AD groups in update management (azure automation accounts)
Hi, i think i need help regarding the Azure automation acccounts update management. Our goal is to centraly update our on-prem Windows servers. To achive this i installed the monitoring agent on a few test machines. (The machines appeared inside the update management already) Now i want to create deployment schedules based on groups. (DCs, Fileserver, Database server, ...) In the "New update deployment" blade i'm able to select "Groups to update" or "Machines to update". When using "Groups to update" i need to have groups based on queries. When using "Machiines to update" i've seen that i can choose "imported groups (AD/WSUS/SCCM)" from the dropdown. I enabled the Groupsync option in my log analytics workspace already (advanced settings > computer groups > Active Directory > Import ..). When looking back at the "Machines to update" blade i can only see 3 groups, but not the groups i would like to use. (There are two custom groups visible and the "domain computers" group) The on-prem groups i would like to use are normal global security groups and the're synced via AADC. So at this moment i really don't know why my prefered groups are not visible. Any help is highly appreciated. 🙂
Questions about Deparments and Accounts (patterns) for Azure Enrollments
Hi guys, while thinking about which "Department/Account" Setup methodology is the best for our organization, there appear some questions from my site. As you know, there are three common patterns for Azure Enrollments (https://docs.microsoft.com/en-us/azure/architecture/cloud-adoption/appendix/azure-scaffold#departments-and-accounts). In additional to these 3 options (functional, business unit, geographic) there is one more way like this: Enterprise -> Accounts -> Subscriptions This is an away, without creating a Department before. My questions are: Questions to deparment: What are the advantage of building a pattern with Deparments? I mean, why should I create it Departments, when a direct connections between (Enterprise and Accounts) is possible? What disatvantage has a pattern like Enterprise -> Accounts -> Subscriptions (without deparments)? Due to the reason, that deparments are not deletable (only set to inactive) and one department name, which was in use, isn't usable anymore for new active deparment I tought that we could set the Name of the deparment like this: "Department 1", "Department 2", "Department 3" etc. The knowledge which department is which deparment in our organization we would do this information in two place: 1) in cost center of the deparment 2) in our internal documentation. Question here: Is there any reason or any restriction to information, if we would do it described above? Questions to Subscription: Is in a EA offer possible, to move one or more Subscription from one Deparment A to department B ? If yes, with or without downtime? Questions to Accounts: Is it possible to assign mutiple Account to one Department? Is it possible to move one Account assigned to Department A to Department B with all their Subscriptions? If yes, with or without downtime? Please let me know if you need some more informations. Thank you for your reply in advance.
