diff --git a/articles/update-center/assessment-options.md b/articles/update-center/assessment-options.md deleted file mode 100644 index 99645be9e831..000000000000 --- a/articles/update-center/assessment-options.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: Assessment options in update management center (preview). -description: The article describes the assessment options available in Update management center (preview). -ms.service: update-management-center -ms.date: 04/21/2022 -ms.topic: conceptual -author: snehasudhirG -ms.author: sudhirsneha ---- - -# Assessment options in update management center (preview) - -**Applies to:** :heavy_check_mark: Windows VMs :heavy_check_mark: Linux VMs :heavy_check_mark: On-premises environment :heavy_check_mark: Azure Arc-enabled servers. - -This article provides an overview of the assessment options available by update management center (preview). - -Update management center (preview) provides you the flexibility to assess the status of available updates and manage the process of installing required updates for your machines. - -## Periodic assessment - - Periodic assessment is an update setting on a machine that allows you to enable automatic periodic checking of updates by update management center (preview). We recommend that you enable this property on your machines as it allows update management center (preview) to fetch latest updates for your machines every 24 hours and enables you to view the latest compliance status of your machines. You must register this [feature in your Azure subscription](enable-machines.md#from-the-azure-portal). You can enable this setting using update settings flow as detailed [here](manage-update-settings.md#configure-settings-on-single-vm) or enable it at scale by using [Policy](periodic-assessment-at-scale.md). - -:::image type="content" source="media/updates-maintenance/periodic-assessment-inline.png" alt-text="Screenshot showing periodic assessment option." lightbox="media/updates-maintenance/periodic-assessment-expanded.png"::: - -## Check for updates now/On-demand assessment - -Update management center (preview) allows you to check for latest updates on your machines at any time, on-demand. You can view the latest update status and act accordingly. Go to **Updates** blade on any VM and select **Check for updates** or select multiple machines from update management center (preview) and check for updates for all machines at once. For more information, see [check and install on-demand updates](view-updates.md). - -## Update assessment scan - You can initiate a software updates compliance scan on a machine to get a current list of operating system updates available. - - - **On Windows** - the software update scan is actually performed by the Windows Update Agent. - - **On Linux** - the software update scan is performed using OVAL-compatible tools to test for the presence of vulnerabilities based on the OVAL Definitions for that platform, which is retrieved from a local or remote repository. - - In the **Updates (preview)** page, after you initiate an assessment, a notification is generated to inform you the activity has started and another is displayed when it is finished. - - :::image type="content" source="media/assessment-options/updates-preview-page.png" alt-text="Screenshot of the Updates (preview) page."::: - - -The **Recommended updates** section is updated to reflect the OS updates applicable. You can also select **Refresh** to update the information on the page and review the assessment details of the selected machine. - -In the **History** section, you can view: -- **Total deployments**—the total number of deployments. -- **Failed deployments**—the number out of the total deployments that failed. -- **Successful deployments**—the number out of the total deployments that were successful. - -A list of the deployments created are shown in the update deployment grid and include relevant information about the deployment. Every update deployment has a unique GUID, represented as **Activity ID**, which is listed along with **Status**, **Updates Installed**, and **Time details**. You can filter the results listed in the grid in the following ways: - -- Select one of the tile visualizations -- Select a specific time period. Options are: **Last 30 Days**, **Last 15 Days**, **Last 7 Days**, and **Last 24 hrs**. By default, deployments from the last 30 days are shown. -- Select a specific deployment status. Options are: **Succeeded**, **Failed**, **CompletedWithWarnings**, **InProgress**, and **NotStarted**. By default, all status types are selected. -Selecting any one of the update deployments from the list will open the **Assessment run** page. Here, it shows a detailed breakdown of the updates and the installation results for the Azure VM or Arc-enabled server. - -In the **Scheduling** section, you can either **create a maintenance configuration** or **attach existing maintenance configuration**. See the section for more information on [how to create a maintenance configuration](scheduled-patching.md#create-a-new-maintenance-configuration) and [how to attach existing maintenance configuration](scheduled-patching.md#attach-a-maintenance-configuration). - - -## Next steps - -* To view update assessment and deployment logs generated by update management center (preview), see [query logs](query-logs.md). -* To troubleshoot issues, see the [Troubleshoot](troubleshoot.md) update management center (preview). \ No newline at end of file diff --git a/articles/update-center/configure-wu-agent.md b/articles/update-center/configure-wu-agent.md deleted file mode 100644 index aacf86e6b335..000000000000 --- a/articles/update-center/configure-wu-agent.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: Configure Windows Update settings in Update management center (Preview) -description: This article tells how to configure Windows update settings to work with Update management center (Preview). -ms.service: update-management-center -ms.date: 04/21/2022 -ms.topic: conceptual -author: SnehaSudhirG -ms.author: sudhirsneha ---- - -# Configure Windows update settings for update management center (preview) - -Update management center (Preview) relies on the [Windows Update client](/windows/deployment/update/windows-update-overview) to download and install Windows updates. There are specific settings that are used by the Windows Update client when connecting to Windows Server Update Services (WSUS) or Windows Update. Many of these settings can be managed by: - -- Local Group Policy Editor -- Group Policy -- PowerShell -- Directly editing the Registry - -The Update management center (preview) respects many of the settings specified to control the Windows Update client. If you use settings to enable non-Windows updates, the Update management center (preview) will also manage those updates. If you want to enable downloading of updates before an update deployment occurs, update deployment can be faster, more efficient, and less likely to exceed the maintenance window. - -For additional recommendations on setting up WSUS in your Azure subscription and to secure your Windows virtual machines up to date, review [Plan your deployment for updating Windows virtual machines in Azure using WSUS](/azure/architecture/example-scenario/wsus). - -## Pre-download updates - -To configure the automatic downloading of updates without automatically installing them, you can use Group Policy to [configure the Automatic Updates setting](/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates#configure-automatic-updates) to 3. This setting enables downloads of the required updates in the background, and notifies you that the updates are ready to install. In this way, update management center (Preview) remains in control of schedules, but allows downloading of updates outside the maintenance window. This behavior prevents `Maintenance window exceeded` errors in update management center (preview). - -You can enable this setting in PowerShell: - -```powershell -$WUSettings = (New-Object -com "Microsoft.Update.AutoUpdate").Settings -$WUSettings.NotificationLevel = 3 -$WUSettings.Save() -``` - -## Configure reboot settings - -The registry keys listed in [Configuring Automatic Updates by editing the registry](/windows/deployment/update/waas-wu-settings#configuring-automatic-updates-by-editing-the-registry) and [Registry keys used to manage restart](/windows/deployment/update/waas-restart#registry-keys-used-to-manage-restart) can cause your machines to reboot, even if you specify **Never Reboot** in the **Update Deployment** settings. Configure these registry keys to best suit your environment. - -## Enable updates for other Microsoft products - -By default, the Windows Update client is configured to provide updates only for Windows. If you enable the **Give me updates for other Microsoft products when I update Windows** setting, you also receive updates for other products, including security patches for Microsoft SQL Server and other Microsoft software. You can configure this option if you have downloaded and copied the latest [Administrative template files](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) available for Windows 2016 and later. - -If you have machines running Windows Server 2012 R2, you can't configure this setting through Group Policy. Run the following PowerShell command on these machines: - -```powershell -$ServiceManager = (New-Object -com "Microsoft.Update.ServiceManager") -$ServiceManager.Services -$ServiceID = "7971f918-a847-4430-9279-4a52d1efe18d" -$ServiceManager.AddService2($ServiceId,7,"") -``` - -## Make WSUS configuration settings - -Update management center (Preview) supports WSUS settings. You can specify sources for scanning and downloading updates using instructions in [Specify intranet Microsoft Update service location](/windows/deployment/update/waas-wu-settings#specify-intranet-microsoft-update-service-location). By default, the Windows Update client is configured to download updates from Windows Update. When you specify a WSUS server as a source for your machines, the update deployment fails, if the updates aren't approved in WSUS. - -To restrict machines to the internal update service, see [do not connect to any Windows Update Internet locations](/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates#do-not-connect-to-any-windows-update-internet-locations). - -## Next steps - -Configure an update deployment by following instructions in [Deploy updates](deploy-updates.md). diff --git a/articles/update-center/deploy-updates.md b/articles/update-center/deploy-updates.md deleted file mode 100644 index 7b42da97ff33..000000000000 --- a/articles/update-center/deploy-updates.md +++ /dev/null @@ -1,167 +0,0 @@ ---- -title: Deploy updates and track results in update management center (preview). -description: The article details how to use update management center (preview) in the Azure portal to deploy updates and view results for supported machines. -ms.service: update-management-center -ms.date: 04/21/2022 -ms.topic: conceptual -author: SnehaSudhirG -ms.author: sudhirsneha -ms.custom: references_regions ---- - -# Deploy updates now and track results with update management center (preview) - -**Applies to:** :heavy_check_mark: Windows VMs :heavy_check_mark: Linux VMs :heavy_check_mark: On-premises environment :heavy_check_mark: Azure Arc-enabled servers. - -The article describes how to perform an on-demand update on a single VM or multiple VMs using update management center (preview). - -See the following sections for detailed information: -- [Install updates on a single VM](#install-updates-on-single-vm) -- [Install updates at scale](#install-updates-at-scale) - -## Supported regions - -Update management center (preview) is available in all [Azure public regions](support-matrix.md#supported-regions). - - -## Install updates on single VM - ->[!NOTE] -> You can install the updates from the Overview or Machines blade in update management center (preview) page or from the selected VM. - -# [From Overview blade](#tab/install-single-overview) - -To install one time updates on a single VM, follow these steps: - -1. Sign in to the [Azure portal](https://portal.azure.com) - -1. In **Update management center (preview)**, **Overview**, choose your **Subscription** and select **One-time update** to install updates. - - :::image type="content" source="./media/deploy-updates/install-updates-now-inline.png" alt-text="Example of installing one-time updates." lightbox="./media/deploy-updates/install-updates-now-expanded.png"::: - -1. Select **Install now** to proceed with the one-time updates. - -1. In **Install one-time updates**, select **+Add machine** to add the machine for deploying one-time. - -1. In **Select resources**, choose the machine and select **Add**. - -1. In **Updates**, specify the updates to include in the deployment. For each product, select or deselect all supported update classifications and specify the ones to include in your update deployment. If your deployment is meant to apply only for a select set of updates, its necessary to deselect all the pre-selected update classifications when configuring the **Inclusion/exclusion** updates described below. This ensures only the updates you've specified to include in this deployment are installed on the target machine. - - > [!NOTE] - > Selected Updates shows a preview of OS updates which may be installed based on the last OS update assessment information available. If the OS update assessment information in update center management (preview) is obsolete, the actual updates installed would vary. Especially if you have chosen to install a specific update category, where the OS updates applicable may vary as new packages or KB Ids may be available for the category. - - - Select **+Include update classification**, in the **Include update classification** select the appropriate classification(s) that must be installed on your machines. - - :::image type="content" source="./media/deploy-updates/include-update-classification-inline.png" alt-text="Screenshot on including update classification." lightbox="./media/deploy-updates/include-update-classification-expanded.png"::: - - - Select **Include KB ID/package** to include in the updates. Enter a comma-separated list of Knowledge Base article ID numbers to include or exclude for Windows updates. For example, `3103696, 3134815`. For Windows, you can refer to the [MSRC link](https://msrc.microsoft.com/update-guide/deployments) to get the details of the latest Knowledge Base released. For supported Linux distros, you specify a comma separated list of packages by the package name, and you can include wildcards. For example, `kernel*, glibc, libc=1.0.1`. Based on the options specified, update management center (preview) shows a preview of OS updates under the **Selected Updates** section. - - - To exclude updates that you don't want to install, select **Exclude KB ID/package**. We recommend checking this option because updates that are not displayed here might be installed, as newer updates might be available. - - - To ensure that the updates published are on or before a specific date, choose the date and select**Add** and **Next**. - -1. In **Properties**, specify the reboot and maintenance window. - - Use the **Reboot** option to specify the way to handle reboots during deployment. The following options are available: - * Reboot if required - * Never reboot - * Always reboot - - Use the **Maximum duration (in minutes)** to specify the amount of time allowed for updates to install. The maximum limit supported is 235 minutes. Consider the following details when specifying the window: - * It controls the number of updates that must be installed. - * New updates will continue to install if the maintenance window limit is approaching. - * In-progress updates aren't terminated if the maintenance window limit is exceeded - * Any remaining updates that are not yet installed aren't attempted. We recommend that you reevaluate the maintenance window if this is consistently encountered. - * If the limit is exceeded on Windows, it's often because of a service pack update that is taking a long time to install. - -1. When you're finished configuring the deployment, verify the summary in **Review + install** and select **Install**. - - -# [From Machines blade](#tab/install-single-machine) - -1. Sign in to the [Azure portal](https://portal.azure.com). - -1. In **Update management center (Preview)**, **Machine**, choose your **Subscription**, choose your machine and select **One-time update** to install updates. - -1. Select to **Install now** to proceed with installing updates. - -1. In **Install one-time updates** page, the selected machine appears. Choose the machine, select **Next** and follow the procedure from step 6 listed in **From Overview blade** of [Install updates on single VM](#install-updates-on-single-vm). - - A notification appears to inform you the activity has started and another is created when it's completed. When it is successfully completed, you can view the installation operation results in **History**. The status of the operation can be viewed at any time from the [Azure Activity log](/azure/azure-monitor/essentials/activity-log). - -# [From a selected VM](#tab/singlevm-deploy-home) - -1. Select your virtual machine and the **virtual machines | Updates** page opens. -1. Under **Operations**, select **Updates**. -1. In **Updates**, select **Go to Updates using Update Center**. -1. In **Updates (Preview)**, select **One-time update** to install the updates. -1. In **Install one-time updates** page, the selected machine appears. Choose the machine, select **Next** and follow the procedure from step 6 listed in **From Overview blade** of [Install updates on single VM](#install-updates-on-single-vm). - ---- - -## Install updates at scale - -To create a new update deployment for multiple machines, follow these steps: - ->[!NOTE] -> You can check the updates from **Overview** or **Machines** blade. - -You can schedule updates - -# [From Overview blade](#tab/install-scale-overview) - - -1. Sign in to the [Azure portal](https://portal.azure.com) - -1. In **Update management center (Preview)**, **Overview**, choose your **Subscription**, select **One-time update**, and **Install now** to install updates. - - :::image type="content" source="./media/deploy-updates/install-updates-now-inline.png" alt-text="Example of installing one-time updates." lightbox="./media/deploy-updates/install-updates-now-expanded.png"::: - -1. In **Install one-time updates**, you can select the resources and machines to install the updates. - -1. In **Machines**, you can view all the machines available in your subscription. You can also use the **+Add machine** to add the machines for deploying one-time updates. You can add up to 20 machines. Choose **Select all** and select **Add**. - -The **Machines** displays a list of machines for which you can deploy one-time update. Select **Next** and follow the procedure from step 6 listed in **From Overview blade** of [Install updates on single VM](#install-updates-on-single-vm). - - -# [From Machines blade](#tab/install-scale-machines) - -1. Sign in to the [Azure portal](https://portal.azure.com) - -1. Go to **Machines**, select your subscription and choose your machines. You can choose **Select all** to select all the machines. - -1. Select **One-time update**, **Install now** to deploy one-time updates. - -1. In **Install one-time updates**, you can select the resources and machines to install the updates. - -1. In **Machines**, you can view all the machines available in your subscription. You can also select using the **+Add machine** to add the machines for deploying one-time updates. You can add up to 20 machines. Choose the **Select all** and select **Add**. - -The **Machines** displays a list of machines for which you want to deploy one-time update, select **Next** and follow the procedure from step 6 listed in **From Overview blade** of [Install updates on single VM](#install-updates-on-single-vm). - ----- - -A notification appears to inform you the activity has started and another is created when it's completed. When it is successfully completed, you can view the installation operation results in **History**. The status of the operation can be viewed at any time from the [Azure Activity log](/azure/azure-monitor/essentials/activity-log). - - -## View update history for single VM - -You can browse information about your Azure VMs and Arc-enabled servers across your Azure subscriptions. For more information, see [Update deployment history](manage-multiple-machines.md#update-deployment-history). - -After your scheduled deployment starts, you can see it's status on the **History** tab. It displays the total number of deployments including the successful and failed deployments. - -:::image type="content" source="./media/deploy-updates/updates-history-inline.png" alt-text="Screenshot showing updates history." lightbox="./media/deploy-updates/updates-history-expanded.png"::: - -A list of the deployments created are show in the update deployment grid and include relevant information about the deployment. Every update deployment has a unique GUID, represented as **Operation ID**, which is listed along with **Status**, **Updates Installed** and **Time** details. You can filter the results listed in the grid. - -Select any one of the update deployments from the list to open the **Update deployment run** page. Here, it shows a detailed breakdown of the updates and the installation results for the Azure VM or Arc-enabled server. - -:::image type="content" source="./media/deploy-updates/update-deployment-run.png" alt-text="Example showing update deployment run."::: - - The available values are: -- **Not attempted** - The update wasn't installed because there was insufficient time available, based on the defined maintenance window duration. -- **Not selected** - The update wasn't selected for deployment. -- **Succeeded** - The update succeeded. -- **Failed** - The update failed. - -## Next steps - -* To view update assessment and deployment logs generated by update management center (preview), see [query logs](query-logs.md). -* To troubleshoot issues, see the [Troubleshoot](troubleshoot.md) update management center (preview). diff --git a/articles/update-center/enable-machines.md b/articles/update-center/enable-machines.md deleted file mode 100644 index 54ed75a93741..000000000000 --- a/articles/update-center/enable-machines.md +++ /dev/null @@ -1,185 +0,0 @@ ---- -title: Enable update management center (preview) for periodic assessment and scheduled patching -description: This article describes how to enable the periodic assessment and scheduled patching features using update management center (preview) for Windows and Linux machines running on Azure or outside of Azure connected to Azure Arc-enabled servers. -ms.service: update-management-center -author: SnehaSudhirG -ms.author: sudhirsneha -ms.date: 04/21/2022 -ms.topic: conceptual ---- - -# How to enable update management center (preview) - -**Applies to:** :heavy_check_mark: Windows VMs :heavy_check_mark: Linux VMs :heavy_check_mark: On-premises environment :heavy_check_mark: Azure Arc-enabled servers. - -This article describes how to enable update management center (preview) for periodic assessment and scheduled patching using one of the following methods: - -- From the Azure portal -- Using Azure PowerShell -- Using the Azure CLI -- Using the Azure REST API - -Register the periodic assessment and scheduled patching feature resource providers in your Azure subscription, as detailed below, to enable update management center (preview) functionality. After your register for the features, access the preview link: **https://aka.ms/umc-preview**. - -## Prerequisites - -- Azure subscription - if you don't have one yet, you can [activate your MSDN subscriber benefits](/pricing/member-offers/msdn-benefits-details/) or sign up for a [free account](/free/?WT.mc_id=A261C142F). - -- Your account must be a member of the Azure [Owner](/azure/role-based-access-control/built-in-roles#owner) or [Contributor](/azure/role-based-access-control/built-in-roles#contributor) role in the subscription. - -- One or more [Azure virtual machines](/azure/virtual-machines), or physical or virtual machines managed by [Arc-enabled servers](/azure/azure-arc/servers/overview). - -- Ensure that you meet all [prerequisites for update management center](overview.md#prerequisites) - -## From the Azure portal - -### [Periodic assessment](#tab/portal-periodic) - -**For Arc-enabled servers**, no onboarding is required for using periodic assessment feature. - -**For Azure machines**, your subscription needs to be allowlisted for preview feature **InGuestAutoAssessmentVMPreview**. - -Follow the steps below to register for the *InGuestAutoAssessmentVMPreview* feature: - -1. Sign in to the Update management center (preview) portal link: **https://aka.ms/umc-preview**. - -1. In the Azure portal menu, search for **Preview features** and select it from the available options. - -1. In the **Preview features** page, search for **InGuestAutoAssessmentVMPreview**. - -1. Select **Virtual Machine Guest Automatic Patch Assessment Preview** from the list. - -1. In the **Virtual Machine Guest Automatic Patch Assessment Preview** pane, select **Register** to register the provider with your subscription. - - -### [Scheduled patching](#tab/portal-scheduled-patching) - -To use scheduled patching functionality for Azure VMs as well as Arc-enabled servers, your subscriptions for both machine and maintenance configurations must be allowlisted for **InGuestScheduledPatchVMPreview**. - -Follow the steps below to register for preview *InGuestScheduledPatchVMPreview* feature: - -1. Sign in to the Update management center Private Preview portal link: **https://aka.ms/umc-preview**. - -1. In the Azure portal menu, search for **Preview features** and select it from the available options. - -1. In the **Preview features** page, search for **InGuestScheduledPatchVMPreview** and select **Allows subscription to enable automatic VM guest patching on schedule** from the list. - -1. In the **Allows subscription to enable automatic VM guest patching on schedule** pane, select **Register** to register the provider with your subscription. - -For detailed steps to start using scheduled patching, refer to [Prerequisites for scheduled patching](scheduled-patching.md#prerequisites-for-scheduled-patching). - ---- - ->[!NOTE] -> This preview feature will be auto-approved. - -After your register for the above feature, go to update management center (preview) portal link: **https://aka.ms/umc-preview**. - - - -## Using the Azure PowerShell - -The following section describes how to enable periodic assessment and scheduled patching features for your subscription using Azure PowerShell: - -### [Periodic assessment](#tab/ps-periodic-assessment) - -**Arc-enabled servers** - No onboarding is required to use periodic assessment feature. - -**Azure VMs** -For Azure VMs, to register the resource provider, use: - -```azurepowershell -Register-AzResourceProvider -FeatureName InGuestAutoAssessmentVMPreview -ProviderNamespace Microsoft.Compute -``` - -### [Scheduled patching](#tab/ps-scheduled-patching) - - -To register the resource provider for both Azure VMs and Arc-enabled servers, use: - -```azurepowershell -Register-AzResourceProvider -FeatureName InGuestScheduledPatchVMPreview -ProviderNamespace Microsoft.Compute -``` - -For detailed steps to start using scheduled patching, refer to [Prerequisites for scheduled patching](scheduled-patching.md#prerequisites-for-scheduled-patching). - ---- - ->[!NOTE] -> This preview feature will be auto-approved. - - - ## Using the Azure CLI - -The following section describes how to enable periodic assessment and scheduled patching features in Azure for your subscription using the Azure CLI [az feature register](/cli/azure/feature#az_feature_register) command. - -### [Periodic assessment](#tab/cli-periodic-assessment) - -**Arc-enabled servers** - No onboarding is required for using Periodic assessment feature. -**Azure machines** - To register the resource provider, use: - -```azurecli -az feature register --namespace Microsoft.Compute --name InGuestAutoAssessmentVMPreview -``` - -### [Scheduled patching](#tab/cli-scheduled-patching) - -**Azure VMs and Arc-enabled servers** - To register a resource provider, use: - -```azurecli -az feature register --namespace Microsoft.Compute --name InGuestScheduledPatchVMPreview -``` -For detailed steps to start using scheduled patching, refer to [Prerequisites for scheduled patching](scheduled-patching.md#prerequisites-for-scheduled-patching). - ---- - ->[!NOTE] -> This preview feature will be auto-approved. - - - -## Using the Azure REST API - -The following section describes how to enable periodic assessment and scheduled patching features in Azure for your subscription using the [Azure REST API](/rest/api/azure). - -### [Periodic Assessment](#tab/rest-periodic-assessment) - ->[!NOTE] -> This option is only applicable to Azure VMs. - -To register a resource provider, use: - -```rest -POST on `/subscriptions/subscriptionId/providers/Microsoft.Features/providers/Microsoft.Compute/features/InGuestAutoAssessmentVMPreview/register?api-version=2015-12-01` -``` - -Replace the value `subscriptionId` with the ID of the target subscription. - - -### [Scheduled patching](#tab/rest-scheduled-patching) - ->[!NOTE] -> This option is only applicable to Azure VMs. - -To register a resource provider, use: - -```rest -POST on `/subscriptions/subscriptionId/providers/Microsoft.Features/providers/Microsoft.Compute/features/InGuestScheduledPatchVMPreview/register?api-version=2015-12-01` -``` - -Replace the value `subscriptionId` with the ID of the target subscription. - -For detailed steps to start using scheduled patching, refer to [Prerequisites for scheduled patching](scheduled-patching.md#prerequisites-for-scheduled-patching). - ---- - ->[!NOTE] -> This preview feature will be auto-approved. - -## Next steps - -* [View updates for single machine](view-updates.md) -* [Deploy updates now (on-demand) for single machine](deploy-updates.md) -* [Schedule recurring updates](scheduled-patching.md) -* [Manage update settings via Portal](manage-update-settings.md) -* [Manage multiple machines using update management center](manage-multiple-machines.md) diff --git a/articles/update-center/index.yml b/articles/update-center/index.yml deleted file mode 100644 index 7305f7b86122..000000000000 --- a/articles/update-center/index.yml +++ /dev/null @@ -1,41 +0,0 @@ -### YamlMime:Landing - -title: Update management center (preview) documentation -metadata: - title: Update management center (preview) documentation - description: Learn how to use update management center (preview) in Azure to manage updates on machines across Azure and hybrid environments. - services: Update-management-center - author: SGSneha - manager: evansma - ms.service: Update-management-center - ms.topic: landing-page - ms.date: 04/01/2022 - ms.author: v-ssudhir - -landingContent: - - # Card (optional) - - title: About Update management center - linkLists: - - linkListType: overview - links: - - text: What is Update management center (preview)? - url: overview.md - # Card - - title: Manage machine update state - linkLists: - - linkListType: get-started - links: - - text: View update compliance for machines - url: view-updates.md - - text: Deploy updates to machines - url: deploy-updates.md - - text: Schedule recurring updates for machines - url: scheduled-patching.md - # Card - - title: Get started - linkLists: - - linkListType: tutorial - links: - - text: Check and install on-demand updates - url: quickstart-on-demand.md \ No newline at end of file diff --git a/articles/update-center/manage-arc-enabled-servers-programmatically.md b/articles/update-center/manage-arc-enabled-servers-programmatically.md deleted file mode 100644 index 1cf2c40702c3..000000000000 --- a/articles/update-center/manage-arc-enabled-servers-programmatically.md +++ /dev/null @@ -1,401 +0,0 @@ ---- -title: Programmatically manage updates for Azure Arc-enabled servers in Update management center (preview) -description: This article tells how to use Update management center (preview) using REST API with Azure Arc-enabled servers. -ms.service: update-management-center -author: SnehaSudhirG -ms.author: sudhirsneha -ms.date: 04/21/2022 -ms.topic: conceptual ---- - -# How to programmatically manage updates for Azure Arc-enabled servers - -This article walks you through the process of using the Azure REST API to trigger an assessment and an update deployment on your Azure Arc-enabled servers with update management (preview) in Azure. If you are new to update management center (preview) and you want to learn more, see [overview of update management center (preview)](overview.md). To use the Azure REST API to manage Azure virtual machines, see [How to programmatically work with Azure virtual machines](manage-vms-programmatically.md). - -Update management center (preview) in Azure enables you to use the [Azure REST API](/rest/api/azure) for access programmatically. Additionally, you can use the appropriate REST commands from [Azure PowerShell](/powershell/azure) and [Azure CLI](/cli/azure). - -Support for Azure REST API to manage Azure Arc-enabled servers is available through the update management center (preview) virtual machine extension. - -## Update assessment - -To trigger an update assessment on your Azure Arc-enabled server, specify the following POST request: - -```rest -POST on `subscriptions/subscriptionId/resourceGroups/resourceGroupName/provider/Microsoft.HybridCompute/machines/machineName/assessPatches?api-version=2020-08-15-preview` -{ -} -``` - -# [Azure CLI](#tab/cli) - -To specify the POST request, you can use the Azure CLI [az rest](/cli/azure/reference-index#az_rest) command. - -```azurecli -az rest --method post --url https://management.azure.com/subscriptions/subscriptionId/resourceGroups/resourceGroupName/provider/Microsoft.HybridCompute/machines/machineName/assessPatches?api-version=2020-08-15-preview --body @body.json -``` - -The format of the request body for version 2020-08-15 is as follows: - -```json -{ -} -``` - -# [Azure PowerShell](#tab/powershell) - -To specify the POST request, you can use the Azure PowerShell [Invoke-AzRestMethod](/powershell/module/az.accounts/invoke-azrestmethod) cmdlet. - -```azurepowershell -Invoke-AzRestMethod - -ResourceGroupName resourceGroupName - -Name "machineName" - -ResourceProviderName "Microsoft.HybridCompute" - -ResourceType "machines" - -ApiVersion 2020-08-15-preview - -Payload '{ - }' - -Method POST -``` - ---- - -## Update deployment - -To trigger an update deployment to your Azure Arc-enabled server, specify the following POST request: - -```rest -POST on `subscriptions/subscriptionId/resourceGroups/resourceGroupName/provider/Microsoft.HybridCompute/machines/machineName/installPatches?api-version=2020-08-15-preview` -``` - -#### Request body - -The following table describes the elements of the request body: - -| Property | Description | -|----------|-------------| -| `maximumDuration` | Maximum amount of time in minutes the OS update operation can take. It must be an ISO 8601-compliant duration string such as `PT100M`. | -| `rebootSetting` | Flag to state if machine should be rebooted if Guest OS update installation needs it for completion. Acceptable values are: `IfRequired, NeverReboot, AlwaysReboot`. | -| `windowsParameters` | Parameter options for Guest OS update on machine running a supported Microsoft Windows Server operating system. | -| `windowsParameters - classificationsToInclude` | List of categories or classifications of OS updates to apply, as supported and provided by Windows Server OS. Acceptable values are: `Critical, Security, UpdateRollUp, FeaturePack, ServicePack, Definition, Tools, Update` | -| `windowsParameters - kbNumbersToInclude` | List of Windows Update KB IDs that are available to the machine and need to be installed. If you have included any 'classificationsToInclude', the KBs available in the category will be installed. 'kbNumbersToInclude' is an option to provide list of specific KB IDs over and above that you want to get installed. For example: `1234` | -| `windowsParameters - kbNumbersToExclude` | List of Windows Update KB Ids that are available to the machine and should **not** to be installed. If you have included any 'classificationsToInclude', the KBs available in the category will be installed. 'kbNumbersToExclude' is an option to provide list of specific KB IDs that you want to ensure don't get installed. For example: `5678` | -| `linuxParameters` | Parameter options for Guest OS update when machine is running supported Linux distribution | -| `linuxParameters - classificationsToInclude` | List of categories or classifications of OS updates to apply, as supported & provided by Linux OS's package manager used. Acceptable values are: `Critical, Security, Others`. For more information, see [Linux package manager and OS support](./support-matrix.md#supported-operating-systems). | -| `linuxParameters - packageNameMasksToInclude` | List of Linux packages that are available to the machine and need to be installed. If you have included any 'classificationsToInclude', the packages available in the category will be installed. 'packageNameMasksToInclude' is an option to provide list of packages over and above that you want to get installed. For example: `mysql, libc=1.0.1.1, kernel*` | -| `linuxParameters - packageNameMasksToExclude` | List of Linux packages that are available to the machine and should **not** be installed. If you have included any 'classificationsToInclude', the packages available in the category will be installed. 'packageNameMasksToExclude' is an option to provide list of specific packages that you want to ensure don't get installed. For example: `mysql, libc=1.0.1.1, kernel*` | - - -# [Azure REST API](#tab/rest) - -To specify the POST request, you can use the following Azure REST API call with valid parameters and values. - -```rest -POST on 'subscriptions/subscriptionI/resourceGroups/resourceGroupName/providers/Microsoft.HybridCompute/machines/machineName/installPatches?api-version=2020-08-15-preview - -{ - "maximumDuration": "PT120M", - "rebootSetting": "IfRequired", - "windowsParameters": { - "classificationsToInclude": [ - "Security", - "UpdateRollup", - "FeaturePack", - "ServicePack" - ], - "kbNumbersToInclude": [ - "11111111111", - "22222222222222" - ], - "kbNumbersToExclude": [ - "333333333333", - "55555555555" - ] - } - }' - -``` - -# [Azure CLI](#tab/azurecli) - -To specify the POST request, you can use the Azure CLI [az rest](/cli/azure/reference-index#az_rest) command. - -```azurecli -az rest --method post --url https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/Test/providers/Microsoft.HybridCompute/machines/WIN-8/installPatches?api-version=2020-08-15-preview @body.json -``` - -The format of the request body for version 2020-08-15 is as follows: - -```json -{ - "maximumDuration": "PT120M", - "rebootSetting": "IfRequired", - "windowsParameters": { - "classificationsToInclude": [ - "Security", - "UpdateRollup", - "FeaturePack", - "ServicePack" - ], - "kbNumbersToInclude": [ - "11111111111", - "22222222222222" - ], - "kbNumbersToExclude": [ - "333333333333", - "55555555555" - ] - } - } -``` - -# [Azure PowerShell](#tab/azurepowershell) - -To specify the POST request, you can use the Azure PowerShell [Invoke-AzRestMethod](/powershell/module/az.accounts/invoke-azrestmethod) cmdlet. - -```azurepowershell -Invoke-AzRestMethod - -ResourceGroupName resourceGroupName - -Name "machineName" - -ResourceProviderName "Microsoft.HybridCompute" - -ResourceType "machines" - -ApiVersion 2020-08-15-preview - -Payload '{ - "maximumDuration": "PT120M", - "rebootSetting": "IfRequired", - "windowsParameters": { - "classificationsToInclude": [ - "Security", - "UpdateRollup", - "FeaturePack", - "ServicePack" - ], - "kbNumbersToInclude": [ - "11111111111", - "22222222222222" - ], - "kbNumbersToExclude": [ - "333333333333", - "55555555555" - ] - } - }' - -Method POST -``` ---- -## Create a maintenance configuration schedule - -To create a maintenance configuration schedule, specify the following PUT request: - -```rest -PUT on `/subscriptions//resourceGroups//providers/Microsoft.Maintenance/maintenanceConfigurations/?api-version=2021-09-01-preview` -``` - -#### Request body - -The following table describes the elements of the request body: - -| Property | Description | -|----------|-------------| -| `id` | Fully qualified identifier of the resource | -| `location` | Gets or sets location of the resource | -| `name` | Name of the resource | -| `properties.extensionProperties` | Gets or sets extensionProperties of the maintenanceConfiguration | -| `properties.maintenanceScope` | Gets or sets maintenanceScope of the configuration | -| `properties.maintenanceWindow.duration` | Duration of the maintenance window in HH:mm format. If not provided, default value will be used based on maintenance scope provided. Example: 05:00. | -| `properties.maintenanceWindow.expirationDateTime` | Effective expiration date of the maintenance window in YYYY-MM-DD hh:MM format. The window will be created in the time zone provided and adjusted to daylight savings according to that time zone. Expiration date must be set to a future date. If not provided, it will be set to the maximum datetime 9999-12-31 23:59:59. | -| `properties.maintenanceWindow.recurEvery` | Rate at which a Maintenance window is expected to recur. The rate can be expressed as daily, weekly, or monthly schedules. Daily schedule are formatted as recurEvery: [Frequency as integer]['Day(s)']. If no frequency is provided, the default frequency is 1. Daily schedule examples are recurEvery: Day, recurEvery: 3Days. Weekly schedule are formatted as recurEvery: [Frequency as integer]['Week(s)'] [Optional comma separated list of weekdays Monday-Sunday]. Weekly schedule examples are recurEvery: 3Weeks, recurEvery: Week Saturday,Sunday. Monthly schedules are formatted as [Frequency as integer]['Month(s)'] [Comma separated list of month days] or [Frequency as integer]['Month(s)'] [Week of Month (First, Second, Third, Fourth, Last)] [Weekday Monday-Sunday]. Monthly schedule examples are recurEvery: Month, recurEvery: 2Months, recurEvery: Month day23,day24, recurEvery: Month Last Sunday, recurEvery: Month Fourth Monday. | -| `properties.maintenanceWindow.startDateTime` | Effective start date of the maintenance window in YYYY-MM-DD hh:mm format. The start date can be set to either the current date or future date. The window will be created in the time zone provided and adjusted to daylight savings according to that time zone. | -| `properties.maintenanceWindow.timeZone` | Name of the timezone. List of timezones can be obtained by executing [System.TimeZoneInfo]::GetSystemTimeZones() in PowerShell. Example: Pacific Standard Time, UTC, W. Europe Standard Time, Korea Standard Time, Cen. Australia Standard Time. | -| `properties.namespace` | Gets or sets namespace of the resource | -| `properties.visibility` | Gets or sets the visibility of the configuration. The default value is 'Custom' | -| `systemData` | Azure Resource Manager metadata containing createdBy and modifiedBy information. | -| `tags` | Gets or sets tags of the resource | -| `type` | Type of the resource | - -# [Azure REST API](#tab/rest) - -To specify the POST request, you can use the following Azure REST API call with valid parameters and values. - -```rest -PUT on '/subscriptions/0f55bb56-6089-4c7e-9306-41fb78fc5844/resourceGroups/atscalepatching/providers/Microsoft.Maintenance/maintenanceConfigurations/TestAzureInGuestAdv2?api-version=2021-09-01-preview - -{ - "location": "eastus2euap", - "properties": { - "namespace": null, - "extensionProperties": {}, - "maintenanceScope": "InGuestPatch", - "maintenanceWindow": { - "startDateTime": "2021-08-21 01:18", - "expirationDateTime": "2221-05-19 03:30", - "duration": "01:30", - "timeZone": "India Standard Time", - "recurEvery": "Day" - }, - "visibility": "Custom", - "installPatches": { - "rebootSetting": "IfRequired", - "windowsParameters": { - "classificationsToInclude": [ - "Security", - "Critical", - "UpdateRollup" - ] - }, - "linuxParameters": { - "classificationsToInclude": [ - "Other" - ] - } - } - } -}' -``` - -# [Azure CLI](#tab/azurecli) - -To specify the PUT request, you can use the Azure CLI [az rest](/cli/azure/reference-index#az_rest) command. - -```azurecli -az rest --method put --url https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Maintenance/maintenanceConfigurations/?api-version=2021-09-01-preview @body.json -``` - -The format of the request body is as follows: - -```json -{ - "location": "eastus2euap", - "properties": { - "namespace": null, - "extensionProperties": {}, - "maintenanceScope": "InGuestPatch", - "maintenanceWindow": { - "startDateTime": "2021-08-21 01:18", - "expirationDateTime": "2221-05-19 03:30", - "duration": "01:30", - "timeZone": "India Standard Time", - "recurEvery": "Day" - }, - "visibility": "Custom", - "installPatches": { - "rebootSetting": "IfRequired", - "windowsParameters": { - "classificationsToInclude": [ - "Security", - "Critical", - "UpdateRollup" - ] - }, - "linuxParameters": { - "classificationsToInclude": [ - "Other" - ] - } - } - } -} -``` - -# [Azure PowerShell](#tab/azurepowershell) - -To specify the POST request, you can use the Azure PowerShell [Invoke-AzRestMethod](/powershell/module/az.accounts/invoke-azrestmethod) cmdlet. - -```azurepowershell -Invoke-AzRestMethod -Path "/subscriptions//resourceGroups//providers/Microsoft.Maintenance/maintenanceConfigurations/?api-version=2021-09-01-preview" --Method PUT ` --Payload '{ - "location": "eastus2euap", - "properties": { - "namespace": null, - "extensionProperties": {}, - "maintenanceScope": "InGuestPatch", - "maintenanceWindow": { - "startDateTime": "2021-12-21 01:18", - "expirationDateTime": "2221-05-19 03:30", - "duration": "01:30", - "timeZone": "India Standard Time", - "recurEvery": "Day" - }, - "visibility": "Custom", - "installPatches": { - "rebootSetting": "IfRequired", - "windowsParameters": { - "classificationsToInclude": [ - "Security", - "Critical", - "UpdateRollup" - ] - }, - "linuxParameters": { - "classificationsToInclude": [ - "Other" - ] - } - } - } -}' -``` ---- - -## Associate a VM with a schedule - -To associate a VM with a maintenance configuration schedule, specify the following PUT request: - -```rest -PUT on `/providers/Microsoft.Maintenance/configurationAssignments/?api-version=2021-09-01-preview` -``` - -# [Azure REST API](#tab/rest) - -To specify the PUT request, you can use the following Azure REST API call with valid parameters and values. - -```rest -PUT on '/subscriptions/0f55bb56-6089-4c7e-9306-41fb78fc5844/resourceGroups/atscalepatching/providers/Microsoft.Compute/virtualMachines/win-atscalepatching-1/providers/Microsoft.Maintenance/configurationAssignments/TestAzureInGuestAdv?api-version=2021-09-01-preview - -{ - "properties": { - "maintenanceConfigurationId": "/subscriptions/0f55bb56-6089-4c7e-9306-41fb78fc5844/resourcegroups/atscalepatching/providers/Microsoft.Maintenance/maintenanceConfigurations/TestAzureInGuestIntermediate2" - }, - "location": "eastus2euap" -}' -``` - -# [Azure CLI](#tab/azurecli) - -To specify the PUT request, you can use the Azure CLI [az rest](/cli/azure/reference-index#az_rest) command. - -```azurecli -az rest --method put --url https://management.azure.com//providers/Microsoft.Maintenance/configurationAssignments/?api-version=2021-09-01-preview @body.json -``` - -The format of the request body is as follows: - -```json -{ - "properties": { - "maintenanceConfigurationId": "/subscriptions/0f55bb56-6089-4c7e-9306-41fb78fc5844/resourcegroups/atscalepatching/providers/Microsoft.Maintenance/maintenanceConfigurations/TestAzureInGuestIntermediate2" - }, - "location": "eastus2euap" -} -``` - -# [Azure PowerShell](#tab/azurepowershell) - -To specify the POST request, you can use the Azure PowerShell [Invoke-AzRestMethod](/powershell/module/az.accounts/invoke-azrestmethod) cmdlet. - -```azurepowershell -Invoke-AzRestMethod -Path "/providers/Microsoft.Maintenance/configurationAssignments/?api-version=2021-09-01-preview" --Method PUT ` --Payload '{ - "properties": { - "maintenanceConfigurationId": "/subscriptions/0f55bb56-6089-4c7e-9306-41fb78fc5844/resourcegroups/atscalepatching/providers/Microsoft.Maintenance/maintenanceConfigurations/TestAzureInGuestIntermediate2" - }, - "location": "eastus2euap" -}' -``` ---- - -## Next steps - -* To view update assessment and deployment logs generated by Update management center (preview), see [query logs](query-logs.md). -* To troubleshoot issues, see the [Troubleshoot](troubleshoot.md) Update management center (preview). diff --git a/articles/update-center/manage-multiple-machines.md b/articles/update-center/manage-multiple-machines.md deleted file mode 100644 index 3a216e2d8cf0..000000000000 --- a/articles/update-center/manage-multiple-machines.md +++ /dev/null @@ -1,177 +0,0 @@ ---- -title: Manage multiple machines in update management center (preview) -description: The article details how to use Update management center (preview) in Azure to manage multiple supported machines and view their compliance state in the Azure portal. -ms.service: update-management-center -ms.date: 04/21/2022 -ms.topic: conceptual -author: SnehaSudhirG -ms.author: sudhirsneha ---- - -# Manage multiple machines with update management center (Preview) - -**Applies to:** :heavy_check_mark: Windows VMs :heavy_check_mark: Linux VMs :heavy_check_mark: On-premises environment :heavy_check_mark: Azure Arc-enabled servers. - -This article describes the various features that update management center (Preview) offers to manage the system updates on your machines. Using the update management center (preview), you can: - -- Quickly assess the status of available operating system updates. -- Deploy updates. -- Set up recurring update deployment schedule. -- Get insights on the number of machines managed. -- Information on how they're managed, and other relevant details. - -Instead of performing these actions from a selected Azure VM or Arc-enabled server, you can manage all your machines in the Azure subscription. - - -## View update management center (Preview) status - -1. Sign in to the [Azure portal](https://portal.azure.com) - -1. To view update assessment across all machines, including Azure Arc-enabled servers navigate to **Update management center(Preview)**. - - :::image type="content" source="./media/manage-multiple-machines/overview-page-inline.png" alt-text="Screenshot of update management center overview page in the Azure portal." lightbox="./media/manage-multiple-machines/overview-page-expanded.png"::: - - In the **Overview** page - the summary tiles show the following status: - - - **Filters**—use filters to focus on a subset of your resources. The selectors above the tiles return **Subscription**, **Resource group**, **Resource type** (Azure VMs and Arc-enabled servers) **Location**, and **OS** type (Windows or Linux) based on the Azure role-based access rights you've been granted. You can combine filters to scope to a specific resource. - - - **Update status of machines**—shows the update status information for assessed machines that had applicable or needed updates. You can filter the results based on classification types. By default, all [classifications](/azure/automation/update-management/overview#update-classifications) are selected and as per the classification selection, the tile is updated. - - The graph provides a snapshot for all your machines in your subscription, regardless of whether you have used update management center (preview) for that machine. This assessment data comes from Azure Resource Graph, and it stores the data for seven days. - - From the assessment data available, machines are classified into the following categories: - - - **No updates available**—no updates are pending for these machines and these machines are up to date. - - **Updates available**—updates are pending for these machines and these machines aren't up to date. - - **Reboot Required**—pending a reboot for the updates to take effect. - - **No updates data**—no assessment data is available for these machines. - - There following could be the reasons for no assessment data: - - No assessment has been done over the last seven days - - The machine has an unsupported OS - - The machine is in an unsupported region and you can't perform an assessment. - - - **Patch orchestration configuration of Azure virtual machines** — all the Azure or Arc-enabled machines inventoried in the subscription are summarized by each update orchestration method. Values are: - - - **Azure orchestrated**—this mode enables automatic VM guest patching for the Azure virtual machine and Arc-enabled server. Subsequent patch installation is orchestrated by Azure. - - **Image Default**—for Linux machines, it uses the default patching configuration. - - **OS orchestrated**—the OS automatically updates the machine. - - **Manual updates**—you control the application of patches to a machine by applying patches manually inside the machine. In this mode, automatic updates are disabled for Windows OS. - - For more information about each orchestration method see, [automatic VM guest patching for Azure VMs](/azure/virtual-machines/automatic-vm-guest-patching#patch-orchestration-modes). - - - **Update installation status**—by default, the tile shows the status for the last 30 days. Using the **Time** picker, you can choose a different range. The values are: - - **Failed**—is when one or more updates in the deployment have failed. - - **Completed**—is when the deployment ends successfully by the time range selected. - - **Completed with warnings**—is when the deployment is completed successfully but had warnings. - - **In progress**—is when the deployment is currently running. - -- Select the **Update status of machines** or **Patch orchestration configuration of Azure Virtual machines** to go to the **Machines** page. -- Select the **Update installation status**, to go to the **History** page. - -- **Pending Windows updates** — the tile shows the status of pending updates for Windows machines in your subscription. -- **Pending Linux updates** — the tile shows the status of pending updates for Linux machines in your subscription. - -## Summary of machine status - -Update management center (preview) in Azure enables you to browse information about your Azure VMs and Arc-enabled servers across your Azure subscriptions relevant to update management center (preview). The section shows how you can filter information to understand the update status of your machine resources, and for multiple machines, initiate an update assessment, update deployment, and manage their update settings. - - In the update management center (preview) page, select **Machines** from the left menu. - - :::image type="content" source="./media/manage-multiple-machines/update-center-machines-page-inline.png" alt-text="Screenshot of update management center(preview) Machines page in the Azure portal." lightbox="./media/manage-multiple-machines/update-center-machines-page-expanded.png"::: - - On the page, the table lists all the machines in the specified subscription, and for each machine it helps you understand the following details that show up based on the latest assessment. - - **Update status**—the total number of updates available identified as applicable to the machine's OS. - - **Operating system**—the operating system running on the machine. - - **Resource type**—the machine is either hosted in Azure or is a hybrid machine managed by Arc-enabled servers. - - **Patch orchestration**— the patches are applied following availability-first principles and managed by Azure. - - **Periodic assessment**—an update setting that allows you to enable automatic periodic checking of updates. - -The column **Patch Orchestration**, in the machine's patch mode has the following values: - - * **Automatic by OS**—the machine is automatically updated by the OS. - * **Azure orchestrated**—for a group of virtual machines undergoing an update, the Azure platform will orchestrate updates. The VM is set to [automatic VM guest patching](/azure/virtual-machines/automatic-vm-guest-patching), and for an Azure virtual machine scale set, it's set to [automatic OS image upgrade](/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade). - * **Image Default**—for Linux machines, its default patching configuration is used. - * **Manual**—you control the application of patches to a machine by applying patches manually inside the machine. In this mode automatic updates are disabled for Windows OS. - -The machine's status—for an Azure VM, it shows it's [power state](/azure/virtual-machines/states-billing#power-states-and-billing), and for an Arc-enabled server, it shows if it's connected or not. - -Use filters to focus on a subset of your resources. The selectors above the tiles return subscriptions, resource groups, resource types (that is, Azure VMs and Arc-enabled servers), regions, etc. and are based on the Azure role-based access rights you've been granted. You can combine filters to scope to a specific resource. - -The summary tiles at the top of the page summarize the number of machines that have been assessed and their update status. - -To manage the machine's update settings, see [Manage update configuration settings](manage-update-settings.md). - -### Check for updates - -For machines that haven't had a compliance assessment scan for the first time, you can select one or more of them from the list and then select the **Check for updates**. You'll receive status messages as the configuration is performed. - - :::image type="content" source="./media/manage-multiple-machines/update-center-assess-now-multi-selection-inline.png" alt-text="Screenshot of initiating a scan assessment for selected machines with the check for updates option." lightbox="./media/manage-multiple-machines/update-center-assess-now-multi-selection-expanded.png"::: - - Otherwise, a compliance scan is initiated, and then the results are forwarded and stored in **Azure Resource Graph**. This process takes several minutes. When the assessment is completed, a confirmation message appears on the page. - - :::image type="content" source="./media/manage-multiple-machines/update-center-assess-now-complete-banner-inline.png" alt-text="Screenshot of assessment banner on Manage Machines page." lightbox="./media/manage-multiple-machines/update-center-assess-now-complete-banner-expanded.png"::: - - -Select a machine from the list to open update management center (Preview) scoped to that machine. Here, you can view its detailed assessment status, update history, configure its patch orchestration options, and initiate an update deployment. - -### Deploy the updates - -For assessed machines that are reporting updates available, select one or more of the machines from the list and initiate an update deployment that starts immediately. Select the machine and go to **One-time update**. - - :::image type="content" source="./media/manage-multiple-machines/update-center-install-updates-now-multi-selection-inline.png" alt-text="Screenshot of install one time updates for machine(s) on updates preview page." lightbox="./media/manage-multiple-machines/update-center-install-updates-now-multi-selection-expanded.png"::: - - A notification appears to confirm that an activity has started and another is created when it's completed. When it's successfully completed, the installation operation results are available to view from either the **Update history** tab, when you select the machine from the **Machines** page, or on the **History** page, which you're redirected to automatically after initiating the update deployment. The status of the operation can be viewed at any time from the [Azure Activity log](/azure/azure-monitor/essentials/activity-log). - -### Set up a recurring update deployment - -You can create a recurring update deployment for your machines. Select your machine and select **Scheduled updates**. This opens [Create new maintenance configuration](scheduled-patching.md) flow. - - -## Update deployment history - -Update management center (preview) enables you to browse information about your Azure VMs and Arc-enabled servers across your Azure subscriptions relevant to Update management center (preview). You can filter information to understand the update assessment and deployment history for multiple machines. In Update management center (preview), select **History** from the left menu. - - -## Update deployment history by machines - -Provides a summarized status of update and assessment actions performed against your Azure VMs and Arc-enabled servers. You can also drill into a specific machine to view update-related details and manage it directly, review the detailed update or assessment history for the machine, and other related details in the table. - -:::image type="content" source="./media/manage-multiple-machines/update-center-history-page-inline.png" alt-text="Screenshot of update center History page in the Azure portal." lightbox="./media/manage-multiple-machines/update-center-history-page-expanded.png"::: - - - **Machine Name** - - **Status** - - **Update installed** - - **Update operation** - - **Operation type** - - **Operation start time** - - **Resource Type** - - **Tags** - - **Last assessed time** - -## Update deployment history by maintenance run ID -In the **History** page, select **By maintenance run ID** to view the history of the maintenance run schedules. Each record shows - - :::image type="content" source="./media/manage-multiple-machines/update-center-history-by-maintenance-run-id-inline.png" alt-text="Screenshot of update center History page by maintenance run ID in the Azure portal." lightbox="./media/manage-multiple-machines/update-center-history-by-maintenance-run-id-expanded.png"::: - -- **Maintenance run ID** -- **Status** -- **Updated machines** -- **Operation start time** -- **Operation end time** - -When you select any one maintenance run ID record, you can view an expanded status of the maintenance run. It contains information about machines and updates. It includes the number of machines that were updated and updates installed on them, along with the status of each of the machines in the form of a pie chart. At the end of the page, it contains a list view of both machines and updates that were a part of this maintenance run. - - :::image type="content" source="./media/manage-multiple-machines/update-center-maintenance-run-record-inline.png" alt-text="Screenshot of maintenance run ID record." lightbox="./media/manage-multiple-machines/update-center-maintenance-run-record-expanded.png"::: - - -### Resource Graph - -The update assessment and deployment data are available for querying in Azure Resource Graph. You can apply this data to scenarios that include security compliance, security operations, and troubleshooting. Select **Go to resource graph** to go to the Azure Resource Graph Explorer. It enables running Resource Graph queries directly in the Azure portal. Resource Graph supports Azure CLI, Azure PowerShell, Azure SDK for Python, and more. For more information, see [First query with Azure Resource Graph Explorer](/azure/governance/resource-graph/first-query-portal). - -When the Resource Graph Explorer opens, it is automatically populated with the same query used to generate the results presented in the table on the **History** page in Update management center (preview). Ensure that you review the [query Update logs](query-logs.md) article to learn about the log records and their properties, and the sample queries included. - -## Next steps - -* To set up and manage recurring deployment schedules, see [Schedule recurring updates](scheduled-patching.md) -* To view update assessment and deployment logs generated by update management center (preview), see [query logs](query-logs.md). diff --git a/articles/update-center/manage-update-settings.md b/articles/update-center/manage-update-settings.md deleted file mode 100644 index 965f1dc71197..000000000000 --- a/articles/update-center/manage-update-settings.md +++ /dev/null @@ -1,108 +0,0 @@ ---- -title: Manage update configuration settings in Update management center (preview) -description: The article describes how to manage the update settings for your Windows and Linux machines managed by Update management center (preview). -ms.service: update-management-center -author: snehasudhirG -ms.author: sudhirsneha -ms.date: 04/21/2022 -ms.topic: conceptual ---- - -# Manage Update configuration settings - -**Applies to:** :heavy_check_mark: Windows VMs :heavy_check_mark: Linux VMs :heavy_check_mark: On-premises environment :heavy_check_mark: Azure Arc-enabled servers. - -The article describes how to configure update settings from Update management center (preview) in Azure, to control the update settings on your Azure VMs and Arc-enabled servers for one or more machines. - -:::image type="content" source="./media/manage-update-settings/manage-update-settings-option-inline.png" alt-text="Screenshot Viewing the update management center manage update settings option." lightbox="./media/manage-update-settings/manage-update-settings-option-expanded.png"::: - - -## Configure settings on single VM - -To configure update settings on your machines on a single VM, follow these steps: - ->[!NOTE] -> You can schedule updates from the Overview or Machines blade in update management center (preview) page or from the selected VM. - -# [From Overview blade](#tab/manage-single-overview) - -1. Sign in to the [Azure portal](https://portal.azure.com). -1. In **Update management center**, select **Overview**, select your **Subscription**, and select **Update settings**. -1. In **Change update settings**, select the update settings that you want to change for your machine and select **Next**. - - :::image type="content" source="./media/manage-update-settings/update-setting-to-change.png" alt-text="Highlighting the Update settings to change option in the Azure portal."::: - - The following update settings are available for configuration for the selected machine(s): - - - **Periodic assessment** - enable periodic **Assessment** to run every 24 hours. - - - **Hot patching** - for Azure VMs, you can enable [hot patching](/azure/automanage/automanage-hotpatch) on supported Windows Server Azure Edition Virtual Machines (VMs) don't require a reboot after installation. You can use update management center (preview) to install patches with other patch classifications or to schedule patch installation when you require immediate critical patch deployment. - - - **Patch orchestration** option provides the following: - - - **Automatic by operating system** - When the workload running on the VM doesn't have to meet availability targets, operating system updates are automatically downloaded and installed. Machines are rebooted as needed. - - **Azure-orchestrated (preview)** - Available *Critical* and *Security* patches are downloaded and applied automatically on the Azure VM using [automatic VM guest patching](/azure/virtual-machines/automatic-vm-guest-patching). This process kicks off automatically every month when new patches are released. Patch assessment and installation are automatic, and the process includes rebooting the VM as required. - - **Manual updates** - Configures the Windows Update agent by setting [configure automatic updates](/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates#configure-automatic-updates). - - **Image Default** - Only supported for Linux Virtual Machines, this mode honors the default patching configuration in the image used to create the VM. - -1. In **Machines**, select the checkbox for your machine and Select **Next** to continue. - -1. In **Review and change**, verify your selected resources and the update settings and select **Review and change**. - - -# [From Machines blade](#tab/manage-single-machines) - -1. Sign in to the [Azure portal](https://portal.azure.com). -1. In **Update management center**, select **Machines**, your **subscription**, and select the checkbox of your machine from the list and select **Update settings**. -1. Select **Update Settings** to proceed with the type of update for your machine. -1. In **Change update settings**, you can select the update settings that you want to change for your machines and follow the procedure from step 3 listed in **From Overview blade** of [Configure settings on single VM](#configure-settings-on-single-vm). - -# [From a selected VM](#tab/singlevm-schedule-home) - ->[!NOTE] -> **For Azure machines**, your subscription needs to be allowlisted for preview feature. For more information, see -[On-boarding preview features](enable-machines.md) - -1. Select your virtual machine and the **virtual machines | Updates** page opens. -1. Under **Operations**, select **Updates**. -1. In **Updates**, select **Go to Updates using Update Center**. -1. In **Updates preview**, select **Update Settings**. -1. In **Change update settings**, you can select the update settings that you want to change for your machine and and follow the procedure from step 3 listed in **From Overview blade** of [Configure settings on single VM](#configure-settings-on-single-vm). - ---- - -A notification appears to confirm that the update settings are successfully changed. - -## Configure settings at scale - -To configure update settings on your machines at scale, follow these steps: - ->[!NOTE] -> You can schedule updates from the Overview or Machines blade. - -# [From Overview blade](#tab/manage-scale-overview) - -1. Sign in to the [Azure portal](https://portal.azure.com). - -1. In **Update management center**, select **Overview**, select your **Subscription** and select **Update settings**. - -1. In **Change update settings**, select the update settings that you want to change for your machines follow the procedure from step 3 listed in **From Overview blade** of [Configure settings on single VM](#configure-settings-on-single-vm). - -# [From Machines blade](#tab/manage-scale-machines) - -1. Sign in to the [Azure portal](https://portal.azure.com). -1. In **Update management center**, select **Machines**, your **subscription**, and select the checkbox for all your machines from the list and select **Update settings**. -1. Select **Update Settings** to proceed with the type of update for your machines. -1. In **Change update settings**, you can select the update settings that you want to change for your machine and follow the procedure from step 3 listed in **From Overview blade** of [Configure settings on single VM](#configure-settings-on-single-vm). - ---- - -A notification appears to confirm that the update settings are successfully changed. - - - -## Next steps - -* [View assessment compliance](view-updates.md) and [deploy updates](deploy-updates.md) for a selected Azure VM or Arc-enabled server, or across [multiple machines](manage-multiple-machines.md) in your subscription in the Azure portal. -* To view update assessment and deployment logs generated by update management center (preview), see [query logs](query-logs.md). -* To troubleshoot issues, see the [Troubleshoot](troubleshoot.md) update management center (preview). \ No newline at end of file diff --git a/articles/update-center/manage-vms-programmatically.md b/articles/update-center/manage-vms-programmatically.md deleted file mode 100644 index 2571fcb0d3b9..000000000000 --- a/articles/update-center/manage-vms-programmatically.md +++ /dev/null @@ -1,393 +0,0 @@ ---- -title: Programmatically manage updates for Azure VMs -description: This article tells how to use update management center (preview) in Azure using REST API with Azure virtual machines. -ms.service: update-management-center -author: SnehaSudhirG -ms.author: sudhirsneha -ms.date: 04/21/2022 -ms.topic: conceptual ---- - -# How to programmatically manage updates for Azure VMs - -This article walks you through the process of using the Azure REST API to trigger an assessment and an update deployment on your Azure virtual machine with update management center (preview) in Azure. If you are new to update management center (preview) and you want to learn more, see [overview of update management center (preview)](overview.md). To use the Azure REST API to manage Arc-enabled servers, see [How to programmatically work with Arc-enabled servers](manage-arc-enabled-servers-programmatically.md). - -Update management center (private preview) in Azure enables you to use the [Azure REST API](/rest/api/azure/) for access programmatically. Additionally, you can use the appropriate REST commands from [Azure PowerShell](/powershell/azure/) and [Azure CLI](/cli/azure/). - -Support for Azure REST API to manage Azure VMs is available through the update management center (preview) virtual machine extension. - -## Update assessment - -To trigger an update assessment on your Azure VM, specify the following POST request: - -```rest -POST on `subscriptions/subscriptionId/resourceGroups/resourceGroupName/providers/Microsoft.Compute/virtualMachines/virtualMachineName/assessPatches?api-version=2020-12-01` -``` - -# [Azure CLI](#tab/cli) - -To specify the POST request, you can use the Azure CLI [az rest](/cli/azure/reference-index#az_rest) command. - -```azurecli -az rest --method post --url https://management.azure.com/subscriptions/subscriptionId/resourceGroups/resourceGroupName/providers/Microsoft.Network/Microsoft.Compute/virtualMachines/virtualMachineName/assessPatches?api-version=2020-12-01 -``` - -# [Azure PowerShell](#tab/powershell) - -To specify the POST request, you can use the Azure PowerShell [Invoke-AzRestMethod](/powershell/module/az.accounts/invoke-azrestmethod) cmdlet. - -```azurepowershell -Invoke-AzRestMethod - -ResourceGroupName resourceGroupName - -Name "virtualMachineName" - -ResourceProviderName "Microsoft.Compute" - -ResourceType "virtualMachines" - -ApiVersion xx - -Payload '{ - }' - -Method POST -``` - ---- - -## Update deployment - -To trigger an update deployment to your Azure VM, specify the following POST request: - -```rest -POST on `subscriptions/subscriptionId/resourceGroups/resourceGroupName/providers/Microsoft.Compute/machines/virtualMachineName/installPatches?api-version=2020-12-01` -``` - -#### Request body - -The following table describes the elements of the request body: - -| Property | Description | -|----------|-------------| -| `maximumDuration` | Maximum amount of time that the operation runs. It must be an ISO 8601-compliant duration string such as `PT4H` (4 hours). | -| `rebootSetting` | Flag to state if machine should be rebooted if Guest OS update installation requires it for completion. Acceptable values are: `IfRequired, NeverReboot, AlwaysReboot`. | -| `windowsParameters` | Parameter options for Guest OS update on Azure VMs running a supported Microsoft Windows Server operating system. | -| `windowsParameters - classificationsToInclude` | List of categories/classifications to be used for selecting the updates to be installed on the machine. Acceptable values are: `Critical, Security, UpdateRollUp, FeaturePack, ServicePack, Definition, Tools, Update` | -| `windowsParameters - kbNumbersToInclude` | List of Windows Update KB Ids that should be installed. All updates belonging to the classifications provided in `classificationsToInclude` list will be installed. `kbNumbersToInclude` is an optional list of specific KBs to be installed in addition to the classifications. For example: `1234` | -| `windowsParameters - kbNumbersToExclude` | List of Windows Update KB Ids that should **not** be installed. This parameter overrides `windowsParameters - classificationsToInclude`, meaning a Windows Update KB Id specified here will not be installed even if it belongs to the classification provided under `classificationsToInclude` parameter. | -| `linuxParameters` | Parameter options for Guest OS update on Azure VMs running a supported Linux server operating system. | -| `linuxParameters - classificationsToInclude` | List of categories/classifications to be used for selecting the updates to be installed on the machine. Acceptable values are: `Critical, Security, Others` | -| `linuxParameters - packageNameMasksToInclude` | List of Linux packages that should be installed. All updates belonging to the classifications provided in `classificationsToInclude` list will be installed. `packageNameMasksToInclude` is an optional list of package names to be installed in addition to the classifications. For example: `mysql, libc=1.0.1.1, kernel*` | -| `linuxParameters - packageNameMasksToExclude` | List of updates that should **not** be installed. This parameter overrides `linuxParameters - packageNameMasksToExclude`, meaning a package specified here will not be installed even if it belongs to the classification provided under `classificationsToInclude` parameter. | - - -# [Azure REST API](#tab/rest) - -To specify the POST request, you can use the following Azure REST API call with valid parameters and values. - -```rest -POST on 'subscriptions/{subscriptionId}/resourceGroups/acmedemo/providers/Microsoft.Compute/virtualMachines/ameacr/installPatches?api-version=2020-12-01 - -{ - "maximumDuration": "PT120M", - "rebootSetting": "IfRequired", - "windowsParameters": { - "classificationsToInclude": [ - "Security", - "UpdateRollup", - "FeaturePack", - "ServicePack" - ], - "kbNumbersToInclude": [ - "11111111111", - "22222222222222" - ], - "kbNumbersToExclude": [ - "333333333333", - "55555555555" - ] - } - }' -``` - -# [Azure CLI](#tab/azurecli) - -To specify the POST request, you can use the Azure CLI [az rest](/cli/azure/reference-index#az_rest) command. - -```azurecli -az rest --method post --url https://management.azure.com/subscriptions/subscriptionId/resourceGroups/resourceGroupName/providers/Microsoft.Compute/virtualMachines/virtualMachineName/installPatches?api-version==2020-12-01 @body.json -``` - -The format of the request body for version 2020-12-01 is as follows: - -```json -{ - "maximumDuration": "PT120M", - "rebootSetting": "IfRequired", - "windowsParameters": { - "classificationsToInclude": [ - "Security", - "UpdateRollup", - "FeaturePack", - "ServicePack" - ], - "kbNumbersToInclude": [ - "11111111111", - "22222222222222" - ], - "kbNumbersToExclude": [ - "333333333333", - "55555555555" - ] - } - } -``` - -# [Azure PowerShell](#tab/azurepowershell) - -To specify the POST request, you can use the Azure PowerShell [Invoke-AzRestMethod](/powershell/module/az.accounts/invoke-azrestmethod) cmdlet. - -```azurepowershell -Invoke-AzRestMethod - -ResourceGroupName resourceGroupName - -Name "machineName" - -ResourceProviderName "Microsoft.Compute" - -ResourceType "virtualMachines" - -ApiVersion 2020-12-01-preview - -Payload '{ - "maximumDuration": "PT120M", - "rebootSetting": "IfRequired", - "windowsParameters": { - "classificationsToInclude": [ - "Security", - "UpdateRollup", - "FeaturePack", - "ServicePack" - ], - "kbNumbersToInclude": [ - "11111111111", - "22222222222222" - ], - "kbNumbersToExclude": [ - "333333333333", - "55555555555" - ] - } - }' - -Method POST -``` ---- - - -## Create a maintenance configuration schedule - -To create a maintenance configuration schedule, specify the following PUT request: - -```rest -PUT on `/subscriptions//resourceGroups//providers/Microsoft.Maintenance/maintenanceConfigurations/?api-version=2021-09-01-preview` -``` - -#### Request body - -The following table describes the elements of the request body: - -| Property | Description | -|----------|-------------| -| `id` | Fully qualified identifier of the resource | -| `location` | Gets or sets location of the resource | -| `name` | Name of the resource | -| `properties.extensionProperties` | Gets or sets extensionProperties of the maintenanceConfiguration | -| `properties.maintenanceScope` | Gets or sets maintenanceScope of the configuration | -| `properties.maintenanceWindow.duration` | Duration of the maintenance window in HH:MM format. If not provided, default value will be used based on maintenance scope provided. Example: 05:00. | -| `properties.maintenanceWindow.expirationDateTime` | Effective expiration date of the maintenance window in YYYY-MM-DD hh:mm format. The window will be created in the time zone provided and adjusted to daylight savings according to that time zone. Expiration date must be set to a future date. If not provided, it will be set to the maximum datetime 9999-12-31 23:59:59. | -| `properties.maintenanceWindow.recurEvery` | Rate at which a maintenance window is expected to recur. The rate can be expressed as daily, weekly, or monthly schedules. Daily schedule are formatted as recurEvery: [Frequency as integer]['Day(s)']. If no frequency is provided, the default frequency is 1. Daily schedule examples are recurEvery: Day, recurEvery: 3Days. Weekly schedule are formatted as recurEvery: [Frequency as integer]['Week(s)'] [Optional comma separated list of weekdays Monday-Sunday]. Weekly schedule examples are recurEvery: 3Weeks, recurEvery: Week Saturday,Sunday. Monthly schedules are formatted as [Frequency as integer]['Month(s)'] [Comma separated list of month days] or [Frequency as integer]['Month(s)'] [Week of Month (First, Second, Third, Fourth, Last)] [Weekday Monday-Sunday]. Monthly schedule examples are recurEvery: Month, recurEvery: 2Months, recurEvery: Month day23,day24, recurEvery: Month Last Sunday, recurEvery: Month Fourth Monday. | -| `properties.maintenanceWindow.startDateTime` | Effective start date of the maintenance window in YYYY-MM-DD hh:mm format. The start date can be set to either the current date or future date. The window will be created in the time zone provided and adjusted to daylight savings according to that time zone. | -| `properties.maintenanceWindow.timeZone` | Name of the timezone. List of timezones can be obtained by executing [System.TimeZoneInfo]::GetSystemTimeZones() in PowerShell. Example: Pacific Standard Time, UTC, W. Europe Standard Time, Korea Standard Time, Cen. Australia Standard Time. | -| `properties.namespace` | Gets or sets namespace of the resource | -| `properties.visibility` | Gets or sets the visibility of the configuration. The default value is 'Custom' | -| `systemData` | Azure Resource Manager metadata containing createdBy and modifiedBy information. | -| `tags` | Gets or sets tags of the resource | -| `type` | Type of the resource | - -# [Azure REST API](#tab/rest) - -To specify the POST request, you can use the following Azure REST API call with valid parameters and values. - -```rest -PUT on '/subscriptions/0f55bb56-6089-4c7e-9306-41fb78fc5844/resourceGroups/atscalepatching/providers/Microsoft.Maintenance/maintenanceConfigurations/TestAzureInGuestAdv2?api-version=2021-09-01-preview - -{ - "location": "eastus2euap", - "properties": { - "namespace": null, - "extensionProperties": {}, - "maintenanceScope": "InGuestPatch", - "maintenanceWindow": { - "startDateTime": "2021-08-21 01:18", - "expirationDateTime": "2221-05-19 03:30", - "duration": "01:30", - "timeZone": "India Standard Time", - "recurEvery": "Day" - }, - "visibility": "Custom", - "installPatches": { - "rebootSetting": "IfRequired", - "windowsParameters": { - "classificationsToInclude": [ - "Security", - "Critical", - "UpdateRollup" - ] - }, - "linuxParameters": { - "classificationsToInclude": [ - "Other" - ] - } - } - } -}' -``` - -# [Azure CLI](#tab/azurecli) - -To specify the PUT request, you can use the Azure CLI [az rest](/cli/azure/reference-index#az_rest) command. - -```azurecli -az rest --method put --url https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Maintenance/maintenanceConfigurations/?api-version=2021-09-01-preview @body.json -``` - -The format of the request body is as follows: - -```json -{ - "location": "eastus2euap", - "properties": { - "namespace": null, - "extensionProperties": {}, - "maintenanceScope": "InGuestPatch", - "maintenanceWindow": { - "startDateTime": "2021-08-21 01:18", - "expirationDateTime": "2221-05-19 03:30", - "duration": "01:30", - "timeZone": "India Standard Time", - "recurEvery": "Day" - }, - "visibility": "Custom", - "installPatches": { - "rebootSetting": "IfRequired", - "windowsParameters": { - "classificationsToInclude": [ - "Security", - "Critical", - "UpdateRollup" - ] - }, - "linuxParameters": { - "classificationsToInclude": [ - "Other" - ] - } - } - } -} -``` - -# [Azure PowerShell](#tab/azurepowershell) - -To specify the POST request, you can use the Azure PowerShell [Invoke-AzRestMethod](/powershell/module/az.accounts/invoke-azrestmethod) cmdlet. - -```azurepowershell -Invoke-AzRestMethod -Path "/subscriptions//resourceGroups//providers/Microsoft.Maintenance/maintenanceConfigurations/?api-version=2021-09-01-preview" --Method PUT ` --Payload '{ - "location": "eastus2euap", - "properties": { - "namespace": null, - "extensionProperties": {}, - "maintenanceScope": "InGuestPatch", - "maintenanceWindow": { - "startDateTime": "2021-12-21 01:18", - "expirationDateTime": "2221-05-19 03:30", - "duration": "01:30", - "timeZone": "India Standard Time", - "recurEvery": "Day" - }, - "visibility": "Custom", - "installPatches": { - "rebootSetting": "IfRequired", - "windowsParameters": { - "classificationsToInclude": [ - "Security", - "Critical", - "UpdateRollup" - ] - }, - "linuxParameters": { - "classificationsToInclude": [ - "Other" - ] - } - } - } -}' -``` ---- - -## Associate a VM with a schedule - -To associate a VM with a maintenance configuration schedule, specify the following PUT request: - -```rest -PUT on `/providers/Microsoft.Maintenance/configurationAssignments/?api-version=2021-09-01-preview` -``` - -# [Azure REST API](#tab/rest) - -To specify the PUT request, you can use the following Azure REST API call with valid parameters and values. - -```rest -PUT on '/subscriptions/0f55bb56-6089-4c7e-9306-41fb78fc5844/resourceGroups/atscalepatching/providers/Microsoft.Compute/virtualMachines/win-atscalepatching-1/providers/Microsoft.Maintenance/configurationAssignments/TestAzureInGuestAdv?api-version=2021-09-01-preview - -{ - "properties": { - "maintenanceConfigurationId": "/subscriptions/0f55bb56-6089-4c7e-9306-41fb78fc5844/resourcegroups/atscalepatching/providers/Microsoft.Maintenance/maintenanceConfigurations/TestAzureInGuestIntermediate2" - }, - "location": "eastus2euap" -}' -``` - -# [Azure CLI](#tab/azurecli) - -To specify the PUT request, you can use the Azure CLI [az rest](/cli/azure/reference-index#az_rest) command. - -```azurecli -az rest --method put --url https://management.azure.com//providers/Microsoft.Maintenance/configurationAssignments/?api-version=2021-09-01-preview @body.json -``` - -The format of the request body is as follows: - -```json -{ - "properties": { - "maintenanceConfigurationId": "/subscriptions/0f55bb56-6089-4c7e-9306-41fb78fc5844/resourcegroups/atscalepatching/providers/Microsoft.Maintenance/maintenanceConfigurations/TestAzureInGuestIntermediate2" - }, - "location": "eastus2euap" -} -``` - -# [Azure PowerShell](#tab/azurepowershell) - -To specify the POST request, you can use the Azure PowerShell [Invoke-AzRestMethod](/powershell/module/az.accounts/invoke-azrestmethod) cmdlet. - -```azurepowershell -Invoke-AzRestMethod -Path "/providers/Microsoft.Maintenance/configurationAssignments/?api-version=2021-09-01-preview" --Method PUT ` --Payload '{ - "properties": { - "maintenanceConfigurationId": "/subscriptions/0f55bb56-6089-4c7e-9306-41fb78fc5844/resourcegroups/atscalepatching/providers/Microsoft.Maintenance/maintenanceConfigurations/TestAzureInGuestIntermediate2" - }, - "location": "eastus2euap" -}' -``` ---- - -## Next steps - -* To view update assessment and deployment logs generated by update management center (preview), see [query logs](query-logs.md). -* To troubleshoot issues, see [Troubleshoot](troubleshoot.md) update management center (preview). diff --git a/articles/update-center/media/assessment-options/updates-preview-page.png b/articles/update-center/media/assessment-options/updates-preview-page.png deleted file mode 100644 index 8b39e08a3b10..000000000000 Binary files a/articles/update-center/media/assessment-options/updates-preview-page.png and /dev/null differ diff --git a/articles/update-center/media/deploy-updates/include-update-classification-expanded.png b/articles/update-center/media/deploy-updates/include-update-classification-expanded.png deleted file mode 100644 index beae6c4bb18c..000000000000 Binary files a/articles/update-center/media/deploy-updates/include-update-classification-expanded.png and /dev/null differ diff --git a/articles/update-center/media/deploy-updates/include-update-classification-inline.png b/articles/update-center/media/deploy-updates/include-update-classification-inline.png deleted file mode 100644 index beae6c4bb18c..000000000000 Binary files a/articles/update-center/media/deploy-updates/include-update-classification-inline.png and /dev/null differ diff --git a/articles/update-center/media/deploy-updates/install-updates-now-basics.png b/articles/update-center/media/deploy-updates/install-updates-now-basics.png deleted file mode 100644 index f37496f39013..000000000000 Binary files a/articles/update-center/media/deploy-updates/install-updates-now-basics.png and /dev/null differ diff --git a/articles/update-center/media/deploy-updates/install-updates-now-expanded.png b/articles/update-center/media/deploy-updates/install-updates-now-expanded.png deleted file mode 100644 index d4ba264167f1..000000000000 Binary files a/articles/update-center/media/deploy-updates/install-updates-now-expanded.png and /dev/null differ diff --git a/articles/update-center/media/deploy-updates/install-updates-now-inline.png b/articles/update-center/media/deploy-updates/install-updates-now-inline.png deleted file mode 100644 index d4ba264167f1..000000000000 Binary files a/articles/update-center/media/deploy-updates/install-updates-now-inline.png and /dev/null differ diff --git a/articles/update-center/media/deploy-updates/one-time-updates-machines-tab-expanded.png b/articles/update-center/media/deploy-updates/one-time-updates-machines-tab-expanded.png deleted file mode 100644 index 4d96d34f2791..000000000000 Binary files a/articles/update-center/media/deploy-updates/one-time-updates-machines-tab-expanded.png and /dev/null differ diff --git a/articles/update-center/media/deploy-updates/one-time-updates-machines-tab-inline.png b/articles/update-center/media/deploy-updates/one-time-updates-machines-tab-inline.png deleted file mode 100644 index d71c710f258c..000000000000 Binary files a/articles/update-center/media/deploy-updates/one-time-updates-machines-tab-inline.png and /dev/null differ diff --git a/articles/update-center/media/deploy-updates/select-updates-expanded.png b/articles/update-center/media/deploy-updates/select-updates-expanded.png deleted file mode 100644 index 5a9622c98769..000000000000 Binary files a/articles/update-center/media/deploy-updates/select-updates-expanded.png and /dev/null differ diff --git a/articles/update-center/media/deploy-updates/select-updates-inline.png b/articles/update-center/media/deploy-updates/select-updates-inline.png deleted file mode 100644 index 5a9622c98769..000000000000 Binary files a/articles/update-center/media/deploy-updates/select-updates-inline.png and /dev/null differ diff --git a/articles/update-center/media/deploy-updates/update-deployment-run.png b/articles/update-center/media/deploy-updates/update-deployment-run.png deleted file mode 100644 index 1d85e95cac0a..000000000000 Binary files a/articles/update-center/media/deploy-updates/update-deployment-run.png and /dev/null differ diff --git a/articles/update-center/media/deploy-updates/update-management-center-option.png b/articles/update-center/media/deploy-updates/update-management-center-option.png deleted file mode 100644 index a9ae2bfc99f8..000000000000 Binary files a/articles/update-center/media/deploy-updates/update-management-center-option.png and /dev/null differ diff --git a/articles/update-center/media/deploy-updates/updates-history-expanded.png b/articles/update-center/media/deploy-updates/updates-history-expanded.png deleted file mode 100644 index ff44ad68e289..000000000000 Binary files a/articles/update-center/media/deploy-updates/updates-history-expanded.png and /dev/null differ diff --git a/articles/update-center/media/deploy-updates/updates-history-inline.png b/articles/update-center/media/deploy-updates/updates-history-inline.png deleted file mode 100644 index ff44ad68e289..000000000000 Binary files a/articles/update-center/media/deploy-updates/updates-history-inline.png and /dev/null differ diff --git a/articles/update-center/media/manage-multiple-machines/overview-page-expanded.png b/articles/update-center/media/manage-multiple-machines/overview-page-expanded.png deleted file mode 100644 index aa60b762f65a..000000000000 Binary files a/articles/update-center/media/manage-multiple-machines/overview-page-expanded.png and /dev/null differ diff --git a/articles/update-center/media/manage-multiple-machines/overview-page-inline.png b/articles/update-center/media/manage-multiple-machines/overview-page-inline.png deleted file mode 100644 index aa60b762f65a..000000000000 Binary files a/articles/update-center/media/manage-multiple-machines/overview-page-inline.png and /dev/null differ diff --git a/articles/update-center/media/manage-multiple-machines/update-center-assess-now-complete-banner-expanded.png b/articles/update-center/media/manage-multiple-machines/update-center-assess-now-complete-banner-expanded.png deleted file mode 100644 index bedb0cc4965e..000000000000 Binary files a/articles/update-center/media/manage-multiple-machines/update-center-assess-now-complete-banner-expanded.png and /dev/null differ diff --git a/articles/update-center/media/manage-multiple-machines/update-center-assess-now-complete-banner-inline.png b/articles/update-center/media/manage-multiple-machines/update-center-assess-now-complete-banner-inline.png deleted file mode 100644 index bedb0cc4965e..000000000000 Binary files a/articles/update-center/media/manage-multiple-machines/update-center-assess-now-complete-banner-inline.png and /dev/null differ diff --git a/articles/update-center/media/manage-multiple-machines/update-center-assess-now-multi-selection-expanded.png b/articles/update-center/media/manage-multiple-machines/update-center-assess-now-multi-selection-expanded.png deleted file mode 100644 index 498eb4957e9f..000000000000 Binary files a/articles/update-center/media/manage-multiple-machines/update-center-assess-now-multi-selection-expanded.png and /dev/null differ diff --git a/articles/update-center/media/manage-multiple-machines/update-center-assess-now-multi-selection-inline.png b/articles/update-center/media/manage-multiple-machines/update-center-assess-now-multi-selection-inline.png deleted file mode 100644 index 498eb4957e9f..000000000000 Binary files a/articles/update-center/media/manage-multiple-machines/update-center-assess-now-multi-selection-inline.png and /dev/null differ diff --git a/articles/update-center/media/manage-multiple-machines/update-center-deploy-exclude-updates-pane.png b/articles/update-center/media/manage-multiple-machines/update-center-deploy-exclude-updates-pane.png deleted file mode 100644 index a0394ff58d76..000000000000 Binary files a/articles/update-center/media/manage-multiple-machines/update-center-deploy-exclude-updates-pane.png and /dev/null differ diff --git a/articles/update-center/media/manage-multiple-machines/update-center-history-by-maintenance-run-id-expanded.png b/articles/update-center/media/manage-multiple-machines/update-center-history-by-maintenance-run-id-expanded.png deleted file mode 100644 index 7a33c22a7502..000000000000 Binary files a/articles/update-center/media/manage-multiple-machines/update-center-history-by-maintenance-run-id-expanded.png and /dev/null differ diff --git a/articles/update-center/media/manage-multiple-machines/update-center-history-by-maintenance-run-id-inline.png b/articles/update-center/media/manage-multiple-machines/update-center-history-by-maintenance-run-id-inline.png deleted file mode 100644 index 7a33c22a7502..000000000000 Binary files a/articles/update-center/media/manage-multiple-machines/update-center-history-by-maintenance-run-id-inline.png and /dev/null differ diff --git a/articles/update-center/media/manage-multiple-machines/update-center-history-page-expanded.png b/articles/update-center/media/manage-multiple-machines/update-center-history-page-expanded.png deleted file mode 100644 index c17e2c078225..000000000000 Binary files a/articles/update-center/media/manage-multiple-machines/update-center-history-page-expanded.png and /dev/null differ diff --git a/articles/update-center/media/manage-multiple-machines/update-center-history-page-inline.png b/articles/update-center/media/manage-multiple-machines/update-center-history-page-inline.png deleted file mode 100644 index c17e2c078225..000000000000 Binary files a/articles/update-center/media/manage-multiple-machines/update-center-history-page-inline.png and /dev/null differ diff --git a/articles/update-center/media/manage-multiple-machines/update-center-install-updates-now-multi-selection-expanded.png b/articles/update-center/media/manage-multiple-machines/update-center-install-updates-now-multi-selection-expanded.png deleted file mode 100644 index bf6b8701f652..000000000000 Binary files a/articles/update-center/media/manage-multiple-machines/update-center-install-updates-now-multi-selection-expanded.png and /dev/null differ diff --git a/articles/update-center/media/manage-multiple-machines/update-center-install-updates-now-multi-selection-inline.png b/articles/update-center/media/manage-multiple-machines/update-center-install-updates-now-multi-selection-inline.png deleted file mode 100644 index bf6b8701f652..000000000000 Binary files a/articles/update-center/media/manage-multiple-machines/update-center-install-updates-now-multi-selection-inline.png and /dev/null differ diff --git a/articles/update-center/media/manage-multiple-machines/update-center-machines-page-expanded.png b/articles/update-center/media/manage-multiple-machines/update-center-machines-page-expanded.png deleted file mode 100644 index 709dac1d6f32..000000000000 Binary files a/articles/update-center/media/manage-multiple-machines/update-center-machines-page-expanded.png and /dev/null differ diff --git a/articles/update-center/media/manage-multiple-machines/update-center-machines-page-inline.png b/articles/update-center/media/manage-multiple-machines/update-center-machines-page-inline.png deleted file mode 100644 index 709dac1d6f32..000000000000 Binary files a/articles/update-center/media/manage-multiple-machines/update-center-machines-page-inline.png and /dev/null differ diff --git a/articles/update-center/media/manage-multiple-machines/update-center-maintenance-run-record-expanded.png b/articles/update-center/media/manage-multiple-machines/update-center-maintenance-run-record-expanded.png deleted file mode 100644 index cf5eceebaf57..000000000000 Binary files a/articles/update-center/media/manage-multiple-machines/update-center-maintenance-run-record-expanded.png and /dev/null differ diff --git a/articles/update-center/media/manage-multiple-machines/update-center-maintenance-run-record-inline.png b/articles/update-center/media/manage-multiple-machines/update-center-maintenance-run-record-inline.png deleted file mode 100644 index cf5eceebaf57..000000000000 Binary files a/articles/update-center/media/manage-multiple-machines/update-center-maintenance-run-record-inline.png and /dev/null differ diff --git a/articles/update-center/media/manage-update-settings/manage-update-settings-option-expanded.png b/articles/update-center/media/manage-update-settings/manage-update-settings-option-expanded.png deleted file mode 100644 index 41998c501b62..000000000000 Binary files a/articles/update-center/media/manage-update-settings/manage-update-settings-option-expanded.png and /dev/null differ diff --git a/articles/update-center/media/manage-update-settings/manage-update-settings-option-inline.png b/articles/update-center/media/manage-update-settings/manage-update-settings-option-inline.png deleted file mode 100644 index 41998c501b62..000000000000 Binary files a/articles/update-center/media/manage-update-settings/manage-update-settings-option-inline.png and /dev/null differ diff --git a/articles/update-center/media/manage-update-settings/select-manage-updates-settings-option.png b/articles/update-center/media/manage-update-settings/select-manage-updates-settings-option.png deleted file mode 100644 index c09bc9a91062..000000000000 Binary files a/articles/update-center/media/manage-update-settings/select-manage-updates-settings-option.png and /dev/null differ diff --git a/articles/update-center/media/manage-update-settings/update-setting-to-change-expanded.png b/articles/update-center/media/manage-update-settings/update-setting-to-change-expanded.png deleted file mode 100644 index 942e252b95b2..000000000000 Binary files a/articles/update-center/media/manage-update-settings/update-setting-to-change-expanded.png and /dev/null differ diff --git a/articles/update-center/media/manage-update-settings/update-setting-to-change-inline.png b/articles/update-center/media/manage-update-settings/update-setting-to-change-inline.png deleted file mode 100644 index 942e252b95b2..000000000000 Binary files a/articles/update-center/media/manage-update-settings/update-setting-to-change-inline.png and /dev/null differ diff --git a/articles/update-center/media/manage-update-settings/update-setting-to-change.png b/articles/update-center/media/manage-update-settings/update-setting-to-change.png deleted file mode 100644 index 1ceae18be845..000000000000 Binary files a/articles/update-center/media/manage-update-settings/update-setting-to-change.png and /dev/null differ diff --git a/articles/update-center/media/manage-update-settings/update-settings-configure-options.png b/articles/update-center/media/manage-update-settings/update-settings-configure-options.png deleted file mode 100644 index 32500e0fdc4d..000000000000 Binary files a/articles/update-center/media/manage-update-settings/update-settings-configure-options.png and /dev/null differ diff --git a/articles/update-center/media/overview/update-center-overview.png b/articles/update-center/media/overview/update-center-overview.png deleted file mode 100644 index 4094b28c7172..000000000000 Binary files a/articles/update-center/media/overview/update-center-overview.png and /dev/null differ diff --git a/articles/update-center/media/overview/update-management-center-overview.png b/articles/update-center/media/overview/update-management-center-overview.png deleted file mode 100644 index 5aca9954fe23..000000000000 Binary files a/articles/update-center/media/overview/update-management-center-overview.png and /dev/null differ diff --git a/articles/update-center/media/scheduled-updates/add-or-modify-schedule-of-maintenance-configuration.png b/articles/update-center/media/scheduled-updates/add-or-modify-schedule-of-maintenance-configuration.png deleted file mode 100644 index 19dc507561a4..000000000000 Binary files a/articles/update-center/media/scheduled-updates/add-or-modify-schedule-of-maintenance-configuration.png and /dev/null differ diff --git a/articles/update-center/media/scheduled-updates/add-or-remove-machines-from-maintenance-configuration-expanded.png b/articles/update-center/media/scheduled-updates/add-or-remove-machines-from-maintenance-configuration-expanded.png deleted file mode 100644 index 7a21ae81bd62..000000000000 Binary files a/articles/update-center/media/scheduled-updates/add-or-remove-machines-from-maintenance-configuration-expanded.png and /dev/null differ diff --git a/articles/update-center/media/scheduled-updates/add-or-remove-machines-from-maintenance-configuration-inline.png b/articles/update-center/media/scheduled-updates/add-or-remove-machines-from-maintenance-configuration-inline.png deleted file mode 100644 index 7a21ae81bd62..000000000000 Binary files a/articles/update-center/media/scheduled-updates/add-or-remove-machines-from-maintenance-configuration-inline.png and /dev/null differ diff --git a/articles/update-center/media/scheduled-updates/change-update-selection-criteria-of-maintenance-configuration-expanded.png b/articles/update-center/media/scheduled-updates/change-update-selection-criteria-of-maintenance-configuration-expanded.png deleted file mode 100644 index 5ac83b8eb76a..000000000000 Binary files a/articles/update-center/media/scheduled-updates/change-update-selection-criteria-of-maintenance-configuration-expanded.png and /dev/null differ diff --git a/articles/update-center/media/scheduled-updates/change-update-selection-criteria-of-maintenance-configuration-inline.png b/articles/update-center/media/scheduled-updates/change-update-selection-criteria-of-maintenance-configuration-inline.png deleted file mode 100644 index 5ac83b8eb76a..000000000000 Binary files a/articles/update-center/media/scheduled-updates/change-update-selection-criteria-of-maintenance-configuration-inline.png and /dev/null differ diff --git a/articles/update-center/media/scheduled-updates/create-maintenance-configuration.png b/articles/update-center/media/scheduled-updates/create-maintenance-configuration.png deleted file mode 100644 index 2044b3cf4228..000000000000 Binary files a/articles/update-center/media/scheduled-updates/create-maintenance-configuration.png and /dev/null differ diff --git a/articles/update-center/media/scheduled-updates/dynamic-scoping-assign-policy.png b/articles/update-center/media/scheduled-updates/dynamic-scoping-assign-policy.png deleted file mode 100644 index dc159fdbe051..000000000000 Binary files a/articles/update-center/media/scheduled-updates/dynamic-scoping-assign-policy.png and /dev/null differ diff --git a/articles/update-center/media/scheduled-updates/dynamic-scoping-defintion.png b/articles/update-center/media/scheduled-updates/dynamic-scoping-defintion.png deleted file mode 100644 index b288e9a110cb..000000000000 Binary files a/articles/update-center/media/scheduled-updates/dynamic-scoping-defintion.png and /dev/null differ diff --git a/articles/update-center/media/scheduled-updates/dynamic-scoping-policy-compliance.png b/articles/update-center/media/scheduled-updates/dynamic-scoping-policy-compliance.png deleted file mode 100644 index 6c325d5880d0..000000000000 Binary files a/articles/update-center/media/scheduled-updates/dynamic-scoping-policy-compliance.png and /dev/null differ diff --git a/articles/update-center/media/scheduled-updates/maintenance-configurations.png b/articles/update-center/media/scheduled-updates/maintenance-configurations.png deleted file mode 100644 index 1f4b45b370bc..000000000000 Binary files a/articles/update-center/media/scheduled-updates/maintenance-configurations.png and /dev/null differ diff --git a/articles/update-center/media/scheduled-updates/scheduled-patching-attach-maintenance-expanded.png b/articles/update-center/media/scheduled-updates/scheduled-patching-attach-maintenance-expanded.png deleted file mode 100644 index c1616b52dbd7..000000000000 Binary files a/articles/update-center/media/scheduled-updates/scheduled-patching-attach-maintenance-expanded.png and /dev/null differ diff --git a/articles/update-center/media/scheduled-updates/scheduled-patching-attach-maintenance-inline.png b/articles/update-center/media/scheduled-updates/scheduled-patching-attach-maintenance-inline.png deleted file mode 100644 index c1616b52dbd7..000000000000 Binary files a/articles/update-center/media/scheduled-updates/scheduled-patching-attach-maintenance-inline.png and /dev/null differ diff --git a/articles/update-center/media/scheduled-updates/scheduled-patching-basics-page.png b/articles/update-center/media/scheduled-updates/scheduled-patching-basics-page.png deleted file mode 100644 index 57c797a8e412..000000000000 Binary files a/articles/update-center/media/scheduled-updates/scheduled-patching-basics-page.png and /dev/null differ diff --git a/articles/update-center/media/scheduled-updates/scheduled-patching-updates-page.png b/articles/update-center/media/scheduled-updates/scheduled-patching-updates-page.png deleted file mode 100644 index 27bdac02bc69..000000000000 Binary files a/articles/update-center/media/scheduled-updates/scheduled-patching-updates-page.png and /dev/null differ diff --git a/articles/update-center/media/scheduled-updates/scheduling-tab-expanded.png b/articles/update-center/media/scheduled-updates/scheduling-tab-expanded.png deleted file mode 100644 index 587424ed38eb..000000000000 Binary files a/articles/update-center/media/scheduled-updates/scheduling-tab-expanded.png and /dev/null differ diff --git a/articles/update-center/media/scheduled-updates/scheduling-tab-inline.png b/articles/update-center/media/scheduled-updates/scheduling-tab-inline.png deleted file mode 100644 index 587424ed38eb..000000000000 Binary files a/articles/update-center/media/scheduled-updates/scheduling-tab-inline.png and /dev/null differ diff --git a/articles/update-center/media/updates-maintenance/hot-patch-expanded.png b/articles/update-center/media/updates-maintenance/hot-patch-expanded.png deleted file mode 100644 index 00296252306d..000000000000 Binary files a/articles/update-center/media/updates-maintenance/hot-patch-expanded.png and /dev/null differ diff --git a/articles/update-center/media/updates-maintenance/hot-patch-inline.png b/articles/update-center/media/updates-maintenance/hot-patch-inline.png deleted file mode 100644 index 00296252306d..000000000000 Binary files a/articles/update-center/media/updates-maintenance/hot-patch-inline.png and /dev/null differ diff --git a/articles/update-center/media/updates-maintenance/patch-orchestration-expanded.png b/articles/update-center/media/updates-maintenance/patch-orchestration-expanded.png deleted file mode 100644 index 7995b68aca85..000000000000 Binary files a/articles/update-center/media/updates-maintenance/patch-orchestration-expanded.png and /dev/null differ diff --git a/articles/update-center/media/updates-maintenance/patch-orchestration-inline.png b/articles/update-center/media/updates-maintenance/patch-orchestration-inline.png deleted file mode 100644 index 7995b68aca85..000000000000 Binary files a/articles/update-center/media/updates-maintenance/patch-orchestration-inline.png and /dev/null differ diff --git a/articles/update-center/media/updates-maintenance/periodic-assessment-expanded.png b/articles/update-center/media/updates-maintenance/periodic-assessment-expanded.png deleted file mode 100644 index d76176599b51..000000000000 Binary files a/articles/update-center/media/updates-maintenance/periodic-assessment-expanded.png and /dev/null differ diff --git a/articles/update-center/media/updates-maintenance/periodic-assessment-inline.png b/articles/update-center/media/updates-maintenance/periodic-assessment-inline.png deleted file mode 100644 index d76176599b51..000000000000 Binary files a/articles/update-center/media/updates-maintenance/periodic-assessment-inline.png and /dev/null differ diff --git a/articles/update-center/media/updates-maintenance/scheduled-patching-expanded.png b/articles/update-center/media/updates-maintenance/scheduled-patching-expanded.png deleted file mode 100644 index 868b10805e57..000000000000 Binary files a/articles/update-center/media/updates-maintenance/scheduled-patching-expanded.png and /dev/null differ diff --git a/articles/update-center/media/updates-maintenance/scheduled-patching-inline.png b/articles/update-center/media/updates-maintenance/scheduled-patching-inline.png deleted file mode 100644 index 868b10805e57..000000000000 Binary files a/articles/update-center/media/updates-maintenance/scheduled-patching-inline.png and /dev/null differ diff --git a/articles/update-center/media/view-updates/check-updates-home-expanded.png b/articles/update-center/media/view-updates/check-updates-home-expanded.png deleted file mode 100644 index a0555c00660b..000000000000 Binary files a/articles/update-center/media/view-updates/check-updates-home-expanded.png and /dev/null differ diff --git a/articles/update-center/media/view-updates/check-updates-home-inline.png b/articles/update-center/media/view-updates/check-updates-home-inline.png deleted file mode 100644 index a0555c00660b..000000000000 Binary files a/articles/update-center/media/view-updates/check-updates-home-inline.png and /dev/null differ diff --git a/articles/update-center/media/view-updates/check-updates-overview-expanded.png b/articles/update-center/media/view-updates/check-updates-overview-expanded.png deleted file mode 100644 index edf965378273..000000000000 Binary files a/articles/update-center/media/view-updates/check-updates-overview-expanded.png and /dev/null differ diff --git a/articles/update-center/media/view-updates/check-updates-overview-inline.png b/articles/update-center/media/view-updates/check-updates-overview-inline.png deleted file mode 100644 index edf965378273..000000000000 Binary files a/articles/update-center/media/view-updates/check-updates-overview-inline.png and /dev/null differ diff --git a/articles/update-center/media/view-updates/guest-host-updates-option-from-vm.png b/articles/update-center/media/view-updates/guest-host-updates-option-from-vm.png deleted file mode 100644 index 21b886e2b7b9..000000000000 Binary files a/articles/update-center/media/view-updates/guest-host-updates-option-from-vm.png and /dev/null differ diff --git a/articles/update-center/media/view-updates/resources-check-updates.png b/articles/update-center/media/view-updates/resources-check-updates.png deleted file mode 100644 index 913e9c609a7c..000000000000 Binary files a/articles/update-center/media/view-updates/resources-check-updates.png and /dev/null differ diff --git a/articles/update-center/media/view-updates/update-assessment-assess-now-option.png b/articles/update-center/media/view-updates/update-assessment-assess-now-option.png deleted file mode 100644 index 2c0fb7df325b..000000000000 Binary files a/articles/update-center/media/view-updates/update-assessment-assess-now-option.png and /dev/null differ diff --git a/articles/update-center/media/view-updates/update-assessment-results.png b/articles/update-center/media/view-updates/update-assessment-results.png deleted file mode 100644 index e460ced1b5cc..000000000000 Binary files a/articles/update-center/media/view-updates/update-assessment-results.png and /dev/null differ diff --git a/articles/update-center/media/view-updates/update-assessment-selected-machine.png b/articles/update-center/media/view-updates/update-assessment-selected-machine.png deleted file mode 100644 index 56cadf17d944..000000000000 Binary files a/articles/update-center/media/view-updates/update-assessment-selected-machine.png and /dev/null differ diff --git a/articles/update-center/overview.md b/articles/update-center/overview.md deleted file mode 100644 index 5a11cddbfd5b..000000000000 --- a/articles/update-center/overview.md +++ /dev/null @@ -1,121 +0,0 @@ ---- -title: Update management center (preview) overview -description: The article tells what update management center (preview) in Azure is and the system updates for your Windows and Linux machines in Azure, on-premises, and other cloud environments. -ms.service: update-management-center -author: SnehaSudhirG -ms.author: sudhirsneha -ms.date: 04/21/2022 -ms.topic: overview ---- - -# About Update management center (preview) - -Update management center (preview) is a unified service to help manage and govern updates for all your machines. You can monitor Windows and Linux update compliance across your deployments in Azure, on-premises, and on the other cloud platforms from a single dashboard. Using Update management center (preview), you can make updates in real-time or schedule them within a defined maintenance window. - -You can use the update management center (preview) in Azure to: - -- Oversee update compliance for your entire fleet of machines in Azure, on- premises, and other cloud environments. -- Instantly deploy critical updates to help secure your machines. -- Leverage flexible patching options such as [automatic VM guest patching](/azure/virtual-machines/automatic-vm-guest-patching) in Azure, [hot patching](/azure/automanage/automanage-hotpatch), and customer-defined maintenance schedules. - -We also offer other capabilities to help you manage updates for your Azure Virtual Machines (VM) that you should consider as part of your overall update management strategy. Review the Azure VM [Update options](/azure/virtual-machines/updates-maintenance-overview) to learn more about the options available. - -Before you enable your machines for update management center (preview), make sure that you understand the information in the following sections. - -> [!IMPORTANT] -> Update management center (preview) can manage machines that are currently managed by Azure Automation [Update management](/azure/automation/update-management/overview) feature without interrupting your update management process. However, we don't recommend migrating from Automation Update Management since this preview gives you a chance to evaluate and provide feedback on features before it's generally available (GA). -> -> While update management center is in **preview**, the [Supplemental Terms of Use for Microsoft Azure Previews](/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability. - -## Key benefits - -Update management center (preview) has been redesigned and doesn't depend on Azure Automation or Azure Monitor Logs, as required by the [Azure Automation Update Management feature](/azure/automation/update-management/overview). Update management center (preview) offers many new features and provides enhanced functionality over the original version available with Azure Automation and some of those benefits are listed below: - -- Provides native experience with zero on-boarding. - - Built as native functionality on Azure Compute and Azure Arc for Servers platform for ease of use. - - No dependency on Log Analytics and Azure Automation. - - Azure policy support. - - Global availability in all Azure Compute and Azure Arc regions. -- Works with Azure roles and identity. - - Granular access control at per resource level instead of access control at Automation account and Log Analytics workspace level. - - Update management center now as Azure Resource Manager based operations. It allows RBAC and roles based of ARM in Azure. -- Enhanced flexibility - - Ability to take immediate action either by installing updates immediately or schedule them for a later date. - - Check updates automatically or on demand. - - Helps secure machines with new ways of patching such as [automatic VM guest patching](/azure/virtual-machines/automatic-vm-guest-patching) in Azure, [hotpatching](/azure/automanage/automanage-hotpatch) or custom maintenance schedules. - - Sync patch cycles in relation to patch Tuesday—the unofficial term for Microsoft's scheduled security fix release on every Tuesday. - - -The following diagram illustrates how update management center (preview) assesses and applies updates to all Azure machines and Arc-enabled servers for both Windows and Linux. - -![Update center workflow](./media/overview/update-management-center-overview.png) - -To support management of your Azure VM or non-Azure machine, update management center (preview) relies on a new [Azure extension](/azure/virtual-machines/extensions/overview) designed to provide all the functionality required to interact with the operating system to manage the assessment and application of updates. This extension is automatically installed when you initiate any update management center operations such as **check for updates**, **install one time update**, **periodic assessment** on your machine. The extension supports deployment to Azure VMs or Arc-enabled servers using the extension framework. The update management center (preview) extension is installed and managed using the following: - -- [Azure virtual machine Windows agent](/azure/virtual-machines/extensions/agent-windows) or [Azure virtual machine Linux agent](/azure/virtual-machines/extensions/agent-linux) for Azure VMs. -- [Azure arc-enabled servers agent](/azure/azure-arc/servers/agent-overview) for non-Azure Linux and Windows machines or physical servers. - - The extension agent installation and configuration is managed by update management center (preview) and there's no manual intervention required as long as the Azure VM agent or Azure Arc-enabled server agent is functional. The update management center (preview) extension runs code locally on the machine to interact with the operating system, and it includes: - -- Retrieving the assessment information about status of system updates for it specified by the Windows Update client or Linux package manager. -- Initiating the download and installation of approved updates with Windows Update client or Linux package manager. - -All assessment information and update installation results are reported to update management center (preview) from the extension and is available for analysis with [Azure Resource Graph](/azure/governance/resource-graph/overview). You can view up to the last seven days of assessment data, and up to the last 30 days of update installation results. - -The machines assigned to update management center (preview) report how up to date they're based on what source they're configured to synchronize with. [Windows Update Agent (WUA)](/windows/win32/wua_sdk/updating-the-windows-update-agent) on Windows machines can be configured to report to [Windows Server Update Services](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or Microsoft Update which is by default, and Linux machines can be configured to report to a local or public YUM or APT package repository. If the Windows Update Agent is configured to report to WSUS, depending on when WSUS last synchronized with Microsoft update, the results in update management center (preview) might differ from what Microsoft update shows. This behavior is the same for Linux machines that are configured to report to a local repository instead of a public package repository. - ->[!NOTE] -> You can manage your Azure VMs or Arc-enabled servers directly, or at-scale with update management center (preview). - -## Prerequisites -Along with the prerequisites listed below, see [support matrix](support-matrix.md) for update management center (preview). - -### Role - -**Resource** | **Role** ---- | --- -|Azure VM | [Azure Virtual Machine Contributor](/azure/role-based-access-control/built-in-roles#virtual-machine-contributor) or Azure [Owner](/azure/role-based-access-control/built-in-roles#owner). -Arc enabled server | [Azure Connected Machine Resource Administrator](/azure/azure-arc/servers/security-overview#identity-and-access-control). - - -### Permissions - -You need the following permissions to create and manage update deployments. The following table shows the permissions needed when using update management center (preview). - - -**Actions** |**Permission** |**Scope** | ---- | --- | --- | -|Install update on Azure VMs |*Microsoft.Compute/virtualMachines/installPatches/action* || -|Update assessment on Azure VMs |*Microsoft.Compute/virtualMachines/assessPatches/action* || -|Install update on Arc enabled server |*Microsoft.HybridCompute/machines/installPatches/action* || -|Update assessment on Arc enabled server |*Microsoft.HybridCompute/machines/assessPatches/action* || -|Create/modify maintenance configuration |*Microsoft.Maintenance/maintenanceConfigurations/write* |Subscription/resource group | -|Create/modify configuration assignments |*Microsoft.Maintenance/configurationAssignments/write* |Machine | -|Read permission for Maintenance updates resource |*Microsoft.Maintenance/updates/read* |Machine | -|Read permission for Maintenance apply updates resource |*Microsoft.Maintenance/applyUpdates/read* |Machine | - - -### Network planning - -To prepare your network to support update management center (preview), you may need to configure some infrastructure components. - -For Windows machines, you must allow traffic to any endpoints required by Windows Update agent. You can find an updated list of required endpoints in [Issues related to HTTP/Proxy](/windows/deployment/update/windows-update-troubleshooting#issues-related-to-httpproxy). If you have a local [WSUS](/windows-server/administration/windows-server-update-services/plan/plan-your-wsus-deployment) (WSUS) deployment, you must also allow traffic to the server specified in your [WSUS key](/windows/deployment/update/waas-wu-settings#configuring-automatic-updates-by-editing-the-registry). - -For Red Hat Linux machines, see [IPs for the RHUI content delivery servers](/azure/virtual-machines/workloads/redhat/redhat-rhui#the-ips-for-the-rhui-content-delivery-servers) for required endpoints. For other Linux distributions, see your provider documentation. - -### VM images - -Update management center (preview) supports Azure VMs created using Azure Marketplace images, where the virtual machine agent is already included in the Azure Marketplace image. If you have created Azure VMs using custom VM images and not an image from the Azure Marketplace, you need to manually install and enable the Azure virtual machine agent. For details, see: - -- [Manual install of Azure Windows VM agent](/azure/virtual-machines/extensions/agent-windows#manual-installation) -- [Manual install of Azure Linux VM agent](/azure/virtual-machines/extensions/agent-linux#installation) - - - -## Next steps - -- [View updates for single machine](view-updates.md) -- [Deploy updates now (on-demand) for single machine](deploy-updates.md) -- [Schedule recurring updates](scheduled-patching.md) -- [Manage update settings via Portal](manage-update-settings.md) -- [Manage multiple machines using update management center](manage-multiple-machines.md) \ No newline at end of file diff --git a/articles/update-center/periodic-assessment-at-scale.md b/articles/update-center/periodic-assessment-at-scale.md deleted file mode 100644 index ce964dc26c10..000000000000 --- a/articles/update-center/periodic-assessment-at-scale.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: Enable periodic assessment using policy -description: This article describes how to manage the update settings for your Windows and Linux machines managed by update management center (preview). -ms.service: update-management-center -author: SnehaSudhirG -ms.author: sudhirsneha -ms.date: 04/21/2022 -ms.topic: conceptual ---- - -# Automate assessment at scale using Policy to see latest update status - -This article describes how to enable Periodic Assessment for your machines at scale using Azure Policy. Periodic Assessment is a setting on your machine that enables you to see the latest updates available for your machines and removes the hassle of performing assessment manually every time you need to check the update status. Once you enable this setting, update management center (preview) fetches updates on your machine once every 24 hours. - -## Enable Periodic assessment for your Azure machines using Policy -1. Go to **Policy** from the Azure portal and under **Authoring**, go to **Definitions**. -1. From the **Category** dropdown, select **Update management center**. Select *[Preview]: Configure periodic checking for missing system updates on azure virtual machines* for Azure machines. -1. When the Policy Definition opens, select Assign. -1. In **Basics**, select your subscription as your scope. You can also specify a resource group within subscription as the scope and select Next. -1. In **Parameters**, uncheck **Only show parameters that need input or review** so that you can see the values of parameters. In **Assessment** mode, select *AutomaticByPlatform*, select *Operating system* and select **Next**. You need to create separate policies for Windows and Linux. -1. In **Remediation**, check **Create a remediation task**, so that periodic assessment is enabled on your machines and click **Next**. -1. In **Non-compliance message**, provide the message that you would like to see in case of non-compliance. For example: *Your machine doesn't have periodic assessment enabled.* Select **Review+Create.** -1. On the **Review+Create** tab, select **Create**. This will the trigger Assignment and Remediation Task creation which can take a minute or so. - -You can monitor the compliance of resources under **Compliance** and remediation status under **Remediation** from the Policy home page. - -## Enable Periodic assessment for your Arc machines using Policy - -1. Go to **Policy** from the Azure portal and under **Authoring**, **Definitions**. -1. From the **Category** dropdown, select **Update management center**. Select *[Preview]: Configure periodic checking for missing system updates on azure Arc-enabled servers* for Arc-enabled machines. -1. When the Policy Definition opens, select **Assign**. -1. In **Basics**, select your subscription as your scope. You can also specify a resource group within subscription as the scope and select **Next**. -1. In **Parameters**, uncheck **Only show parameters that need input or review** so that you can see the values of parameters. In **Assessment** mode, select *AutomaticByPlatform*, select *Operating system* and select **Next**. You need to create separate policies for Windows and Linux. -1. In **Remediation**, check *Create a remediation task*, so that periodic assessment is enabled on your machines and click on Next. -1. In **Non-compliance message**, provide the message that you would like to see in case of non-compliance. For example: *Your machine doesn't have periodic assessment enabled.* Click **Review+Create.** -1. In **Review+Create**, select **Create** to trigger Assignment and Remediation Task creation which can take a minute or so. - -You can monitor compliance of resources under **Compliance** and remediation status under **Remediation** from the Policy home page. - -## Monitor if Periodic Assessment is enabled for your machines (both Azure and Arc-enabled machines) - -1. Go to **Policy** from the Azure portal and under **Authoring**, go to **Definitions**. -1. From the Category dropdown above, select **Update management center**. Select *[Preview]: Machines should be configured to periodically check for missing system updates*. -1. When the Policy Definition opens, select **Assign**. -1. In **Basics**, select your subscription as your scope. You can also specify a resource group within subscription as the scope. Select **Next.** -1. In **Parameters** and **Remediation**, select **Next.** -1. In **Non-compliance message**, provide the message that you would like to see in case of non-compliance. For example: *Your machine doesn't have periodic assessment enabled.* and select **Review+Create.** -1. In **Review+Create**, click **Create** to trigger Assignment and Remediation Task creation which can take a minute or so. - -You can monitor compliance of resources under **Compliance** and remediation status under **Remediation** from the Policy home page. - -## Next steps - -* [View assessment compliance](view-updates.md) and [deploy updates](deploy-updates.md) for a selected Azure VM or Arc-enabled server, or across [multiple machines](manage-multiple-machines.md) in your subscription in the Azure portal. -* To view update assessment and deployment logs generated by update management center (preview), see [query logs](query-logs.md). -* To troubleshoot issues, see the [Troubleshoot](troubleshoot.md) update management center (preview). \ No newline at end of file diff --git a/articles/update-center/query-logs.md b/articles/update-center/query-logs.md deleted file mode 100644 index 8b2f0118bf2e..000000000000 --- a/articles/update-center/query-logs.md +++ /dev/null @@ -1,183 +0,0 @@ ---- -title: Query logs and results from Update management center (preview) -description: The article provides details on how you can review logs and search results from update management center (preview) in Azure using Azure Resource Graph -ms.service: update-management-center -author: SnehaSudhirG -ms.author: sudhirsneha -ms.date: 04/21/2022 -ms.topic: conceptual ---- - -# Overview of query logs in update management center (Preview) - -Logs created from operations like update assessments and installations are stored by Update management center (preview) in an [Azure Resource Graph](/azure/governance/resource-graph/overview). The Azure Resource Graph is a service in Azure designed to be the store for Azure service details without any cost or deployment requirements. Update management center (preview) uses the Azure Resource Graph to store its results, and you can view the update history of the last 30 days from the resources. - -Azure Resource Graph's query language is based on the [Kusto query language](/azure/governance/resource-graph/concepts/query-language) used by Azure Data Explorer. - -The article describes the structure of the logs from Update management center (Preview) and how you can use [Azure Resource Graph Explorer](/azure/governance/resource-graph/first-query-portal) to analyze them in support of your reporting, visualizing, and export needs. - -## Log structure - -Update management center (preview) sends the results of all its operation into Azure Resource Graph as logs, which are available for 30 days. Listed below are the structure of logs being sent to Azure Resource Graph. - -### Patch assessment results - -The table `patchassessmentresources` includes resources related to machine patch assessment. The following table describes its properties. - -| Property | Description | -|----------|-------------| -| `ID` | The Azure Resource Manager ID forwarding the result. It will be the similar to the [REST API](manage-vms-programmatically.md) path for Guest OS assessment. Typically, *`/patchAssessmentResults/latest`* or *`/patchAssessmentResults/latest/softwarePatches/`* | -| `NAME` | If the ID is of type *`/patchAssessmentResults/latest`* - then the record contains unique GUID for the assessment operation completed. If *`/patchAssessmentResults/latest/softwarePatches/`* - then the record contains update name or label. | -| `TYPE` |Specifies the type of log for assessment. If type is `patchassessmentresults` , then the record provides a summary of OS assessment with numerical aggregate statistics. If type is `patchassessmentresults/softwarepatches`, then the record describes a specific OS update available for the resource. | -| `TENANTID` | Azure tenant ID for the Azure VM or Azure Arc-enabled server resource| -| `KIND` | Intentionally left blank for future use. | -| `LOCATION` | Azure cloud region where the Azure VM or Azure Arc-enabled server resource exists| -| `RESOURCEGROUP` | Azure resource group hosting the Azure VM or Azure Arc-enabled server resource| -| `SUBSCRIPTIONID` | Azure subscription ID for the Azure VM or Azure Arc-enabled server resource | -| `MANAGEDBY` | Intentionally left blank for future use. | -| `SKU` | Intentionally left blank for future use. | -| `PLAN` | Intentionally left blank for future use. | -| `PROPERTIES` | Captures details of operation in JSON format. Additional information follows this table.| -| `TAGS` | Azure tags defined for the Azure VM or Azure Arc-enabled server(s) resource | -| `IDENTITY` | Intentionally left blank for future use. | -| `ZONES` | Intentionally left blank for future use. | -| `EXTENDEDLOCATION` | Intentionally left blank for future use. | - - -### Description of the **PROPERTIES** property - -If the `PROPERTIES` property for the resource type is `patchassessmentresources`, it includes the following information: - -|Value |Description | -|------|------------| -| `rebootPending` |Flag to specify if the specific update requires the OS to reboot to complete installation. As provided by machine's OS update service or package manager. If your OS package manager or update service doesn't require a reboot, the value of the field is set to `false`.| -|`patchServiceUsed` |OS service used on the machine to install updates. `WU-WSUS` for Windows Update service and/or Windows Server Update Service. For Linux, it's the OS package manager like `YUM`, `APT`, or `Zypper`.| -|`osType` |Represents the type of operating system `Windows` or `Linux`.| -|`startDateTime` |Timestamp (UTC) representing when the OS update assessment task started execution on the machine.| -|`lastModifiedDateTime` |Timestamp (UTC) representing when the record was last updated.| -|`startedBy` |Identifies if the OS update installation run was triggered by a user or Azure service. Further details of the operation can be found in [Azure Activity Log](/azure/azure-resource-manager/management/view-activity-logs).| -|`errorDetails` |First five error messages generated while executing update installation from the machine's OS package manager or update service.| -|`availablePatchCountByClassification` |Number of OS updates by the category that the specific updates belong based on the OS vendor. Information is generated by the machine's OS update service or package manager. If the OS package manager or update service, doesn't provide the detail of category, then the value is `Others` (for Linux) or `Updates` (for Windows Server).| -| - -If the `PROPERTIES` property for the resource type is `patchassessmentresults/softwarepatches`, it includes the following information: - -|Value |Description | -|------|------------| -|`lastModifiedDateTime` |Timestamp (UTC) representing when the record was last updated.| -|`publishedDateTime` |Timestamp representing when the specific update was made available by the OS vendor. Information is generated by the machine's OS update service or package manager. If your OS package manager or update service doesn't provide the detail of when an update was provided by OS vendor, then the value is null.| -|`classifications` |Category of which the specific update belongs to as per the OS vendor. Information is generated by the machine's OS update service or package manager. If your OS package manager or update service doesn't provide the detail of category, then the value is `Others` (for Linux) or `Updates` (for Windows Server). | -|`rebootRequired` |Value indicates if the specific update requires the OS to reboot to complete the installation. Information is generated by the machine's OS update service or package manager. If your OS package manager or update service doesn't require a reboot, then the value is `false`.| -|`rebootBehavior` |Behavior set in the OS update installation runs job when configuring the update deployment if update management center (preview) can reboot the target machine. | -|`patchName` |Name or label for the specific update generated by the machine's OS package manager or update service.| -|`Kbid` |If the machine's OS is Windows Server, the value includes the unique KB ID for the update provided by the Windows Update service.| -|`version` |If the machine's OS is Linux, the value includes the version details for the update as provided by Linux package manager. For example, `1.0.1.el7.3`.| - -### Patch installation results - -The table `patchinstallationresources` includes resources related to machine patch assessment. The following table describes its properties. - -| Property | Description | -|----------|-------------| -| `ID` | The Azure Resource Manager ID forwarding the result. It will be the similar to the [REST API](manage-vms-programmatically.md) path for Guest OS assessment. Typically, *`/patchInstallationResults/`* or *`/patchAssessmentResults/latest/softwarePatches/`* | -| `NAME` | If the ID is of type *`/patchInstallationResults`* - then the record contains unique GUID for the update operation completed. If *`/patchInstallationResults/softwarePatches/`* - then the record contains update name or label being installed on the machine. | -| `TYPE` |Specifies the type of log for assessment. If type is `patchinstallationresults` , then the record provides a summary of OS installation with numerical aggregate statistics. If type is `patchinstallationresults/softwarepatches`, then the record describes a specific OS update installed for the resource. | -| `TENANTID` | Azure tenant ID for the Azure VM or Azure Arc-enabled server resource | -| `KIND` | Intentionally left blank for future use. | -| `LOCATION` | Azure cloud region where the Azure VM or Azure Arc-enabled server resource exists| -| `RESOURCEGROUP` | Azure resource group hosting the Azure VM or Azure Arc-enabled server resource| -| `SUBSCRIPTIONID` | Azure subscription ID for the Azure VM or Azure Arc-enabled server resource| -| `MANAGEDBY` | Intentionally left blank for future use. | -| `SKU` | Intentionally left blank for future use. | -| `PLAN` | Intentionally left blank for future use. | -| `PROPERTIES` | Captures details of operation in JSON format. Additional information follows this table.| -| `TAGS` | Azure tags defined for the Azure VM or Azure Arc-enabled server(s) resource | -| `IDENTITY` | Intentionally left blank for future use. | -| `ZONES` | Intentionally left blank for future use. | -| `EXTENDEDLOCATION` | Intentionally left blank for future use. | - -### Description of the **PROPERTIES** property - -If the `PROPERTIES` property for the resource type is `patchinstallationresults`, it includes the following information: - -|Value |Description | -|------|------------| -|`installationActivityId` | Unique GUID for the OS update installation run. | -|`maintenanceWindowExceeded` | Values are `True` or `False` if the update installation run exceeded the defined maintenance window. | -|`lastModifiedDateTime` |Timestamp (UTC) representing when the record was last updated | -|`notSelectedPatchCount` |Number of OS updates available on the machine not selected for installation in an update deployment. | -|`installedPatchCount` |Number of OS updates that were successfully installed that were specified in an update deployment. | -|`excludedPatchCount` |Number of OS updates available on the machine and excluded for installation in an update deployment.| -|`pendingPatchCount` |Number of OS updates still awaiting to be installed that were specified in an update deployment. | -|`patchServiceUsed` |OS service used on the machine to install updates. `WU-WSUS` for Windows Update service and/or Windows Server Update Service. For Linux, it's the OS package manager like `YUM`, `APT`, or `Zypper`. | -|`failedPatchCount` |Number of OS updates that failed to successfully get installed that were specified in an update deployment. | -|`startDateTime` |Timestamp (UTC) representing when the OS update installation task started execution on the machine. | -|`rebootStatus` |Information from the OS update service or package manager, if the OS needs to be restarted to complete the update installation. Status values are `NotNeeded` (No restart is needed), `Required` (OS restart is needed for completion), `Started` (Restart was initiated), `Failed` (OS couldn't be restarted), and `Completed` (Restart was done successfully). | -|`startedBy` |Identifies if the OS update installation run was triggered by a user or an Azure service. Further details of the operation can be found in [Azure Activity Log](/azure/azure-resource-manager/management/view-activity-logs). | -|`status` |Status of the OS update installation run. Values can be - NotStarted, InProgress, Failed, Succeeded and CompletedWithWarnings. The update installation run is deemed 'Failed' status, if one or more OS update installations is unsuccessful. | -|`osType` |Represents the type of operating system `Windows` or `Linux`. | -|`errorDetails` |Includes the first five error messages generated while executing update installation from the machine's OS package manager or update service. | -|`maintenanceRunId ` | This value is used as a maintenance run identifier for Auto VM Guest Patching or schedule run Id instead of recurring updates | - -If the `PROPERTIES` property for the resource type is `patchinstallationresults/softwarepatches`, it includes the following information: - -|Value |Description | -|------|------------| -|`installationState` |Installation status for the specific OS update. Values are `Installed`, `Failed`, `Pending`, `NotSelected`, and `Excluded`. | -|`lastModifiedDateTime` |Timestamp (UTC) representing when the record was last updated. | -|`publishedDateTime` |Timestamp representing when the specific update was made available by the OS vendor. Information is generated by the machine's OS update service or package manager. If your OS package manager or update service doesn't provide the detail of when an update was provided by OS vendor, then the value is null. | -|`classifications` |Category that the specific update belongs to as per the OS vendor. As provided by machine's OS update service or package manager. If your OS package manager or update service, doesn't provide the detail of category, then the value of the field will be Others (for Linux) and Updates (for Windows Server). | -|`rebootRequired` |Flag to specify if the specific update requires the OS to reboot to complete installation. As provided by machine's OS update service or package manager. If your OS package manager or update service doesn't provide information regarding need of OS reboot, then the value of the field will be set to 'false'. | -|`rebootBehavior` |Behavior set in the OS update installation runs job by user, regarding allowing update management center (preview) to reboot the OS. | -|`patchName` |Name or Label for the specific update as provided by the machine's OS package manager or update service. | -|`Kbid` |If the machine's OS is Windows Server, the value includes the unique KB ID for the update provided by the Windows Update service. | -|`version` |If the machine's OS is Linux, the value includes the version details for the update as provided by Linux package manager. For example, `1.0.1.el7.3`. | - -### Maintenance resources - -The table `maintenanceresources` includes resources related to maintenance configuration. The following table describes its properties. - -| Property | Description | -|----------|-------------| -| `ID` | The Azure Resource Manager ID forwarding the result. It is similar to the [REST API](manage-vms-programmatically.md) path for create a maintenance configuration. | -| `NAME` | If the ID is of type *`/applyupdates`* - then the record contains a unique GUID for the maintenance run. If *`/configurationassignments`* - then the record contains the assignment of maintenance configuration to an Azure or Arc VM. | -| `TYPE` |Specifies the type of log for assessment. If type is `applyupdates` , then the record provides details of maintenance run record at machine level. If type is `configurationassignments`, then the record describes the link between Azure or Arc VM and a maintenance configuration. | -| `TENANTID` | Azure tenant ID for the Azure VM or Azure Arc-enabled server resource | -| `KIND` | Intentionally left blank for future use. | -| `LOCATION` | Pure cloud region where the Azure VM or Azure Arc-enabled server resource exists| -| `RESOURCEGROUP` | Azure resource group hosting the Azure VM or Azure Arc-enabled server resource| -| `SUBSCRIPTIONID` | Azure subscription ID for the Azure VM or Azure Arc-enabled server resource| -| `MANAGEDBY` | Intentionally left blank for future use. | -| `SKU` | Intentionally left blank for future use. | -| `PLAN` | Intentionally left blank for future use. | -| `PROPERTIES` | Captures details of operation in JSON format. Additional information follows this table.| -| `TAGS` | Azure tags defined for the Azure VM or Azure Arc-enabled servers resource | -| `IDENTITY` | Intentionally left blank for future use. | -| `ZONES` | Intentionally left blank for future use. | -| `EXTENDEDLOCATION` | Intentionally left blank for future use. | - -### Description of the **PROPERTIES** property - -If the `PROPERTIES` property for the resource type is `applyupdates`, it includes the following information: - -|Value |Description | -|------|------------| -|`maintenanceConfigurationId` | Azure Resource Manager (ARM) ID of applied maintenance configuration | -|`maintenanceScope` | Maintenance scope of applied maintenance configuration | -|`resourceId` | ARM template resource Id of ARC/Azure VM | -|`correlationId` | Schedule run Id of maintenance/schedule run. This can be used to find all the VMs that were part of the same schedule. | -|`startDateTime` | Start date and time of a schedule | -|`endDateTime` | End date and time of a schedule | - -If the `PROPERTIES` property for the resource type is `configurationassignments`, it includes the following information: - -|Value |Description | -|------|------------| -|`resourceId` | ARM resource Id of ARC/Azure VM | -|`maintenanceConfigurationId` | ARM ID of the applied maintenance configuration | - - - -## Next steps -- For details of sample queries, see [Sample query logs](sample-query-logs.md). -- To troubleshoot issues, see [Troubleshoot](troubleshoot.md) update management center (preview). diff --git a/articles/update-center/quickstart-on-demand.md b/articles/update-center/quickstart-on-demand.md deleted file mode 100644 index 2dae806601ae..000000000000 --- a/articles/update-center/quickstart-on-demand.md +++ /dev/null @@ -1,79 +0,0 @@ ---- -title: Quickstart - deploy updates in using update management center in the Azure portal -description: This quickstart helps you to deploy updates immediately and view results for supported machines in update management center (preview) using the Azure portal. -ms.service: update-management-center -ms.date: 04/21/2022 -author: SnehaSudhirG -ms.author: sudhirsneha -ms.topic: quickstart ---- - -# Quickstart: Check and install on-demand updates - -Using the Update management center (preview) you can update automatically at scale with the help of built-in policies and schedule updates on a recurring basis or you can also take control by checking and installing updates manually. - -This quickstart details you how to perform manual assessment and apply updates on a selected Azure virtual machine(s) or Arc-enabled server on-premises or in cloud environments. - -## Prerequisites - -- An Azure account with an active subscription. If you don't have one yet, sign up for a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). -- Your role must be either an [Owner](/azure/role-based-access-control/built-in-roles#owner) or [Contributor](/azure/role-based-access-control/built-in-roles#contributor) for Azure VM and resource administrator for Arc enabled servers. -- Ensure that the target machines meet the specific operating system requirements of the Windows Server and Linux. For more information, see [Overview](overview.md). - - -## Check updates - -1. Sign in to the [Azure portal](https://portal.azure.com) and navigate to Update management center (preview). - -1. Select **Getting started**, **On-demand assessment and updates**, select **Check for updates**. - - In the **Select resources and check for updates**, a table lists all the machines in the specific Azure subscription. - -1. Select one or more machines from the list and select **Check for updates** to initiate a compliance scan. - - When the assessment is complete, a confirmation message appears on the top right corner of the page. - - -## Configure settings - -For the assessed machines that are reporting updates, you can configure [hotpatching](updates-maintenance-schedules.md#hotpatching), [patch orchestration](manage-multiple-machines.md#summary-of-machine-status) and [periodic assessment](assessment-options.md#periodic-assessment) either immediately or schedule the updates by defining the maintenance window. - -To configure the settings on your machines, follow these steps: - -1. In **Update management center (Preview)|Getting started**, in **On-demand assessment and updates**, select **Update settings**. - - In the **Change update settings** page, by default **Properties** is selected. -1. Select from the list of update settings to apply them to the selected machines. - -1. In **Update setting(s) to change**, select any option —*Periodic assessment*, *Hotpatch* and *Patch orchestration* to configure and select **Next**. For more information, see [Configure settings on virtual machines](manage-update-settings.md#configure-settings-on-single-vm). - -1. In **Machines**, verify the machines for which you can apply the updates. You can also add or remove machines from the list and select **Next**. - -1. In **Review and change**, verify the resource selection and update settings and select **Review and change**. - A notification appears to confirm that the update settings have been successfully applied. - - -## Install updates - -As per the last assessment performed on the selected machines, you can now select resources and machines to install the updates - -1. In the **Update management center(Preview)|Getting started** page, in **On-demand assessment and updates**, select **Install updates by machines**. - -1. In the **Install one-time updates** page, select one or more machines from the list in the **Machines** tab and click **Next**. - -1. In **Updates**, specify the updates to include in the deployment and click **Next**: - - - Include update classification - - Include KB ID/package - by specific KB IDs or package. For Windows, see [MSRC](https://msrc.microsoft.com/update-guide/deployments) for the latest KBs. - - Exclude KB ID/package that you don't want to install as part of the process. Updates not shown in the list can be installed based on the time between last assessment and release of new updates. - - Include by maximum patch publish date includes the updates published on or before a specific date. - -1. In **Properties**, select the **Reboot option** and **Maintenance window** (in minutes) and click **Next**. - -1. In **Review + install**, verify the update deployment options and select **Install**. - -A notification confirms that the installation of updates is in progress and after completion, you can view the results in the **Update management center**, **History** page. - -## Next steps - - Learn about [managing multiple machines](manage-multiple-machines.md). diff --git a/articles/update-center/sample-query-logs.md b/articles/update-center/sample-query-logs.md deleted file mode 100644 index 5c1840305030..000000000000 --- a/articles/update-center/sample-query-logs.md +++ /dev/null @@ -1,84 +0,0 @@ ---- -title: Sample query logs and results from Update management center (preview) -description: The article provides details of sample query logs from update management center (preview) in Azure using Azure Resource Graph -ms.service: update-management-center -author: SnehaSudhirG -ms.author: sudhirsneha -ms.date: 04/21/2022 -ms.topic: conceptual ---- - -# Sample queries - -The following are some sample queries to help you get started querying the update assessment and deployment information collected from your managed machines. For more information on logs created from operations such as update assessments and installations, see [overview of query logs](query-logs.md). - -## List available updates for all your machines grouped by update category - -The following query returns a list of pending updates for your machine with the time when the assessment was performed, the resource ID for the assessment, OS type on the machine, and the OS updates available based on update classification. - -```kusto -patchassessmentresources -| where type !has "softwarepatches" -| extend prop = parse_json(properties) -| extend lastTime = properties.lastModifiedDateTime -| extend updateRollupCount = prop.availablePatchCountByClassification.updateRollup, featurePackCount = prop.availablePatchCountByClassification.featurePack, servicePackCount = prop.availablePatchCountByClassification.servicePack, definitionCount = prop.availablePatchCountByClassification.definition, securityCount = prop.availablePatchCountByClassification.security, criticalCount = prop.availablePatchCountByClassification.critical, updatesCount = prop.availablePatchCountByClassification.updates, toolsCount = prop.availablePatchCountByClassification.tools, otherCount = prop.availablePatchCountByClassification.other, OS = prop.osType -| project lastTime, Id, OS, updateRollupCount, featurePackCount, servicePackCount, definitionCount, securityCount, criticalCount, updatesCount, toolsCount, otherCount -``` - -## Count of update installations - -The following query returns a list of update installations with their status for your machines from the last seven days. Results include the time when the update deployment was run, the resource ID of the installation, machine details, and the count of OS updates installed based on their status and your selection. - -```kusto -patchinstallationresources -| where type !has "softwarepatches" -| extend machineName = tostring(split(id, "/", 8)), resourceType = tostring(split(type, "/", 0)), tostring(rgName = split(id, "/", 4)) -| extend prop = parse_json(properties) -| extend lTime = todatetime(prop.lastModifiedDateTime), OS = tostring(prop.osType), installedPatchCount = tostring(prop.installedPatchCount), failedPatchCount = tostring(prop.failedPatchCount), pendingPatchCount = tostring(prop.pendingPatchCount), excludedPatchCount = tostring(prop.excludedPatchCount), notSelectedPatchCount = tostring(prop.notSelectedPatchCount) -| where lTime > ago(7d) -| project lTime, RunID=name,machineName, rgName, resourceType, OS, installedPatchCount, failedPatchCount, pendingPatchCount, excludedPatchCount, notSelectedPatchCount -``` - -## List of Windows Server OS update installations - -The following query returns a list of update installations for Windows Server with their status for your machines from the last seven days. Results include the time when the update deployment was run, the resource ID of the installation, machine details, and other related deployment details. - -```kusto -patchinstallationresources -| where type has "softwarepatches" and properties !has "version" -| extend machineName = tostring(split(id, "/", 8)), resourceType = tostring(split(type, "/", 0)), tostring(rgName = split(id, "/", 4)), tostring(RunID = split(id, "/", 10)) -| extend prop = parse_json(properties) -| extend lTime = todatetime(prop.lastModifiedDateTime), patchName = tostring(prop.patchName), kbId = tostring(prop.kbId), installationState = tostring(prop.installationState), classifications = tostring(prop.classifications) -| where lTime > ago(7d) -| project lTime, RunID, machineName, rgName, resourceType, patchName, kbId, classifications, installationState -| sort by RunID -``` - -## List of Linux OS update installations - -The following query returns a list of update installations for Linux with their status for your machines from the last seven days. Results include the time when the update deployment was run, the resource ID of the installation, machine details, and other related deployment details. - -```kusto -patchinstallationresources -| where type has "softwarepatches" and properties has "version" -| extend machineName = tostring(split(id, "/", 8)), resourceType = tostring(split(type, "/", 0)), tostring(rgName = split(id, "/", 4)), tostring(RunID = split(id, "/", 10)) -| extend prop = parse_json(properties) -| extend lTime = todatetime(prop.lastModifiedDateTime), patchName = tostring(prop.patchName), version = tostring(prop.version), installationState = tostring(prop.installationState), classifications = tostring(prop.classifications) -| where lTime > ago(7d) -| project lTime, RunID, machineName, rgName, resourceType, patchName, version, classifications, installationState -| sort by RunID -``` - -## List of maintenance run record at VM level -The following query returns a list of all the maintenance run records for a VM - -```kusto -maintenanceresources -| where ['id'] contains "/subscriptions//resourcegroups//providers/microsoft.compute/virtualmachines/" //VM Id here -| where ['type'] == "microsoft.maintenance/applyupdates" -| where properties.maintenanceScope == "InGuestPatch" -``` - -## Next steps -- Review logs and search results from update management center (preview) in Azure using [Azure Resource Graph](query-logs.md). -- Troubleshoot issues in update management center (preview), see the [Troubleshoot](troubleshoot.md). diff --git a/articles/update-center/scheduled-patching.md b/articles/update-center/scheduled-patching.md deleted file mode 100644 index c1ce54880406..000000000000 --- a/articles/update-center/scheduled-patching.md +++ /dev/null @@ -1,264 +0,0 @@ ---- -title: Scheduling recurring updates in Update management center (preview) -description: The article details how to use update management center (preview) in Azure to set update schedules that install recurring updates on your machines. -ms.service: update-management-center -ms.date: 04/21/2022 -ms.topic: conceptual -author: SnehaSudhirG -ms.author: sudhirsneha ---- - -# Schedule recurring updates for machines using update management center (Preview) - -**Applies to:** :heavy_check_mark: Windows VMs :heavy_check_mark: Linux VMs :heavy_check_mark: On-premises environment :heavy_check_mark: Azure Arc-enabled servers. - -You can use update management center (preview) in Azure to create and save recurring deployment schedules. You can create a schedule on a daily, weekly or hourly cadence, specify the machines that must be updated as part of the schedule, and the updates to be installed. This schedule will then automatically install the updates as per the created schedule for single VM and at scale. - -Update management center (preview) uses maintenance control schedule instead of creating its own schedules. Maintenance control enables customers to manage platform updates. For more information, see [Maintenance control documentation](/azure/virtual-machines/maintenance-control). - -## Prerequisites for scheduled patching - -1. See [Prerequisites for Update management center (preview)](./overview.md#prerequisites) -1. Patch orchestration of the Azure machines should be set to **Azure Orchestrated (Automatic By Platform)**. For Azure Arc-enabled machines, it isn't a requirement. - - > [!Note] - > If you set the patch orchestration mode to Azure orchestrated (Automatic By Platform) but don't attach a maintenance configuration to an Azure machine, it is treated as [Automatic Guest patching](/azure/virtual-machines/automatic-vm-guest-patching) enabled machine and Azure platform will automatically install updates as per its own schedule. - -1. The maintenance configuration's subscription and the subscriptions of all VMs assigned to the maintenance configuration must be allowlisted with feature flag **Microsoft.Compute/InGuestScheduledPatchVMPreview**. - - -## Schedule recurring updates on single VM - ->[!NOTE] -> You can schedule updates from the Overview or Machines blade in update management center (preview) page or from the selected VM. - -# [From Overview blade](#tab/schedule-updates-single-overview) - -To schedule recurring updates on a single VM, follow these steps: - -1. Sign in to the [Azure portal](https://portal.azure.com). - -1. In **Update management center (preview)**, **Overview**, select your **Subscription**, and select **Schedule updates**. - -1. In **Create new maintenance configuration**, you can create a schedule for a single VM. - - > [!Note] - > Currently, VMs and maintenance configuration in the same subscription are supported. - -1. In the **Basics** page, select **Subscription**, **Resource Group** and all options in **Instance details**. - - Select **Add a schedule** and in **Add/Modify schedule**, specify the schedule details such as: - - - Start on - - Maintenance window (in hours) - - Repeats (monthly, daily or weekly) - - Add end date - - Schedule summary - - > [!NOTE] - > The hourly option is currently not supported in the portal, but can be used through the [API](./manage-vms-programmatically.md#create-a-maintenance-configuration-schedule). - - :::image type="content" source="./media/scheduled-updates/scheduled-patching-basics-page.png" alt-text="Scheduled patching basics page."::: - - - For the Repeats-monthly, there are two options: - - - Repeat on a calendar date (optionally run on last date of the month) - - Repeat on nth (first, second, etc.) x day (for example, Monday, Tuesday) of the month. You can also specify an offset from the day set. It could be +6/-6. For example, for customers who want to patch on the first Saturday after a patch on Tuesday, they would set the recurrence as the second Tuesday of the month with a +4 day offset. Optionally you can also specify an end date when you want the schedule to expire. - -1. In the **Machines** page, select your machine and select **Next** to continue. - -1. In the **Tags** page, assign tags to maintenance configurations. - -1. In the **Review + Create** page, verify your update deployment options and select **Create**. - - -# [From Machines blade](#tab/schedule-updates-single-machine) - -1. Sign in to the [Azure portal](https://portal.azure.com). - -1. In **Update management center (Preview)**, **Machines**, select your **Subscription**, select your machine and select **Schedule updates**. - -1. In **Create new maintenance configuration**, you can create a schedule for a single VM, assign machine and tags. Follow the procedure from step 3 listed in **From Overview blade** of [Schedule recurring updates on single VM](#schedule-recurring-updates-on-single-vm) to create a maintenance configuration and assign a schedule. - - -# [From a selected VM](#tab/singlevm-schedule-home) - -1. Select your virtual machine and the **virtual machines | Updates** page opens. -1. Under **Operations**, select **Updates**. -1. In **Updates**, select **Go to Updates using Update Center**. -1. In **Updates preview**, select **Schedule updates** and in **Create new maintenance configuration**, you can create a schedule for a single VM. Follow the procedure from step 3 listed in **From Overview blade** of [Schedule recurring updates on single VM](#schedule-recurring-updates-on-single-vm) to create a maintenance configuration and assign a schedule. - ---- - -A notification appears that the deployment has been created. - - -## Schedule recurring updates at scale - -To schedule recurring updates at scale, follow these steps: - ->[!NOTE] -> You can schedule updates from the Overview or Machines blade. - -# [From Overview blade](#tab/schedule-updates-scale-overview) - -1. Sign in to the [Azure portal](https://portal.azure.com). - -1. In **Update management center (Preview)**, **Overview**, select your **Subscription** and select **Schedule updates**. - -1. In the **Create new maintenance configuration** page, you can create a schedule for multiple machines. - - > [!Note] - > Currently, VMs and maintenance configuration in the same subscription are supported. - -1. In the **Basics** page, select **Subscription**, **Resource Group** and all options in **Instance details**. - - Select **Add a schedule** and in **Add/Modify schedule**, specify the schedule details such as: - - - Start on - - Maintenance window (in hours) - - Repeats(monthly, daily or weekly) - - Add end date - - Schedule summary - - > [!NOTE] - > The hourly option is currently not supported in the portal, but can be used through the [API](./manage-vms-programmatically.md#create-a-maintenance-configuration-schedule). - -1. In the **Machines** page, verify if the selected machines are listed. You can add or remove machines from the list. Select **Next** to continue. - -1. In the **Tags** page, assign tags to maintenance configurations. - -1. In the **Review + Create** page, verify your update deployment options and select **Create**. - - -# [From Machines blade](#tab/schedule-updates-scale-machine) - -1. Sign in to the [Azure portal](https://portal.azure.com). - -1. In **Update management center (Preview)**, **Machines**, select your **Subscription**, select your machines and select **Schedule updates**. - -In **Create new maintenance configuration**, you can create a schedule for a single VM. Follow the procedure from step 3 listed in **From Overview blade** of [Schedule recurring updates on single VM](#schedule-recurring-updates-on-single-vm) to create a maintenance configuration and assign a schedule. - ---- - -A notification appears that the deployment is created. - - - ## Attach a maintenance configuration - A maintenance configuration can be attached to multiple machines. It can be attached to machines at the time of creating a new maintenance configuration or even after you've created one. - - 1. In **Update management center**, select **Machines** and select your **Subscription**. - 1. Select your machine and in **Updates (Preview)**, select **Scheduled updates** to create a maintenance configuration or attach existing maintenance configuration to the scheduled recurring updates. -1. In **Scheduling**, select **Attach maintenance configuration**. -1. Select the maintenance configuration that you would want to attach and select **Attach**. -1. In **Updates (Preview)**, select **Scheduling** and **+Attach maintenance configuration**. -1. In the **Attach existing maintenance configuration** page, select the maintenance configuration that you want to attach and select **Attach**. - - :::image type="content" source="./media/scheduled-updates/scheduled-patching-attach-maintenance-inline.png" alt-text="Scheduled patching attach maintenance configuration." lightbox="./media/scheduled-updates/scheduled-patching-attach-maintenance-expanded.png"::: - -## Schedule recurring updates from maintenance configuration - -You can browse and manage all your maintenance configurations from a single place. - -1. Search **Maintenance configurations** in the Azure portal. It shows a list of all maintenance configurations along with the maintenance scope, resource group, location, and the subscription to which it belongs. - -1. You can filter maintenance configurations using filters at the top. Maintenance configurations related to Guest OS updates are the ones that have Maintenance scope as **InGuestPatch**. - -You can create a new Guest OS update maintenance configuration or modify an existing configuration: - -:::image type="content" source="./media/scheduled-updates/maintenance-configurations.png" alt-text="Maintenance configuration."::: - - -### Create a new maintenance configuration - -1. Go to **Machines** and select machines from the list. -1. In the **Updates (Preview)**, select **Scheduled updates**. -1. In **Create a maintenance configuration**, follow step 3 in this [procedure](#schedule-recurring-updates-on-single-vm) to create a maintenance configuration. - - :::image type="content" source="./media/scheduled-updates/create-maintenance-configuration.png" alt-text="Create Maintenance configuration."::: - - -### Add/remove machines from maintenance configuration - -1. Go to **Machines** and select the machines from the list. -1. In **Updates (Preview)** page, select **One-time updates**. -1. In **Install one-time updates**, **Machines**, select **+Add machine**. - - :::image type="content" source="./media/scheduled-updates/add-or-remove-machines-from-maintenance-configuration-inline.png" alt-text="Add/remove machines from Maintenance configuration." lightbox="./media/scheduled-updates/add-or-remove-machines-from-maintenance-configuration-expanded.png"::: - - -### Change update selection criteria - -1. In **Install one-time updates**, select the resources and machines to install the updates. -1. In **Machines**, select **+Add machine** to add machines that were previously not selected and click **Add**. -1. In **Updates**, specify the updates to include in the deployment. -1. Select **Include KB ID/package** and **Exclude KB ID/package** respectively to select category of updates like Critical, Security, Feature updates etc. - - :::image type="content" source="./media/scheduled-updates/change-update-selection-criteria-of-maintenance-configuration-inline.png" alt-text="Change update selection criteria of Maintenance configuration." lightbox="./media/scheduled-updates/change-update-selection-criteria-of-maintenance-configuration-expanded.png"::: - -## Dynamic scoping - -The update management center (preview) allows you to target a dynamic group of Azure or non-Azure VMs for update deployment. Using a dynamic group keeps you from having to edit your deployment to update machines. You can use subscription, resource group, tags or regions to define the scope and use dynamic scoping by using built-in policies which you can customize as per your use-case. - -> [!NOTE] -> This policy also ensures that the patch orchestration property for Azure machines is set to **Automatic by OS (Windows Automatic Updates)** or **Azure-orchestrated (preview)** as it is a prerequisite for scheduled patching. - -### Assign a policy - -Policy allows you to assign standards and assess compliance at scale. [Learn more](/azure/governance/policy/overview). To assign a policy to scope, follow these steps: - -1. Sign in to the [Azure portal](https://portal.azure.com) and select **Policy**. -1. In **Assignments**, select **Assign policy**. -1. Under **Basics**, in the **Assign policy** page: - - In **Scope**, choose your subscription, resource group, and choose **Select**. - - Select **Policy definition** to view a list of policies. - - In **Available Definitions**, select **Built in** for Type and in search, enter - *[Preview] Schedule recurring updates using Update Management Center* and click **Select**. - - :::image type="content" source="./media/scheduled-updates/dynamic-scoping-defintion.png" alt-text="Screenshot that shows on how to select the definition."::: - - - Ensure that **Policy enforcement** is set to **Enabled** and select **Next**. -1. In **Parameters**, by default, only the Maintenance configuration ARM ID is visible. - - >[!NOTE] - > If you do not specify any other parameters, all machines in the subscription and resource group that you selected in **Basics** will be covered under scope. However, if you want to scope further based on resource group, location, OS, tags and so on, deselect **Only show parameters that need input or review** to view all parameters. - - - Maintenance Configuration ARM ID: A mandatory parameter to be provided. It denotes the ARM ID of the schedule that you want to assign to the machines. - - Resource groups: You can specify a resource group optionally if you want to scope it down to a resource group. By default, all resource groups within the subscription are selected. - - Operating System types: You can select Windows or Linux. By default, both are preselected. - - Machine locations: You can optionally specify the regions that you want to select. By default, all are selected. - - Tags on machines: You can use tags to scope down further. By default, all are selected. - - Tags operator: In case you have selected multiple tags, you can specify if you want the scope to be machines that have all the tags or machines which have any of those tags. - - :::image type="content" source="./media/scheduled-updates/dynamic-scoping-assign-policy.png" alt-text="Screenshot that shows on how to assign a policy."::: - -1. In **Remediation**, **Managed Identity**, **Type of Managed Identity**, select System assigned managed identity and **Permissions** is already set as *Contributor* according to the policy definition. - - >[!NOTE] - > If you select Remediation, the policy would be effective on all the existing machines in the scope else, it is assigned to any new machine which is added to the scope. - -1. In **Review + Create**, verify your selections, and select **Create** to identify the non-compliant resources to understand the compliance state of your environment. - -### View Compliance - -To view the current compliance state of your existing resources: - -1. In **Policy Assignments**, select **Scope** to select your subscription and resource group. -1. In **Definition type**, select policy and in the list, select the assignment name. -1. Select **View compliance**. The Resource Compliance lists the machines and reasons for failure. - - :::image type="content" source="./media/scheduled-updates/dynamic-scoping-policy-compliance.png" alt-text="Screenshot that shows on policy compliance."::: - -## Check your scheduled patching run -You can check the deployment status and history of your maintenance configuration runs from the Update management center portal. Follow [Update deployment history by maintenance run ID](./manage-multiple-machines.md#update-deployment-history-by-maintenance-run-id). - - -## Limitations and known issues - -The known issues and limitations of scheduled patching are: - -1. For concurrent/conflicting schedule, only one schedule will be triggered. The other schedule will be triggered once a schedule is finished. -1. If a machine is newly created, the schedule might have 15 minutes of schedule trigger delay in case of Azure VMs. - -## Next steps - -* To view update assessment and deployment logs generated by update management center (preview), see [query logs](query-logs.md). -* To troubleshoot issues, see the [Troubleshoot](troubleshoot.md) update management center (preview). diff --git a/articles/update-center/support-matrix.md b/articles/update-center/support-matrix.md deleted file mode 100644 index df1d5ec60619..000000000000 --- a/articles/update-center/support-matrix.md +++ /dev/null @@ -1,126 +0,0 @@ ---- -title: Update management center (preview) support matrix -description: Provides a summary of supported regions and operating system settings -ms.service: update-management-center -author: SnehaSudhirG -ms.author: sudhirsneha -ms.date: 04/21/2022 -ms.topic: overview -ms.custom: references_regions ---- - -# Support matrix for update management center (preview) - -This article details the Windows and Linux operating systems supported and system requirements for machines or servers managed by update management center (preview) including the supported regions and specific versions of the Windows Server and Linux operating systems running on Azure VMs or machines managed by Arc-enabled servers. - -## Update sources supported - -**Windows**: [Windows Update Agent (WUA)](/windows/win32/wua_sdk/updating-the-windows-update-agent) reports to Microsoft Update by default, but you can configure it to report to [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus). If you configure WUA to report to WSUS, based on the WSUS's last synchronization with Microsoft update, the results in the update management center (preview) might differ to what the Microsoft update shows. You can specify sources for scanning and downloading updates using [specify intranet Microsoft Update service location](/windows/deployment/update/waas-wu-settings?branch=main#specify-intranet-microsoft-update-service-location). To restrict machines to the internal update service, see [Do not connect to any Windows Update Internet locations](/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates?branch=main#do-not-connect-to-any-windows-update-internet-locations) - -**Linux**: You can configure Linux machines to report to a local or public YUM or APT package repository. The results shown in update management center (preview) depend on where the machines are configured to report. - -## Types of updates supported - -### Operating system updates -Update management center (preview) supports operating system updates for both Windows and Linux. - -### First party updates on Windows -By default, the Windows Update client is configured to provide updates only for Windows. If you enable the **Give me updates for other Microsoft products when I update Windows** setting, you also receive updates for other products, including security patches for Microsoft SQL Server and other Microsoft software. You can configure this option if you have downloaded and copied the latest [Administrative template files](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) available for Windows 2016 and later. - -If you have machines running Windows Server 2012 R2, you can't configure this setting through **Group Policy**. Run the following PowerShell command on these machines: - -```powershell -$ServiceManager = (New-Object -com "Microsoft.Update.ServiceManager") -$ServiceManager.Services -$ServiceID = "7971f918-a847-4430-9279-4a52d1efe18d" -$ServiceManager.AddService2($ServiceId,7,"") -``` -### Third-party updates - -**Windows**: Update Management relies on the locally configured update repository to update supported Windows systems, either WSUS or Windows Update. Tools such as [System Center Updates Publisher](/mem/configmgr/sum/tools/updates-publisher) allow you to import and publish custom updates with WSUS. This scenario allows update management to update machines that use Configuration Manager as their update repository with third-party software. To learn how to configure Updates Publisher, see [Install Updates Publisher](/mem/configmgr/sum/tools/install-updates-publisher). - -**Linux**: If you include a specific third party software repository in the Linux package manager repository location, it is scanned when it performs software update operations. The package won't be available for assessment and installation if you remove it. - - -## Supported regions - -Update management center (preview) will scale to all regions for both Azure VMs and Azure Arc-enabled servers. Listed below are the Azure public cloud where you can use update management center (preview). - -# [Azure virtual machine](#tab/azurevm) - -Update management center (preview) is available in all Azure public regions where compute virtual machines are available. - -# [Azure Arc-enabled servers](#tab/azurearc) -Update management center (preview) is supported in the following regions currently. It implies that VMs must be in below regions: - -**Geography** | **Supported Regions** ---- | --- -Australia | Australia East -United States | East US
South Central-US
West Central-US
West US 2 -Europe | North Europe
West Europe -Asia | South East Asia -United Kingdom | UK South - ---- - -## Supported operating systems - -The following table lists the supported operating systems for Azure VMs and Azure Arc-enabled servers. Before you enable update management center (preview), ensure that the target machines meet the operating system requirements. - -# [Azure VMs](#tab/azurevm-os) - -[Azure VMs](/azure/virtual-machines/index) are: - - | Publisher | Operating System | SKU | - |----------|-------------|-------------| - | Canonical | UbuntuServer | 16.04-LTS, 18.04-LTS | - | Canonical | 0001-com-ubuntu-server-focal | 20_04-LTS | - | Canonical | 0001-com-ubuntu-pro-focal | pro-20_04-LTS | - | Canonical | 0001-com-ubuntu-pro-bionic | pro-18_04-LTS | - | Red Hat | RHEL | 7-RAW, 7-LVM, 6.8, 6.9, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7_9, 8, 8.1, 8.2, 8_3, 8-LVM | - | Red Hat | RHEL-RAW | 8-RAW | - | OpenLogic | CentOS | 6.8, 6.9, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7_8, 7_9, 8.0, 8_1, 8_2, 8_3 | - | OpenLogic | CentOS-LVM | 7-LVM, 8-LVM | - | SUSE | SLES-12-SP5 | Gen1, Gen2 | - | SUSE | SLES-15-SP2 | Gen1, Gen2 | - | MicrosoftWindowsServer | WindowsServer | 2012-R2-Datacenter | - | MicrosoftWindowsServer | WindowsServer | 2016-Datacenter | - | MicrosoftWindowsServer | WindowsServer | 2016-Datacenter-Server-Core | - | MicrosoftWindowsServer | WindowsServer | 2019-Datacenter | - | MicrosoftWindowsServer | WindowsServer | 2019-Datacenter-Core | - | MicrosoftWindowsServer | WindowsServer | 2008-R2-SP1 | - | MicrosoftWindowsServer | MicrosoftServerOperatingSystems-Previews | Windows-Server-2019-Azure-Edition-Preview | - | MicrosoftWindowsServer | MicrosoftServerOperatingSystems-Previews | Windows-Server-2022-Azure-Edition-Preview | - | MicrosoftVisualStudio | VisualStudio | VS-2017-ENT-Latest-WS2016 | - - >[!NOTE] - > Custom images are currently not supported. - -# [Azure Arc-enabled servers](#tab/azurearc-os) - -[Azure Arc-enabled servers](/azure/azure-arc/servers/overview) are: - - | Publisher | Operating System - |----------|-------------| - | Microsoft Corporation | Windows Server 2012 R2 and higher (including Server Core) | - | Microsoft Corporation | Windows Server 2008 R2 SP1 with PowerShell enabled and .NET Framework 4.0+ | - | Canonical | Ubuntu 16.04, 18.04, and 20.04 LTS (x64) | - | Red Hat | CentOS Linux 7 and 8 (x64) | - | SUSE | SUSE Linux Enterprise Server (SLES) 12 and 15 (x64) | - | Red Hat | Red Hat Enterprise Linux (RHEL) 7 and 8 (x64) | - | Amazon | Amazon Linux 2 (x64) | - | Oracle | Oracle 7.x | - ---- - -As the Update management center (preview) depends on your machine's OS package manager or update service, ensure that the Linux package manager or Windows Update client are enabled and can connect with an update source or repository. If you're running a Windows Server OS on your machine, see [configure Windows Update settings](configure-wu-agent.md). - - > [!NOTE] - > For patching, update management center (preview) relies on classification data available on the machine. Unlike other distributions, CentOS YUM package manager does not have this information available in the RTM version to classify updates and packages in different categories. - - -## Next steps -- [View updates for single machine](view-updates.md) -- [Deploy updates now (on-demand) for single machine](deploy-updates.md) -- [Schedule recurring updates](scheduled-patching.md) -- [Manage update settings via Portal](manage-update-settings.md) \ No newline at end of file diff --git a/articles/update-center/toc.yml b/articles/update-center/toc.yml deleted file mode 100644 index 259109718c24..000000000000 --- a/articles/update-center/toc.yml +++ /dev/null @@ -1,54 +0,0 @@ -- name: Update management center documentation - href: index.yml -- name: Overview - items: - - name: About Update management center - href: overview.md - - name: Support matrix - href: support-matrix.md - - name: Onboarding preview features - href: enable-machines.md -- name: Quickstarts - items: - - name: Check and install on-demand updates - href: quickstart-on-demand.md -- name: Concepts - items: - - name: Update and maintenance options - href: updates-maintenance-schedules.md - - name: Assessment options - href: assessment-options.md - - name: Query resources with Azure Resource Graph - href: query-logs.md - - name: Manage updates on multiple machines - href: manage-multiple-machines.md -- name: Samples - items: - - name: Azure Resource Graph queries - href: sample-query-logs.md -- name: How-to guides - items: - - name: Deploy - items: - - name: Configure Windows Update client - href: configure-wu-agent.md - - name: Manage - items: - - name: Check update compliance - href: view-updates.md - - name: Deploy updates and track results - href: deploy-updates.md - - name: Schedule updates - href: scheduled-patching.md - - name: Manage update settings - href: manage-update-settings.md - - name: Manage updates for Azure VMs using REST API - href: manage-vms-programmatically.md - - name: Manage updates for Arc-enabled servers using REST API - href: manage-arc-enabled-servers-programmatically.md - - name: Automate assessment at scale using Policy - href: periodic-assessment-at-scale.md - - name: Troubleshoot - items: - - name: Troubleshoot issues - href: troubleshoot.md diff --git a/articles/update-center/troubleshoot.md b/articles/update-center/troubleshoot.md deleted file mode 100644 index 5bdb723adb39..000000000000 --- a/articles/update-center/troubleshoot.md +++ /dev/null @@ -1,78 +0,0 @@ ---- -title: Troubleshoot known issues with update management center (preview) -description: The article provides details on the known issues and troubleshooting any problems with update management center (preview). -ms.service: update-management-center -ms.date: 04/21/2022 -ms.topic: conceptual -ms.author: sudhirsneha -author: SnehaSudhirG ---- - -# Troubleshoot issues with update management center (preview) - -This article describes the errors that might occur when you deploy or use update management center (preview) and how to resolve them. - -## General troubleshooting - -The following troubleshooting steps apply to the Azure VMs related to the patch extension on Windows and Linux machines. - -### Azure Linux VM - -To verify if the Microsoft Azure Virtual Machine Agent (VM Agent) is running, has triggered appropriate actions on the machine, and the sequence number for the AutoPatching request, check the agent log for more details in `/var/log/waagent.log`. Every AutoPatching request has a unique sequence number associated with it on the machine. Look for a log similar to: `2021-01-20T16:57:00.607529Z INFO ExtHandler`. - -The package directory for the extension is `/var/lib/waagent/Microsoft.CPlat.Core.Edp.LinuxPatchExtension-` and in the `/status` subfolder is a `.status` file, which includes a brief description of the actions performed during a single AutoPatching request, and the status. It also includes a short list of errors that occurred while applying updates. - -To review the logs related to all actions performed by the extension, check for more details in `/var/log/azure/Microsoft.CPlat.Core.Edp.LinuxPatchExtension/`. It includes the following two log files of interest: - -* `.core.log`: Contains details related to the patch actions, such as the patches assessed and installed on the machine, and any issues encountered in the process. -* `_.ext.log`: There is a wrapper above the patch action, which is used to manage the extension and invoke specific patch operation. This log contains details about the wrapper. For AutoPatching, the `_Enable.ext.log` has details on whether the specific patch operation was invoked. - -### Azure Windows VM - -To verify if the Microsoft Azure Virtual Machine Agent (VM Agent) is running, has triggered appropriate actions on the machine, and the sequence number for the AutoPatching request, check the agent log for more details in `C:\WindowsAzure\Logs\AggregateStatus`. The package directory for the extension is `C:\Packages\Plugins\Microsoft.CPlat.Core.WindowsPatchExtension`. - -To review the logs related to all actions performed by the extension, check for more details in `C:\WindowsAzure\Logs\Plugins\Microsoft.CPlat.Core.WindowsPatchExtension`. It includes the following two log files of interest: - -* `WindowsUpdateExtension.log`: Contains details related to the patch actions, such as the patches assessed and installed on the machine, and any issues encountered in the process. -* `CommandExecution.log`: There is a wrapper above the patch action, which is used to manage the extension and invoke specific patch operation. This log contains details about the wrapper. For AutoPatching, the log has details on whether the specific patch operation was invoked. - -### Arc-enabled servers - -For Arc-enabled servers, review the [troubleshoot VM extensions](/azure-arc/servers/troubleshoot-vm-extensions) article for general troubleshooting steps. - -To review the logs related to all actions performed by the extension, on Windows check for more details in `C:\ProgramData\GuestConfig\extension_Logs\Microsoft.SoftwareUpdateManagement\WindowsOsUpdateExtension`. It includes the following two log files of interest: - -* `WindowsUpdateExtension.log`: Contains details related to the patch actions, such as the patches assessed and installed on the machine, and any issues encountered in the process. -* `cmd_execution__stdout.txt`: There is a wrapper above the patch action, which is used to manage the extension and invoke specific patch operation. This log contains details about the wrapper. For AutoPatching, the log has details on whether the specific patch operation was invoked. -* `cmd_excution__stderr.txt` - -## Known issues - -### Scenario: Patch run failed with Maintenance window exceeded property showing true even if time remained - -#### Issue - -When you view an update deployment in **Update History**, the property **Failed with Maintenance window exceeded** shows **true** even though enough time was left for execution. In this case, the one of the following is possible: - -* No updates are shown. -* One or more updates are in a **Pending** state. -* Reboot status is **Required**, but a reboot was not attempted even when the reboot setting passed was `IfRequired` or `Always`. - -#### Cause - -During an update deployment, it checks for maintenance window utilization at multiple steps. Ten minutes of the maintenance window is reserved for reboot at any point. Before getting a list of missing updates or downloading/installing any update (except Windows service pack updates), it checks to verify if there are 15 minutes + 10 minutes for reboot (that is, 25 mins left in the maintenance window). -For Windows service pack updates, we check for 20 minutes + 10 minutes for reboot (that is, 30 minutes). If the deployment doesn't have the sufficient left, it skips the scan/download/install of updates. The deployment run then checks if a reboot is needed and if there is ten minutes left in the maintenance window. If there is, the deployment triggers a reboot, otherwise the reboot is skipped. In such cases, the status is updated to **Failed**, and the Maintenance window exceeded property is updated to ***true**. For cases where the time left is less than 25 minutes, updates are not scanned or attempted for installation. - -More details can be found by reviewing the logs in the file path provided in the error message of the deployment run. - ->[!NOTE] -> For [Azure Arc-enabled servers](/azure/azure-arc/servers/overview), it can take up to five minutes to trigger a deployment job on the machine. If you have configured 30 minutes as the maximum duration, there is a high chance that the scan for missing updates will not occur. At least 25 minutes is required in the maintenance window to start the operation. - -#### Resolution - -Setting a longer time range for maximum duration when triggering an [on-demand update deployment](deploy-updates.md) helps avoid the problem. - -## Next steps - -* To learn more about Azure Update management center (preview), see the [Overview](overview.md). -* To view logged results from all your machines, see [Querying logs and results from update management center (preview)](query-logs.md). diff --git a/articles/update-center/updates-maintenance-schedules.md b/articles/update-center/updates-maintenance-schedules.md deleted file mode 100644 index 3cc00ab7765e..000000000000 --- a/articles/update-center/updates-maintenance-schedules.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: Updates and maintenance in update management center (preview). -description: The article describes the updates and maintenance options available in Update management center (preview). -ms.service: update-management-center -ms.date: 04/21/2022 -ms.topic: conceptual -author: snehasudhirG -ms.author: sudhirsneha ---- - -# Update options in update management center (preview) - -**Applies to:** :heavy_check_mark: Windows VMs :heavy_check_mark: Linux VMs :heavy_check_mark: On-premises environment :heavy_check_mark: Azure Arc-enabled servers. - -This article provides an overview of the various update and maintenance options available by update management center (preview). - -Update management center (preview) provides you the flexibility to take an immediate action or schedule an update within a defined maintenance window. It also supports new patching methods such as [automatic VM guest patching](/azure/virtual-machines/automatic-vm-guest-patching), [Hotpatching](/azure/automanage/automanage-hotpatch?context=/azure/virtual-machines/context/context) and so on. - - -## Update Now/One-time update - -Update management center (preview) allows you to secure your machines immediately by installing updates on demand. To perform the on-demand updates, see [Check and install one time updates](deploy-updates.md#install-updates-on-single-vm). - -## Scheduled patching -You can create a schedule on a daily, weekly or hourly cadence as per your requirement, specify the machines that must be updated as part of the schedule, and the updates that you must install. The schedule will then automatically install the updates as per the specifications. - -Update management center (preview) uses maintenance control schedule instead of creating its own schedules. Maintenance control enables customers to manage platform updates. For more information, see the [Maintenance control documentation](/azure/virtual-machines/maintenance-control). -Start using [scheduled patching](scheduled-patching.md) to create and save recurring deployment schedules. - - -## Automatic VM Guest patching in Azure - -This mode of patching lets the Azure platform automatically download and install all the security and critical updates on your machines every month and apply them on your machines following the availability-first principles. For more information, see [automatic VM guest patching](/azure/virtual-machines/automatic-vm-guest-patching). - -This VM property can be enabled by setting the value of Patch orchestration update setting to **Azure Orchestrated/Automatic by Platform** value. - - -## Windows automatic updates -This mode of patching allows operating system to automatically install updates as soon as they are available. It uses the VM property that is enabled by setting the patch orchestration to OS orchestrated/Automatic by OS. - -## Hotpatching - -Hotpatching allows you to install updates on supported Windows Server Azure Edition virtual machines without requiring a reboot after installation. It reduces the number of reboots required on your mission critical application workloads running on Windows Server. For more information, see [Hotpatch for new virtual machines](/azure/automanage/automanage-hotpatch) - -Hotpatching property is available as a setting in Update management center (preview) which you can enable by using Update settings flow. Refer to detailed instructions [here](manage-update-settings.md#configure-settings-on-single-vm) - -:::image type="content" source="media/updates-maintenance/hot-patch-inline.png" alt-text="Screenshot that shows the hotpatch option." lightbox="media/updates-maintenance/hot-patch-expanded.png"::: - -## Next steps - -* To view update assessment and deployment logs generated by update management center (preview), see [query logs](query-logs.md). -* To troubleshoot issues, see the [Troubleshoot](troubleshoot.md) update management center (preview). \ No newline at end of file diff --git a/articles/update-center/view-updates.md b/articles/update-center/view-updates.md deleted file mode 100644 index 317fda113c74..000000000000 --- a/articles/update-center/view-updates.md +++ /dev/null @@ -1,109 +0,0 @@ ---- -title: Check update compliance in Update management center (preview) -description: The article details how to use Azure Update management center (preview) in the Azure portal to assess update compliance for supported machines. -ms.service: update-management-center -ms.date: 04/21/2022 -ms.topic: conceptual -author: SnehaSudhir -ms.author: sudhirsneha ---- - -# Check update compliance with update management center (preview) - -**Applies to:** :heavy_check_mark: Windows VMs :heavy_check_mark: Linux VMs :heavy_check_mark: On-premises environment :heavy_check_mark: Azure Arc-enabled servers. - -This article details how to check the status of available updates on a single VM or multiple machines using update management center (preview). - - -## Check updates on single VM - ->[!NOTE] -> You can check the updates from the Overview or Machines blade in update management center (preview) page or from the selected VM. - -# [From Overview blade](#tab/singlevm-overview) - -1. Sign in to the [Azure portal](https://portal.azure.com). - -1. In Update management center (Preview), **Overview**, select your **Subscription** to view all your machines and select **Check for updates**. - -1. In **Select resources and check for updates**, choose the machine for which you want to check the updates and select **Check for updates**. - - An assessment is performed and a notification appears as a confirmation. - - :::image type="content" source="./media/view-updates/check-updates-overview-inline.png" alt-text="Screenshot of checking updates from Overview." lightbox="./media/view-updates/check-updates-overview-expanded.png"::: - - The **Update status of machines**, **Patch orchestration configuration** of Azure virtual machines, and **Total installation runs** tiles are refreshed and display the results. - - -# [From Machines blade](#tab/singlevm-machines) - -1. Sign in to the [Azure portal](https://portal.azure.com). - -1. In Update management center (preview), **Machines**, select your **Subscription** to view all your machines. - -1. Select your machine from the checkbox and select **Check for updates**, **Assess now** or alternatively, you can select your machine, in **Updates Preview**, select **Assess updates**, and in **Trigger assess now**, select **OK**. - - An assessment is performed and a notification appears first that the *Assessment is in progress* and after a successful assessment, you will see *Assessment successful* else, you will see the notification *Assessment Failed*. For more information, see [update assessment scan](assessment-options.md#update-assessment-scan). - - -# [From a selected VM](#tab/singlevm-home) - -1. Select your virtual machine and the **virtual machines | Updates** page opens. -1. Under **Operations**, select **Updates**. -1. In **Updates**, select **Go to Updates using Update Center**. - - :::image type="content" source="./media/view-updates/resources-check-updates.png" alt-text="Screenshot showing selection of updates from Home page."::: - -1. In **Updates (Preview)**, select **Assess updates**, in **Trigger assess now**, select **OK**. - - An assessment is performed and a notification appears first that the *Assessment is in progress* and after a successful assessment, you will see *Assessment successful* else, you will see the notification *Assessment Failed*. - - :::image type="content" source="./media/view-updates/check-updates-home-inline.png" alt-text="Screenshot of status after checking updates." lightbox="./media/view-updates/check-updates-home-expanded.png"::: - - For more information, see [update assessment scan](assessment-options.md#update-assessment-scan). - ---- - -## Check updates at scale - -To check the updates on your machines at scale, follow these steps: - ->[!NOTE] -> You can check the updates from the **Overview** or **Machines** blade. - -# [From Overview blade](#tab/at-scale-overview) - -1. Sign in to the [Azure portal](https://portal.azure.com). - -1. In Update management center (preview), **Overview**, select your **Subscription** to view all your machines and select **Check for updates**. - -1. In **Select resources and check for updates**, choose your machines for which you want to check the updates and select **Check for updates**. - - An assessment is performed and a notification appears as a confirmation. - - The **Update status of machines**, **Patch orchestration configuration** of Azure virtual machines, and **Total installation runs** tiles are refreshed and display the results. - - -# [From Machines blade](#tab/at-scale-machines) - -1. Sign in to the [Azure portal](https://portal.azure.com). - -1. In Update management center (preview), **Machines**, select your **Subscription** to view all your machines. - -1. Select the **Select all** to choose all your machines and select **Check for updates**. - -1. Select **Assess now** to perform the assessment. - - A notification appears when the operation is initiated and completed. After a successful scan, the **Update management center (Preview) | Machines** page is refreshed to display the updates. - ---- - -> [!NOTE] -> In update management center (preview), you can initiate a software updates compliance scan on the machine to get the current list of operating system (guest) updates including the security and critical updates. On Windows, the software update scan is performed by the Windows Update Agent. On Linux, the software update scan is performed using OVAL-compatible tools to test for the presence of vulnerabilities based on the OVAL Definitions for that platform, which is retrieved from a local or remote repository. - - -## Next steps - -* Learn about deploying updates to your machines to maintain security compliance by reading [deploy updates](deploy-updates.md). -* To view update assessment and deployment logs generated by update management center (preview), see [query logs](query-logs.md). -* To troubleshoot issues, see [Troubleshoot](troubleshoot.md) Azure Update management center (preview). diff --git a/docfx.json b/docfx.json index 5ee44e12f079..97b221fc67cc 100644 --- a/docfx.json +++ b/docfx.json @@ -223,7 +223,6 @@ "articles/app-service-mobile/**/*.md": "elamalani", "articles/automanage/*md": "daberry", "articles/automation/**/*.md": "sgsneha", - "articles/update-center/**/*.md": "sgsneha", "articles/azure-arc/**/*.md": "JnHs", "articles/azure-arc/servers/**/*.md": "johnmarco", "articles/azure-functions/**/*.md": "ggailey777",