Exercise - Use azure log analytics and schedule updates

Recently your department moved all of their infrastructure to Azure. There are many VMs serving up web sites and email functions. You have been tasked to keep these VMs up-to-date with the latest patches and security releases. You decide to roll out the Update Management solution to all of the VMs in your enterprise.

In the following exercise you will review the agent connectivity to log analytics and, learn how to schedule update deployments.

Review Agent Connectivity to Log Analytics

Perform the following steps in the Azure portal to assess if connectivity between the agent and log analytics has taken place. Start by signing into the Azure portal using the same account with which you activated the sandbox.

  1. On the Azure portal menu or from the Home page, select Virtual machines option in the left pane and select on the newly created virtual machine.
  2. Select the Overview menu option.
  3. In the virtual machine page, make note of the Public IP Address as shown below.

Public IP Address

  1. On your local computer, select the Windows icon and type Remote Desktop Connection then select the Remote Desktop Connection app.
  2. In the Remote Desktop Connection app, type the public IP address into the Computer field, and then select Connect.
  3. In the Enter your credentials dialog box, type the password that you specified when you created the virtual machine, and then select OK.
  4. In the certificate warning dialog, select Yes.
  5. On the remote machine, select the Windows icon, and then select the Control Panel tile.
  6. In Control Panel, open Microsoft Monitoring Agent and then select on the Azure Log Analytics (OMS) tab.
  7. Observe that the agent displays the following message: The Microsoft Monitoring Agent has successfully connected to Microsoft Operations Management Suite service. as shown below.

Microsoft Monitoring Agent

  1. Select OK to close the Microsoft Monitoring Agent Properties window.
  2. In the All Control Panel Items window, select Administrative Tools.
  3. In the Administrative Tools window, double-click Event Viewer.
  4. Expand Applications and Services Logs, and then select Operations Manager, and then maximize the Event Viewer window.
  5. In the Operations Manager view, select the Event ID column heading to sort the list by Event ID.
  6. Observe Event IDs 3000 and 5002. These events indicate that the computer has registered with the Log Analytics workspace and is receiving configuration. Event ID 5002 is shown below.

Event ID 5002

  1. Close the Event Viewer and all other windows that were opened.
  2. Close the Remote Desktop Connection application.

Schedule Update Deployments

Here you will learn how to schedule updates for the virtual machine.

  1. In the MediaWebServer - Update management pane, select Schedule update deployment tab.
  2. In the Name field, type Critical and Security Updates
  3. In the Update classifications drop down list, check only Critical updates and Security updates.
  4. In the Schedule settings field, under Starts increment the time up one hour.
  5. In the Recurrence field, select Recurring.
  6. In the Recur every field, configure update to occur once every week on Sunday as shown below, and then select OK.

Configure Once a Week

  1. In the New update deployment pane, select Create.