Tutorial: Schedule updates on dynamic scopes

Patch Orchestration must be set to Customer Managed Schedules.

There are no prerequisites for patch orchestration. However, you must associate a schedule with the VM for scheduled patching.

1. Sign in to the Azure portal and go to Azure Update Manager.

2. Select Overview > Schedule updates > Create a maintenance configuration.

3. On the Create a maintenance configuration pane, enter the details on the Basics tab. For Maintenance scope, select Guest (Azure VM, Arc-enabled VMs/servers).

4. On the Dynamic scopes tab, follow the steps to add a dynamic scope.

5. On the Machines tab, select Add machines to add any individual machines to the maintenance configuration.

6. On the Updates tab, select the patch classification that you want to include or exclude. Then select Tags.

7. On the Tags tab, provide the tags.

8. On the Review + Create tab, review your configuration and then select Create.

    az maintenance assignment create-or-update-subscription --maintenance-configuration-id "/subscriptions/{subscription_id}/resourcegroups/{rg}/providers/Microsoft.Maintenance/maintenanceConfigurations/clitestmrpconfinguestadvanced" --name cli_dynamicscope_recording01 --filter-locations eastus2euap centraluseuap --filter-os-types windows linux --filter-tags {{tagKey1:[tagKey1Val1,tagKey1Val2],tagKey2:[tagKey2Val1,tagKey2Val2]}} --filter-resource-group rg1, rg2 --filter-tags-operator All -l global

    New-AzConfigurationAssignment -ConfigurationAssignmentName $maintenanceConfigurationName -MaintenanceConfigurationId $maintenanceConfigurationInGuestPatchCreated.Id -FilterLocation eastus2euap,centraluseuap -FilterOsType Windows,Linux -FilterTag '{"tagKey1" : ["tagKey1Value1", "tagKey1Value2"], "tagKey2" : ["tagKey2Value1", "tagKey2Value2", "tagKey2Value3"] }' -FilterOperator "Any"