我正在使用Azure更新管理来修补我的机器,并且可以在其中一列中轻松查看我的虚拟机列表及其合规状态,知道如何使用带有AzureRM或Az CLI的Powershell获取相同的信息吗?
感谢
如果您想获得不兼容的虚拟机,可以尝试此脚本。此脚本使用新的Az模块,如果使用旧的AzureRM模块,请将Get-AzContext更改为Get-AzureRmContext,如下所示。
param (
$SUBSCRIPTIONID,
$AUTOMATIONACCOUNTNAME,
$RESOURCEGROUPNAME,
$WORKSPACE
)
#region - Generate a bearer token
$azureRmProfile = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile
$currentAzureContext = Get-AzureRmContext
$profileClient = New-Object Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient($azureRmProfile)
$token = $profileClient.AcquireAccessToken($currentAzureContext.Subscription.TenantId)
#endregion
$Query = @"
{
"top": 1000000000,
"query": "Heartbeatn| where TimeGenerated>ago(12h) and OSType=="Linux" and notempty(Computer) | where ComputerEnvironment=~"Azure"n| summarize arg_max(TimeGenerated, Solutions, Computer, ResourceId, ComputerEnvironment, VMUUID) by SourceComputerIdn| where Solutions has "updates" n| extend vmuuId=VMUUID, azureResourceId=ResourceId, osType=1,nenvironment=iff(ComputerEnvironment=~"Azure", 1, 2),nscopedToUpdatesSolution=true, lastUpdateAgentSeenTime=""n| join kind=leftouter (Updaten| where TimeGenerated>ago(5h) and OSType=="Linux" and SourceComputerId in ((Heartbeatn| where TimeGenerated>ago(12h) and OSType=="Linux" and notempty(Computer)n| summarize arg_max(TimeGenerated, Solutions) by SourceComputerIdn| where Solutions has "updates" | distinct SourceComputerId)) | where ComputerEnvironment=~"Azure"n| summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification, Product, Computer, ComputerEnvironment) by SourceComputerId, Product, ProductArch n| summarize Computer=any(Computer), ComputerEnvironment=any(ComputerEnvironment), missingCriticalUpdatesCount=countif(Classification has "Critical" and UpdateState=~"Needed"),nmissingSecurityUpdatesCount=countif(Classification has "Security" and UpdateState=~"Needed"),nmissingOtherUpdatesCount=countif(Classification !has "Critical" and Classification !has "Security" and UpdateState=~"Needed"),nlastAssessedTime=max(TimeGenerated), lastUpdateAgentSeenTime="" by SourceComputerIdn| extend compliance=iff(missingCriticalUpdatesCount > 0 or missingSecurityUpdatesCount > 0, 2, 1)n| extend ComplianceOrder=iff(missingCriticalUpdatesCount > 0 or missingSecurityUpdatesCount > 0 or missingOtherUpdatesCount > 0, 1, 3)) on SourceComputerIdn| project id=SourceComputerId, displayName=Computer ,sourceComputerId=SourceComputerId, azureResourceId, scopedToUpdatesSolution=true,nmissingCriticalUpdatesCount=coalesce(missingCriticalUpdatesCount, -1), missingSecurityUpdatesCount=coalesce(missingSecurityUpdatesCount, -1), missingOtherUpdatesCount=coalesce(missingOtherUpdatesCount, -1), compliance=coalesce(compliance, 4), lastAssessedTime, lastUpdateAgentSeenTime, osType=1, environment=iff(ComputerEnvironment=~"Azure", 1, 2), ComplianceOrder=coalesce(ComplianceOrder, 2)n | where compliance in (2) | union(Heartbeatn| where TimeGenerated>ago(12h) and OSType=~"Windows" and notempty(Computer) | where ComputerEnvironment=~"Azure"n| summarize arg_max(TimeGenerated, Solutions, Computer, ResourceId, ComputerEnvironment, VMUUID) by SourceComputerIdn| where Solutions has "updates" n| extend vmuuId=VMUUID, azureResourceId=ResourceId, osType=2,nenvironment=iff(ComputerEnvironment=~"Azure", 1, 2),nscopedToUpdatesSolution=true, lastUpdateAgentSeenTime=""n| join kind=leftouter (Updaten| where TimeGenerated>ago(14h) and OSType!="Linux" and SourceComputerId in ((Heartbeatn| where TimeGenerated>ago(12h) and OSType=~"Windows" and notempty(Computer)n| summarize arg_max(TimeGenerated, Solutions) by SourceComputerIdn| where Solutions has "updates" | distinct SourceComputerId)) | where ComputerEnvironment=~"Azure"n| summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification, Title, Optional, Approved, Computer, ComputerEnvironment) by Computer, SourceComputerId, UpdateID n| summarize Computer=any(Computer), ComputerEnvironment=any(ComputerEnvironment), missingCriticalUpdatesCount=countif(Classification has "Critical" and UpdateState=~"Needed" and Approved!=false),nmissingSecurityUpdatesCount=countif(Classification has "Security" and UpdateState=~"Needed" and Approved!=false),nmissingOtherUpdatesCount=countif(Classification !has "Critical" and Classification !has "Security" and UpdateState=~"Needed" and Optional==false and Approved!=false),nlastAssessedTime=max(TimeGenerated), lastUpdateAgentSeenTime="" by SourceComputerIdn| extend compliance=iff(missingCriticalUpdatesCount > 0 or missingSecurityUpdatesCount > 0, 2, 1)n| extend ComplianceOrder=iff(missingCriticalUpdatesCount > 0 or missingSecurityUpdatesCount > 0 or missingOtherUpdatesCount > 0, 1, 3)) on SourceComputerIdn| project id=SourceComputerId, displayName=Computer, sourceComputerId=SourceComputerId, azureResourceId, scopedToUpdatesSolution=true,nmissingCriticalUpdatesCount=coalesce(missingCriticalUpdatesCount, -1), missingSecurityUpdatesCount=coalesce(missingSecurityUpdatesCount, -1), missingOtherUpdatesCount=coalesce(missingOtherUpdatesCount, -1), compliance=coalesce(compliance, 4), lastAssessedTime, lastUpdateAgentSeenTime, osType=2, environment=iff(ComputerEnvironment=~"Azure", 1, 2), ComplianceOrder=coalesce(ComplianceOrder, 2)n | where compliance in (2)) | order by ComplianceOrder asc, missingCriticalUpdatesCount desc, missingSecurityUpdatesCount desc, missingOtherUpdatesCount desc, displayName asc"
}
"@
$result = Invoke-RestMethod -Uri "https://management.azure.com/subscriptions/$($SUBSCRIPTIONID)/resourcegroups/$($RESOURCEGROUPNAME)/microsoft.operationalinsights/workspaces/$($WORKSPACE)/query?api-version=2017-10-01&q_OrchestratorExtension.DataModels.Computer" -Headers @{
Authorization = "Bearer {0}" -f ($token.AccessToken)
} -Method Post -Body ($Query) -ContentType 'application/json'
$Collection = @()
$result.tables.rows | %{
$Collection += [pscustomobject]@{
VMName = $_[1]
CriticalUpdateMissing = $_[5]
SecurityUpdateMissing = $_[6]
}
}
$Collection
首先,停止使用AzureRM Cmdlet。请改用新的Az CMDlets。
没有cmdlet可用于获取现成的修补程序状态。
您可以从链接的日志分析帐户(如(获取状态
UpdateSummary
| where OldestMissingSecurityUpdateInDays != 0
| summarize Computer = dcount(Computer == "Resource") by Resource
或者您正在使用新的Graph-API:https://learn.microsoft.com/en-us/graph/api/intune-shared-windowsupdatestate-get?view=graph-剩余β