azure azure-resource-manager azure-powershell azure-automation azure-log-analytics

Azure ARM - Update Management - VMs onboarding

I have prepared template for VMs onboarding into Update Management, tasks covered by the ARM: MMA agent installation, connecting VM to workspace. ARM works quite ok, but after deployment there is one additional task to do, I have to manually enable VM in Update Management console. I know that I can enable auto-onboarding in Manage Machines section, but I would like to have control over VMs, and decide what VM will be onboarded or not. My template presented below, is there any method to fully onboard VMs into Update Management using ARM template?

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "vmName": {
            "type": "string",
            "minLength": 1,
            "metadata": {
                "description": "List of virtual machines to be Lg Analytics Joined joined, if using multiple VMs, make their names comma separate. E.g. VM01, VM02, VM03."
            },
            "defaultValue": "VM1,VM2"
        },
        "Location":{
            "type": "string",
            "metadata": {
                "description": "Location of the VM"
            },
            "defaultvalue": "WestEurope"
        },

        "OMSWorkspaceResourceGroup":{
            "type": "string",
            "metadata": {
                "description": "OMSWorkspace RESOURCE GROUP"
            },
            "defaultvalue": "yourLogAnalyticsRG"
        },
        "omsWorkspacename": {
            "type": "string",
            "metadata": {
                "description": "OMSWorkspaceName"
            },
            "defaultvalue": "YourLoganalyticsworkspacename"
        }
    },
    "variables": {

        "vmListArray": "[split(parameters('vmName'),',')]"
    },
    "resources": [
        {
            "comments": "LogAnalyticsExtention",
            "apiVersion": "2019-07-01",
            "location": "[parameters('Location')]",
            "type": "Microsoft.Compute/virtualMachines/extensions",
            "name": "[concat(trim(variables('vmListArray')[copyIndex()]),'/MicrosoftMonitoringAgent')]",
            "copy": {
                "name": "ExtentionLooptoAllVMs",
                "count": "[length(variables('vmListArray'))]"
            },
            "properties": {
                "publisher": "Microsoft.EnterpriseCloud.Monitoring",
        "type": "MicrosoftMonitoringAgent",
        "typeHandlerVersion": "1.0",
        "autoUpgradeMinorVersion": true,
                "settings": {
                    "workspaceId": "[reference(resourceId(parameters('OMSWorkspaceResourceGroup'), 'Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspacename')), '2015-11-01-preview').customerId]"
                },
                "protectedSettings": {
                    "workspaceKey": "[listKeys(resourceId(parameters('OMSWorkspaceResourceGroup'),'Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspacename')),'2015-11-01-preview').primarySharedKey]"
                }
            }
        }
    ]
}

Solution

I have completed the task. I used default Scope configuration and default Computer query. These two components are being created during enabling Update Management solution from azure portal. Solution works, and if somebody would like to know the detail please contact me.