Maintain Your Microsoft Monitoring Agent Up To Date With Azure Automation

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

Hi there :smile:.

Today, I am here again, to present one of the possible solutions to keep the Microsoft Monitoring Agent (MMA) installed on your virtual machine up to date with roughly 0 effort.

The reason why I started playing with this theme, is because I couldn’t keep up with the latest and greatest MMA releases that comes as part of the Azure world, easily and in a time saving way.

 

Everybody knows that from time to time, thanks to the work and effort of our colleagues, we get new Log Analytics Agent version available. These updates open the door to more stability and new features.

 

AgentVersion.PNG

 

As I anticipated there are several methods of updating the MMA once installed and your choice is mostly related to the way the MMA was installed. In fact, if it has been installed as Virtual Machine (VM) extension, it gets updated automatically as part of the infrastructure maintenance that is in charge to Microsoft (see Shared responsibility in the cloud).

 

Same for those VMs which have been configured using Azure Policies (with Azure Security Center for instance).

 

But what if you are managing a hybrid environment? What happen if you installed the agent manually? Even more, do you get any Windows Update if you selected ”I don’t want to …” in the following window?

 

WindowsUpdate.png

 

 

NOTE: If you selected “Use Microsoft Update …” the update will be presented together with other updates, meaning that you have to rely on your patch management process and tool.

 

 

Well in this case you need to take care of your agent version manually and here it comes my idea.

 

Since Azure offers lots of services and one of them is the Azure Automation, why not using it?

Based on that, I created a very simple PowerShell Automation Runbook, based on a PowerShell script, that does the stuff for you. Of course, my approach is just an example, but you could leverage the idea or the attached script in your environment if you like.

 

I want to point out that:

  • Test is always recommended to make sure it works as expected.
  • You might need to check and eventually adjust the Invoke-WebRequest command line to include the proxy server and the related credentials if necessary (see the commented line in the script).

The script is very easy, as you can see. It just goes over some links, downloads the files in the C:\Temp folder (the path existence is verified and created if necessary) and execute them.

 

 

 

 

 

 

# Setting variables $setupFilePath = "C:\Temp" # Setting variables specific for MMA $setupMmaFileName = "MMASetup-AMD64.exe" $argumentListMma = '/C:"setup.exe /qn /l*v C:\Temp\AgentUpgrade.log AcceptEndUserLicenseAgreement=1"' $URI_MMA = "https://aka.ms/MonitoringAgentWindows" # Setting variables specific for DependencyAgent $setupDependencyFileName = "InstallDependencyAgent-Windows.exe" $argumentListDependency = '/C:" /S /RebootMode=manual"' $URI_Dependency = "https://aka.ms/DependencyAgentWindows" # Checking if temporary path exists otherwise create it if(!(Test-Path $setupFilePath)) {     Write-Output "Creating folder $setupFilePath since it does not exist ... "     New-Item -path $setupFilePath -ItemType Directory     Write-Output "Folder $setupFilePath created successfully." } #Check if the file was already downloaded hence overwrite it, otherwise download it from scratch if (Test-Path $($setupFilePath+"\"+$setupMmaFileName)) {     Write-Output "The file $setupMmaFileName already exists, overwriting with a new copy ... " } else {     Write-Output "The file $setupMmaFileName does not exist, downloading ... " } # Downloading the file try {     $Response = Invoke-WebRequest -Uri $URI_MMA -OutFile $($setupFilePath+"\"+$setupMmaFileName) -ErrorAction Stop     ##$Response = Invoke-WebRequest -Uri $URI_MMA -Proxy "http://myproxy:8080/" -ProxyUseDefaultCredentials -OutFile $($setupFilePath+"\"+$setupMmaFileName) -ErrorAction Stop     #$StatusCode = $Response.StatusCode     # This will only execute if the Invoke-WebRequest is successful.     Write-Output "Download of $setupMmaFileName, done!"     Write-Output "Starting the upgrade process ... "     start-process $($setupFilePath+"\"+$setupMmaFileName) -ArgumentList $argumentListMma -Wait     Write-Output "Agent Upgrade process completed."     Write-Output "Checking if Microsoft Dependency Agent is installed ..."     try     {         Get-Service -Name MicrosoftDependencyAgent -ErrorAction Stop | Out-Null         Write-Output "Microsoft Dependency Agent is installed. Moving on with the upgrade."         if (Test-Path $($setupFilePath+"\"+$setupDependencyFileName))         {             Write-Output "The file $setupDependencyFileName already exists, overwriting with a new copy ... "         }         else         {             Write-Output "The file $setupDependencyFileName does not exist, downloading ... "         }         try         {             $Response = Invoke-WebRequest -Uri $URI_Dependency -OutFile $($setupFilePath+"\"+$setupDependencyFileName) -ErrorAction Stop             #$Response = Invoke-WebRequest -Uri $URI_Dependency -Proxy "http://myproxy:8080/" -ProxyUseDefaultCredentials -OutFile $($setupFilePath+"\"+$setupDependencyFileName) -ErrorAction Stop             Write-Output "Download of $setupDependencyFileName, done!"             Write-Output "Starting the upgrade process ... "             start-process $($setupFilePath+"\"+$setupDependencyFileName) -ArgumentList $argumentListDependency -Wait             Write-Output "Dependency Agent Upgrade process completed."         }         catch         {             Write-Output "Error downloading the new Microsoft Dependency Agent installer"         }     }     catch     {         Write-Output "Dependency Agent is not installed."     } } catch {     $StatusCode = $_.Exception.Response.StatusCode.value__     Write-Output "An error occurred during file download. The error code code is ==$StatusCode==." } # Logging runbook completion Write-Output "Runbook execution completed."

 

 

 

 

 

 

As you can see, I am also taking care of the Microsoft Dependency Agent used by both the Azure Monitor for VMs and Service Map.

 

Provided that you already have an Automation Account already created and configured as well as the Hybrid Runbook Worker deployed, all you need to do is to import the runbook and schedule it accordingly. Wait for the execution and the game is done …

 

Thanks,

Bruno :lol:

 

Disclaimer

The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.