Azure recently launched the Maintenance Control feature which allows customers to imperatively apply platform maintenance to Azure Dedicated Hosts and isolated VMs. You may require a way to automatically check for updates and apply them according to a defined schedule. You can do this serverlessly using Azure Functions and PowerShell.
We will be implementing this using a Timer Triggered Azure Function. Remember that the Maintenance Control feature is only available to Dedicated Hosts and Isolated VMs. This function is only executable after you have assigned a configuration to your resource. Follow these steps to create your automatic maintenance control Function:
-
Create a new Functions App on the Azure portal. (Note: This example is uses a PowerShell core runtime stack and the Azure Shell only supports it on Windows. If you would like to run the function on a Linux Operating System pick a different runtime stack).
-
Navigate to your new functions app and create a Timer Triggered function. Use the cron scheduler to pick a preferred time for your function to run. You can also update your schedule on the Azure Portal as required.
-
After you have created your function, you will need a method to login your app and access other resources on the portal. The recommended method is to make your App a System Assigned Managed Identity and assigning it a role with appropriate permissions. To assign a role:
-
Click Azure Role Assignments within the System Assigned tab:
-
Then Add Role Assignment.
-
Select Subscription as scope and set role to contributor:
-
-
Now navigate to the run.ps1 file. This is where your function will live. Use Get-AzMaintenanceUpdate check if your Isolated VM or Dedicated Host has any scheduled updates.
-
If updates are available, apply them using New-AzApplyUpdate.
-
Save and Run your function. It will now automatically apply available updates to your resource each time the timer is triggered.
