Query to fetch VMs list from particular subscription and also script to apply assessment on the VMs

Question

I have list of csv file where one colum is "Periodic assessment" having status YES or not

and there is another column "NAME" which is giving the name of the virtual machine . There are other columns with along with these 2 columns. I have noticed that there are 142 machines which were not enabled with periodic assessment.

I have following 2 queries

1. Could you please share the script to apply periodic assessment for these 142 machines.

I have generated above report using query from resource graph explorer ,some how I am not able to find that query again , could you please share that query, thanks

Answer 1

You can refer to this link for the periodic assessment. https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching Also you can do the same using policies https://learn.microsoft.com/en-us/azure/update-manager/periodic-assessment-at-scale

Answer 2

@Varma As mentioned by Tulika, you can use existing built-in policy to enable automatic assessment at scale.

To retrieve periodic assessment information, you can check the required information from Azure portal by traversing to Azure Update Manager service and click machines Tab. You can export the information to csv by clicking on Export to CSV.

Another way is to retrieve similar information using azure resource graph explorer, you can use below sample query and tweak it based on your requirement.

resources
| where type =~ "microsoft.compute/virtualmachines"  
| where properties.storageProfile.osDisk.osType in~ ('Linux','Windows')
| where 1 == 1
| extend patchSettingsObject = iff(properties.storageProfile.osDisk.osType =~ "windows", properties.osProfile.windowsConfiguration.patchSettings, properties.osProfile.linuxConfiguration.patchSettings)
| extend conf = tostring(patchSettingsObject.patchMode)
| extend conf = iff (conf =~ "AutomaticByPlatform", iff(isnotnull(patchSettingsObject.automaticByPlatformSettings.bypassPlatformSafetyChecksOnUserSchedule) and patchSettingsObject.automaticByPlatformSettings.bypassPlatformSafetyChecksOnUserSchedule == true, "AutomaticByPlatformWithUserManagedSchedules", "AutomaticByPlatformUsingAutoGuestPatching"), conf)
| where 1 == 1
| extend os = tolower(tostring(properties.storageProfile.osDisk.osType))
| extend joinId=tolower(id)| extend status=properties.extended.instanceView.powerState.displayStatus
| where 1 == 1
| extend assessMode = tostring(patchSettingsObject.assessmentMode)
| extend periodicAssessment = iff(isnotnull(assessMode) and assessMode =~ "AutomaticByPlatform", "Yes", "No") 
| project id, name , resourceGroup , status, periodicAssessment

Answer 3

Since you want to enable periodic assessment at scale, please navigate to Azure Update Manager --> Overview--> Settings in the toolbar --> Update Settings --> Add machines --> Filter the relevant VMs which don't have periodic assessment enabled --> Select the machines --> Select enable periodic assessment . This flow currently allows you enable periodic assessment and other settings for 100 machines at a time.

https://learn.microsoft.com/en-us/azure/update-manager/manage-update-settings?tabs=manage-single-overview%2Cmanage-scale-overview

You can also choose Azure Policy for enabling periodic assessment at scale. https://learn.microsoft.com/en-us/azure/update-manager/periodic-assessment-at-scale