any custom script to deploy windows updates on multiple VMs across multiple resource groups

Question

we have a requirement of scheduling update deployments for different Windows VMs. we have 3 Windows VMs in 3 different resource groups and these 3 VMs are connected to 3 different LA workspace of there corresponding resource group. we need to schedule update deployment from single automation account to install the selected windows classification updates. Any custom script available please let me know.

Answer 1

@Reza-Ameri , thanks for the reply.
The documentation link which you shared related update deployment for Windows 10 using WSUS.

Let me brief my requirement again:

1. We have Azure 3 windows server 2019 Data center VMs across three different resource groups.
2. All these 3 windows VMs are connected to different LA workspace(s), and update management is configured separately for each windows VM.
3. We need to define a process to schedule the update deployment across all three VMs to install only critical and security updates and need to view the consolidated results with list of updates installed on all VMs like Dashboard results.

Please share the steps or procedure to configure the schedule update deployment to multiple VMs which hosted across multiple resource groups and connected to different LA workspace.

Answer 2

Hi,

Thanks for posting on our forum!

Based on your descriptions, I suggest that you may find this article useful:

https://learn.microsoft.com/en-us/azure/automation/update-management/overview

Besides, as long as your VMs are in the same domain, you should not worry about limitations from different resource groups or different workspaces. Since your VMs are Windows OS, you can use WSUS or group policy to configure automatic update for these VMs. Just go to control panel>> Edit group policy>> Computer Configuration>> Administrative Templates>> Windows Components, and then click Windows Update. In the details panel, choose configure automatic update and click Enable and 4-Auto download and schedule the install:

And here is the article about configuring group policy:

https://learn.microsoft.com/de-de/security-updates/windowsupdateservices/18127451

Thanks for your support!

BR,
Joan

--------------------------------------------------------------------------------------------------------------------

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 3

Thanks @JiayaoZhu for the reply.

The article what you shared is related to configuring the windows updates for virtual machines which are connected to same domain. I missed to mention in earlier post as all the windows virtual machines are not connected to domain as they belongs to individual customers. We deployed our product in Azure cloud on different virtual machines for different customers . Those VMs are not connected to any domain and will not be connected to domain as customers are different.

Our requirement is to have a single scheduled update deployment which install the specific updates like critical and security updates on all the configured VMs across different resource group and these virtual machines are connected to separate log analytics workspace and also need to have abort option for cancelling the updates installation. If they are connected to single Log analytics workspace we can schedule update deployment for all VMs at single schedule update deployment instance.

In our case they are connected to different log analytics workspaces, need to have single schedule update deployment where we can see the list of VMs for update deployment and after deployment, we can view the list of VMs with installed updates with status like Dashboard results. Is this customization possible, if so please share the steps to configure and configuration procedure.

Answer 4

Hi,

Thanks for your reply!

Here is my suggestion:

1) You can set up a same automatic update configuration for each VM seperately through group policy (i.e. the same frequency, date, etc.). For each configuration, just follow my guidance in my previous answer:

Go to control panel>> Edit group policy>> Computer Configuration>> Administrative Templates>> Windows Components, and then click Windows Update. In the details panel, choose configure automatic update and click Enable and 4-Auto download and schedule the install. Also see the screenshot I offered.

2) Then, download and install our free tool RDCMan on your computer and create a group, add the three VMs into the group, then you can view their update status:

http://woshub.com/using-rdcman-remote-desktop-connection-manager/

Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

Thanks for your support!

BR,
Joan

---

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 5

@JiayaoZhu , Thanks for the reply.

The links shared related to RDCMan that tool is no more supported and as you suggested we need to separately configure the each VM in AD.

our requirement is to configure the schedule update deployment all three VMs with the update management like with single schedule need to install selected updates on three different VMs which are connected to different LA workspace and need to view the installed updates at single place like dashboard. Is there any workaround for this requirement or with any customization on existing update management is this possible.