Introduction
Azure Update Manager is a service that helps you manage and apply updates to your Azure and hybrid servers. It’s built on top of Azure Arc for Servers, which enables you to manage and monitor servers that are running in other clouds. Using Azure Update Manager, you can schedule update deployments, track their progress, and troubleshoot any issues that arise.
The KQL query is used to identify failed update deployments in Azure Update Manager. The query filters for operation names that include “Microsoft.Compute/virtualMachines/installPatches/action” and activity statuses that are “Failed,” indicating that the update deployment did not succeed.
AzureActivity | where OperationNameValue == "Microsoft.Compute/virtualMachines/installPatches/action" and ActivityStatusValue == "Failed"
| where ResourceProviderValue == "MICROSOFT.HYBRIDCOMPUTE"
| extend Server = Properties_d.resource
| extend ["Resource Group"] = Properties_d.resourceGroup
| extend ["Subscription ID"] = Properties_d.subscriptionId
| project TimeGenerated,Server,['Resource Group'],['Subscription ID']
| sort by TimeGenerated
Results
