Share via

Configuring Windows Update Management Schedules for Hybrid Environment

Adrian Evangelista 56 Reputation points
2021-12-02T12:51:08.683+00:00

Need some advice setting up Windows Updates Management in Azure to manage updates for servers in our Hybrid environment.
I am looking setup Update Schedules deployments grouped by type.
For example,
Management-Windows-Servers-Monthly: this includes OnPrem and Azure Management Servers - 1st Tuesday of every month, 10PM
Print-Windows-Servers-Monthly: this includes OnPrem and Azure Print Servers - 1st Wednesday of every month, 10PM (These will exclude certain KBs)
App-Windows-Servers-Monthly: this includes OnPrem Application Servers - 1st Tuesday of every month, 10PM (These servers may be migrated to Azure in future)

I have tested managing updates for our OnPrem servers (using a function to query the imported AD group)
All seems OK and will include new servers OnPrem if they are later added to the AD Group

I am trying to setup similar for the Azure VMs.
Is it recommended to add these using group based on Tags/Resource Group or would I need a query to output these servers? Can the Deployment Schedule be updated to include more groups?
Is it best practice to keep Azure and Non-Azure servers in separate Update Deployment Schedules?
Any recommendations?

Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,368 questions
Windows for business | Windows Server | User experience | Other

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Clément BETACORNE 2,496 Reputation points
    2021-12-06T09:21:40.127+00:00

    Hello,

    Regarding the update management solution it's best to use tags for server grouping like that you can create your schedule based on this information.
    You can update your schedule to include more groups.
    Regarding the last point if the same team is responsible to do the update having one automation account will be easier however you also have to check data sovereignty

    Regards,

  2. Adrian Evangelista 56 Reputation points
    2023-01-29T12:54:29.8533333+00:00

    Thanks. I have managed to setup the update schedules and configured them to run on a weekly basis. However, I was wondering if is it possible to run a query to determine what servers are included in a deployment schedule? All servers (onPrem and Azure are connected to the same workspace, configured for Update Management using an Automation Account)

    Over the last 6months we have had a number of servers created as well as some that have been decommissioned. My aim is to find out which are currently are not currently setup with an update schedule and also to troubleshoot those that are in more than one schedule, in error.

    I this is not possible any suggestions how to go about sending notifications after update deployments are done (with a list of servers) that can prompt the team to check if a server is no longer available?

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.