Azure · AlexanderSehr · Sep 13, 2023 · Sep 11, 2023 · Sep 12, 2023 · Sep 12, 2023
@@ -49,7 +49,9 @@ module testDeployment '../../main.bicep' = {
   params: {
     enableDefaultTelemetry: enableDefaultTelemetry
     name: '${namePrefix}${serviceShort}001'
-    extensionProperties: {}
+    extensionProperties: {
+      InGuestPatchMode: 'User'
+    }
     lock: 'CanNotDelete'
     tags: {
       'hidden-title': 'This is visible in the resource name'
@@ -65,15 +67,31 @@ module testDeployment '../../main.bicep' = {
         principalType: 'ServicePrincipal'
       }
     ]
-    maintenanceScope: 'OSImage'
+    maintenanceScope: 'InGuestPatch'
     maintenanceWindow: {
-      duration: '05:00'
+      duration: '03:00'
       expirationDateTime: '9999-12-31 23:59:59'
       recurEvery: 'Day'
       startDateTime: '2022-12-31 13:00'
       timeZone: 'W. Europe Standard Time'
     }
     namespace: '${serviceShort}ns'
     visibility: 'Custom'
+    installPatches: {
+      linuxParameters: {
+        classificationsToInclude: null
+        packageNameMasksToExclude: null
+        packageNameMasksToInclude: null
+      }
+      rebootSetting: 'IfRequired'
+      windowsParameters: {
+        classificationsToInclude: [
+          'Critical'
+          'Security'
+        ]
+        kbNumbersToExclude: null
+        kbNumbersToInclude: null
+      }
+    }
   }
 }
@@ -16,7 +16,7 @@ This module deploys a Maintenance Configuration.
 | :-- | :-- |
 | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
 | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
-| `Microsoft.Maintenance/maintenanceConfigurations` | [2021-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Maintenance/2021-05-01/maintenanceConfigurations) |
+| `Microsoft.Maintenance/maintenanceConfigurations` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Maintenance/2023-04-01/maintenanceConfigurations) |
 
 ## Parameters
 
@@ -32,6 +32,7 @@ This module deploys a Maintenance Configuration.
 | :-- | :-- | :-- | :-- | :-- |
 | `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via a Globally Unique Identifier (GUID). |
 | `extensionProperties` | object | `{object}` |  | Gets or sets extensionProperties of the maintenanceConfiguration. |
+| `installPatches` | object | `{object}` |  | Configuration settings for VM guest patching with Azure Update Manager. |
 | `location` | string | `[resourceGroup().location]` |  | Location for all Resources. |
 | `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
 | `maintenanceScope` | string | `'Host'` | `[Extension, Host, InGuestPatch, OSImage, SQLDB, SQLManagedInstance]` | Gets or sets maintenanceScope of the configuration. |
@@ -212,10 +213,28 @@ module maintenanceConfiguration './maintenance/maintenance-configuration/main.bi
     name: 'mmccom001'
     // Non-required parameters
     enableDefaultTelemetry: '<enableDefaultTelemetry>'
-    extensionProperties: {}
+    extensionProperties: {
+      InGuestPatchMode: 'User'
+    }
+    installPatches: {
+      linuxParameters: {
+        classificationsToInclude: '<classificationsToInclude>'
+        packageNameMasksToExclude: '<packageNameMasksToExclude>'
+        packageNameMasksToInclude: '<packageNameMasksToInclude>'
+      }
+      rebootSetting: 'IfRequired'
+      windowsParameters: {
+        classificationsToInclude: [
+          'Critical'
+          'Security'
+        ]
+        kbNumbersToExclude: '<kbNumbersToExclude>'
+        kbNumbersToInclude: '<kbNumbersToInclude>'
+      }
+    }
     lock: 'CanNotDelete'
     maintenanceWindow: {
-      duration: '05:00'
+      duration: '03:00'
       expirationDateTime: '9999-12-31 23:59:59'
       recurEvery: 'Day'
       startDateTime: '2022-12-31 13:00'
@@ -262,14 +281,34 @@ module maintenanceConfiguration './maintenance/maintenance-configuration/main.bi
       "value": "<enableDefaultTelemetry>"
     },
     "extensionProperties": {
-      "value": {}
+      "value": {
+        "InGuestPatchMode": "User"
+      }
+    },
+    "installPatches": {
+      "value": {
+        "linuxParameters": {
+          "classificationsToInclude": "<classificationsToInclude>",
+          "packageNameMasksToExclude": "<packageNameMasksToExclude>",
+          "packageNameMasksToInclude": "<packageNameMasksToInclude>"
+        },
+        "rebootSetting": "IfRequired",
+        "windowsParameters": {
+          "classificationsToInclude": [
+            "Critical",
+            "Security"
+          ],
+          "kbNumbersToExclude": "<kbNumbersToExclude>",
+          "kbNumbersToInclude": "<kbNumbersToInclude>"
+        }
+      }
     },
     "lock": {
       "value": "CanNotDelete"
     },
     "maintenanceWindow": {
       "value": {
-        "duration": "05:00",
+        "duration": "03:00",
         "expirationDateTime": "9999-12-31 23:59:59",
         "recurEvery": "Day",
         "startDateTime": "2022-12-31 13:00",

@@ -57,6 +57,9 @@ param tags object = {}
 ])
 param visibility string = ''
 
+@description('Optional. Configuration settings for VM guest patching with Azure Update Manager.')
+param installPatches object = {}
+
 // =============== //
 //   Deployments   //
 // =============== //
@@ -73,7 +76,7 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena
   }
 }
 
-resource maintenanceConfiguration 'Microsoft.Maintenance/maintenanceConfigurations@2021-05-01' = {
+resource maintenanceConfiguration 'Microsoft.Maintenance/maintenanceConfigurations@2023-04-01' = {
   location: location
   name: name
   tags: tags
@@ -83,6 +86,7 @@ resource maintenanceConfiguration 'Microsoft.Maintenance/maintenanceConfiguratio
     maintenanceWindow: maintenanceWindow
     namespace: namespace
     visibility: visibility
+    installPatches: (maintenanceScope == 'InGuestPatch') ? installPatches : null
   }
 }
 

@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.20.4.51522",
-      "templateHash": "16739611821824144982"
+      "templateHash": "10129717833290964188"
     },
     "name": "Maintenance Configurations",
     "description": "This module deploys a Maintenance Configuration.",
@@ -105,6 +105,13 @@
       "metadata": {
         "description": "Optional. Gets or sets the visibility of the configuration. The default value is 'Custom'."
       }
+    },
+    "installPatches": {
+      "type": "object",
+      "defaultValue": {},
+      "metadata": {
+        "description": "Optional. Configuration settings for VM guest patching with Azure Update Manager."
+      }
     }
   },
   "resources": [
@@ -124,7 +131,7 @@
     },
     {
       "type": "Microsoft.Maintenance/maintenanceConfigurations",
-      "apiVersion": "2021-05-01",
+      "apiVersion": "2023-04-01",
       "name": "[parameters('name')]",
       "location": "[parameters('location')]",
       "tags": "[parameters('tags')]",
@@ -133,7 +140,8 @@
         "maintenanceScope": "[parameters('maintenanceScope')]",
         "maintenanceWindow": "[parameters('maintenanceWindow')]",
         "namespace": "[parameters('namespace')]",
-        "visibility": "[parameters('visibility')]"
+        "visibility": "[parameters('visibility')]",
+        "installPatches": "[if(equals(parameters('maintenanceScope'), 'InGuestPatch'), parameters('installPatches'), null())]"
       }
     },
     {
@@ -327,7 +335,7 @@
       "metadata": {
         "description": "The location the Maintenance Configuration was created in."
       },
-      "value": "[reference(resourceId('Microsoft.Maintenance/maintenanceConfigurations', parameters('name')), '2021-05-01', 'full').location]"
+      "value": "[reference(resourceId('Microsoft.Maintenance/maintenanceConfigurations', parameters('name')), '2023-04-01', 'full').location]"
     }
   }
 }