Merge pull request #96677 from cynthn/maintenance-control-powershell

ktoliver · web-flow · commit 7777b0e6c4aa · 2019-12-06T13:07:16.000-07:00
Maintenance control powershell
diff --git a/articles/virtual-machines/linux/toc.yml b/articles/virtual-machines/linux/toc.yml
@@ -341,6 +341,8 @@
       items:
       - name: CLI
         href: ../maintenance-control-cli.md?toc=/azure/virtual-machines/linux/toc.json&bc=/azure/virtual-machines/linux/breadcrumb/toc.json
+      - name: PowerShell
+        href: ../maintenance-control-powershell.md?toc=/azure/virtual-machines/linux/toc.json&bc=/azure/virtual-machines/linux/breadcrumb/toc.json
     - name: Scheduled events
       href: scheduled-events.md
   - name: Monitor VMs
diff --git a/articles/virtual-machines/maintenance-control-powershell.md b/articles/virtual-machines/maintenance-control-powershell.md
@@ -0,0 +1,198 @@
+---
+title: Maintenance control for Azure virtual machines using PowerShell
+description: Learn how to control when maintenance is applied to your Azure VMs using Maintenance Control and PowerShell.
+services: virtual-machines-linux
+author: cynthn
+
+ms.service: virtual-machines
+ms.topic: article
+ms.tgt_pltfrm: vm
+ms.workload: infrastructure-services
+ms.date: 12/06/2019
+ms.author: cynthn
+---
+
+# Preview: Control updates with Maintenance Control and Azure PowerShell
+
+Manage platform updates, that don't require a reboot, using maintenance control. Azure frequently updates its infrastructure to improve reliability, performance, security or launch new features. Most updates are transparent to users. Some sensitive workloads, like gaming, media streaming, and financial transactions, can’t tolerate even few seconds of a VM freezing or disconnecting for maintenance. Maintenance control gives you the option to wait on platform updates and apply them within a 35-day rolling window. 
+
+Maintenance control lets you decide when to apply updates to your isolated VMs.
+
+With maintenance control, you can:
+- Batch updates into one update package.
+- Wait up to 35 days to apply updates. 
+- Automate platform updates for your maintenance window using Azure Functions.
+- Maintenance configurations work across subscriptions and resource groups. 
+
+> [!IMPORTANT]
+> Maintenance Control is currently in public preview.
+> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. 
+> For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+> 
+
+## Limitations
+
+- VMs must be on a [dedicated host](./linux/dedicated-hosts.md), or be created using an [isolated VM size](./linux/isolation.md).
+- After 35 days, an update will automatically be applied and availability constraints will not be respected.
+- User must have **Resource Owner** access.
+
+
+## Enable the PowerShell module
+
+Make sure `PowerShellGet` is up to date.
+
+```azurepowershell-interactive
+Install-Module -Name PowerShellGet -Repository PSGallery -Force
+```
+
+The Az.Maintenance PowerShell cmdlets are in preview, so you need to install the module with the `AllowPrerelease` parameter in Cloud Shell or your local PowerShell installation.   
+
+```azurepowershell-interactive
+Install-Module -Name Az.Maintenance -AllowPrerelease
+```
+
+If you are installing locally, make sure you open your PowerShell prompt as an administrator.
+
+You may also be asked to confirm that you want to install from an *untrusted repository*. Type `Y` or select **Yes to All** to install the module.
+
+
+
+## Create a maintenance configuration
+
+Create a resource group as a container for your configuration. In this example, a resource group named *myMaintenanceRG* is created in *eastus*. If you already have a resource group that you want to use, you can skip this part and replace the resource group name with you own in the rest of the examples.
+
+```azurepowershell-interactive
+New-AzResourceGroup `
+   -Location eastus `
+   -Name myMaintenanceRG
+```
+
+Use [New-AzMaintenanceConfiguration](https://docs.microsoft.com/powershell/module/az.maintenance/new-azmaintenanceconfiguration) to create a maintenance configuration. This example creates a maintenance configuration named *myConfig* scoped to the host. 
+
+```azurepowershell-interactive
+$config = New-AzMaintenanceConfiguration `
+   -ResourceGroup myMaintenanceRG `
+   -Name myConfig `
+   -MaintenanceScope host `
+   -Location  eastus
+```
+
+Using `-MaintenanceScope host` ensures that the maintenance configuration is used for controlling updates to the host.
+
+If you try to create a configuration with the same name, but in a different location, you will get an error. Configuration names must be unique to your subscription.
+
+You can query for available maintenance configurations using [Get-AzMaintenanceConfiguration](https://docs.microsoft.com/powershell/module/az.maintenance/get-azmaintenanceconfiguration).
+
+```azurepowershell-interactive
+Get-AzMaintenanceConfiguration | Format-Table -Property Name,Id
+```
+
+## Assign the configuration
+
+Use [New-AzConfigurationAssignment](https://docs.microsoft.com/powershell/module/az.maintenance/new-azconfigurationassignment) to assign the configuration to your isolated VM or Azure Dedicated Host.
+
+### Isolated VM
+
+Apply the configuration to a VM using the ID of the configuration. Specify `-ResourceType VirtualMachines` and supply the name of the VM for `-ResourceName`, and the resource group of the VM for `-ResourceGroupName`. 
+
+```azurepowershell-interactive
+New-AzConfigurationAssignment `
+   -ResourceGroupName myResourceGroup `
+   -Location eastus `
+   -ResourceName myVM `
+   -ResourceType VirtualMachines `
+   -ProviderName Microsoft.Compute `
+   -ConfigurationAssignmentName $config.Name `
+   -MaintenanceConfigurationId $config.Id
+```
+
+### Dedicate host
+
+To apply a configuration to a dedicated host, you also need to include `-ResourceType hosts`, `-ResourceParentName` with the name of the host group, and `-ResourceParentType hostGroups`. 
+
+
+```azurepowershell-interactive
+New-AzConfigurationAssignment `
+   -ResourceGroupName myResourceGroup `
+   -Location eastus `
+   -ResourceName myHost `
+   -ResourceType hosts `
+   -ResourceParentName myHostGroup `
+   -ResourceParentType hostGroups `
+   -ProviderName Microsoft.Compute `
+   -ConfigurationAssignmentName $config.Name `
+   -MaintenanceConfigurationId $config.Id
+```
+
+## Check for pending updates
+
+Use [Get-AzMaintenanceUpdate](https://docs.microsoft.com/powershell/module/az.maintenance/get-azmaintenanceupdate) to see if there are pending updates. Use `-subscription` to specify the Azure subscription of the VM if it is different from the one that you are logged into. 
+
+### Isolated VM
+
+Check for pending updates for an isolated VM. In this example, the output is formatted as a table for readability.
+
+```azurepowershell-interactive
+Get-AzMaintenanceUpdate `
+  -ResourceGroupName myResourceGroup `
+  -ResourceName myVM `
+  -ResourceType VirtualMachines `
+  -ProviderName Microsoft.Compute | Format-Table
+```
+
+### Dedicated host
+
+To check for pending updates for a dedicated host. In this example, the output is formatted as a table for readability. Replace the values for the resources with your own.
+
+```azurepowershell-interactive
+Get-AzMaintenanceUpdate `
+   -ResourceGroupName myResourceGroup `
+   -ResourceName myHost `
+   -ResourceType hosts `
+   -ResourceParentName myHostGroup `
+   -ResourceParentType hostGroups `
+   -ProviderName Microsoft.Compute | Format-Table
+```
+
+## Apply updates
+
+Use [New-AzApplyUpdate](https://docs.microsoft.com/powershell/module/az.maintenance/new-azapplyupdate) to apply pending updates.
+
+### Isolated VM
+
+Create a request to apply updates to an isolated VM.
+
+```azurepowershell-interactive
+New-AzApplyUpdate `
+   -ResourceGroupName myResourceGroup `
+   -ResourceName myVM `
+   -ResourceType VirtualMachines `
+   -ProviderName Microsoft.Compute
+```
+
+### Dedicated host
+
+Apply updates to a dedicated host.
+
+```azurepowershell-interactive
+New-AzApplyUpdate `
+   -ResourceGroupName myResourceGroup `
+   -ResourceName myHost `
+   -ResourceType hosts `
+   -ResourceParentName myHostGroup `
+   -ResourceParentType hostGroups `
+   -ProviderName Microsoft.Compute
+```
+
+## Remove a maintenance configuration
+
+Use [Remove-AzMaintenanceConfiguration](https://docs.microsoft.com/powershell/module/az.maintenance/remove-azmaintenanceconfiguration) to delete a maintenance configuration.
+
+```azurecli-interactive
+Remove-AzMaintenanceConfiguration `
+   -ResourceGroupName myResourceGroup `
+   -Name $config.Name
+```
+
+## Next steps
+To learn more, see [Maintenance and updates](maintenance-and-updates.md).
diff --git a/articles/virtual-machines/windows/toc.yml b/articles/virtual-machines/windows/toc.yml
@@ -418,6 +418,8 @@
         href: ../maintenance-notifications-powershell.md?toc=/azure/virtual-machines/windows/toc.json&bc=/azure/virtual-machines/windows/breadcrumb/toc.json
     - name: Maintenance control
       items:
+      - name: PowerShell
+        href: ../maintenance-control-powershell.md?toc=/azure/virtual-machines/windows/toc.json&bc=/azure/virtual-machines/windows/breadcrumb/toc.json
       - name: CLI
         href: ../maintenance-control-cli.md?toc=/azure/virtual-machines/windows/toc.json&bc=/azure/virtual-machines/windows/breadcrumb/toc.json
     - name: Scheduled events
