Step-by-Step: How to update an Azure Linux VM using Update management

Operating system updates include feature updates, bug fixes, and security improvements and are important to update periodically. This applies to desktop computers as well as servers. There are many tools available to manage the Windows update process. When it comes to however, most struggle as few tools support system updates. Luckily in Azure, we can manage updates for Linux VMs without any 3rd party tool.  

This post will detail steps on enable patch management for Linux VM and how we can automate the patch deployment task.

Let's first start by creating a Linux .

Note: PowerShell will be used in the configuration process and will require the Azure PowerShell module to be installed. 

  1. Launch PowerShell console and connect to Azure usingConnect-AzAccount
  2. Next create a new resource group using the following command:
    New-AzResourceGroup -Name REBELRG -Location "East US"​

    In the above,
    REBELRGis the resource group name andEast USis the resource group location.

  3. Now we need to create a new Linux . Ubuntu will be the OS selected for this newly created VM. Enter the follwoing script to create it:
    $mylogin = Get-Credential
    New-AzVm -ResourceGroupName REBELRG -Name "REBELVM01" -Location "East US" -VirtualNetworkName "REBELVNET1" -SubnetName "REBELVMSubnet1" -PublicIpAddressName "REBELVM01IP1" -OpenPorts 22 -Image UbuntuLTS -Size Standard_D2s_v3 -Credential $mylogin​

    In the above,REBELVM01is the VM name. It is runningUbuntuLTSedition. I have specified it using -Image parameter. It also usingStandard_D2s_v3 vmsize. This also has SSH connection enabled.
    With the Linux VM now created, next step is to configure the update management feature.

  4. Log in to Azure Portal ( asGlobal Administrator
  5. Search for theREBELVM01VM and click on it. 
  6. Then under theoperationssection click onUpdate management
  7. Next select Enable for this VM option to enable update management only for REBELVM01.
  8. Now specify the log analytic workspace and Azure account details. You may need to create a one if you do not have an existing one as part of this exercise. Once selections are made click on Enable
  9. This can take about 15 minutes to complete the process. Once update management is enabled, the system will automatically check for updates and install the required agents (hybrid runbook worker).
  10. The the missing updates are then reported once the initial scan is completed.
  11. The next step of the configuration is to schedule update deployment. Click on Schedule update deployment option on the update management window to enable this.
  12. In the new wizard, under update classifications, we can select which type of updates to target for the schedule. In this demo, I am targeting all updates.
  13. Next under Schedule settings, we can define the time, time zone and recurrence. 
  14. UnderPre- + Post-option we can define that execute before patching and after patching. 
  15. UnderReboot options, we can specify the way the system should handle the system reboot. 
  16. Once selections are done, click onCreateto complete the schedule configuration process. 
  17. If we need to patch multiple Linux servers using one update schedule, create an update deployment schedule usingManage multiple machinesoption.
    This allows selecting machine groups or individual machines as targets. 
  18. Once the system process the update schedule, we can see the results under History tab. 
    As we can see, all the updates are installed successfully. 

There are also hand-on lab resources within Microsoft Learn that can extend your knowledge surrounding the Azure Update Management solution in updating virtual machines in your cloud environment. 
Check out the following Learn Module to learn more: Keep your virtual machines updated


This article was originally published by Microsoft's Core Infrastructure and Security Blog. You can find the original article here.