Instructions: Onboard Azure Arc-enabled servers to Azure Update Manager
Update the ARM Template parameters file update-management-center.parameters.
cd C:\Code\Repos\GitHub\azure_arc\azure_arc_servers_jumpstart\updateManagementCenter
code update-management-center.parameters.jsonDeployed the ARM template file update-management-center-template.json:
az deployment group create --resource-group $Env:resourceGroupName --template-file update-management-center-template.json --parameters update-management-center.parameters.jsonIn the Azure Portal Check the new policy assignment in the resource group: (jumpstart) Configure periodic checking for missing system updates on azure Arc-enabled servers. This policy, once it's remediated, enables Periodic Assessment.
Create a remediation task.
On the page of the policy, you can click View assignment, where you will see a Remediation tab. The Remediation State should show to be Complete after a while.
Annother 20 minutes later, when clicking Update for the Arc-enabled server, Periodic assessent was set to Yes. Also then the policy was in a compliant state.
Instead of waiting for a firsst automatic update assesment, clcick on check for updates, in order to trigger an update assessment manually.
This will add the WindowsOsUpdateExtnesion, and show after a while a number of Rrecommended updates. Under History you can the details related to the updates assessment and operations.
As part of the ARM template deployment, a new Maintenance Configuration resource is created. It allows you to schedule recurring updates deployments on your Azure Arc-enabled servers.
Review the following Maintenance Configuration Settings:
- Resource, which includes the Azure Arc-enabled server
- Schedule of the maintenance configuration resource (it will start one day after you deploy this scenario)
- Updsate
Let's trigger the updates manually, by clicking One-time update. Check History for the status.
In Azure Update Manager check History under Manager.
In the instruction there is mention of a built-in workbook that provides an unified view of you current updates status, but I didn't find it.
From conversation with Copilot:
It's normal for the "Remediate" option to not appear in the context menu for all policies. The "Remediate" option is typically available for policies with the **deployIfNotExists** or **modify** effects, which require remediation tasks to bring resources into compliance.
If you're not seeing the "Remediate" option, it might be because the policy you're right-clicking on doesn't have these effects or isn't configured for remediation.
Checking indeed the Effect type of the non-compliant policies I see that it is AuditNotExists.
After checking the documentation about using Remotely and securely configure servers using Run command (Preview) > Azure CLI, I used following commands to reboot the machine from the Azure CLI:
az extension add --name connectedmachine
machineName=WIN-C5F3SBT28PD
resourceGroupName=Arc-Lab-yvesk1
az connectedmachine run-command create --name "myRunCommand" --machine-name $machineName --resource-group $resourceGroupName --script "Restart-Computer -Force"Didn't work, ran into this issue: Missing az connectedmachine run-command
Tried the workaround:
az extension remove --name connectedmachine
az extension add --name connectedmachine --version 0.7.0Documentation: