Configuring Windows Update Management Schedules for Hybrid Environment

adr 46 Reputation points
2021-12-02T12:51:08.683+00:00

Need some advice setting up Windows Updates Management in Azure to manage updates for servers in our Hybrid environment.
I am looking setup Update Schedules deployments grouped by type.
For example,
Management-Windows-Servers-Monthly: this includes OnPrem and Azure Management Servers - 1st Tuesday of every month, 10PM
Print-Windows-Servers-Monthly: this includes OnPrem and Azure Print Servers - 1st Wednesday of every month, 10PM (These will exclude certain KBs)
App-Windows-Servers-Monthly: this includes OnPrem Application Servers - 1st Tuesday of every month, 10PM (These servers may be migrated to Azure in future)

I have tested managing updates for our OnPrem servers (using a function to query the imported AD group)
All seems OK and will include new servers OnPrem if they are later added to the AD Group

I am trying to setup similar for the Azure VMs.
Is it recommended to add these using group based on Tags/Resource Group or would I need a query to output these servers? Can the Deployment Schedule be updated to include more groups?
Is it best practice to keep Azure and Non-Azure servers in separate Update Deployment Schedules?
Any recommendations?

Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,114 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,122 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Clément BETACORNE 2,031 Reputation points
    2021-12-06T09:21:40.127+00:00

    Hello,

    Regarding the update management solution it's best to use tags for server grouping like that you can create your schedule based on this information.
    You can update your schedule to include more groups.
    Regarding the last point if the same team is responsible to do the update having one automation account will be easier however you also have to check data sovereignty

    Regards,

  2. adr 46 Reputation points
    2023-01-29T12:54:29.8533333+00:00

    Thanks. I have managed to setup the update schedules and configured them to run on a weekly basis. However, I was wondering if is it possible to run a query to determine what servers are included in a deployment schedule? All servers (onPrem and Azure are connected to the same workspace, configured for Update Management using an Automation Account)

    Over the last 6months we have had a number of servers created as well as some that have been decommissioned. My aim is to find out which are currently are not currently setup with an update schedule and also to troubleshoot those that are in more than one schedule, in error.

    I this is not possible any suggestions how to go about sending notifications after update deployments are done (with a list of servers) that can prompt the team to check if a server is no longer available?

    0 comments