How to enable schedule patching on azure vm using powershell

Azuretech 90 Reputation points
2024-05-10T11:18:38+00:00

I am using below command as per documentation https://learn.microsoft.com/en-us/azure/update-manager/prerequsite-for-schedule-patching?tabs=new-prereq-powershell%2Cauto-portal&WT.mc_id=Portal-Microsoft_Azure_Automation#code-try-4

But it is asking to provide user name and password. I have to enable it for multiple VM remotely .

Can you please provide me how to change the property to 'Customer managed schedule" without giving user name and password?

$VirtualMachine = Get-AzVM -ResourceGroupName "<resourceGroup>" -Name "<vmName>"

Set-AzVMOperatingSystem -VM $VirtualMachine -Windows -PatchMode "AutomaticByPlatform"

$AutomaticByPlatformSettings = $VirtualMachine.OSProfile.WindowsConfiguration.PatchSettings.AutomaticByPlatformSettings

if ($null -eq $AutomaticByPlatformSettings) {

$VirtualMachine.OSProfile.WindowsConfiguration.PatchSettings.AutomaticByPlatformSettings = New-Object -TypeName Microsoft.Azure.Management.Compute.Models.WindowsVMGuestPatchAutomaticByPlatformSettings -Property @{BypassPlatformSafetyChecksOnUserSchedule = $true}

} else {

$AutomaticByPlatformSettings.BypassPlatformSafetyChecksOnUserSchedule = $true

}

Update-AzVM -VM $VirtualMachine -ResourceGroupName "<resourceGroup>"

PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,745 questions
Azure Update Manager
Azure Update Manager
An Azure service to centrally manages updates and compliance at scale.
332 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Gowtham CP 5,755 Reputation points
    2024-05-10T17:42:47.46+00:00

    Hello @Azuretech

    Thanks for reaching out in the Microsoft Q&A!

    To enable schedule patching on Azure VMs using PowerShell without providing a username and password, you can utilize Managed Identity authentication. To achieve this:

    Define Managed Identity for the Script:

    • Ensure that the Azure VM has been assigned a Managed Identity. This identity will be used for authentication without requiring username and password inputs.
    • Use the Managed Identity of the Azure VM to authenticate PowerShell to Azure. This way, you won't need to provide a username and password interactively.
    # Define your Azure VM resource group and name
    $ResourceGroupName = "<resourceGroup>"
    $VMName = "<vmName>"
    
    # Get the VM
    $VirtualMachine = Get-AzVM -ResourceGroupName $ResourceGroupName -Name $VMName
    
    # Set the patch mode to "AutomaticByPlatform"
    Set-AzVMOperatingSystem -VM $VirtualMachine -Windows -PatchMode "AutomaticByPlatform"
    
    # Get the current AutomaticByPlatformSettings
    $AutomaticByPlatformSettings = $VirtualMachine.OSProfile.WindowsConfiguration.PatchSettings.AutomaticByPlatformSettings
    
    # Check if AutomaticByPlatformSettings is null
    if ($null -eq $AutomaticByPlatformSettings) {
        # If null, create new settings
        $AutomaticByPlatformSettings = New-Object -TypeName Microsoft.Azure.Management.Compute.Models.WindowsVMGuestPatchAutomaticByPlatformSettings
    }
    
    # Enable bypassing platform safety checks on user schedule
    $AutomaticByPlatformSettings.BypassPlatformSafetyChecksOnUserSchedule = $true
    
    # Set the updated AutomaticByPlatformSettings
    $VirtualMachine.OSProfile.WindowsConfiguration.PatchSettings.AutomaticByPlatformSettings = $AutomaticByPlatformSettings
    
    # Update the VM
    Update-AzVM -VM $VirtualMachine -ResourceGroupName $ResourceGroupName
    
    

    This approach allows you to enable schedule patching on multiple VMs remotely without the need for username and password inputs.

    If you found this solution helpful, consider accepting it.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.