Update management patching in another Azure tenant’s machines

SadiqhAhmed-MSFT 38,321 Reputation points Microsoft Employee
2020-05-14T07:40:26.983+00:00

Can I deploy updates across Azure tenants

[Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question] Source: https://learn.microsoft.com/en-us/azure/automation/automation-faq#can-i-deploy-updates-across-azure-tenants

Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,131 questions
Accepted answer
  1. tbgangav-MSFT 10,386 Reputation points
    2020-05-14T07:49:36.78+00:00

    Hi Sadiqh,

    If you have machines that need patching in another Azure tenant reporting to Update Management, you must use a following workaround to get them scheduled. You can use the New-AzAutomationSchedule cmdlet with the ForUpdateConfiguration parameter specified to create a schedule. You can use the New-AzAutomationSoftwareUpdateConfiguration cmdlet and pass the machines in the other tenant to the NonAzureComputer parameter. The following example shows how to do this. 

    $nonAzurecomputers = @("server-01", "server-02")   
$startTime = ([DateTime]::Now).AddMinutes(10)   
$sched = New-AzAutomationSchedule -ResourceGroupName mygroup -AutomationAccountName myaccount -Name myupdateconfig -Description test-OneTime -OneTime -StartTime $startTime -ForUpdateConfiguration   
New-AzAutomationSoftwareUpdateConfiguration  -ResourceGroupName $rg -AutomationAccountName <automationAccountName> -Schedule $sched -Windows -NonAzureComputer $nonAzurecomputers -Duration (New-TimeSpan -Hours 2) -IncludedUpdateClassification Security,UpdateRollup -ExcludedKbNumber KB01,KB02 -IncludedKbNumber KB100

    Source: Update Management FAQ

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest