Forum Discussion
Solved
How to Automate KB5040434 Installation on Multiple VMs?
Hey everyone,
I need to install the KB5040434 update on a bunch of VMs. This update is super important because it fixes several vulnerabilities. Doing this one by one is a huge hassle, and each VM also needs a restart after the update.
Is there a way to automate this process? Maybe using Azure Cloud Shell, an automation account, or some other Azure feature? Any tips or guides would be really helpful.
Thanks in advance!
- Set Up Azure Automation Account:
Create an Azure Automation account if you don't already have one.
Ensure it has the necessary permissions to manage the VMs.
2. Configure Update Management:
Link your Azure Automation account to the Update Management solution.
Update Management allows you to manage updates for both Windows and Linux VMs.
Since your environment restricts internet access, ensure that your VMs can access your internal WSUS server or another local update repository.
3. Create a Scheduled Deployment:
In Update Management, create a new update deployment.
Select the group of VMs where you want to apply the KB5040434 update.
Since your environment restricts internet access, make sure to choose the option to install updates from your local WSUS server.
Schedule the deployment to run at a specific time.
4. Automate the Process:
Use the Azure Automation Runbooks to script the entire update process, including the restart of VMs after the update is installed.
You can write a PowerShell script that checks for the presence of the KB5040434 update and installs it if necessary.
Here's a sample snippet you can adapt:
powershell
Kodu kopyala
# Sample PowerShell script to install KB5040434
$kb = "KB5040434"
$update = Get-WindowsUpdate -KBArticleID $kb -ComputerName $env:COMPUTERNAME
if (-not $update) {
Write-Output "KB5040434 not found. Installing..."
Install-WindowsUpdate -KBArticleID $kb -AcceptAll -AutoReboot
} else {
Write-Output "KB5040434 is already installed."
}
- Hi, probably the best option for that case will be to use Azure Update manager with One-time update, you can easily implement this feature, choose server and this KB once you perform Update checks. Here is documentation https://learn.microsoft.com/en-us/azure/update-manager/deploy-updates?tabs=install-single-overview%2Cinstall-scale-overview
- But with Azure Update Manager, am I able to install a KB that is on the C drive of the VMs?
- No, KB is delivered by Agent from Update Manager, but you can choose only thsi one KB.
Hello Use Azure CLI or PowerShell to list all VMs in a resource group and start an update process.
az vm list --resource-group YourResourceGroupName --query "[].{name:name}" -o tsv | while read -r vm; do az vm run-command invoke -g YourResourceGroupName -n $vm --command-id RunPowerShellScript --scripts "Install-WindowsUpdate -KBArticleID KB5040434 -AcceptAll -AutoReboot" doneYou can add a reboot command after the update if it's not automatically handled.
