Updating Azure Arc Extensions

If you have onboarded your on-prem servers to Azure Arc, you are already exploring taking advantage of the Update Management Center and its functionality. While even in preview it offers a lot of features, you have probably noticed that some of the extensions deployed to the servers currently do not support automatic updates.

This is fine if you have a handful of servers, but what if you have an environment with hundreds of machines - drilling into each machine through the UI and updating the extension(s) manually is a lot of overhead. 

Fear not, while there are probably ways to solve that via graph api, following the example here, I was able to leverage Azure CLI and have it do the heavy lifting. 

Here is an example of using Azure CLI to upgrade the WindowsOsUpdateExtension to version, targeting serves in the RG-AzureArc resource group, tagged with the key/value pair "Environment: Test":

az connectedmachine list --resource-group "RG-AzureArc" --query "[?tags.Environment=='Test'].name" --output tsv |

while read -r machine_name; do

    # Upgrade extension on each machine

    az connectedmachine upgrade-extension --machine-name "$machine_name" --resource-group "RG-AzureArc" --extension-targets '{"Microsoft.SoftwareUpdateManagement.WindowsOsUpdateExtension":{"targetVersion":""}}'


You can obviously substitute the name of the extension, version, names of resource group, etc. to the ones you want to target.

Depending on how many servers you have, it may take some time for it to go through all of them. 

You should also read:

Azure Key Vault Pt.1

As you learn to use IaC and Terraform, it is natural to progress from initially supplying credentials for a resource in the main.tf…

Azure Hybrid Connect

Background: The organization I work for needed to move over 100 internally hosted apps to Azure's web app hosting functionality due to soon-to-be…