General availability: Non-Azure Groups for Azure Update Management
Published date: 08 July, 2019
Today, we’re happy to announce the general availability of Non-Azure group targeting for Azure Update Management. This feature enables dynamic targeting of patch deployments to non-Azure machines based on Log Analytics saved searches. Machines can be dynamically added to existing patch deployments based on criteria specified in the saved search.
This feature enables:
- Dynamic targeting of non-Azure machines for an update deployment. Once the deployment has been created, any new machines added to Update Management that meet the search criteria will be automatically picked up and periodically patched without requiring the user to modify the update deployment itself.
- Preview capabilities to verify the set of machines that will be targeted with the dynamic group targeting.
In the following example, a periodic patch deployment is being created that will run on a weekly basis. The set of onboarded machines to target for this update deployment are chosen based on the following criteria: All onboarded non-Azure machines that match the naming convention name contain “OnPrem”.
First, a Log Analytics saved search will be created to group these machines based on naming convention. Next, an update deployment will be created that uses this saved search. Dynamic non-Azure groups can be found under Groups to update under the Non-Azure tab.
When newly onboarded non-Azure VMs match the naming convention (they contain the string OnPrem), they will automatically be picked up and updated in the next run of this update deployment. Note that Azure VMs will automatically be filtered out of this deployment query. The machines that will be affected by this Update Deployment if it were to run immediately can be viewed through the preview pane.