Associate a maintenance configuration#

Reliability · Virtual Machine · Rule · 2024_06 · Important

Use a maintenance configuration for virtual machines.

Description#

Azure Virtual Machines (VMs) support maintenance configurations. You can use the Maintenance Configurations to control and manage updates for Azure VM resources. Configuring a maintenance window and time zone allows you to reduce disruptions to your workloads during peak hours.

If a maintenance configuration is not associated:

Updates managed by the platform may be still be scheduled for your virtual machine.
The schedule determined by the platform may not align with your maintenance window.

Maintenance configurations also integrate with Azure Update Manager. Azure Update Manager can be used to apply guest operating system (OS) updates to keep your VMs secure and compliant.

Recommendation#

Consider associating a maintenance configuration to your VM to reduce unplanned disruptions to your workloads.

Examples#

Configure with Azure template#

To deploy virtual machines that pass this rule:

Deploy a Microsoft.Maintenance/configurationAssignments sub-resource (extension resource).
Set the properties.maintenanceConfigurationId property to the linked maintenance configuration resource Id.

For example:

Azure Template snippet

{
  "type": "Microsoft.Maintenance/configurationAssignments",
  "apiVersion": "2023-04-01",
  "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('name'))]",
  "name": "[parameters('name')]",
  "location": "[parameters('location')]",
  "properties": {
    "maintenanceConfigurationId": "[resourceId('Microsoft.Maintenance/maintenanceConfigurations', parameters('name'))]"
  },
  "dependsOn": [
    "[resourceId('Microsoft.Maintenance/maintenanceConfigurations', parameters('name'))]",
    "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]"
  ]
}

Configure with Bicep#