Enable Azure Update Management in Azure Firewall


azure

When you have Windows VM’s in an Azure network and internet traffic is routed through your Azure Firewall, and you need to allow them to update, either with Automatic updates, or Azure Update management. There are a few things you need to allow to get through your FW.
Add the following rules and you will have it up and running in no time.

Go to the Azure Firewall in the Azure portal.
Rules -> Application Rule Collection
+ Add application rule collection

Rule 1
Name: Windows_Update (No whitespace)
Priority: 2000 (A number between 100-65000)
Action: Allow
Rule, FQDN Tags:
Name:Windows Update
Source Type: IP Address
Source: Prefix of vNet/Subnet or host, ex. 10.1.0.0/22
FQDN tags: WindowsUpdate (Select in the dropdown)

Rule 2
Name: Monitoring_Agent (No whitespace)
Priority: 2100 (A number between 100-65000)
Action: Allow
Rule, Target FQDNs:
Name:OMS Agent
Source Type: IP Address
Source: Prefix of vNet/Subnet or host, ex. 10.1.0.0/22
Protocol:Port: https:443
Target FQDNs: *.ods.opinsights.azure.com,*.oms.opinsights.azure.com,*.blob.core.windows.net

Rule 3
Name: Hybrid_Runbook_Worker (No whitespace)
Priority: 2200 (A number between 100-65000)
Action: Allow
Rule, Target FQDNs:
Name:Hybrid Runbook Worker
Source Type: IP Address
Source: Prefix of vNet/Subnet or host, ex. 10.1.0.0/22
Protocol:Port: https:443
Target FQDNs: *.azure-automation.net

 

References

FQDN tags overview
https://docs.microsoft.com/en-us/azure/firewall/fqdn-tags

Connect Operations Manager to Azure Monitor
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/om-agents

Hybrid Runbook Worker overview
https://docs.microsoft.com/en-us/azure/automation/automation-hybrid-runbook-worker

 

Thanks to:
Joakim Gräns – Asurgent AB


___________________________________________________________________________________________________

Enjoy!

Regards

 Thomas Odell Balkeståhl on LinkedIn

 

Installing Cumulative updates – current best practice


This is not brand new info, but I think it is important enough to mention again. Huge improvement!

Just a repeat on the current(August 31, 2011) best practice:

Updates for SharePoint 2010 Products
http://technet.microsoft.com/en-us/sharepoint/ff800847

Best practice

The packaging of cumulative updates changed as of August 31, 2011. The following packages are provided for cumulative updates:

  • SharePoint Foundation 2010
  • SharePoint Foundation 2010 + SharePoint Server 2010
  • SharePoint Foundation 2010 + SharePoint Server 2010 + Project Server 2010

As a result of the new packaging, it is no longer necessary to install the SharePoint Foundation cumulative update and then install the SharePoint Server cumulative update.

Previously, the recommendation was to install first foundation, then server, then project if you had project server installed. What this means is that you no longer have to do all of them, just the package that contains all of your updates. If you are running server, install the server package only. (these packages have before been called Überpackages, they are now ‘reinstated’)

Happy patching