how to find Azure VM patching report using some query which will show latest patch , missing patches ,last patch detail using powershell for machine mentioned in a csv file

Question

how to find Azure VM patching report using some query which will show latest patch , missing patches ,last patch detail using powershell for machine mentioned in a csv file

Azure-learning 56

how to find Azure VM patching report using some query which will show latest patch , missing patches ,last patch detail using powershell for machine mentioned in a csv file.

I need to write a powershell script where i can mention vm machine patching detail query and machine names it will take from a file

Maxim Sergeev 6,586 Reputation points Microsoft Employee

2022-07-21T21:31:53.293+00:00

Have you tried a new service called Update Center https://learn.microsoft.com/en-us/azure/update-center/ ? it doesn't require any agents and you can easily get required data by usinge native Azure Resource Graph queries. All examples are described in official docs
Azure-learning 56 Reputation points

2022-07-22T02:58:35.15+00:00

Hi @Maxim Sergeev I need to write a script in powershell which will query the vm patch data ,so i was thinking if there is any log analytics query using that i can fetch

1 answer

Your answer

Maxim Sergeev 6,586 Reputation points Microsoft Employee

2022-07-21T21:31:53.293+00:00

Have you tried a new service called Update Center https://learn.microsoft.com/en-us/azure/update-center/ ? it doesn't require any agents and you can easily get required data by usinge native Azure Resource Graph queries. All examples are described in official docs
Azure-learning 56 Reputation points

2022-07-22T02:58:35.15+00:00

Hi @Maxim Sergeev I need to write a script in powershell which will query the vm patch data ,so i was thinking if there is any log analytics query using that i can fetch

Answer 1

tbgangav-MSFT 10,426 Moderator

Hi @NehaBameta-3476,

As mentioned by @Maxim Sergeev , the recommended or new unified service for the managing and governing updates for all the machines is Update Management Center. If you need to query the Azure Resource Graph periodically then you may run Azure Resource Graph queries in an Azure Logic App as explained here.

If you are looking for a manual way to pull patching data from a VM via a PowerShell script then come up with general PowerShell script to get patch details and once run it inside the VM manually to check if it pulls required data or not and then have that PowerShell script as an Azure Automation runbook and remotely execute it in the required VM as explained here / here and then forward runbook logs to log analytics workspace as explained here.

Azure-learning 56 Reputation points

2022-07-28T18:29:08.323+00:00

@tbgangav-MSFT I am using log analytics api to query the patch information. I am facing an issue while giving variables in the query .
I have defined it's value correctly, but it's not considering the value ,not sure if there is any restrictions for variables in query,

$Query = @'
{
"query": "Update | where TimeGenerated > ago(14h) and Computer == '$VMName'"
}
'@

Can you please suggest,
Azure-learning 56 Reputation points

2022-08-01T06:02:13.57+00:00

@tbgangav-MSFT could you please assist on the issue.
tbgangav-MSFT 10,426 Reputation points Moderator

2022-08-02T10:06:05.46+00:00

Hi @NGaur-3476,

It might not be considering the value because the $Query variable is covered under single quotes.

In that case, replace single quotes to double quotes as shown in below screenshot

or else break the variable and concat as shown in below screenshot.

On the other hand, if you using this log analytics API in your PowerShell script then why don't you go with PowerShell version of the same API i.e., Invoke-AzOperationalInsightsQuery in your PowerShell script?
Azure-learning 56 Reputation points

2022-08-02T14:42:19.637+00:00

Thank you @tbgangav-MSFT for the help. it's working now.
tbgangav-MSFT 10,426 Reputation points Moderator

2022-08-02T14:48:43.793+00:00

Hi @NGaur-3476,

Glad to know that it helped.

Share via

how to find Azure VM patching report using some query which will show latest patch , missing patches ,last patch detail using powershell for machine mentioned in a csv file

1 answer

Your answer