Tutorial: Schedule updates on Dynamic scopes

Applies to: ✔️ Windows VMs ✔️ Linux VMs ✔️ On-premises environment ✔️ Azure VMs ✔️ Azure Arc-enabled servers.

This tutorial explains how you can create a dynamic scope, and apply patches based on the criteria.

In this tutorial, you learn how to:

  • Create and edit groups
  • Associate a schedule

If you don't have an Azure subscription, create a free account before you begin.

Prerequisites

  • Patch Orchestration must be set to Customer Managed Schedules. This sets patch mode to AutomaticByPlatform and the BypassPlatformSafetyChecksOnUserSchedule = True.
  • Associate a Schedule with the VM.

Create a Dynamic scope

To create a dynamic scope, follow these steps:

  1. Sign in to the Azure portal and navigate to Azure Update Manager.
  2. Select Overview > Schedule updates > Create a maintenance configuration.
  3. In the Create a maintenance configuration page, enter the details in the Basics tab and select Maintenance scope as Guest (Azure VM, Arc-enabled VMs/servers).
  4. Select Dynamic Scopes and follow the steps to Add Dynamic scope.
  5. In Machines tab, select Add machines to add any individual machines to the maintenance configuration and select Updates.
  6. In the Updates tab, select the patch classification that you want to include/exclude and select Tags.
  7. Provide the tags in Tags tab.
  8. Select Review and then Review + Create.

Note

A dynamic scope exists within the context of a schedule only. You can use one schedule to link to a machine, dynamic scope, or both. One dynamic scope cannot have more than one schedule.

Obtaining consent to apply updates is an important step in the workflow of scheduled patching and follow the steps on various ways to provide the consent.

Next steps

Learn about managing multiple machines.