OMS Update management - How to "read" logs?
Hi community, i onboarded some first machines so that they will report update status to azure and get some update schedules assigned. Now i'm asking myself how i can read the logs. Let me outline one example: I noticed that on one machine there was a security update missing. After one week (because of the assigned update schedule (weekly)) the machine was back in a healthy state. Now i would like to figure out how can i find a good, readable log to see when and which update was exactly have been installed. One further question: In former times we've implemented a WSUS and for this a GPO which configured this WSUS as a source for our servers. Now I'm setting up azure update management. It seems that the earlier configuration made per gpo will be overwritten by the azure config, is this correct?
Update Management through OMS Gateway ?
Hi Guys, A pretty confusing topic for me. Now i have a lot of VMs in Azure, they dont have internet access but they are configured to connect to log analytics through the OMS gateway which is basically acts like a proxy for them, it works perfectly i can collect all the logs needed and perf counters no problem here. i enabled update management on these servers as well. so then i have to allow hosts in the OMS gateway using Add-OMSGatewayAllowedHost powershell command. which i did as per the documentation here https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-oms-gateway#configure-for-automation-hybrid-workers i believed that it should use the OMS GatewayProxy to access the Update repository and get the assessment and can push the updates now, but i checked and the VMs seems to not be working like this and might need actually another proxy settings to get to the update service from Microsoft. My questions are: - should i add the update service URLs to the allowed hosts in oms gateway ? and then would the VMs connect to the Update services through just the OMS proxy. Update catalogue URLs microsoft.com *.update.microsoft.com windowsupdate.com *.download.windowsupdate.com microsoft.com *.download.microsoft.com com *.windowsupdate.com microsoft.com windows.com live.com (this is required if you have connected a Microsoft Account) microsoft.com *.mp.microsoft.com - Or does the VMs still need to set up a proxy that have access to the internet?! if anyone have experience with this would be great to share. Thanks Ahmed AtefAD groups in update management (azure automation accounts)
Hi, i think i need help regarding the Azure automation acccounts update management. Our goal is to centraly update our on-prem Windows servers. To achive this i installed the monitoring agent on a few test machines. (The machines appeared inside the update management already) Now i want to create deployment schedules based on groups. (DCs, Fileserver, Database server, ...) In the "New update deployment" blade i'm able to select "Groups to update" or "Machines to update". When using "Groups to update" i need to have groups based on queries. When using "Machiines to update" i've seen that i can choose "imported groups (AD/WSUS/SCCM)" from the dropdown. I enabled the Groupsync option in my log analytics workspace already (advanced settings > computer groups > Active Directory > Import ..). When looking back at the "Machines to update" blade i can only see 3 groups, but not the groups i would like to use. (There are two custom groups visible and the "domain computers" group) The on-prem groups i would like to use are normal global security groups and the're synced via AADC. So at this moment i really don't know why my prefered groups are not visible. Any help is highly appreciated. 🙂
