Error: Bicep deployment of maintenance configuration + dynamic scope for Update Manager

BartDecker-8243 175 Reputation points
2024-02-13T10:10:05.6966667+00:00

I try to deploy:

  1. Microsoft.Maintenance/maintenanceConfigurations using the 2023-04-01 API Subsequently I deploy in the same template
  2. Microsoft.Maintenance/configurationAssignments

(1) containing the maintenance configuration and (2) adding the dynamic scope to the maintenance config.

The schedules "maintenanceScope" = "InGuestPatch" as the target of the configuration are Azure VM's.

This leads however to the following error:

Provided combination of resource type Microsoft.WindowsAzure.Deployment.MRP.Validators.DefaultResourceRequest and maintenance configuration scope InGuestPatch aren't supported

I tried playing around with several settings but can't make this work. The documentation around it is quite limited.

code snippets:

//RESOURCES
resource maintenanceConfiguration 'Microsoft.Maintenance/maintenanceConfigurations@2023-04-01' = {
  name: patchScheduleName
  location: location
  properties: {
    extensionProperties: {
      inGuestPatchmode: 'User'
    }
    installPatches: {
      linuxParameters: {
        classificationsToInclude: linuxUpdateClassificationsToInclude
        packageNameMasksToExclude: linuxUpdatePackageNameMasksToExclude
        packageNameMasksToInclude: linuxUpdatePackageNameMasksToInclude
      }
      rebootSetting: updateRebootSetting
      windowsParameters: {
        classificationsToInclude: windowsUpdateClassificationsToInclude
        excludeKbsRequiringReboot: windowsExcludeKbsRequiringReboot
        kbNumbersToExclude: windowsKbNumbersToExclude
        kbNumbersToInclude: windowsKbNumbersToInclude
      }
    }
    maintenanceScope: maintenanceScope
    maintenanceWindow: {
      duration: maintenanceWindowDuration
      expirationDateTime: maintenanceWindowExpirationDateTime
      recurEvery: maintenanceWindowRecurEvery
      startDateTime: maintenanceWindowStartDateTime
      timeZone: maintenanceWindowTimeZone
    }
    visibility: 'Custom'
  }
}

resource symbolicname 'Microsoft.Maintenance/configurationAssignments@2023-04-01' = {
  name: patchScheduleName
  scope:maintenanceConfiguration
  location: location
  properties: {
    filter: {
      locations: dynamicScopeLocations
      osTypes: dynamicScopeOsTypes
      resourceGroups: dynamicScopesResourceGroups
      resourceTypes: dynamicScopesResourceTypes
      tagSettings: {
        filterOperator: dynamicScopesTagFilter
        tags: empty(dynamicScopesTags) ? defaultDynamicScopesTags : dynamicScopesTags
      }
    }
    maintenanceConfigurationId: maintenanceConfiguration.id
    resourceId: maintenanceConfiguration.id
  }
}

With example input parameter values: (fed via parent modules parent module to the above example which resides in a child module.

                    "patchScheduleName": "linux-dev2",
                    "installPatches": {
                        "linuxParameters": {
                            "classificationsToInclude": ["Security",
                            "Critical"],
                            "packageNameMasksToExclude": [],
                            "packageNameMasksToInclude": []
                        },
                        "rebootSetting": "ifRequired",
                        "windowsParameters": {
                            "classificationsToInclude": [],
                            "excludeKbsRequiringReboot": true,
                            "kbNumbersToExclude": [],
                            "kbNumbersToInclude": []
                        }
                    },
                    "maintenanceScope": "InGuestPatch",
                    "maintenanceWindow": {
                        "duration": "03:55",
                        "expirationDateTime": "2025-02-08 00:00",
                        "recurEvery": "1Day",
                        "startDateTime": "2024-02-08 00:00",
                        "timeZone": "Romance Standard Time"
                    },
                    "dynamicScopes":{
                        "dynamicScopeLocations": [],
                        "dynamicScopeOsTypes": ["Linux"],
                        "dynamicScopeResourceGroups": [],
                        "dynamicScopeResourceTypes": ["Microsoft.Compute/virtualMachines"],
                        "dynamicScopeTagFilter": "All",
                        "dynamicScopeTags": {}
                    }
                }
Azure Update Manager
Azure Update Manager
An Azure service to centrally manages updates and compliance at scale.
232 questions
0 comments
Accepted answer
  1. Stanislav Zhelyazkov 21,411 Reputation points MVP
    2024-02-13T10:54:04.3+00:00

    Hi, Which resource exactly fails? For sure the template is not correct as maintenance configurations is a resource that is deployed at resource group scope and configurationAssignment to be deployed as dynamic scope is deployed at subscription scope. configurationAssignment when deployed at resource group scope only serves deploying static assignments.

    Update:

    targetScope = 'subscription'
resource stg 'Microsoft.Maintenance/maintenanceConfigurations@2023-04-01' existing = {
  scope: resourceGroup('<your value>')
  name: '<your value>'
}

param subscriptionId string = subscription().id

resource symbolicname 'Microsoft.Maintenance/configurationAssignments@2023-04-01' = {
  name: 'test'
  properties: {
    filter: {
      locations: [ 'West Europe' ]
      osTypes: [ 'windows' ]
      resourceGroups: []
      resourceTypes: [ 'Microsoft.Compute/virtualMachines' ]
      tagSettings: {
        filterOperator: 'All'
        tags: {}
      }
    }
    maintenanceConfigurationId: stg.id
    resourceId: subscriptionId
  }
}

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    2 people found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest