Solution Guide: Azure Arc Patching using Update Management: Part 2 Deploying Updates

0 Comments

Written by Donavan Schaper



June 12, 2023

In this Solution Guide we will focus on the deploying of Microsoft Security patches to our Arc onboarded devices.

Start by navigating to the Update Management Center: Azure Update Management Center Portal

Next, click on Schedule Updates, here you can add a new schedule or modify a previous schedule.

Add the maintenance window you would like updates to be deployed within:

Next, add the devices you wish to be included in scope of your maintenance window:

In the next window you can configure the type of windows updates you wish to be included in the patching scope.

Also specific KB’s can be excluded from the scope:

As always, make sure to tag your deployment in order to gain insights after deployment and for compliance visibility:

Review the maintenance configuration items before proceeding and ensure your input is correct, then click create:

Your deployment has been initiated and the maintenance schedule is in the process of being created:

Below you can notice 2 items in the deployment screen, a new deployment and the Maintenance Configuration object which you can navigate to afterwards:

Now it’s time to sit back and relax and let the automation process do it’s thing!

let’s monitor one of the devices in the targeted maintenance configuration, below is the device state before the Azure Arc Connected Machine agent recieved the deployment:

Here we can see the device has started to perform the Windows Update process as initiated by the Connected Machine Agent:

Patching in progress!

Navigating to the Azure Arc device in the Azure Portal we can see the notificaiton below informing us that the Assess Now and Install Updates Now options

are not available as there are ongoing operations on the device:

Quickly navigating on the device targeted we can confirm the patches have been installed and the device has rebooted as allowed by our maintenance configuration: