 Look at that we're live. I know a and we're talking about updates today. We are Should be some fun times man. We got like what how long are these things 90 minutes, right? We have up to 90 minutes but this is a short Module so I don't know a question. We're gonna need all of that time unless The audience has tons of questions in which case we are more than happy to take 90 minutes and answer all those questions Absolutely, so we're streaming live on Microsoft learn TV at aka ms slash Learn TV you can also catch us on various different twitch channels and also YouTube channels as well But we're gonna be spending the next 90 minutes going on and talking about the Azure update service My name is Rick Klaus. I'm a principal cloud advocate that leads a team of folks that talk about operations type things For Microsoft and I'm joined today by my good friend Pierre Roma, I'm my cloud advocate as well and I Report to this guy down here. So so your boss is watching we're actually watching this time I can't make any jokes about you your hat or your beard The important part I want to say is because you have the screen up in a slide right the slide up in the screen right now Is you can use that QR code to be able to go off and follow along with us? This is a Microsoft learn module specifically talking about Azure update service and what you can do with it I see that Andrew McCollum was asking us some questions as well saying hey Are you gonna be talking about best practices or tips? What do you think Pierre should do that or what? I think we're gonna cover some of that While we're going through the module, but the main point is for the uninitiated to go through the learn module and learn how they can manage their updates all In Azure, right exactly. So yes, no, definitely gonna be time at the end I talked about some stuff about alerting and scheduling as an example Pierre and I can go through some Example schedules you might want to try to implement once you understand that basics of how the service works So all that kind of good stuff happens to be there Now are we gonna show the actual introduction module with like the breakdown of the scenario? Are we just gonna talk about the scenario that we're gonna be covering today, Pierre? What do you think we should be doing? I mean this one There we go So yes, this is as you as you saw a very short module as sorry short short set of Creations for this Microsoft learn module. It's made up of five or sure eight units in total Two of them are demo at the end. We'll talk about that But we're only covering the basics of hey, do you understand the concept of updating? Can you describe what Azure updates happens to be can you go and deploy updates can review whether or not they were effective or not? Can you manage alerts and updates for your Azure VMs? But you've actually got some cool stuff to show us for this is not just for Azure VMs But it's for other VMs as well, right? That's correct. Well, it's not it's not just only for VMs. You can do Update management for all of your VMs whether or not they're on-prem or in Azure or in other clouds whether they're physical boxes or Arc-enable servers So you can manage them all in one pane of glass. Nice Now there is a scenario that we're covering but essentially the scenario is you work in a hybrid environment You've got yourself set up. I think it's on the next slide there Mr. Pierre There we go. Thank you the scenario basically again medium-sized company using Windows update as an update mechanism for being able to update your servers You've got a variety of different type of hosts that you're having to manage both 2012 and 2019 Also potentially Linux hosts as well. We can talk about that in a bit with some added functionality But the idea is that we're supposed to set up some level of automation that goes through and monitors the fact that your machines are in compliance You have a timely update process for all the machines across your entire footprint That happens to be out there and that you're able to go through and have notifications that take place on the success or the Failure of these different updates being applied to your individual machines There'll be stuff covering about how to enroll your your machines into the update process I think you actually cover off how to install it first I cover the enrolling the machines inside the process and how to actually configure and work with it And then we'll also be giving you access to some videos inside these modules to go and try this out yourself now You went ahead and actually configured a setting or sort of configured this To be able to do some live demos. I'm going to be doing some time compressed demos later on during the session So we're going to be a mixture both of live stuff and also have recorded stuff Just to be able to make sure that you have the best experience And the demos that we will be showing you during this particular session Are something that you have access to by simply completing that Microsoft learn module because the videos are embedded That you can go off and try yourself if you don't have the ability to set up an environment yourself But little caveat here two things Number one the demo the live demo is set up kind of like a cooking show because This like And under other monitoring systems once you enable them enroll machines into Into the azure update management environment It actually takes a while for those machines to get the agent do the inventory report the inventory analyze the inventory And then bubble that up to the ui. So i've kind of just set it up As a cooking show number two Since we decided to do this and we've published these learning path We have submitted some changes because the ui has been updated lately But those changes and are still going through the process of actually making it Into the learn module. So the steps are almost all the same But there's a few little nuances here and there that you'll have to Be careful of and i'll walk you through them as we get through this Yeah, no, it's definitely fun the whole concept of cloud based software, right? We're continuously evolving and changing things The basic steps are the same the basic concepts are the same It's simply a matter of making the ui more fluid Making it more intuitive and this sort of stuff based on your feedback So the learn module will catch up with where the current azure portal happens to be Right now. That's right. Perfect. I don't know man like Like, uh, let's actually get started. I'm excited to talk about updates I mean updates is something that all of us have to deal with on a regular basis. Um, so The first part of understanding is the fact that update management Really is a matter of combining a couple of different things to turn into what the service is known as update management But uh, this is simply a reoccurring task. We all have to deal with at some point in time We have to maintain our servers Actually, I think our good friend oran thomas likes to talk about this whole concept of a shared responsibility model when you start using the cloud environment, right? We provide you with the base infrastructure in the fabric to be able to run your ias instances and your other services off of However, you still have to go and make sure that you update those operating systems on a regular basis Like when you go and you deploy a new windows server operating system or a new ubuntu linux operating system on top of virtual machine It's only as current as when that image was created inside of the marketplace or inside of your own Private marketplace when you go off and do that deploy so Updates are still required still require maintenance windows to be able to do it And still requires some level of work on your part to be able to go off and to go and make that happy now. Yes, however We are slowly making it easier for you to manage your own environment With the services like azure auto manage so when you deploy a vm It automatically will enroll into uh into an update module or update environments that we manage for you So once you've enabled that Then the updates will deploy to your client systems automatically And so that's coming in the future that's available now in preview and available for certain vm's that you install from the azure marketplace But that's not covered inside the topic here But covered simply as this is the evolution of being able to try to enhance some of that shared responsibility that we happen to have Yeah, absolutely rolling down on this particular module here pier if you could Simply talks about the fact that you know the main functionality what you're doing is it manages os updates And it gives you the ability to review Your status or your compliance with whether or not your systems are up to date or not Across a nice single pane of glass is the expression people like to use You can also see which specific Updates are missing and applicable to those different vm's inside of your property And then finally you can go through and obviously do queries and logs log queries against that To be able to get very complex to find out This particular updates kb14287 was applied to a couple of different servers Caused some problems like when was it applied and and and who was the one that authorized it? Did they do their testing you can actually run queries against this log analytics space to find this out And i'll show you some of that in the advanced configuration section Coming up in a future module and not too far from now the big thing though from a windows machine perspective This leverages and uses windows update. So the update engine on the local machines Are being configured to go off and take a look at the the Defined servers that you have in place you running w sus or running running the microsoft update services one of the other and then the They are configured and run under policy by having the update management Configuration applied down to those individual boxes And so the way that you would go off and make sure your windows update is configured correctly on the local boxes Like you normally would you have a group policy setting applied Have you gone through and done some power shell configurations to basically make sure that it's up and working You have to do those kind of heavy lifting pieces first To be able to go off and to work correctly now Some people like to use the windows update service because it allows them to almost run in a fashion where They kind of act as the gate and the control You can still use that if you like and still continue to function with that In this case here the screen that we have is simply the group policy way of going in and say hey Go off and list me where my internal windows update servers are or you know Let me go off and connect up to the public version of microsoft update to go off and get my updates That's basically the main configuration on the client side that you have to ensure is working Prior to going off and getting update management up and configured and functional That's right I'm not quite Ready to show a wsus server. I didn't have time to Set one up to see how the integration with window with azure updates is going to be It's it's too. It's two policies pretty simple, right? Yes So it's pretty pretty easy to uh to walk through So, uh, if we jump into module one after the introduction or in this particular case unit three Yeah, but let's let's let's use the right terminology. This is unit three Well, it's because unit one is the intro and so unit three, uh, and how we enable the update management In this case, uh, it's pretty straightforward. Do you have to create an automation account? Uh, also a, um a run as account Enable your update management and then on board your servers into it and That one I can show as a live demo There we go. So this is this is the actual portal you have up right now with the current UI that's taking a look at That's correct. So right now i'm showing you the finished turkey Right, uh, but now let's go see how we can actually set that up So this is my unfinished turkey. So I'm in the learn live azure updates dash two resource group where I've got A number of vm in this case. I have uh five different, uh Vms for windows and five different vms for linux. Oh good I was going to ask you if you're going to show us these both sides of the coin But uh, it's good to see that they can basically both be managed simultaneously With the one tool there's no two separate tools. You have to worry about yeah, actually there's Once one complete tool and i'm looking for where my azure arc machine is Uh, there it is. So I now have that little That little pinkish or purple Icon here that shows that this machine is actually an arc enabled server So thomas mower, which is in the chat room is going to be happy that we are leveraging azure arc, right And in this case, uh, all we have to do is we have to go and create our automation account So I go plus for adding a resource and Change or search for automation Outs It searches the marketplace and will come up with automation right here, right now once I have that I just hit create This is a pretty straightforward Uh setup I will give it a name. So i'm going to say az Update shameless plug for my friday show That's but to say rather fortuitous for you for having the same name show yes yes, I like to uh Plug myself in there Uh, I just make sure that i'm in the right resource group gave it a name in a region click next This is going to be a system assigned identity now. This is where it differs from the uh, learning path that you have Where in the learning path you have a section where you can automatically create the run as account as part of the automation account creation The ui has now been split where you don't have it won't create that run as account for you But once it's created we'll go out and create our run as accounts. Okay, okay create It goes out submits the deployment And it goes it shouldn't take very very long And there we go. So now I can go to my resource. I've got my Azure update created And now if I go down onto the left side menu the context menu At the bottom Right here Is a run as account. Mm-hmm and currently I don't have any uh created So I can just hit create on an azure run as account And the run as account it provides authentication for managing resources within the azure commandlet So it just basically gives the service the appropriate rights for it to actually do The updating but also the reporting back to log analytics, right? So it's like back next So it will create a service principal user an active directory. Yes, I say, okay, and that's it. There's no nothing to change You just have to turn it on It goes out and creates that run as account right The azure classic run as account would work If you still were using Azure the v1 or the classic mode, which I'm not quite sure How much longer this is going to be supported? It's let's just say it's there But it's absolutely not required for anything that we're talking about today for azure update services. That's just legacy It's there in case you need to have it and that's kind of stuff is there That's right. So now our new run as account has been created So we can go back to our overview and refresh our stuff And everything is ready to go and as you see again on the left side inside. I've got azure management update management update management, sorry update management one of the things that azure update management requires is a log analytics workspace Anything monitoring anything management in azure all Requires some kind of data in terms of your inventory of the the updates your performance monitoring like all of that And it's all built on top of log analytics or log analytics or azure monitor logs as it's now Called yeah except in the ui I don't know The main thing is you need to make a workspace, right? That's right. So I'm going to create a new workspace Using my automation account that I have here in our Suscription and gonna say and enable so it's going to submit the deployment to create a new log analytics workspace And once that's done it's in progress. So it takes a few minutes in the background And once that's done we can actually add The um machines to it now I'm going to go back to our original The cooking show version the cooking show version because it takes a while for the log analytics to it to happen But in let's just say we jump half an hour into the future and I've added a few machines So those machines are here and we'll talk about the compliance and the assessment later But what if I want to add more machines? Which is what we need to do we need to actually we've updated we've enabled update management now we have to On board those servers into our machine or into in our environment. So all I have to do is go there into our Automation account update management and add the machines. I'm going to pick the machines from that Cooking show account that I've got here So so basically you're scoping the parameters for what machines you're looking for to be able to go off and to manage Yes, and it also is only going to show you machines that you as the person configuring this Have the rights to be able to go off and contribute towards which means that you can go off and manage them in the first place So you're not going to magically start managing my machines if you don't have rights to my area of my machines Or no, but you have rights to my subscription if you're you have to be careful if you're a Collaborator not collaborator. What's the the term? I'm having a brain fart here Contributor is the main contributor. Thank you If you're a contributor on multiple subscriptions All of the vms from all those subscriptions will magically show up So make sure that in your resource group location and subscription You actually filter it to the ones you actually want to manage right so in this case I've got Resource group or learn live azure updates number two And I have my 10 machines that are here and they're ready to enable they've got the azure agent already in place They've reported and they have an identity within azure The only one that doesn't show up right now is my Arc server because I just installed it before we went live so it doesn't had it hasn't had time to actually Populate all of the info that it needs I select them all I click enable And then it initiates the deployment and then we'll send the proper agents to those machines in order to have Them onboarded onto azure update management. Yeah, and just just to call it as well It's just giving you a little warning on the side over there about cross region data Just from the point of view of trying to keep things centralized inside the same region For the stuff that you're collecting But this does obviously work across different regions in different areas if you need to That's right. That's all based on where the update agent is or where the update automation account exists where the Work space exists for your logs log analytics workspace And also where your VMs happen to exist. So you are able to span region It's not a blocker, but it's uh information. It's an information about that. That's right So if you've got compliance issues or regulatory issues in term of storing data in other regions You have to keep track of that. Yeah, so we just give you the heads up on that one there That's right And now it's just going to go and deployment in progress and it'll go to all of these machines and uh put the uh the Agents on uh as we go And that's it. We are now onboarded Can you do me favor and flip back to the unit three and and just take a look and see if we missed anything At a unit three discussion there. I haven't seen any questions come up yet on the the chats of the different areas Yep So scroll down on that list there. So you got the automation account creation And and this is the spot here where it says create the run as account doesn't exist anymore Now you have to do it within the uh The automation account right that's the flow Okay, you have to go through and enable it as you mentioned as well That's right, which is exactly the same you go to an automation account You click select update management in it you create your log analytics workspace or Or azure monitor logs workspace depending on which documentation you're reading right and then you onboard your server Right and talks about onboarding azure vms to be able to go off and onboard them We talked about the scoping mechanism Just make sure you have contributor rights to them to be able to have access to them If you only have reviewer rights, you're not going to be able to do updates on them Because all I can do is simply view the contents of them and that's it you you can obviously have reviewer rights to be able to view the contents of the update management process from a compliance perspective But we'll talk about that a little bit later on and I like the call out you did for azure arc So this also applies to on-premises vms with the appropriate agents loaded or with the azure arc piece loaded into it And they can be included as well into your single pane of glass from a compliance perspective And everything else that's right. And if your servers are not azure arc enabled server Why not number one, but number two is if you could In onboard them into this by manually installing the agent pointing it to the right log analytics workspace And then it would show up in your machine as a non azure machine But it wouldn't be identified as an azure arc server, right? We'll give you some nice links at the bottom there from his additional reading Those are obviously taking you off to individual Microsoft docs pages for more details Talking about how you can stall the agent manually if you wanted to as opposed to going through the automated process which we're using And then Going through and taking a look at the update management overview simply of of the main reference documentation that we're using For the content creation of this Microsoft learn module That's correct. And that is it for that unit. That was super long, man, but i'm glad you did the live demo It gave you a good view of the updated process Which is good. I think i'm up next for the actual configuration and use correct That's correct or to deploying how you actually deploy those updates So if you could let's just take a look first if you could scroll down a little bit for me here And talking about an update deployment I'll be showing you what this looks like In just a moment, but I just want to make sure i'm capturing the right terms here for the stuff As i mentioned, we can work both with windows and with linux Uh, you are going to be creating a schedule for updates and we'll talk about the strategy behind creating those schedules We can do Alerts and warnings that can happen for when a schedule happens to run to receive updates back from it And then you can go off and check your compliance or not check your compliance Like i think it's going to be better if I kind of show you the the the demo that's coming up What are you going to say there, buddy? I was about to say one thing that uh on that screen that is uh underutilize or or That I think we should pay better attention to is the group to update Because in your environment, you may have like, uh, let's say you have your ad servers. You've got some database servers. You've got your In a high availability. You'll have your Machines and then your cold standbys or your warm standbys You can actually group these appropriately and then have your schedule so that you don't basically patch Both ends of a cluster at the same time because if you do that and for some reason The patch fails you don't have anything to fall back on because both will have received that so you may want to group your front end or your Live With one group and then wait for that one to finish before you do the next group Right. So grouping is very very important in terms of operations of a data center And if you could flip back to the documentation webpage for one second pure I just wanted to call it one thing for group to update right there It's a dynamic group that at deployment time The query runs to determine the target set of machines And so as new machines are added inside of your environment, uh, this particular target group Dynamically runs for the machines that have been added Um, it can go in and no If you take a machine out of a roll or into a roll if you decide to make groups based on tags All sorts of different options you can choose. Uh, they will dynamically be chosen or not chosen based on this So, uh, well good good call out on groups. We'll talk about that a bit more I'm going to go ahead and actually start my demo video here. If you don't mind, uh, mr. Producer, I believe I'm sharing the correct screen There we go now Again from the interest of time compression This was recorded ahead of time and I've got only two vms this particular demo environment that we're talking about um for this You can see here that I've got two machines for this demo environment vm number one and vm number four Both of them are non-compliance as far as, uh, any kind of updates have taken place as of yet And if I can get my video to roll a bit, where is it coming? There we go. Yeah Uh, what we're going to be doing first is taking a look at that whole part at the beginning, which was the concept of making a particular, um, schedule for where the schedule happens to be And my video should be rolling. I did my test beforehand What is going on? Oh the uh Hmm, lovely. If you can pause for one moment, I'm just going to go ahead and actually Start this over again To make it so that it's happy See if that's going to be working a little better for us now There we go. So now I can go off and show you the proper video. I was trying to show you Um, in this case, you saw the two machines at first But as I mentioned, you can also filter over by clicking the next level next menu over for saying missing updates in this demo environment There are five machines that are missing updates. They all happen to be windows server boxes Uh, and those particular security updates apply to both of these individual machine Um For what's identified if you go into one of those particular updates to get more details This is where you can actually take a look at the query language It's being run to say what actually shows up inside of the details of this particular cumulative update And which machine it applies to so this uh background query queries the The uh log analytics workspace to be able to find out according to the assessment What should be applied what has not been applied and then potentially allows you to go through some more granular filters Or granular queries that are possible besides the stock ones of just an individual Um update that needs to be applied to a particular box Now we need to go through and configure an update schedule But before we do that, I want to show you the alert side of things Alerts are something that you can create that will give you notice of information about a particular update Schedule that has run and then fires off and notifies you about something So in this case, we're going to create an alert rule And we can identify first of all the automation account that's being used in this case It's a contoso auto and then configure the conditions for this particular alert rule To basically have a signal that says hey go off and do something Now the signal logic that we happen to have available to us Um Is something where We can keep this going here Uh I'm having a great time with these videos that are not playing and playing Well while you're figuring out the video Shelly 777 on twitch is asking why can't you write to outlook tech support? Actually, if you create your alert You can define an action that sends an email to your outlook tech support So you could theoretically Not call them, but have them notified of a problem for your updates My video is absolutely not happy my friends. This is kind of crazy that it's not happy on this one here um Can you actually Bring up your demo environment for a moment here And i'm going to drive you through what I wanted you to take a look at if you don't mind So you're inside of alert right now on that particular space Let's go ahead and create a brand new alert At the alert rule so we already have the automation account that's being chosen. We already have it's Targeted and work inside the proper Resource group and also inside the proper hierarchy That's right go down into the condition for when this alert will actually take place And let's add a condition to this and this is going through and looking at our existing signals that exist So this is the Example of you know when this happens go off and do the following So we're going to do a real simple one to simply total update deployment runs You want to choose the third one down there? It's just on the list there pierre number three. There we go This gives us a nice graph to take a look at it hasn't run inside your environment right now but we're going to scroll down and We're going to choose some what they call dimensions that we want to have go ahead and adding to them and we're going to say choose a particular updates That is equal to And then choose the value select all current values for when they happen to come up and then With the custom value When this particular update rule happens to run down at the bottom For the alert logic you've got when it reaches a particular threshold So to make this a very simple alert that's going to go off What we're going to do is simply say whenever this threshold is greater than of value of zero Logically what that means is Whenever it detects that a new schedule has run go ahead and because it's greater than zero. It's now one Make this particular rule fire off and do the particular actions which we haven't chosen yet to go off and do it So go ahead and hit done for the signal logic And then down below is the actions that we wanted to actually go ahead and do hit the action groups And then The action groups say create the action group And we're going to again with their automation account because that's the one that actually goes off and does something Give it a name and display name hit notifications next And we're going to choose notification. Let's choose email sms push the next one down. There you go And uh, just give it a name email admins Nice and simple. Thanks for doing the impromptu driving pier. You're at awesome hit the checkbox for email And then we're going to say Well, this is contoso. It's a demo account. So we're just going to say administrator at contoso.com There we go And then if we needed to if we had an sms bridge, we could go off and have text messages go off We could have an a the azure application That you have on your mobile phone could be notified Potentially it could even go off and dial the phone call and call you with an automated robot message if you wanted to We're just going to leave it for an email account that's going to get notified I'm surprised that they removed the pager number and codes Go on down there and hit okay if you could please There we go now you could put in additional ones if you wanted to We're just going to keep it as a simple one as the push email for now hit the next for more actions And then here action type you could go off and choose Fire off a web hook throw it inside teams if you wanted to we're not going to do that right now because I don't have that configured You could go off and do an azure function to go off and do something else when this runs So you got a lot of power because it's an automation account that can literally do anything So we're just going to keep it as a simple email that goes out Tags just simply is for you be able to track. Uh, this might be related to a particular project for this Updating process. We're not using tags. Just go ahead and hit the review and create to have that piece created Okay So the whole point is with the alert rules when those rules become true because of what we decided is being measured Go off and do an action and the action that we asked it to do was to send an email So basically the administrators are going to get an email that something has gone on Go ahead and call the rule name admin notification updates or something like that just means that the updates took place And then some additional stuff blah blah blah very descriptive Well, make sure you fill out your description because when you in case you have like multiple rules you want to know what they mean Absolutely scroll down to the bottom there and I like this the severity sev three is normal That's just informational If there were bigger issues you could give it different levels of severity This is simply going to bubble up different levels notification and give you more metadata that you can run logic against We're going to leave it as sev three, which is informational for now. Yeah, so that'd be the difference between The schedule is run is informational The schedule run and the update has failed. That is potentially critical. Yeah Go on there and simply say Create the alert rule And it goes off and this takes some time. Oh, actually happened pretty quick this time to have that alert rule created Uh, and it'll show up in the ui in just a minute. Don't worry about it I want to show them instead the more important issue Which is let's go off back to the updates environment And uh now go ahead and take a look at let's schedule and update deployment because we know that we have missing updates We got 13 missing updates across the board. We've got nine machines that need to be updated So we haven't done anything yet, but I like the mixture there. You've got here are both linux and windows Um, we haven't done anything yet as far as actually scheduling this on a regular basis And so go ahead and hit the schedule update deployment to create your first update job that needs to be run So now again, this is a demo at first just to show you what needs to be filled in We'll talk after this about more of a strategy about how to nest these different updates To make it so it makes more of a strategy that makes sense to you So for now just call it general update as far as the name is concerned Okay And this uh for windows, let's say Okay for windows, all right, you could put that in the description if you wanted to it's no big deal, but Okay, uh, don't go into groups. We already talked about what they are I'm just going to simply mention that they happen to be there. You don't have to have groups selected Okay, so I went I went too fast. All right. Oh, that's why you needed you did wait for me my friend Thank you So again groups are a dynamically run query against your log analytics workspace to find machines You should be updating so you could query on tags You could query on status if you tag your machines as front end and back end We're just going to go ahead and choose machines to update and then choose individually For the purposes of showing you what this is so go ahead and choose that option there And the error that i'm getting here is because I clicked on groups, but did not select anything So it's trying to tell me you have to select or either a group or specific machines So let's go ahead and let's Find our machines here You've got saved searches being run Go ahead and choose one of them my friend To pull up a list of what they are. There we go one item was selected Yep update qualification, which ones are we going to run? Hang on a second. Back up. Let me see the screen We're driving demos haphazardly here. So just wait for me a second here So the update classifications obviously microsoft and linux vendors classify their updates as being security being features being Infra like drivers and additional functionality. You can filter what they happen to be we're going to leave them as all for now Just to be able to try to get this actual schedule to run But you can go in again with this strategy of making multiple update schedules to make it so you know what I'm going to be doing my security fixes on my test grouping of machines on a more frequent regular basis So I can do testing but then I could do a security only updates maybe on a weekly basis But then I'll do like features or Service packs or something like that. I could have them go on a monthly basis if I wanted to so that all just comes by having Nesting of different rules that's set up for those individual schedules That's why you have the ability to go through and choose different options here But we're going to leave them all selected for right now and this is one the skills and the way you manage those Updates on prem translate really really well to how you want to try manage them in the cloud Correct. So going back to the interface there Scroll down to the bottom You hit create didn't you? Oh, okay. Good. You didn't I didn't so Now you can go through and obviously exclude specific updates if you needed to Yep, so if you had the kb article number you put it in there So if you happen to do testing you could do includes or exclude specifically hit on back It cancel for him back and I hang on a second Now you got schedule settings. We got to go off and choose when this particular schedule needs to run In this case, it's using your local time zone. You could translate this into Whatever time zone happens to represent where you are based out of or where anyone else on the support team happens to be based out of And it obviously goes with individual time zones And this is for a single occurring event Which happens to be right about now that it should happen to go off and run if I wanted to Or I could say turn it on as a reoccurring event Let's go ahead and choose reoccurring is for the heck of it and make it so it happens every Month or every week your choice for how you want to do this Yeah, you say month and then you could also go in and have further granularity We have lots of choices here to only run in certain days during the month if you wanted to like, you know Update Tuesdays if you wanted to And if you even wanted to have it run in the last day of the month again from a logic perspective In case you had business practices that had to run The last day of the month you might not want to have the updates taking place at the same time lots of choice Go ahead and hit okay to apply that for the schedule now In the event of non microsoft environments You happen to have different infrastructure that has to start and stop different services or different Demons that are running on linux boxes You have pre running and post running scripts if you wanted to As an option for that particular schedule heading on back over to that demo just to see what's left in that configuration panel If you don't mind So we don't have any scripts that we're running right now so you can just hit okay to go back on that Okay, then I want to talk about here this maintenance window This maintenance window is really just a matter of giving you a boundary of time that all this has to finish in And it's another reporting metric that you can choose if for some reason a report update took so long You could actually Start to capture that and see why different update jobs are taking longer than expected within your maintenance window This is not like a a drop dead final thing It's simply another timer that goes on to look at the overall health of your updating process We're going to leave the default of 120 and then finally the most favorite one Reboot if required is the default because most security updates require a restart Should it be restarted and come back up again? Your choice if it has it has some happens to need to come up. So pretty cool stuff I think that's the last parameter for the schedule Which it is and you go ahead and hit create And this is where the magic of the live demo is going to finish because this does take time to kind of churn through To be able to get through everything that's actually happened on that individual system Well now it's going to create the schedule and it's going to wait for 506 my time Which is about a half an hour from now Right, and then it's going to push those Updates to the machines that we selected or the machine that we selected Good stuff. So that's the majority of what we have to do for configuration I am now that you'd give me enough time to be able to quickly try a backup version Of my demo environment that is a video. Do you have a high availability backup video server? Not just yet The good thing is these videos are available for you to watch inside modules Five and six if five and six that you believe yes And Back to the point now right here Here we go If you could let's see if we can bring it back to my shared screen once again Now here is an example. We're back in the beginning of where Uh updates happen to be you still have two non-compliment, but now we can see hey This particular schedule is provisioning right now That is the the demo version of the one that we just created live That is saying hey, it's about to get ready to run next time. It's targeting window systems In this case, I've got a scope of two machines and it's got a maintenance window of 120 minutes If I wanted to I can see the ones that are currently getting ready to run I also have the ability to go through and see the ones that have run In a history perspective as well This is again Is it this video also having a problem too because it doesn't appear to be happy? Once again. Oh, no, there we go. Let's see how it goes um The idea of having the ability to see all the history of all the updates come into play as well Come on And I you know went through tested everything made sure they're all working just happens to be one of those things There we go We've got the history now coming up and we can see that that actually was succeeded as having run against those two machines It took a total of 18 minutes To be able to go off and to run and you can take a look at the results of what that particular schedule looks like So it targeted and hit two machines Six updates were applied successfully across those two different machines Which is good to see And also you can see specifically what updates were applied If there was any failures and that sort of stuff Going back to the automation place I can see that the two machines now Are listed as being green or compliant across having to be updated across the board So we've managed to basically Talk to you about how to configure and install updates with pierre at the very beginning of this in the previous module How to configure the update management process to be able to work and talk to log analytics, which is all fantastic My section which was the live demo. Thank you very much pierre for driving for me Showed us exactly how to go through and target and find machines As well as go through and configure and alert The whole purpose of the alert is to give you notice that something's happened You don't need to have an alert rule to take place It's simply another piece of data that you can have to know that your updates have taken place And that everything is good. Yeah, and when we talk about when andrew was asking about best practices Be careful with the alerts because it is a known fact that when there's too many alerts Uh, they become noise. Oh, yes He grabs that little rule button and outlook that say I don't want to see those alerts anymore Until one that comes which is critical But you don't see it so you don't do anything and then your system goes down And I will also mention that again you talked about to actually go ahead and patch and update systems You do have to have contributor rights on those individual VMs If you only have reviewer rights on the update management automation account and update management itself You as a auditor as a security person Can go through and look at your overall footprint of all your VMs that are managed by uh, as your update To be able to go in and see if people are compliant or not if there's security issues that are popped up So you can grant other people access to this particular, uh system if you need to from a reviewer perspective And then finally going through and those schedules, uh, the schedule piece is something that I do want to call out here as an example up here We did one that was simply apply everything right away And then in your example, we said apply everything right away, but do it on a monthly basis as that's one example of what you can do Best practices and this goes back to the days if you were before cloud environments and just in the on-premises world Always have a good sample set of lab machines You can go off and deploy this to to test the updates first And that way you know if you're going to have any compatibility problems or any kind of issues For the generic set of machines that you happen to have inside of your lab environment You can make a dynamic group tag them correctly and then target them and have this automation take place Notify if there's any kind of problems Then your workflow could evolve and you can make another schedule that targets a broader group of more machines With the same updates and then go ahead and apply those ones there on an even larger schedule As I alluded to earlier, maybe even on a more frequent basis You could have it so that it's set up that does security stuff Every week and then have it to production machines every Two weeks or every month or whatever it happens to be And you can even notify different people that are responsible to it So you can really go to town with those concepts of schedules for update deployment But still have a single view on what's being managed for your subscription across the board Yeah, and and another Best practice if you will that's one of my best practice. It may not be industry's best practice But in the scheduling there was an option to run a pre or a post script I have used this personally in the past where I would use the pre script to actually take a snapshot of the vm disc Before applying so if this is my crown jewel of the application of workloads that are running in my environment Like like the business will shut down if this goes down for any reason For longer than that 120 minute maintenance window that we've got set up I have a script that will go and do a live snapshot of that hard drive Apply it so anything goes wrong. You can restore that snapshot and keep going right Yeah, so those another example why those pre and post things work well One thing we did not show you in this particular example But was available in the lab environment that pier had set up for that demo Is the fact that this applies to linux machines as well as windows based machines too So same thing you can do a disc freeze daemon if you needed to to freeze the disc And then be able to go ahead and to do a quick snap back up of it and then go ahead and continue So that is possible too for linux based machines, but They holistically roll up into one level of excuse me reporting inside of your system when you're looking at the update management console I think we kind of covered most of stuff that's in here I know I think so It's let's go back and take a look at the actual learn module number three if you don't mind This is where we are. Yeah, we just finished off looking at all those different deployments and the schedules There's some nice documentation about scheduling update deployment if you wanted to hit the next to go off to the next module Unit sorry The unit and this is like units five and six and we mentioned earlier that the unit five and six The video that's in there basically covers everything we've showed you so far How to enable it how to onboard how to view the assessment But it is a compressed view of the entire process So, uh, you can always go back to that and look at those, uh, video The recording I would I would encourage you with the learner module for unit number five This one here is the is the portion that that pier did which is simply Configure automation configure update management and also the run account And how to onboard machines into that environment. So it's a very quick little video. It's about three minutes long You can do this yourself if you want to repeat the steps Go off and choose a trial environment. Actually one thing that came up It's that's that's mentioned in passing inside the learn module is what's the cost involved for this Well, the cost for update management is actually Free does not cost anything What does cost is the storage inside of your log analytics account? To be able to go off and to store all that data that happens to be there Everything else that's involved in this guy here Is considered to be Included with the cost of simply running infrastructure on top of azure. So again, great service for what it does And very practical for being able to go off to use this one here You can go ahead and do this inside of your trial accounts If you wanted to go through the steps going in and doing this now This is the live demo version you're looking at again pier I am I am because I wanted to mention that in the learn module itself the title of the Unit five is to look at the assessment Mm-hmm. Well, those machines are conscious Continuously being assessed right so a patch gets applied They'll get reviewed the information goes back into log analytics log analytics reports it back to update management and then update management shows it to you Either non-compliant or compliant And you've already drilled down a little bit on to if you let's say click on VM number one it'll go and give you a um a section or a list Based on a query of log analytics as to all of the specific Titles updates so updates security updates definition updates and so on that are available So this is how you create or not create but do you view the assessment of each individual machines? I think it's rather ironic that all the windows machines are currently out of compliance But the linux machine is in compliance in this particular demo you have up here You're right, but you can also Filter that view to show you only the non-compliance so you can Check them right away or the non assessed to see whether or not there are any machines in your environment that have not been assessed Right case. I have none. They've all been Looked at right so good stuff So relatively easy to set up It's a little bit complex because there are a lot of options with regards to the granularity of the reporting granularity of selection and granularity of Scheduling that you can take place inside your systems Recommendation keep it simple start and understand what the options are and then gradually build out your strategy from there As we mentioned the first video and mod in unit number five is just the setup and installation The second video if you want to flip over to the to the next unit We'll come back to the quiz in just one second. That's right Oh, you can't go in advance without going through it. There we go This module has the video of the of the section that I showed you when the video was working That shows you okay. You've got two vms on boarded. Let's take a look at how to create an alert Let's take a look at how to build a schedule To then go off and have the alert fire when that particular schedule takes place And then go and mitigate any issues you might have with regards to compliance or updates applying or not applying inside of your system And again, there's another quick little quiz, but you know, I think it's time to maybe start doing some of these quizzes and Other examples that are coming up here with the knowledge check Um We have a quick question here from austille Asking us about if he has an azure account. How do I activate a trial account to not incur any costs? a link at the end of this module and at the beginning of the learn module for Update management does have a link for how to set up a free trial. You need to have a Microsoft account you can associate that trial with it'll authenticate you to make sure that you're an actual human being And then you can go through and there's enough credit in that trial to try out the update management process with a vm or two That happens to be there if you've already had a free trial at some point You will not be able to get another one with the same email address And of course, we've got someone commenting here from youtube asking us green. Oh fan farms asking us You guys should go off and do a power bi live demo. It's like I don't want to try to risk my luck right now, but obviously this is data It can be ingested as a source into power bi The log analytics workspace There's lots of documentation about how to get a power bi front end to that particular workspace In case you don't want to have the actual update management console being your source Where things are but that's a little bit too advanced for what we're trying to do Maybe we'll ask april dunham to help us out with that, but that's for another episode You got it. Let's take a look at the knowledge check my friend. All right Testing your knowledge and see how we can do this. Okay I'm gonna this this is yours. You asked this one. All right So when planning to configure update management in azure, what is the first task for the administrator to do? hmm Of course, there we go. You leave the question up so I can see it The question is going to be either answer going to be either a on board your vms into it Be create a log analytics workspace or c create the automation account Hmm. Hmm. What fun do you think we have some kind of background music needs to play as we try to figure this kind of stuff up Uh something that's uh with no uh copyright Yeah, I know I otherwise we get shut down by the streaming things. Well, this is your section, man What would what's the answer? What is this one? Well, this one's a tricky one because you could have uh, your log analytics workspace Precreated or you can create it first It doesn't necessarily make a difference as to whether or not you create it ahead of time or you create it within Uh, when you're creating your your automation account Yeah, and I know you don't on board the vms right away because you've got nothing to on board them into right? That's right So that would mean it would be c Create your automation account. I think so look at that by process of elimination That's right an automation account and again pier showed us the updated way of how to do that Which includes your run as account as well In the video that you can download and take a look at it doesn't actually have that step because it does that for you And that one there. All right, cool create an automation account. That's right. That's number one. Okay next next question Okay, and we gotta I'm looking at the answers now coming up on the on the stream So we do have about a 20 second delay So we got to come up with some ways of making sure that we have some uh delay in this kind of stuff Okay, so we'll ask the question and we'll review the the answers and then you can do some interpretive dance While the people answer the question nice During the demonstration That we ended up doing live the instructor. I guess that would be pier and myself I created an alert rule now. What is the purpose of an alert rule? Now in this case It gives you three choices an alert rule can configure update deployments Or b an alert rule can monitor update deployments Or c an alert rule can create update deployments So basically create them configure them or monitor them Let's see what people see this time. I mean Yeah They're still going to cut us off if you do that kind of copyright music. Oh, sorry So just be careful that good these days The idea here is the rule wasn't required to be done You could just jump right into a schedule and update deployment What is good to have a rule that will alert you that something happens, right? So Um, that might have given you a little bit of a hint that gets you into the proper answer I see andrew mccallum is saying it's going to be b and show is Arish krishnan is also saying Is also saying b as well. Well, I hope I hope to god. I pronounced that properly It's it's a challenge. Mr. Pierre. What do you think? Uh, I it would have to be b because it reports on whether or not an event has happened Right, take a look at it. The answer of this one here is b Alert rule monitors update deployments. Good. Good job. Good job. Good job. All right. So these are these are these are quick little I think quick quiz they called them in the actual units inside of the learning module What else we got next number three is the actual start of the knowledge check at the end There's three questions inside this knowledge check. Do you want me to take this one or you want to take it? I'll take that one. So contoso it has a w sus deployment to update their on-prem servers Which of the following statement about w sus with update management is true? Okay a Contoso cannot use w sus in addition to using azure update management b Contoso can configure the specify intranet microsoft update service location value in the group policies and point their appropriate Uh, w sus server Or c there's no need to approve updates with w sus if you're using update management Hmm It's a bit more complex, right? That's right. It's a bit more nuanced But I think we alluded to that when we actually looked at that particular module and we talked about what was required I'm waiting for the answers to come. I know a Andrew says it could apply to all three possibly yeah now the the um The interest here is we obviously talked about w sus at the very beginning Yep, you mentioned that you have to configure stuff using group policy as one option and it uses the update agents on the local boxes That's right. So using our process of elimination that we've done before Uh, we know that a is not going to be the answer because it says you cannot use w sus That's obviously incorrect if we told you at the very beginning that you can use w sus in some way shape or form um b is a possibility c there's no need to approve updates with w sus if you use an update management um Did we go through and do any kind of update approval? On our scheduling at all, uh, we did not but we alluded to it when we looked at to the Include or exclude specific updates. Mm-hmm. So in a way we did you got it. So in this case Let's go and you want to go you want me to go i'm thinking it's b but I believe you are correct my friend you can use it to specify intranet Microsoft update service location values and point them to their appropriate internal w sus server if it's required Um, good stuff nice and simple. That's the first question first question down. That's right second Okay, this one here in addition to an automation account What else must contoso administrators enable to enable update management inside their environment? Okay, so in a day In addition to the automation account the contoso it staff must enable a log analytics workspace Okay, b in addition to the automation account contoso it staff must also install the log analytics agent on all bm And then c in addition to the automation account contoso it staff must enable w sus to deploy updates to on-premises servers Okay Do you want me to take it to crack up that one? Do you want I think you should yeah How would you go with the process of elimination again? What would you do c? We've already dealt with c in the last question. So I don't think it's going to be c now In addition to the automation account requires a log analytics workspace Yes In addition to our azure automation account contoso must install the log analytics agent on all vms I look at this and say when you are enroll into the service That is part of the enrollment But when you onboard a vm into the management It does the its thing where it talks to the azure agent and downloads and installs the appropriate Well, you know, we didn't break away from the demo that you did earlier to go up and install agents on these systems We simply found them inside of our You know our subscription and then said yep target these people and then off it goes to be able to do stuff So I think I don't think b applies in this one. I don't think so either So by elimination that means in addition to do in the automation account What else must they do and the answer is simply Enable and target a log analytics workspace to be able to store the data that needs to be stored someplace For this individual reporting across the board. Yeah, right. Yeah, I think we're batting a thousand right now So let's keep going. You got it Question number five the last question of the day last question of the session unless other people Have additional sessions before we start this one here I'm going to preamble start if you have some other additional questions that are not covered so far You like to ask us about log analytics or about the modules You can put them into the chat program or into publ And we'll do our best to be able to go through and update some stuff You can join the chat at aka.ms slash learn tv for some additional quit for some additional interaction there Or you can stay on twitch or on youtube and be able to ask us some questions or comments in there too That's right. So with that Last question I read the last one did so you can do this one. Okay When can toso it support staff decides to deploy updates using update management? They create an update deployment They want to deploy the update to only a subset of servers being managed by the update management How could they do this? A They must configure a group to update and manually add the appropriate servers to those group B can toso staff must configure the group to update and Carried a query to dynamically add the appropriate servers to those group Or c can toso staff must use the include or exclude updates value to define which server to include Oh This is a tricky one. I'm looking at Hints inside the wording. I always whenever I'm doing an exam question from microsoft or any certification exam I always look for My knowledge of the product that also has individual words that kind of jump out at me and the first one that jumps out at me first of all is The manual process and the word groups and so in a it says can toso staff must configure groups to update And manually add the appropriate servers into those groups If you remember from the recovered demo that we were doing Pierre started to go in and started to do stuff inside the groups area and I said no no no back out We're not going to that section. That's right That's because we were manually choosing items from the listing of machines Which was the second option when you're targeting the update process So the manual process is not part of the groups update That also then identifies number letter b as a possible here Contoso staff must configure groups to update and create a query to dynamically add the appropriate servers to those groups If you remember from our talk, I mentioned the word dynamic in groups And is that runtime when that happens? So that's a strong possibility and just before we choose the one happens to be C says you must use the include exclude updates You went into that area as well, but that had nothing to do with server targeting That was specifically which kd articles or which uh app get packages you wanted to apply Which you would include or exclude manually at that point in time. It's nothing to do with machines So that doesn't apply either. So really out of these three It looks like b is the only viable option, which is Must configure groups to update dynamically add the appropriate service to those groups And the answer is You are correct, sir Letter b for contoso staff to do those updates Uh and configure them correctly for where they are cool stuff yep That's it for the knowledge check. I think right that's all five questions It is it's for the knowledge check. Well done people in the chat room Um, you can stick around with us. That's right. I see there was been a lot There was a lot of uh answers I could we could see in our in our little pane here um Can you can you bring us back to the learn module for just one moment for the text as opposed to the slides my friend I'm here. Yep. So you want to go in and just choose no go up the top. So we said it was going to be Uh, you use the intranets. There we go. And then number two was the um In addition must log analytics workspace and the last one down at the bottom there It's the middle one which is query dynamically Check your answers and we get the 200 points I wanted to show this part because it's all about, you know, your leaderboard and how many points you have, right? So if you sign into microsoft learn You create yourself a profile and then you go through and track your learnings as you go you get these experience points Um, and so now this is what it looks like when you get your questions, correct You actually technically get more points the first time you answer And you get them correct Uh to be able to go off and to maximize and gamify your experience points Uh, and then here you would normally already be signed in that's why it's coming up with the error message at the bottom here saying continue Or sign in to save your progress That's right because I don't think I am signed in because I didn't want to Yeah Progress for now my friend. All right And then simply the eight of eight module is simply the summary which simply says hey We got our updates up and working it worked both for on-premises servers and cloud based servers They're now using azure update management service and talking to their wsus servers as required You learned about how to set this all up you learned about what it looks like to configure alert rules As well as configure a schedule for deployments And then we kind of talked a little bit about some strategies behind making those scheduled update deployments work for you Inside your environment at a minimum go off and try this in the free trial Go off and take a look at it, uh inside of your environments Target specific small machines if you need to like pier did create a resource group with a couple of different machines inside of it They're not being used in production that can be your starting test group Just to get used to how to schedule updates and how to do different types of alerts Again, there's no cost for using the service There's only the cost for the size of the log analytics workspace And then we give you some more ideas for doing a tutorial for monitoring changes Within virtual machines. It also uses a log analytics workspace For doing change control and your configurations. Uh, we just went through the managing updates and patches for your azure VM section That's kind of it my friend. It is it's kind of it And if we go back to our deck and look We did learn how to describe enable and deploy those updates We have reviewed our update assessments and managed updates for our azure VM by creating rules and alerts and so on so I think we did we did well in Just a little over an hour Yeah, and again, we really appreciated you spending some time with us live here today if you join us live If you're catching this on an on-demand version after the fact because these are available in a recorded format We have one more of these taking place next week We've already had about a half dozen or so that took place If you want to go off and try this the one for next week is going to be Mr. Thomas mower and myself talking about hybrid backup and recovery Using windows server and ias machines And that's going to be taking place at around noon pacific time On december the 16th I tweeted out the link to the summary of all those different modules On the landing page. You can follow that as well We have another quick one right here if you wanted to go and get a head start By going to akdms slash learn live Dash h ish dash episode 7 ep 7 That kind of just rolls off the tongue nice and easy to say but there's a qr code there You could scan if you want to get ready for that next one coming up with thomas and myself I'm sure ish is an acronym for something but It escapes me right now implementing hybrid server Hierarchy stuff. I have to take a look at what that page was but anyway cool stuff my friend. Yeah. Yeah, so Mr. Claus, we will have we have time to take some questions From the chats if there are any because right now we are currently on the microsoft developer twitch We are on the it ops talk switch. We are in the microsoft developer youtube's and also in the it ops talk youtube's on top of learn tv right and so If you could just go ahead and use the chat mechanisms to ask us a question if you have anything Um, I will again point out one thing that I really like about this update management piece Because this has been around for a little while and they've refined it now to make it even more streamlined to use Is the fact that it is I hate using this term But it is so true a single pane of glass for doing updating across both linux machines and windows based machines To get a view of the compliance of your overall DM footprint Both in azure and also on premises where you happen to have those different Agents loaded down on the local on the local side of things. Yeah And if people are interested in a bit of a deep dive into the azure update There was a great session at ignite. So go back to your my ignite dot microsoft.com and look for the blueprint sessions, I believe Yes, if you do a search for the title of blueprint files Blueprint files will show one of them, which was a discussion specifically on windows client updating services And how you can go through and look at all the different options for being able to Get your windows machines your desktop machines updated That was with aria or nick her name on twitter is at sign aria updated She had a phenomenal whiteboard session talking about all the different variances Of how you can go off and manage updates to your client based systems. Yeah, I got a question here for you pierre Andrew is actually asking us on the youtube channel here is how do you balance your time between training And keeping on top of everything that goes on because he's finding a bit hard People to do stuff you have a strategy and you don't have to answer this as being someone on my team who is supposed to be updated all the time What do you do to stay up to date on things just out of curiosity? What tools do you use? Well, uh, I use Outlook funny enough Uh Because I block off A portion of my week Uh, maybe it's like a couple hours on a friday afternoon or a monday morning or something I block it off as a recurring email as a recurring Meeting so that I don't get blocked off by other meetings or other people assigning me tasks in hint my boss Nice. Oh sitting over there And I use that time to kind of review what's new and In some cases drill down into The some of the new stuff or even sometimes some of the old stuff that I haven't had time to really drill into However, our job is a little different because it is our job to stay appraised of the new Fandango Services that azure provides on a regular basis. Yeah But it is a good strategy for anyone is just to block off a certain period of time Make sure that your boss is okay with that But it's an easy business case to do with your with your management chain to say listen If I take two hours to three hours a week to learn about the new stuff That's going to benefit you in the long terms because now I'll know whether The value applies to our Environment and therefore Benefit the company as a whole. Yeah So Making focus time on a regular basis. You choose your frequency and your your mechanism for how you actually block that up The good thing is is peer mentioned is that you can also if something needs to come in because it's you know Urgent and your hair is on fire. You can still Allow it to come into that particular blocked off time. I don't have that problem. Yeah, just Just just taking the taking the proactive step of just acknowledging that this is a continuous learning thing that you have to do For lifelong learning. So I do the same thing myself To be able to do that My time tends to get a bit encroached upon by others just like everybody else And then I have a trade-off to be able to do it And then I use believe it or not Microsoft learn as a starting point to be able to often try some different things in the microsoft space But it's also important to also go and try other things other tools other environments as well To kind of broaden your horizons and be well-rounded as well too But it all falls inside of this one amount of time. I typically set aside an afternoon That works for my schedule one afternoon a week Maybe every other week or so based on what's possible And I try to just simply move other meetings away from that time to be able to do it And then you know set myself up for success to be able to have a plan for what I want to study The week that's coming up and I share that with my manager to say hey next week I'm looking at log analytics and an azure update And then schedule some time to go through the learn module and go through the documentation And then I'm a hands-on person. I got to try it myself to go off and to try it Yep, and somebody in the chat Janisq7 is asking whether or not you provide beer when needed while doing your Your your learnings you got it. So my flame flame proof hat My is a tillion durables t3 hats has been around for a very very long time It does keep my head warm and also keep the flames at bay in case things happen to go wrong And then for my evening routines I do happen to have a particular beverage of different types that they're in use Be able to help with the learnings. It's a it's a Knowledge-based lubricant. I guess I will say that's a nice way of putting that got it But it only it only lubricates my friend first couple after that. It's a knowledge Inhibitor it comes a blocker at that point in time That's it for for what we have here. You know what? We don't have any other people asking any questions right now I just want to once again say thank you very much for joining us. It's been a lot of fun Doing this particular learning mechanism. I want to say thank you pierre for saving my demo But because of my video that would not play Which was quite strange because I did do testing in case oren's watching this and is going to give me grief for not testing my demos beforehand But I'm glad that you had the live environment that we could go off and play with instead got your back, buddy got your back I much appreciate it But again tune in on the 16th for the final episode of this particular learn live series We're going to be talking about hybrid backup and restore. It's going to be myself and thomas mower I'm going to be covering that one there and I want to say thank you pierre for joining me for this one here And thank all of you for joining us for this 90 minutes of learning around update management And of course, uh, if you want to subscribe and like uh in whatever platform you're watching us on That way you'll be notified the next time we come on to give you another one of these wonderful episodes And with that I'm going to say hey producer guy Roll the exit. Thank you very much and we'll catch you next week