Introduction
Azure Update Management Center is a service that helps you manage and apply updates to your Azure and hybrid servers. It’s built on top of Azure Arc for Servers, which enables you to manage and monitor servers that are running in other clouds. Using Azure Update Management Center, you can schedule update deployments, track their progress, and troubleshoot any issues that arise.
Revolutionize Your Security Operations with Microsoft Sentinel
Discover the Next-Generation SIEM Solution: Contact Us to Learn How Microsoft Sentinel Can Transform Your Security Operations
Call to Action
The KQL query is used to identify failed update deployments in Azure Update Management Center. The query filters for operation names that include “Microsoft.Compute/virtualMachines/installPatches/action” and activity statuses that are “Failed,” indicating that the update deployment did not succeed.
AzureActivity | where OperationNameValue == "Microsoft.Compute/virtualMachines/installPatches/action" and ActivityStatusValue == "Failed"
| where ResourceProviderValue == "MICROSOFT.HYBRIDCOMPUTE"
| extend Server = Properties_d.resource
| extend ["Resource Group"] = Properties_d.resourceGroup
| extend ["Subscription ID"] = Properties_d.subscriptionId
| project TimeGenerated,Server,['Resource Group'],['Subscription ID']
| sort by TimeGenerated