Enable Automanage for virtual machines through Azure Policy
Caution
On 31 August 2024, both Automation Update Management and the Log Analytics agent it uses will be retired. Migrate to Azure Update Manager before that. Refer to guidance on migrating to Azure Update Manager here. Migrate Now.
If you want to enable Automanage for lots of VMs, you can do that using a built-in Azure Policy. This article will walk you through finding the right policy and how to assign it in order to enable Automanage in the Azure portal.
Prerequisites
If you don't have an Azure subscription, create an account before you begin.
Note
Free trial accounts do not have access to the virtual machines used in this tutorial. Please upgrade to a Pay-As-You-Go subscription.
Important
The following Azure RBAC permission is needed to enable Automanage: Owner role or Contributor along with User Access Administrator roles.
Direct link to Policy
There are two Automanage built-in policies:
- Built-in Automanage profiles (dev/test and production): The Automanage policy definition can be found in the Azure portal by the name of Configure virtual machines to be onboarded to Azure Automanage.
- Custom configuration profiles: The Automanage policy definition can be found in the Azure portal by the name of Configure virtual machines to be onboarded to Azure Automanage with Custom Configuration Profile.
If you click on this link, skip directly to step 8 in Locate and assign the policy below.
Sign in to Azure
Sign in to the Azure portal.
Locate and assign the policy
Navigate to Policy in the Azure portal
Go to the Definitions pane
Click the Categories dropdown to see the available options
Select the Automanage option
Now the list will update to show a built-in policy with a name that starts with Configure virtual machines to be onboarded to Azure Automanage
Click on the Configure virtual machines to be onboarded to Azure Automanage built-in policy name. Choose the Configure virtual machines to be onboarded to Azure Automanage with Custom Configuration Profile policy if you would like to use an Automanage custom profile.
After clicking on the policy, you can now see the Definition tab
Note
The Azure Policy definition is used to set Automanage parameters like the configuration profile. It also sets filters that ensure the policy applies only to the correct VMs.
Click the Assign button to create an Assignment
Under the Basics tab, fill out Scope by setting the Subscription and Resource Group
Note
The Scope lets you define which VMs this policy applies to. You can set application at the subscription level or resource group level. If you set a resource group, all VMs that are currently in that resource group or any future VMs we add to it will have Automanage automatically enabled.
Click on the Parameters tab and set the Configuration Profile and the desired Effect
Note
If you would like the policy to only apply to resources with a certain tag (key/value pair) you can add this into the "Inclusion Tag Name" and "Inclusion Tag Values". You need to uncheck the "Only show parameters that need input or review" to see this option.
Under the Review + create tab, review the settings
Apply the Assignment by clicking Create
View your assignments in the Assignments tab next to Definition
Note
It will take some time for that policy to begin taking effect on the VMs currently in the resource group or subscription.
Next steps
Learn another way to enable Azure Automanage for virtual machines through the Azure portal.