General Availability: Non-Azure Groups for Azure Update Management
Posted on Monday, July 8, 2019
Today we’re happy to announce the general availability of Non-Azure group targeting for Azure Update Management. This feature enables dynamic targeting of patch deployments to non-Azure machines based on Log Analytics saved searches. Machines can be dynamically added to existing patch deployments based on criteria specified in the saved search.
This feature enables:
- Dynamic targeting of non-Azure machines for an update deployment. After the deployment is created, any new machines added to Update Management that meet the search criteria will be automatically picked up and periodically patched without requiring the user to modify the update deployment itself.
- Preview capabilities to verify the set of machines that will be targeted with the dynamic group targeting.
In the following example a periodic patch deployment is being created that will run on a weekly basis. The set of onboarded machines to target for this update deployment is chosen based on the following criteria: All onboarded non-Azure machines that match the naming convention name contains “OnPrem”.
First a Log Analytics saved search is created to group these machines based on naming convention. Next an update deployment is created that uses this saved search. Dynamic non-Azure groups can be found under Groups to update under the Non-Azure tab.
When newly onboarded non-Azure VMs match the naming convention (they contain the string OnPrem), they will automatically be picked up and updated in the next run of this update deployment. Note that Azure VMs will automatically be filtered out of this deployment query. The machines that will be affected by this Update Deployment if it were to run immediately can be viewed through the preview pane.