Use Update Management in Azure Automation to manage operating system updates for Azure Arc-enabled servers
This article provides guidance on how to onboard Azure Arc-enabled servers to Update Management in Azure Automation, so that you can manage operating system updates for your Azure Arc-enabled servers running Windows or Linux.
In the following procedures you create and configure an Azure Automation account and Log Analytics workspace to support Update Management for Azure Arc-enabled servers by doing the following:
- Setting up a new Log Analytics workspace and Azure Automation account.
- Enabling Update Management on Azure Arc-enabled servers.
Important
The procedures in this article assumes you've already deployed VMs, or servers that are running on-premises or on other clouds, and you have connected them to Azure Arc. If you haven't, the following information can help you automate this.
- GCP Ubuntu instance
- GCP Windows instance
- AWS Ubuntu EC2 instance
- AWS Amazon Linux 2 EC2 instance
- VMware vSphere Ubuntu VM
- VMware vSphere Windows Server VM
- Vagrant Ubuntu box
- Vagrant Windows box
Prerequisites
Clone the Azure Arc Jumpstart repository.
git clone https://github.com/microsoft/azure_arcAs mentioned, this guide starts at the point where you already deployed and connected VMs or bare-metal servers to Azure Arc. For this scenario, we use an Amazon Web Services (AWS) EC2 instance that is already connected to Azure Arc and is visible as a resource in Azure.


Install or update Azure CLI. Azure CLI should be running version 2.14 or later. Use
az --versionto check your current installed version.
Configure Update Management
Update Management uses the Log Analytics agent to collect Windows and Linux server log files and the data collected is stored in a Log Analytics workspace.
Create a Log Analytics workspace using this Azure Resource Manager template (ARM template). This creates a new Log Analytics workspace, defines the Update Management solution, and enables it for the workspace.
Create a new resource group for the Log Analytics workspace by running the following command, replacing the values in brackets with your own.
az group create --name <Name for your resource group> \ --location <Location for your resources> \ --tags "Project=jumpstart_azure_arc_servers"
Edit the ARM template parameters file, providing a name for your Log Analytics workspace, a location, and a name for your Azure Automation account. You also need to supply the name of your Azure Arc-enabled server, and the name of the resource group that contains the Azure Arc-enabled server as shown in the following example:

Deploy the ARM template. Go to the deployment folder and run the following command:
az deployment group create --resource-group <Name of the Azure resource group you created> \ --template-file law-template.json \ --parameters law-template.parameters.json
When the deployment is complete, you should see the resource group with your Log Analytics workspace, Automation account and Update Management solution from the Azure portal. If you drill in to the Log Analytics workspace Solutions tab, you should see the Update Management solution.

Confirm that the Update Management solution is deployed on your Azure Arc-enabled server
Click on Solutions in the Log Analytics workspace, and then select the Updates solution from the list to check the progress of the Update Management assessment.

It may take several hours for Update Management to collect enough data to show an assessment for your VM. On the next page, you can see that the assessment is being performed.

When the assessment is complete, you'll see a View Summary option on the Update Management tab.

Select View Summary, and then select again to drill into the Update Management assessment. In the following example we can see there are updates missing on our Azure Arc-enabled server.

Schedule an update
Now that we have configured the Update Management solution, you can deploy updates on a set schedule for our Azure Arc-enabled server.
Navigate to the Automation account we created previously, and select the Update Management tab as shown in the following screenshot. You should see your Azure Arc-enabled server listed.

Select Schedule update deployment. On the next page, select the operating system that your Azure Arc-enabled server is using, and then select Machines to update as shown in the following screenshot.

From the Type dropdown list, select Machines, and then select your server and select OK.

Click Schedule Settings and then provide a desired schedule.


Finally, provide a name for your deployment, and then select Create.

From the Automation account Update Management tab, you should be able to see your scheduled update deployment from the Deployment Schedules tab.

This Update Management solution will update your Azure Arc-enabled servers in the deployment window based on the schedule you defined. There's a lot more you can do with Update Management that's outside the scope of this scenario. For more information, see the Update Management for Azure Automation overview.
Clean up your environment
Complete the following steps to clean up your environment.
Remove the virtual machines from each environment by following the teardown instructions from each guide.
Delete the resource group.
az group delete --name <Name of your resource group>