Share via

How to enable schedule patching on azure vm using powershell

Azuretech 90 Reputation points
2024-05-10T11:18:38+00:00

I am using below command as per documentation https://learn.microsoft.com/en-us/azure/update-manager/prerequsite-for-schedule-patching?tabs=new-prereq-powershell%2Cauto-portal&WT.mc_id=Portal-Microsoft_Azure_Automation#code-try-4

But it is asking to provide user name and password. I have to enable it for multiple VM remotely .

Can you please provide me how to change the property to 'Customer managed schedule" without giving user name and password?

$VirtualMachine = Get-AzVM -ResourceGroupName "<resourceGroup>" -Name "<vmName>"

Set-AzVMOperatingSystem -VM $VirtualMachine -Windows -PatchMode "AutomaticByPlatform"

$AutomaticByPlatformSettings = $VirtualMachine.OSProfile.WindowsConfiguration.PatchSettings.AutomaticByPlatformSettings

if ($null -eq $AutomaticByPlatformSettings) {

$VirtualMachine.OSProfile.WindowsConfiguration.PatchSettings.AutomaticByPlatformSettings = New-Object -TypeName Microsoft.Azure.Management.Compute.Models.WindowsVMGuestPatchAutomaticByPlatformSettings -Property @{BypassPlatformSafetyChecksOnUserSchedule = $true}

} else {

$AutomaticByPlatformSettings.BypassPlatformSafetyChecksOnUserSchedule = $true

}

Update-AzVM -VM $VirtualMachine -ResourceGroupName "<resourceGroup>"

PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,189 questions
Azure Update Manager
Azure Update Manager
An Azure service to centrally manages updates and compliance at scale.
259 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gowtham CP 2,450 Reputation points
    2024-05-10T17:42:47.46+00:00

    Hello @Azuretech

    Thanks for reaching out in the Microsoft Q&A!

    To enable schedule patching on Azure VMs using PowerShell without providing a username and password, you can utilize Managed Identity authentication. To achieve this:

    Define Managed Identity for the Script:

    • Ensure that the Azure VM has been assigned a Managed Identity. This identity will be used for authentication without requiring username and password inputs.
    • Use the Managed Identity of the Azure VM to authenticate PowerShell to Azure. This way, you won't need to provide a username and password interactively.
    # Define your Azure VM resource group and name
$ResourceGroupName = "<resourceGroup>"
$VMName = "<vmName>"

# Get the VM
$VirtualMachine = Get-AzVM -ResourceGroupName $ResourceGroupName -Name $VMName

# Set the patch mode to "AutomaticByPlatform"
Set-AzVMOperatingSystem -VM $VirtualMachine -Windows -PatchMode "AutomaticByPlatform"

# Get the current AutomaticByPlatformSettings
$AutomaticByPlatformSettings = $VirtualMachine.OSProfile.WindowsConfiguration.PatchSettings.AutomaticByPlatformSettings

# Check if AutomaticByPlatformSettings is null
if ($null -eq $AutomaticByPlatformSettings) {
    # If null, create new settings
    $AutomaticByPlatformSettings = New-Object -TypeName Microsoft.Azure.Management.Compute.Models.WindowsVMGuestPatchAutomaticByPlatformSettings
}

# Enable bypassing platform safety checks on user schedule
$AutomaticByPlatformSettings.BypassPlatformSafetyChecksOnUserSchedule = $true

# Set the updated AutomaticByPlatformSettings
$VirtualMachine.OSProfile.WindowsConfiguration.PatchSettings.AutomaticByPlatformSettings = $AutomaticByPlatformSettings

# Update the VM
Update-AzVM -VM $VirtualMachine -ResourceGroupName $ResourceGroupName

    This approach allows you to enable schedule patching on multiple VMs remotely without the need for username and password inputs.

    If you found this solution helpful, consider accepting it.