how to add new virtual machines automatically to Azure Update Management

Abrar Adil S 216 Reputation points
2023-08-28T04:41:00.39+00:00

I maintain VMs in both the East US and West US regions. In each of these regions, I have two automation accounts with Update Management activated. Currently, whenever I create a new VM in the East US region, I manually include it in the Update Management system linked to the East US Automation Account. To streamline and minimize manual efforts, I aim to utilize Azure Policy. My goal is to automatically identify non-compliant machines by checking if they are connected to the Log Analytics workspace. Additionally, I'm curious if it's feasible to automate the process of enabling the Azure Monitoring agent and adding the machine to the Update Management once it's created.

Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,103 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. AnuragSingh-MSFT 19,601 Reputation points
    2023-08-29T05:53:12.45+00:00

    @Abrar Adil S , thank you for posting this question.

    You are going in the right direction. Here are the high-level steps which are required to enable Azure Automation Update Management.

    1. Install Log Analytics Agent (aka Microsoft Monitoring Agent) on the VM
    2. Include it in Azure Automation Update Management.

    For first step (install LA agent on new VM), you can use Azure Initiative - Legacy - Enable Azure Monitor for VMs This initiative contains a set of Azure Policy which installs/configures LA agent on all VMs - Azure, On-prem using Arc for both - Windows and Linux VMs. For assigning Azure Initiative, please see Quickstart: Create a policy assignment to identify non-compliant resources.

    The initiative will install and configure LA agent to report to a particular LA workspace (which should be linked to Azure Automation).

    For the second step (configure VM for update management), you can follow the step as mentioned here - Enable machines in the workspace. You can choose the option "Enable on all available and future machines" so that any new machine which starts reporting to LA workspace, the Azure Automation Update would get enabled for that VM.

    Hope this helps.

    If the answer did not help, please add more context/follow-up question for it, and we will help you out. Else, if the answer helped, please click Accept answer so that it can help others in the community looking for help on similar topics.