. The developed script would still require to be run periodically (based on how frequently the tags change) and Azure Automation would be a good option for that.

    Hope this helps.

    If the answer did not help, please add more context/follow-up question for it, and we will help you out. Else, if the answer helped, please click Accept answer so that it can help others in the community looking for help on similar topics.

  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

  3. sac16 50 Reputation points
    2023-05-17T19:37:54.8033333+00:00

    Update: After doing more research and trials, I was able to find the correct combination of Powershell cmdlets and commands to use that creates an automation schedule, update management query that creates a dynamic group, and a scheduled software update configuration. My next steps are to create a script to put these items inside a loop that can create all the schedules I am looking for.

    Here is the outline of the commands I used to create the schedules:

    # Only needed one time
Install-Module Az.Accounts
Install-Module Az.Automation

# Variables
$StartTime = (Get-Date -Year 2023 -Month 6 -Day 1  -Hour 0 -Minute 0 -Second 0)
$duration = New-TimeSpan -Hours 2
$ResourceGroupName "RG_Name"
$AutomationAccount = "Account_Name"

#  Create Automation Schedule
$schedule = New-AzAutomationSchedule `

# Create Azure Update Management Query
$azq = New-AzAutomationUpdateManagementAzureQuery
$AzureQueries = @($azq)

# Create Scheduled Software Update Configuration 
New-AzAutomationSoftwareUpdateConfiguration
    0 comments