Install Windows Updates on an Azure VM using Azure Automation


Scenario:

“I want to use Azure Automation to install Windows Updates on my Azure VM.  All the examples I have come across were written with Azure Service Management (ASM) based PowerShell scripts.  Are there any examples of doing this with Azure Resource Manager (ARM) VMs?”

I looked around at other examples of how to do this, including this one:

https://gallery.technet.microsoft.com/scriptcenter/Manage-Windows-Updates-on-160f40bc

I too only found ASM examples.  The video below is a walkthrough of using the sample scripts from my GitHub repository:

https://github.com/devkeydet/AutomationInvokeWindowsUpdateAzureRmVM

Some notes about my scripts which make them different from most of the ASM examples I reviewed.  The runbook script uses PowerShell Remoting to invoke commands on the VM.  WinRM is required for PowerShell Remoting.  ARM VMs don’t have WinRM enabled by default.  My video doesn’t cover configuring WinRM.  I’d recommend enabling WinRM through ARM templates as described here:

https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-windows-winrm/

If you have existing ARM VMs that need to have WinRM enabled, see:

http://www.techdiction.com/2016/02/12/create-a-custom-script-extension-for-an-azure-resource-manager-vm-using-powershell/ 

I use Azure Automation DSC to ensure that the VMs have the prerequisite PSWindowsUpdate and TaskRunner modules installed locally.  For simplicity, the runbook script accesses the VM using PowerShell Remoting over ssl via public IP/DNS label.  If you prefer to not expose VMs over the public internet you could consider using Azure Automation Hybrid Runbook Workers:

https://azure.microsoft.com/en-us/documentation/articles/automation-hybrid-runbook-worker/#starting-runbooks-on-hybrid-runbook-worker

@devkeydet


Comments (0)

Skip to main content