Azure Arc – Add servers from Update Management

The good thing about the Azure Arc is that you can deploy the agent in many different ways. As of today, you can deploy the agent using the following methods:

  • Using a deployment script
    • This approach is for smaller environments
  • Using a service principle
    • This option is suitable for large scale deployments
  • Using Azure Update Management
    • This option is good for the existing Azure Update Management customers. In this case, you have the Microsoft Monitoring Agent already installed on your servers
  • Using Az.ConnectedMachine PowerShell module
    • I like this one as well. You can build up your custom installation script with different logics for tagging etc. Good for large scale deployments as well
  • Using Desired State Configuration
    • Suppose you are using Azure Automation DSC or an on-premises version of DSC. In that case, this may also be good in large-scale deployment scenarios.

As you see from this list, then you have plenty of options. Pick and choose the one that suits you the best.

This article shows you how to install the agent through the Azure Update Management feature. If you are using Azure Update Management today, you have noticed that Microsoft uses Patch-MicrosoftOMSComputers runbook for patching. Microsoft fully manages this runbook, and you don’t have any access to that. It is also a special runbook because it can run directly on your servers. If you create a custom runbook for yourself, then you cant do the same. You can only execute the runbook through Azure Automation Hybrid Worker.

Now with Azure Arc, Microsoft introduces another new runbook called Add-AzureConnectedMachines. This runbook is also fully managed by Microsoft, and this can also run on your servers directly.


To deploy Azure Arc through Azure Update Management, you need the following:

  • Azure Log Analytics Workspace
  • Microsoft Monitoring Agent should be installed and configured on your servers
  • Azure Automation Account
  • Azure Update Management solution activated

Azure Arc agent deployment through Update Management

Follow the steps to deploy agent through Update Management

  1. Open Azure Portal and search for Azure Arc
  2. On the Azure Arc panel, select Servers
  3. On the Add servers with Azure Arc panel, select Add servers from Update Management (preview)
  4. On the Add non-Azure machines from Automation Account, specify the following information:
    1. Subscription
    2. Resource Group
    3. Location
    4. SPN
    5. Proxy server, if necessary
  5. Select machines to target
  6. Specify the Tags
  7. Review the deployment information and click Add machines

These steps kick off the Add-AzureConnectedMachines runbook. If you added Windows server-based operating systems, you see that it kicks off the child runbook called Add-AzureConnectedMachineWindows.

If you selected Linux servers as well, then you see the Add-AzureConnectedMachineLinux runbook too.

Create Data Collection Rules for Azure Sentinel
Need more information?
Need more information?
  • This field is for validation purposes and should be left unchanged.