Photo-K - Fotolia
How does Azure Update Management handle integration?
Azure Update Management works with other Microsoft administrative tools to give IT pros a more complete offering to patch operating systems.
Azure Update Management aims to ease the update deployment process, but it requires some setup work to get it to integrate with other administrative tools.
Due to the diverse needs of organizations, Azure Update Management is designed to integrate with other Microsoft offerings. Azure Update Management works in conjunction with these products for automation and reporting functionality.
One of the most noteworthy supplements to Azure Update Management is the ability to run PowerShell runbooks before or after deploying an update. Users can select scripts when creating an update deployment job, configure the script with the required values or parameters, and then attach the script to the update deployment job as either a pre- or post-script.
For example, if a pre-script can turn off a certain service that might prevent the installation of an update, then a post-script can turn the service back on after the update process. As of this publication, that feature is in preview mode.
Although these scripts run in Microsoft's cloud, Azure Update Management can also use scripts on the local system. This functionality requires some additional components on the local system, such as a Run As account, a hybrid runbook worker installed on the system, and the runbook installed locally. When the runbook executes in Azure as part of the pre-post-script process, it triggers an identical child runbook on the desired local system.
Integrating Azure Update Management with System Center Configuration Manager
Azure Update Management also offers some support for System Center Configuration Manager (SCCM). Administrators can create and stage update deployments in SCCM and receive detailed reports on the update deployments via Azure Update Management. Similarly, administrators can use SCCM for reporting tasks, such as compliance reporting, while Azure Update Management handles the update process.
To use Azure Update Management with SCCM requires version 1606 or later. Servers managed by SCCM must also report to Azure Update Management and the associated Log Analytics database. Machines managed by Azure Update Management must have Windows agents that connect to a Windows Server Update Services server or Microsoft Update to receive security updates. Administrators must also configure SCCM to the Log Analytics service in Azure for the storage and analysis of update logs.
After this configuration work between SCCM and Azure Update Management, administrators can then manage updates from SCCM to connected systems. Alternately, administrators can manage patching from Azure Update Management using Azure Automation if the SCCM software update management features are disabled.
Adjustments needed for Operations Management Suite deployments
It's important to note that the deprecation of Microsoft's Operations Management Suite (OMS) portal means administrators who use OMS and want to adopt Azure Update Management must make the transition to the Azure portal.
As administrators recreate deployments in Azure, they can delete existing OMS deployments. Generally, administrators can recreate OMS deployments in Azure Update Management by accessing the Azure Automation account, selecting Update Management, clicking Schedule update deployment, and then using the details for that OMS deployment when creating a new update deployment in Azure Update Management.
For example, when selecting systems to update, choose the saved search used by the corresponding OMS deployment, and then fill in the remainder of the details to create the new update deployment in Azure Update Management, such as the update classifications to apply only security updates to a system.