Maintaining a fleet of Azure virtual machines (VMs) can be a complex task, but with the Maintenance Configurations feature and the Azure CLI, you can take control of when platform updates are applied to your resources. In this comprehensive guide, we’ll explore the ins and outs of using Maintenance Configurations to optimize your VM maintenance strategy.

Creating Maintenance Configurations

The first step in managing your VM maintenance is to create a maintenance configuration. This involves setting up a resource group to contain your configuration, and then using the az maintenance configuration create command to define the specifics of your maintenance window.

For example, to create a maintenance configuration named myConfig that is scoped to host machines, with a scheduled window of 5 hours on the fourth Monday of every month, you would run the following commands:

az group create 
   --location eastus 
   --name myMaintenanceRG

az maintenance configuration create 
   --resource-group myMaintenanceRG 
   --resource-name myConfig 
   --maintenance-scope host 
   --location eastus 
   --maintenance-window-duration "05:00" 
   --maintenance-window-recur-every "Month Fourth Monday" 
   --maintenance-window-start-date-time "2020-12-30 08:00" 
   --maintenance-window-time-zone "Pacific Standard Time"

You can also create maintenance configurations for virtual machine scale sets and guest VMs, with different scopes and schedules to fit your needs.

Assigning Maintenance Configurations

After creating a maintenance configuration, you need to assign it to your Azure resources. You can do this using the az maintenance assignment create command, specifying the resource type, resource name, resource group, and the ID of the maintenance configuration you want to apply.

For example, to apply the myConfig maintenance configuration to an isolated VM named myVM, you would run:

az maintenance assignment create 
   --resource-group myMaintenanceRG 
   --location eastus 
   --resource-name myVM 
   --resource-type virtualMachines 
   --provider-name Microsoft.Compute 
   --configuration-assignment-name myConfig 
   --maintenance-configuration-id "/subscriptions/{subscription ID}/resourcegroups/myMaintenanceRG/providers/Microsoft.Maintenance/maintenanceConfigurations/myConfig"

You can similarly assign maintenance configurations to dedicated hosts, virtual machine scale sets, and guest VMs, using the appropriate resource types and parameters.

Monitoring and Applying Updates

Once you have your maintenance configurations set up, you can use the Azure CLI to check for pending updates and apply them to your VMs.

The az maintenance update list command allows you to see if there are any pending updates for your resources. If updates are pending, you can then use az maintenance applyupdate create to initiate the update process.

For example, to check for pending updates on an isolated VM named myVM, you would run:

az maintenance update list 
   --subscription {subscription ID} 
   --resource-group myMaintenanceRg 
   --resource-name myVM 
   --resource-type virtualMachines 
   --provider-name Microsoft.Compute 
   --output table

And to apply any pending updates, you would use:

az maintenance applyupdate create 
   --subscription {subscriptionID} 
   --resource-group myMaintenanceRG 
   --resource-name myVM 
   --resource-type virtualMachines 
   --provider-name Microsoft.Compute

You can follow a similar process for dedicated hosts, virtual machine scale sets, and guest VMs.

Deleting Maintenance Configurations

If you no longer need a particular maintenance configuration, you can delete it using the az maintenance configuration delete command. This will remove the maintenance control from any associated resources.

az maintenance configuration delete 
   --subscription 1111abcd-1a11-1a2b-1a12-123456789abc 
   -resource-group myResourceGroup 
   --resource-name myConfig

By mastering the use of Maintenance Configurations and the Azure CLI, you can take control of your Azure VM maintenance, ensuring that platform updates are applied on your schedule and according to your specific needs. This guide has provided a comprehensive overview of the process - for more information, be sure to check out the official Azure documentation.