 Look at that! We're live! I know, eh? And we're talking about updates today! We are! Should be some fun times, man. We got like, what, how long are these things? 90 minutes, right? We have up to 90 minutes. But this is a short module, so I don't know if we're gonna need all of that time, unless the audience has tons of questions, in which case we are more than happy to take 90 minutes and answer all those questions. Absolutely, so we're streaming live on Microsoft Learn TV at aka.ms slash Learn TV. You can also catch us on various different Twitch channels and also YouTube channels as well, but we're gonna be spending the next 90 minutes going on and talking about the Azure Update service. My name is Rick Clauss. I'm a principal cloud advocate that leads a team of folks that talk about operations type things for Microsoft, and I'm joined today by my good friend, Pierre Roma. I'm a cloud advocate as well, and I report to this guy down here. So your boss is watching. My boss is watching this time. I can't make any jokes about you, your hat or your beard. The important part I want to say is, because you have the screen up in the slide right, the slide up in the screen right now, is you can use that QR code to be able to go off and follow along with us. This is a Microsoft Learn module specifically talking about Azure Update service and what you can do with it. I see that Andrew McCallum was asking us some questions as well, saying, hey, are you going to be talking about best practices or tips? What do you think, Pierre? Should do that or what? I think we're going to cover some of that while we're going through the module, but the main point is for the uninitiated to go through the Learn module and learn how they can manage their updates all in Azure. Right, exactly. So yes, no, definitely going to be time at the end. I talk about some stuff about alerting and scheduling as an example. Pierre and I can go through some example schedules you might want to try to implement once you understand the basics of how the service works. So all that kind of good stuff happens to be there. Now, are we going to show the actual introduction module with like the breakdown of the scenario? Are we just going to talk about the scenario that we're going to be covering today, Pierre? What do you think we should be doing? You mean this one? There we go. So yes, this is, as you saw, a very short module, sorry, short set of creations for this Microsoft Learn module. It's made up of five or sure, eight units in total. Two of them are demo at the end. We'll talk about that, but we're only covering the basics of, hey, do you understand the concept of updating? Can you describe what Azure updates happens to be? Can you go and deploy updates? Can you review whether or not they were effective or not? Can you manage alerts and updates for your Azure VMs? But you've actually got some cool stuff to show us. This is not just for Azure VMs, but it's for other VMs as well, right? That's correct. Well, it's not just only for VMs. You can do update management for all of your VMs, whether or not they're on-prem or in Azure or in other clouds, whether they're physical boxes or Arc-enable servers. So you can manage them all in one pane of glass. Nice. Now, there is a scenario that we're covering, but essentially the scenario is you work in a hybrid environment. You've got yourself set up. I think it's on the next slide there, Mr. Pierre. On the introduction, there we go. Thank you. The scenario, basically again, medium-sized company using Windows Update as an update mechanism for being able to update your servers. You've got a variety of different types of hosts that you're having to manage both 2012 and 2019. Also potentially Linux hosts as well. We can talk about that in a bit with some added functionality, but the idea is that we're supposed to set up some level of automation that goes through and monitors the fact that your machines are in compliance. You have a timely update process for all the machines across your entire footprint that happens to be out there, and that you're able to go through and have notifications that take place on the success or the failure of these different updates being applied to your individual machines. There'll be stuff covering about how to enroll your machines into the update process. I think you actually cover off how to install it first. I cover the enrolling the machines inside the process and how to actually configure and work with it, and then we'll also be giving you access to some videos inside these modules to go and try this out yourself. Now, you went ahead and actually configured a setting or sort of configured this to be able to do some live demos. I'm going to be doing some time-compressed demos later on during the session, so we're going to be a mixture both of live stuff and also of recorded stuff just to be able to make sure that you have the best experience. The demos that we will be showing you during this particular session are something that you have access to by simply completing that Microsoft Learn module because the videos are embedded that you can go off and try yourself if you don't have the ability to set up an environment yourself. A little caveat here, two things. Number one, the demo, the live demo is set up kind of like a cooking show because this like under other monitoring systems, once you enable them and roll machines into the Azure Update Management environment, it actually takes a while for those machines to get the agent, do the inventory, report the inventory, analyze the inventory, and then bubble that up to the UI. I've kind of set it up as a cooking show. Number two, since we decided to do this and we've published this learning path, we have submitted some changes because the UI has been updated lately, but those changes are still going through the process of actually making it into the Learn module. The steps are almost all the same, but there's a few little nuances here and there that you'll have to be careful of and I'll walk you through them as we get through this. Yeah, no, it's definitely fun. The whole concept of cloud-based software, right? You're continuously evolving and changing things. The basic steps are the same. The basic concepts are the same. It's simply a matter of making the UI more fluid, making it more intuitive and this sort of stuff based on your feedback. So the Learn module will catch up with where the current Azure portal happens to be right now. That's right. Perfect. I don't know, man. Let's actually get started. I'm excited to talk about updates. I mean, updates is something that all of us have to deal with on a regular basis. The first part of understanding is the fact that update management really is a matter of combining a couple of different things to turn into what the service is known as update management, but this is simply a reoccurring task we all have to deal with at some point in time. We have to maintain our servers. Actually, I think our good friend, Orin Thomas likes to talk about this whole concept of a shared responsibility model when you start using the cloud environment, right? We provide you with the base infrastructure and the fabric to be able to run your IaaS instances and your other services off of. However, you still have to go and make sure that you update those operating systems on a regular basis. Like when you go and you deploy a new Windows Server operating system or a new Ubuntu Linux operating system on top of Virtual Machine, it's only as current as when that image was created inside of the marketplace or inside of your own private marketplace when you go off and do that deploy. Updates still require maintenance windows to be able to do it and still requires some level of work on your part to be able to go off and to go and make that happy. However, we are slowly making it easier for you to manage your own environment with services like Azure Auto Manage. So when you deploy a VM, it automatically will enroll into an update module or update environment that we manage for you. So once you've enabled that, then the updates will deploy to your client systems automatically. And so that's coming in the future. That's available now in preview and available for certain VMs that you install from the Azure marketplace. But that's not covered inside the topic here, but covered simply as this is the evolution of being able to try to enhance some of that shared responsibility that we happen to have. Now rolling down on this particular module here, Pierre, if you could, simply talks about the fact that the main functionality what you're doing is it manages OS updates and it gives you the ability to review your status or your compliance with whether or not your systems are up to date or not across a nice single pane of glass as the expression people like to use. You can also see which specific updates are missing and applicable to those different VMs inside of your property. And then finally, you can go through and obviously do queries and logs, log queries against that to be able to get very complex to find out. This particular updates KB14287 was applied to a couple of different servers caused some problems like when was it applied and who was the one that authorized it? Did they do their testing? You can actually run queries against this log analytics space to find this out. And I'll show you some of that in the advanced configuration section coming up in a future module and not too far from now. The big thing though from a Windows machine perspective, this leverages and uses Windows update. So the update engine on the local machines are being configured to go off and take a look at the defined servers that you have in place running WSUS or running the Microsoft update services, one or the other. And then they are configured and run under policy by having the update management configuration applied down to those individual boxes. And so the way that you would go off and make sure your Windows update is configured correctly on the local boxes like you normally would. Do you have a group policy setting applied? Have you gone through and done some PowerShell configurations to basically make sure that it's up and working? You have to do those kind of heavy lifting pieces first to be able to go off and to work correctly. Now, some people like to use the Windows update service because it allows them to almost run in a fashion where they kind of act as the gate and the control. You can still use that if you like and still continue to function with that. In this case here, the screen that we have is simply the group policy way of going in and say, hey, go off and list me where my internal Windows update servers are or let me go off and connect up to the public version of Microsoft Update to go off and get my updates. That's basically the main configuration on the client side that you have to ensure is working prior to going off and getting update management up and configured and functional. That's right. I'm not quite ready to show a WSUS server. I didn't have time to set one up to see how the integration with Azure updates is going to be. It's two policies. It's two policies. Yes. So it's pretty easy to walk through. So if we jump into module one after the introduction or in this particular case, unit three. Yeah, but let's use the right terminology. This is unit three. This is unit three. Well, it's because unit one is the intro. So unit three and how we enable the update management. In this case, it's pretty straightforward. You have to create an automation account, also a run as account, enable your update management, and then onboard your servers into it. And that one I can show as a live demo. This is the actual portal you have up right now with the current UI that's taking a look at. That's correct. So right now I'm showing you the finished Turkey. But now let's go see how we can actually set that up. So this is my unfinished Turkey. So I'm in the Learn Live Azure Update-2 resource group where I've got a number of VM. In this case, I have five different VMs for Windows and five different VMs for Linux. Oh, good. I was going to ask if you're going to show us these both sides of the coin, but it's good to see that they can basically both be managed simultaneously with the one tool. There's no two separate tools you have to worry about. Yeah, actually there's one complete tool and I'm looking for where my Azure Arc machine is. There it is. So I now have that little pinkish or purple icon here that shows that this machine is actually an Arc-enabled server. So Thomas Maurer, which is in the chat room, is going to be happy that we are leveraging Azure Arc. And in this case, all we have to do is we have to go and create our automation account. So I go plus for adding a resource and change or search for automation and it searches the marketplace and will come up with automation right here. Right. Now, once I have that, I just hit create. This is a pretty straightforward setup. I will give it a name. So I'm going to say az update shameless plug for my Friday show. That's about to say. Rather fortuitous for you for having the same name show. Yes. Yes, I like to plug myself in there. I just make sure that I'm in the right resource group, gave it a name in a region, click next. This is going to be a system assigned identity. Now, this is where it differs from the learning path that you have, where in the learning path, you have a section where you can automatically create the run as account as part of the automation account creation. The UI has now been split where you don't have, it won't create that run as account for you, but once it's created, we'll go out and create our run as accounts. Okay. Create, it goes out, submits the deployment and it goes, it shouldn't take very, very long. And there we go. So now I can go to my resource. I've got my Azure update created. And now if I go down onto the left side menu, the context menu at the bottom right here is a run as account. And currently I don't have any created, so I can just hit create on an Azure run as account. And the run as account, it provides authentication for managing resources within the Azure command list. So it just basically gives the service the appropriate rights for it to actually do the updating, but also the reporting back to log analytics. So it's like, next, oh, it will create a service principal user and active directory. Yes, I say, okay. And that's it. There's nothing to change. You just have to turn it on. It goes out and creates that run as account. The Azure classic run as account would work if you still were using Azure the V1 or the classic mode, which I'm not quite sure how much longer this is going to be supported. Let's just say it's there, but it's absolutely not required for anything that we're talking about today for Azure update services. That's just legacy. It's there in case you need to have it. And that's kind of stuff is there. That's right. So now our new run as account has been created. So we can go back to our overview and refresh our stuff. And everything is ready to go. And as you see again on the left side inside, I've got Azure management update management update management. Sorry, update management. One of the things that Azure update management requires is a log analytics workspace. Anything monitoring anything management in Azure all requires some kind of data in terms of your inventory of the updates, your performance monitoring, like all of that. And it's all built on top of log analytics or log analytics or Azure monitor logs as it's now called. Except in the UI. I don't know. The main thing is you need to make a workspace, right? That's right. So I'm going to create a new workspace using my automation account that I have here in our subscription. I'm going to say and enable. So it's going to submit the deployment to create a new log analytics workspace. And once that's done, it's in progress. It takes a few minutes in the background. And once that's done, we can actually add the machines to it. Now I'm going to go back to our original cooking show version because it takes a while for the log analytics to happen. But in let's just say we jump half an hour into the future and I've added a few machines. So those machines are here and we'll talk about the compliance and the assessment later. But what if I want to add more machines? Which is what we need to do. We need to actually we've updated. We've enabled update management. Now we have to onboard those servers into our machine, into our environment. So all I have to do is go there into our automation account, update management and add machines. I'm going to pick the machines from that cooking show account that I've got here. So basically you're scoping the parameters for what machines you're looking for to be able to go off and to manage. Yes. And it also is only going to show you machines that you as the person configuring this have the rights to be able to go off and contribute towards, which means that you can go off and manage them in the first place. So you're not going to magically start managing my machines if you don't have rights to my area of my machines or you have rights to my subscription. If you're you have to be careful if you're a collaborator, not collaborator, what's the the term I'm having brain fart here? Contributor is the main one. Thank you. If you're a contributor on multiple subscriptions, all of the VMs from all those subscriptions will magically show up. So make sure that in your resource group, location and subscription, you actually filter it to the ones you actually want to manage. Right. So in this case, I've got resource group or learn live Azure updates number two. And I have my 10 machines that are here and they're ready to enable. They've got the Azure agent already in place. They've reported and they have an identity within Azure. The only one that doesn't show up right now is my Arc server because I just installed it before we went live. So it hasn't had time to actually populate all of the info that it needs. I select them all, I click enable and then it initiates the deployment and then we'll send the proper agents to those machines in order to have them onboarded onto Azure update management. Yeah. And just just to call it as well, it's just giving you a little warning on the side over there about cross region data, just from the point of view of trying to keep things centralized inside the same region for the stuff that you're collecting. But this does obviously work across different regions in different areas if you need to. That's right. That's all based on where the update agent is, or where the update automation account exists, where the workspace exists for your logs, log analytics workspace, and also where your VMs happen to exist. So you are able to span region. It's not a blocker, but it's information. It's the information about that. That's right. So if you've got compliance issues or regulatory issues in terms of storing data in other regions, you have to keep track of that. Yeah. So we just give you the heads up on that one there. That's right. And now it's just going to go and deployment in progress, and it'll go through all of these machines and put the agents on as we go. And that's it. We are now onboarded. Can you do me a favor and flip back to the Unit 3 and just take a look and see if we missed anything at a Unit 3 discussion there? I haven't seen any questions come up yet on the chats of the different areas. Yep. So scroll down on that list there. So you got the automation account creation. And this is the spot here where it says create the run as account. It doesn't exist anymore. Now you have to do it within the automation account. Right. That's the flow. Okay. You have to go through and enable it, as you mentioned as well. That's right, which is exactly the same. You go to automation account, you click select update management. In it, you create your log analytics workspace or Azure Monitor logs workspace, depending on which documentation you're reading. Right. And then you onboard your server. Right. And it talks about onboarding Azure VMs to be able to go off and onboard them. We talked about the scoping mechanism. Just make sure you have contributor rights to them to be able to have access to them. If you only have reviewer rights, you're not going to be able to do updates on them, because all you can do is simply view the contents of them and that's it. You can obviously have reviewer rights to be able to view the contents of the update management process from a compliance perspective. But we'll talk about that a little bit later on. And I like the call out you did for Azure Arc. So this also applies to on-premises VMs with the appropriate agents loaded or with the Azure Arc piece loaded into it. And they can be included as well into your single pane of glass from a compliance perspective and everything else. That's right. And if your servers are not Azure Arc enabled server, why not? Number one. But number two is if you could onboard them into this by manually installing the agent, pointing it to the right log analytics workspace, and then it would show up in your machine as a non-Azure machine. But it wouldn't be identified as an Azure Arc server. Right. We'll give you some nice links at the bottom there from additional reading. Those are obviously taking you off to individual Microsoft docs pages for more details. Talking about how you can install the agent manually if you wanted to, as opposed to going through the automated process which we're using. And then going through and taking a look at the update management overview, simply of the main reference documentation that we're using for the content creation of this Microsoft learn module. That's correct. And that is it for that unit. That was super long, man, but I'm glad you did the live demo. It gave you a good view of the updated process, which is good. I think I'm up next for the actual configuration and use, correct? That's correct. Or to deploying how you actually deploy those updates. So if you could, let's just take a look first. If you could scroll down a little bit for me here and talking about an update deployment. I'll be showing you what this looks like in just a moment, but I just want to make sure I'm capturing the right terms here for the stuff. As I mentioned, we can work both with Windows and with Linux. We're going to be creating a schedule for updates, and we'll talk about the strategy behind creating those schedules. We can do alerts and warnings that can happen for when a schedule happens to run to receive updates back from it. And then you can go off and check your compliance or not check your compliance. I think it's going to be better if I show you the demo that's coming up. What are you going to say there, buddy? I was about to say one thing on that screen that is underutilized that I think we should pay better attention to is the group to update. Because in your environment, you may have, let's say, you have your AD servers. You've got some database servers. You've got in a high availability, you'll have your machines and then your cold standbys or your warm standbys. You can actually group these appropriately and then have your schedule so that you don't basically patch both ends of a cluster at the same time. Because if you do that and for some reason the patch fails, you don't have anything to fall back on because both will have received that. So you may want to group your front end or your live with one group and then wait for that one to finish before you do the next group. So grouping is very, very important in terms of operations of a data center. And if you could flip back to the documentation web page for one second, Pierre, I just want to call it one thing for group to update right there. It's a dynamic group that at deployment time, the query runs to determine the target set of machines. And so as new machines are added inside of your environment, this particular target group dynamically runs for the machines that have been added. It can go in and no, if you take a machine out of a role or into a role, if you decide to make groups based on tags, all sorts of different options you can choose, they will dynamically be chosen or not chosen based on this. So well, good call out on groups. We'll talk about that a bit more. I'm going to go ahead and actually start my demo video here, if you don't mind, Mr. Producer. I believe I'm sharing the correct screen. There we go. Now, again, from the interest of time compression, this was recorded ahead of time and I've got only two VMs, this particular demo environment that we're talking about. For this, you can see here that I've got two machines for this demo environment, VM number one and VM number four. Both of them are non-compliance as far as any kind of updates have taken place as of yet. And if I can get my video to roll a bit, where is it coming? There we go. Yeah. What we're going to be doing first is taking a look at that whole part at the beginning, which was the concept of making a particular schedule for where the schedule happens to be. And my video should be rolling. I did my test beforehand. What is going on? Oh, the... Lovely. If you can pause for one moment, I'm just going to go ahead and actually start this over again to make it so that it's happy. See if that's going to be working a little better for us now. There we go. So now I can go off and show you the proper video I was trying to show you. In this case, you saw the two machines at first, but as I mentioned, you can also filter over by clicking the next menu over for, say, missing updates. In this demo environment, there are five machines that are missing updates. They all happen to be Windows Server boxes. And those particular security updates apply to both of these individual machines for what's identified. If you go into one of those particular updates to get more details, this is where you can actually take a look at the query language that's being run to say what actually shows up inside of the details of this particular cumulative update and which machine it applies to. So this background query queries the log analytics workspace to be able to find out, according to the assessment, what should be applied, what has not been applied, and then potentially allows you to go through some more granular filters or granular queries that are possible besides the stock ones of just an individual update that needs to be applied to a particular box. Now, we need to go through and configure an update schedule, but before we do that, I want to show you the alert side of things. Alerts are something that you can create that will give you notice of information about a particular update schedule that has run and then fires off and notifies you about something. So in this case, we're going to create an alert rule and we can identify, first of all, the automation account that's being used in this case, it's Contoso Auto. And then configure the conditions for this particular alert rule to basically have a signal that says, hey, go off and do something. Now, the signal logic that we happen to have available to us is something where we can keep this going here. I'm having a great time with these videos that are not playing and playing. Well, while you're figuring out the video, Shelly777 on Twitch is asking, why can't you write to Outlook tech support? Actually, if you create your alert, you can define an action that sends an email to your Outlook tech support. So you could, theoretically, not call them, but have them notified of a problem for your updates. My video is absolutely not happy, my friends. This is kind of crazy that it's not happy on this one here. Can you actually bring up your demo environment for a moment here? And I'm going to drive you through what I wanted you to take a look at, if you don't mind. So you're inside of Alert right now on that particular space. Let's go ahead and create a brand new alert at the alert rule. So we already have the automation account that's being chosen. We already have it's targeted and work inside the proper resource group and also inside the proper hierarchy. That's right. Go down into the condition for when this alert will actually take place. And let's add a condition to this. And this is going through and looking at our existing signals that exist. So this is the example of when this happens, go off and do the following. So we're going to do a real simple one, a simply total update deployment runs. You want to choose the third one down there? It's just on the list there, Pierre. Number three, there we go. Just give this a nice graph to take a look at. It hasn't run inside your environment right now, but we're going to scroll down and we're going to choose some what they call dimensions that we want to have. Go ahead and adding to them. And we're going to say choose a particular update that is equal to and then choose the value, select all current values for when they happen to come up. And then with the custom value, when this particular update rule happens to run, down at the bottom for the alert logic, you've got when it reaches a particular threshold. So to make this a very simple alert that's going to go off, what we're going to do is simply say whenever this threshold is greater than of the value of zero. Logically, what that means is whenever it detects that a new schedule has run, go ahead and because it's greater than zero, it's now one, make this particular rule fire off and do the particular actions, which we haven't chosen yet, to go off and do it. So go ahead and hit done for the signal logic. And then down below is the actions that we wanted to actually go ahead and do. Hit the action groups. And then the action groups say create the action group and we're going to again with their automation account, because that's the one that actually goes off and does something, give it a name and display name, hit notifications next. And we're going to choose notification. Let's choose email SMS push the next one down. There you go. And just give it a name, email admins, nice and simple. Thanks for doing the impromptu driving Pierre. You're awesome. Hit the checkbox for email and then we're going to say, well, this is Contoso, it's a demo account. So we're just going to say administrator at Contoso.com. There we go. And then if we needed to, if we had an SMS bridge, we could go off and have text messages go off. We could have an Azure application that you have on your mobile phone could be notified. Potentially it could even go off and dial the phone call and call you with an automated robot message if you wanted to. We're just going to leave it for an email account that's going to get notified. I'm surprised that they removed the pager number and codes. Go on down there and hit OK if you could please. There we go. Now you could put in additional ones if you wanted to, but we're just going to keep it as a simple one as the push email for now. Hit the next for more actions. And then here action type, you could go off and choose fire off a web hook, throw it inside teams if you wanted to. We're not going to do that right now because I don't have that configured. You could go off and do an Azure function to go off and do something else when this runs. So you got a lot of power because it's an automation account that can literally do anything. So we're just going to keep it as a simple email that goes out. Tags just simply is for you to be able to track. This might be related to a particular project for this updating process. We're not using tags. Just go ahead and hit the review and create to have that piece created. OK, so the whole point is with the alert rules when those rules become true because of what we decided is being measured, go off and do an action. And the action that we asked it to do was to send an email. So basically the administrators are going to get an email that something has gone on. Go ahead and call the rule name, admin notification updates or something like that. Just means that the updates took place. And then some additional stuff, blah, blah, blah, very descriptive. Well, make sure to fill out your description because when in case you have like a multiple rules, you want to know what they mean. Absolutely. Scroll down to the bottom there and I like this. The severity, SEV3, is normal. That's just informational. If there were bigger issues, you could give it different levels of severity. This is simply going to bubble up different levels of notification and give you more metadata that you can run logic against. We're going to leave it as SEV3, which is informational for now. Yeah. So that'd be the difference between SEV3 and SEV3. So that'd be the difference between the schedule as run is informational, the schedule run and the update has failed. That is potentially critical. Yeah. Go on there and simply say, create the alert rule. And it goes off and this takes some time. Oh, actually happened pretty quick this time to have that alert rule created. And it'll show up in the UI in just a minute. Don't worry about it. I want to show them instead the more important issue, which is let's go off back to the updates environment. And now go ahead and take a look at let's schedule and update deployment. Because we know that we have missing updates. We've got 13 missing updates across the board. We've got nine machines that need to be updated. So we haven't done anything yet. But I like the mixture there you've got here, both Linux and Windows. We haven't done anything yet as far as actually scheduling this on a regular basis. And so go ahead and hit the schedule update deployment to create your first update job that needs to be run. So now again, this is a demo at first just to show you what needs to be filled in. We'll talk after this about more of a strategy, about how to nest these different updates to make it so it makes more of a strategy that makes sense to you. So for now, just call it general update as far as the name is concerned. Okay. And this for Windows, let's say. Okay, for Windows? All right. You could put that in the description if you wanted to. It's no big deal. But don't go into groups. We already talked about what they are. I'm just going to simply mention that they happen to be there. You don't have to have groups selected. Okay, I went too fast. All right. That's why you need to wait for me, my friend. Thank you. So again, groups are a dynamically run query against your log analytics workspace to find machines you should be updating. So you could query on tags. You could query on status. If you tag your machines as front end and back end, we're just going to go ahead and choose machines to update and then choose individually for the purposes of showing you what this is. So go ahead and choose that option there. And the error that I'm getting here is because I clicked on groups but did not select anything. So it's trying to tell me you have to select either a group or specific machines. So let's go ahead and let's find our machines here. You've got saved searches being run. Go ahead and choose one of them, my friend, to pull up a list of what they are. There we go. One item was selected. Yep. Update qualification. Which ones are we going to run? Hang on a second. Back up. Let me see the screen. We're driving demos half-hazardly here. So just wait for me a second here. So the update classifications. Obviously, Microsoft and Linux vendors classify their updates as being security, being features, being like drivers and additional functionality. You can filter what they happen to be. We're going to leave them as all for now just to be able to try to get this actual schedule to run. But you can go in, again, with this strategy of making multiple update schedules to make it so. You know what? I'm going to be doing my security fixes on my test grouping of machines on a more frequent, regular basis so I can do testing. But then I could do a security-only updates maybe on a weekly basis. But then I'll do features or service packs or something like that. I could have them go on a monthly basis if I wanted to. So that all just comes by having nesting of different rules that set up for those individual schedules. That's why you have the ability to go through and choose different options here. But we're going to leave them all selected for right now. And the skills and the way you manage those updates on-prem translate really, really well to how you want to manage them in the cloud. Correct. So going back to the interface there, scroll down to the bottom. You hit create, didn't you? Okay, good, you didn't. Now you can go through and obviously exclude specific updates if you needed to. Yep. So if you had the KB article number, you could put it in there. So if you happen to do testing, you could do includes or exclude specifically. Hit on back. Hit cancel for him back. And hang on a second. Now you got schedule settings. We got to go off and choose when this particular schedule needs to run. In this case, it's using your local time zone. You could translate this into whatever time zone happens to represent where you are based out of or where anyone else on the support team happens to be based out of. And it obviously goes with individual time zones. And this is for a single occurring event which happens to be right about now that it should happen to go off and run if I wanted to. Or I could say turn it on as a reoccurring event. Let's go ahead and choose reoccurring as for the heck of it and make it so it happens every month or every week your choice for how you want to do this. Yeah, you say month. And then you could also go in and have further granularity. We have lots of choices here to only run in certain days during the month if you wanted to like update Tuesdays if you wanted to. And if you even wanted to have it run in the last day of the month, again from a logic perspective, in case you had business practices that had to run the last day of the month, you might not want to have the updates taking place at the same time. Lots of choice. Go ahead and hit OK to apply that for the schedule. Now, in the event of non-Microsoft environments, you happen to have different infrastructure that has to start and stop different services or different daemons that are running on Linux boxes. You have pre-running and post-running scripts if you wanted to, as an option for that particular schedule. Heading on back over to that demo just to see what's left in that configuration panel. If you don't mind. So we don't have any scripts that we're running right now, so you can just hit OK to go back on that. And then I want to talk about here this maintenance window. This maintenance window is really just a matter of giving you a boundary of time that all of us has to finish in. And it's another reporting metric that you can choose. If for some reason a report update took so long, you could actually start to capture that and see why different update jobs are taking longer than expected within your maintenance window. This is not like a drop dead final thing. It's simply another timer that goes on to look at the overall health of your updating process. We're going to leave the default of 120. And then finally, the most favorite one, reboot if required is the default because most security updates require a restart. Should it be restarted and come back up again? Your choice if it has some happens to need to come up. So pretty cool stuff. I think that's the last parameter for the schedule, which it is, and you go ahead and hit create. And this is where the magic of the live demo is going to finish because this does take time to kind of churn through to be able to get through everything that's actually happened on that individual system. Well, now it's going to create the schedule and it's going to wait for 506 my time, which is about half an hour from now. And then it's going to push those updates to the machines that we selected or the machine that we selected. Good stuff. So that's the majority of what we have to do for configuration. I am, now that you've given me enough time to be able to quickly try a backup version of my demo environment that is a video. Do you have a high availability backup video server? Not just yet. The good thing is these videos are available for you to watch inside modules. Five and six. The five and six that you believe, yes. And back to the point now, right here. Here we go. If you could, let's see if we can bring it back to my shared screen once again. Now here is an example. We're back in the beginning of where updates happen to be. You still have two non-compliment, but now we can see, hey, this particular schedule is provisioning right now. That is the demo version of the one that we just created live that is saying, hey, it's about to get ready to run next time. It's targeting window systems. In this case, I've got a scope of two machines and it's got a maintenance window of 120 minutes. If I wanted to, I can see the ones that are currently getting ready to run. I also have the ability to go through and see the ones that have run in a history perspective as well. This is, again, this video also having a problem too because it doesn't appear to be happy once again. Oh, no, there we go. Let's see how it goes. The idea of having the ability to see all the history of all the updates come into play as well. Come on. And I went through, tested everything, made sure they're all working. This happens to be one of those things. Here we go. We've got the history now coming up and we can see that it actually was succeeded as having run against those two machines. It took a total of 18 minutes to be able to go off and to run and you can take a look at the results of what that particular schedule looks like. So it targeted and hit two machines. Six updates were applied successfully across those two different machines, which is good to see. And also you can see specifically what updates were applied if there was any failures and that sort of stuff. Going back to the automation place, I can see that the two machines now are listed as being green or compliant across having to be updated across the board. So we've managed to basically talk to you about how to configure and install updates with Pierre at the very beginning of this in the previous module, how to configure the update management process to be able to work and talk to Log Analytics, which is all fantastic. My section, which was the live demo, thankfully very much Pierre for driving for me, showed us exactly how to go through and target and find machines as well as go through and configure and alert. The whole purpose of the alert is to give you notice that something's happened. You don't need to have an alert rule to take place. It's simply another piece of data that you can have to know that your updates have taken place and that everything is good. Yeah, and when we talk about, when Andrew was asking about best practices, be careful with the alerts because it is a known fact that when there's too many alerts, they become noise. And then it drops that little rule button and outlook that say, I don't want to see those alerts anymore. Until one that comes, which is critical, but you don't see it, so you don't do anything and then your system goes down. And I will also mention that, again, you talked about to actually go ahead and patch and update systems. You do have to have contributor rights on those individual VMs. If you only have reviewer rights on the update management automation account and update management itself, you as a auditor, as a security person, can go through and look at your overall footprint of all your VMs that are managed by Azure Update to be able to go in and see if people are compliant or not, if there's security issues that are popped up. So you can grant other people access to this particular system if you need to, from a reviewer perspective. And then finally, going through those schedules. The schedule piece is something that I do want to call out here as an example here. We did one that was simply apply everything right away. And then in your example, we said apply everything right away, but do it on a monthly basis as one example of what you can do. Fast practices, and this goes back to the days if you were before cloud environments and just in the on-premises world, always have a good sample set of lab machines. You can go off and deploy this to test the updates first. And that way you know if you're going to have any compatibility problems or any kind of issues for the generic set of machines that you happen to have inside of your lab environment. You can make a dynamic group, tag them correctly, and then target them and have this automation take place, notify if there's any kind of problems. Then your workflow could evolve, and you can make another schedule that targets a broader group of more machines with the same updates. And then go ahead and apply those ones there on an even larger schedule, as I alluded to earlier, maybe even on a more frequent basis. You could have it so that it's set up that does security stuff every week and then have it to production machines every two weeks or every month or whatever it happens to be. And you can even notify different people that are responsible to it. So you can really go to town with those concepts of schedules for update deployment, but still have a single view on what's being managed for your subscription across the board. Yeah, and another best practice, if you will, that's one of my best practice. It may not be industry's best practice, but in the scheduling, there was an option to run a pre or a post trip. I have used this personally in the past where I would use the pre script to actually take a snapshot of the VM disk before applying. So if this is my crown jewel of the application of workloads that are running in my environment, like the business will shut down if this goes down for any reason for longer than that 120 minutes maintenance window that we've got set up. I have a script that will go and do a live snapshot of that hard drive apply it. So if anything goes wrong, you can restore that snapshot and keep going. Right. Yeah, so another example why those pre and post things work well. One thing we did not show you in this particular example, but was available in the lab environment that Pierre had set up for that demo is the fact that this applies to Linux machines as well as Windows based machines too. So same thing, you can do a disk freeze daemon if you needed to to freeze the disk and then be able to go ahead and to do a quick snap back up of it and then go ahead and continue. So that is possible too for Linux based machines, but they holistically roll up into one level of, excuse me, reporting inside of your system when you're looking at the update management console. I think we kind of covered most of the stuff that's in here. I know, I think so. Let's go back and take a look at the actual learn module number three if you don't mind. This is where we are? Yeah, we just finished off looking at all those different deployments and the schedules. There's some nice documentation but scheduling update deployment if you wanted to hit the next to go off to the next module. Unit, sorry. The unit and this is like units five and six and we mentioned earlier that the unit five and six, the video that's in there basically covers everything we've showed you so far. How to enable it, how to onboard, how to view the assessment, but it is a compressed view of the entire process. So you can always go back to that and look at those video recordings. I would encourage you with the learn module for unit number five. This one here is the portion that that Pierre did which is simply configure automation, configure update management, and also the run account and how to onboard machines into that environment. So it's a very quick little video. It's about three minutes long. You can do this yourself if you want to repeat the steps, go off and choose a trial environment. Actually, one thing that came up that's mentioned in passing inside the learn module is what's the cost involved for this? Well, the cost for update management is actually free. It does not cost anything. What does cost is the storage inside of your log analytics account to be able to go off into store all that data that happens to be there. Everything else that's involved in this guy here is considered to be included with the cost to simply running infrastructure on top of Azure. So again, great service for what it does and very practical for being able to go off to use this one here. You can go ahead and do this inside of your trial accounts if you wanted to go through the steps going in and doing this. Now this is the live demo version you're looking at again, Pierre. I am. I am because I wanted to mention that in the learn module itself, the title of the unit five is to look at the assessment. Well, those machines are continuously being assessed. Right. So a patch gets applied. They'll get reviewed. The information goes back into log analytics. Log analytics reports it back to update management and then update management shows it to you either non-compliant or compliant. And you've already drilled down a little bit on to if you let's say click on VM number one. It'll go and give you a section or a list based on a query of log analytics as to all of the specific titles updates. So updates, security updates, definition updates and so on that are available. So this is how you create or not create but do you view the assessment of each individual machines? I think it's rather ironic that all the windows machines are currently out of compliance but the Linux machine is in compliance in this particular demo you have up here. You're right. But you can also filter that view to show you only the non-compliant so you can check them right away or the non-assessed to see whether or not there are any machines in your environment that have not been assessed. Right. So in case I have none they've all been looked at. Right. So good stuff. So relatively easy to set up. It's a little bit complex because there are a lot of options with regards to the granularity of the reporting granularity of selection and granularity of scheduling that you can take place inside your systems. Recommendation, keep it simple start and understand what the options are and then gradually build out your strategy from there. As we mentioned the first video and mod in unit number five is just the setup and installation. The second video if you want to flip over to the next unit we'll come back to the quiz in just one second. That's right. Oh, not check your answer. You can't go in advance without going through it. There we go. This module has the video of the section that I showed you when the video was working that shows you okay you've got two VMs on boarded let's take a look at how to create an alert let's take a look at how to build a schedule to then go off and have the alert fire when that particular schedule takes place and then go and mitigate any issues you might have with regards to compliance or updates applying or not applying inside of your system. And again, there's another quick little quiz but I think it's time to maybe start doing some of these quizzes and other examples that are coming up here with the knowledge check. We have a quick question here from Osteel asking us about if he has an Azure account how do I activate a trial account to not incur any costs a link at the end of this module and at the beginning of the learn module for update management does have a link for how to set up a free trial you need to have a Microsoft account you can associate that trial with it'll authenticate you to make sure that you're an actual human being and then you can go through and there's enough credit in that trial to try out the update management process with a VM or two that happens to be there. If you've already had a free trial at some point you will not be able to get another one with the same email address. And of course we've got someone commenting here from YouTube asking us green oh fam farms asking us you guys should go off and do a power bi live demo it's like I don't want to try to risk my luck right now but obviously this is data it can be ingested as a source into power bi the log analytics workspace there's lots of documentation about how to get a power bi front end to that particular workspace in case you don't want to have the actual update management console being your source where things are but that's a little bit too advanced for what we're trying to do at least seven units maybe we'll ask April Dunham to help us out with that but that's for another episode you got it let's take a look at the knowledge check my friend all right testing your knowledge and see how we can do this okay all right I'm gonna this this is yours you ask this one all right so when planning to configure update management in Azure what is the first task for the administrator to do of course there we are you leave the question up so I can see it the question is going to be the answer going to be either A onboard your VMs into it B create a log analytics workspace or C create the automation account which one do you think we have some kind of background music needs to play as we try to figure this kind of stuff up something that's with no copyright yeah I know I otherwise we get shut down by the streaming things well this is your section man what's the answer what is this one well this one's a tricky one because you could have your log analytics workspace pre-created or you can create it first it doesn't necessarily make a difference as to whether or not you create it ahead of time or you create it within when you're creating your automation account yeah and I know you don't onboard the VMs right away because you've got nothing to onboard them into right that's right so that would mean it would be C create your automation account I think so look at that by process of elimination that's right an automation account and again Pierre showed us the updated way of how to do that which includes your run as account as well in the video that you can download and take a look at it doesn't actually have that step because it does that for you in that one there all right cool create an automation account that's number one that's number one okay next next question okay now and we gotta I'm looking at the answers now coming up on the on the stream so we do have about a 20 second delay so we gotta come up with some ways of making sure that we have some delay in this kind of stuff okay so we'll ask the question and we'll review the answers and then you can do some interpretive dance while the people answer the question nice during the demonstration that we ended up doing live the instructor I guess that would be Pierre and myself created an alert rule what is the purpose of an alert rule hmm now in this case it gives you three choices an alert rule can configure update deployments or be an alert rule can monitor update deployments or see an alert rule can create update deployments so basically create them configure them or monitor them let's see what people see this time I mean yeah they're still going to cut us off if you do that kind of copyrighted music so just be careful they're that good these days the idea here is the rule wasn't required to be done you could just jump right into a schedule and update deployment what is good to have a rule that will alert you that something happens right so that might have given you a little bit of a hint that gets you into the proper answer I see Andrew McCallum is saying it's going to be and show is Arish krishnan is also saying he is also saying be as well I hope to God I pronounced that properly it's a challenge Mr. Pierre what do you think it would have to be be because it reports on whether or not an event has happened right take a look at it the answer of this one here is be alert rule monitors update deployments good good job good job good job all right so these are these are quick little I think quick quiz they called them in the actual units inside of the learning module what else we got next number three is the actual start of the knowledge check at the end there's three questions inside this knowledge check you want me to take this one or you want to take it I'll take that one so Contoso IT has a WSUS deployment to update their on-prem servers which of the following statement about WSUS with update management is true okay a Contoso cannot use WSUS in addition to using Azure update management b Contoso can configure the specify intranet Microsoft update service location value in the group policies and point their appropriate WSUS server or c there's no need to approve updates with WSUS if you're using update management it's a bit more complex that's right it's a bit more nuanced but I think we alluded to that when we actually looked at that particular module and we talked about what was required I'm waiting for the answers to come yeah I know I Andrew says it could apply to all three possibly yeah now the the interest here is we obviously talked about WSUS at the very beginning yep you mentioned that you have to configure stuff using group policy as one option and it uses the update agents on the local boxes that's right so using our process of elimination that we've done before we know that a is not going to be the answer because it says you cannot use WSUS that's obviously incorrect if we told you at the very beginning that you can use WSUS in some way shape or form b is a possibility c there's no need to approve updates with WSUS if you use an update management did we go through and do any kind of update approval on our scheduling at all we did not but we alluded to it when we looked at to the include or exclude specific updates so in a way we did you got it so in this case let's go in here you want to go you want me to go I'm thinking it's b but I believe you are correct my friend you can use it to specify intranet Microsoft update service location values and point them to their appropriate internal WSUS server if it's required good stuff nice and simple that's the first question first question down that's right second okay this one here in addition to an automation account what else must contoso administrators enable to enable update management inside their environment okay so in a in addition to the automation account the contoso it staff must enable a log analytics workspace okay b in addition to the automation account contoso it staff must also install a log analytics agent on all bm and then c in addition to the automation account contoso it staff must enable WSUS to deploy updates to on-premises servers okay do you want me to get a crack at that one do you want I think you should yeah yeah how would you go with the process of elimination again what would you do c we've already dealt with c in the last question so I don't think it's going to be c now in addition to the automation account requires a log analytics workspace yes in addition to our automation account contoso must install the log analytics agent on all VMs I look at this and say when you enroll into the service that is part of the enrollment but when you on board a VM into the management it does the its thing where it talks to the azure agent and downloads and installs the appropriate well you know we didn't break away from the demo that you did earlier to go up and install agents on these systems we simply found them inside of our our subscription and then said yep target these people and then off it goes to be able to do stuff so I think I don't think B applies in this one I don't think so either so by elimination that means in addition to do in the automation account what else must they do and the answer is simply enable and target a log analytics workspace to be able to store the data that needs to be stored someplace for this individual reporting across the board yeah right yeah I think we're batting a thousand right now so let's keep going you got it question number five the last question of the day last question of the session unless other people have additional sessions before we start this one here I'm going to preamble start if you have some other additional questions that are not covered so far you'd like to ask us about log analytics or about the modules you can put them into the chat program or into publ and we'll do our best to be able to go through and update some stuff you can join the chat at aka.ms slash learn tv for some additional for some additional interaction there or you can stay on twitch or on youtube and be able to ask us some questions or comments in there too that's right so with that last question I read the last one did so you can do this one okay when contoso it support staff decides to deploy updates using update management they create an update deployment they want to deploy the update to only a subset of servers being managed by the update management how could they do this hey they must configure a group to update and manually add the appropriate servers to those group b contoso staff must configure to group to update and create a query to dynamically add the appropriate servers to those group or c contoso staff must use the include or exclude updates value to define which server to include oh this is a tricky one I'm looking at hints inside the wording I always whenever I'm doing an exam question from Microsoft or any certification exam I always look for my knowledge of the product that also has individual words that kind of jump out at me and the first one that jumps out at me first of all is the manual process and the word groups and so in a it says contoso staff must configure groups to update and manually add the appropriate servers into those groups if you remember from the recovered demo that we were doing here started to go in and started to do stuff inside the groups area and I said no no no back out we're not going to that section that's right it's because we were manually choosing items from the listing of machines which was the second option when you're targeting the update process so the manual process is not part of the groups update that also then identifies number letter B as a possible here contoso staff must configure groups to update and create a query to dynamically add the appropriate servers to those groups if you remember from our talk I mentioned the word dynamic in groups and is that run time when that happens so that's a strong possibility and just before we choose the one happens to be C says you must use the include exclude updates you went into that area as well but that had nothing to do with server targeting that was specifically which kd articles or which app get packages you wanted to apply which you would include or exclude manually at that point in time it's nothing to do with machines so that doesn't apply either so really out of these three it looks like B is the only viable option which is must configure groups to update dynamically add the appropriate service to those groups and the answer is you are correct sir letter B for contoso staff to do those updates and configure them correctly for where they are cool stuff yep that's it for the knowledge check I think right that's all five questions it is it's for the knowledge check well done people in the chat room thank you for sticking around with us that's right I see there was been a lot there was a lot of answers I could we could see in our in our little pane here can you can you bring us back to the learn module for just one moment for the text as opposed to the slides my friend I'm here yep so you want to go in and just choose no go up the top so we said it was going to be you use the intranets there we go and then number two was the the in addition Mr. Log Analytics workspace Log Analytics workspace and the last one down at the bottom there it's the middle one which is query dynamically check your answers and we get the 200 points I wanted to show this part because it's all about you know your leaderboard and how many points you have right so if you sign in to Microsoft learn you create yourself a profile and then you go through and track your learnings as you go you get these experience points and so now this is what it looks like when you get your questions correct you actually technically get more points the first time you answer and you get them correct to be able to go off and to maximize and gamify your experience points and then here you would normally already be signed in that's why it's coming up with the error message at the bottom here saying continue or sign in to save your progress that's right because I don't think I am signed in because I didn't want to get points no one gets the answer saving progress for now my friend all right and then simply the 8 of 8 module is simply the summary which simply says hey we got our updates up and working it worked both for on-premises servers and cloud based servers they're now using Azure Update Management Service and talking to their WSUS servers as required you learned about how to set this all up you learned about what it looks like to configure alert rules as well as configure a schedule for deployments and then we kind of talked a little bit about some strategies behind making those schedule update deployments work for you inside your environment at a minimum go often try this in the free trial go often take a look at it inside of your environments target specific small machines if you need to like Pierre did create a resource group with a couple of different machines inside of it that are not being used in production that can be your starting test group just to get used to how to schedule updates and how to do different types of alerts again there's no cost for using the service there's only the cost for the size of the log analytics workspace and then we give you some more ideas for doing a tutorial for monitoring changes within virtual machines it also uses a log analytics workspace for doing change control in your configurations and we just went through the managing updates and patches for your Azure VM section that's kind of it my friend it is it's kind of it and if we go back to our deck and look we did learn how to describe enable and deploy those updates we have reviewed our update assessments and managed updates for our Azure VM by creating rules and alerts and so on so I think we did we did well in just a little over an hour yeah and again we really appreciated you spending some time with us live here today if you join us live if you're catching this on an on-demand version after the fact because these are available in a recorded format we have one more of these taking place next week we've already had about a half dozen or so that took place if you want to go off and try this the one for next week is going to be Mr. Thomas Maurer and myself talking about hybrid backup and recovery using Windows server and I as machines and that's going to be taking place at around noon Pacific time on December the 16th I tweeted out the link to the summary of all those different modules on the landing page you can follow that as well we have another quick one right here if you want to go and get a head start by going to ak.ms slash learn live dash h i s h dash episode 7 EP 7 that kind of just rolls off the tongue nice and easy to say but there's a QR code there you could scan if you want to get ready for that next one coming up with Thomas and myself I'm sure h i s h is an acronym for something but it escapes me right now implementing hybrid server hierarchy stuff I have to take a look at what that page was but anyway cool stuff my friend yeah yeah so Mr. Claus we will have we have time to take some questions from the chats if there are any because right now we are currently on the Microsoft developer Twitch we are on the it op stock switch we are in the Microsoft developer YouTubes and also in the it op stock YouTubes on top of learn TV right and so if you could just go ahead and use the chat mechanisms to ask us a question if you have anything I will again point out one thing that I really like about this update management piece because this has been around for a little while and they've refined it now to make it even more streamlined to use is the fact that it is and I hate using this term but it is so true a single pane of glass for doing updating across both Linux machines and Windows based machines to get a view of the compliance of your overall dm footprint both in azure and also on premises where you happen to have those different agents loaded down on the local on the local side of things yeah and if people are interesting interested in a bit of a deep dive into the azure update there was a great session that ignites so go back to your my ignite dot microsoft.com and look for the blueprint sessions I believe yes if you do a search for the title of blueprint files blueprint files will show one of them which was a discussion specifically on windows client updating services and how you can go through and look at all the different options for being able to get your windows machines your desktop machines updated that was with aria or nick her name on twitter is at sign aria updated she had a phenomenal whiteboard session talking about all the different variances of how you can go off and manage updates to your client based systems yep I got a question here for you pierre um Andrew is actually asking us on the youtube channel here is how do you balance your time between training and keep it on top of everything that goes on because he's finding it a bit hard to be able to do stuff do you have a strategy and you don't have to answer this as being someone on my team who is supposed to be updated all the time what do you do to stay up to date on things just out of curiosity what tools do you use well I use outlook funny enough because I block off a portion of my week maybe it's like a couple hours on a Friday afternoon or a Monday morning or something I block it off as a recurring email as a recurring meeting so that I don't get blocked off by other meetings or other people assigning me tasks in hint my boss nice sitting over here and I use that time to kind of review what's new and in some cases drill down into the some of the new stuff or even sometimes some of the old stuff that I haven't had time to really drill into however our job is a little different because it is our job to stay appraised of the new Fandango services that Azure provides on a regular basis yeah but it is a good strategy for anyone is just to block off a certain period of time make sure that your boss is okay with that but it's an easy business case to do with your with your management chain to say listen if I take two hours through three hours a week to learn about the new stuff that's going to benefit you in the long terms because now I'll know whether the value applies to our environment and therefore benefit the company as a whole yeah so making focus time on a regular basis you choose your frequency and your your mechanism for how you actually block that up the good thing is as Pierre mentioned is that you can also if something needs to come in because it's you know urgent and your hair is on fire you can still allow it to come into that particular blocked off time I don't have that problem yeah just just just taking the taking the proactive step of just acknowledging that this is a continuous learning thing that you have to do for life-flying learning so I do the same thing myself to be able to do that my time tends to get a bit encroached upon by others just like everybody else and then I have a trade-off to be able to do it and then I use believe it or not Microsoft learn as a starting point to be able to often try some different things in the Microsoft space but it's also important to also go and try other things other tools other environments as well to kind of broaden your horizons and be well rounded as well too but it all falls inside of this one amount of time I typically set aside an afternoon that works for my schedule one afternoon a week maybe every other week or so based on what's possible and I try to just simply move other meetings away from that time to be able to do it and then you know set myself up for success to be able to have a plan for what I want to study the week that's coming up and I share that with my manager to say hey next week I'm looking at log analytics and an Azure update and then schedule some time to go through the learn module and go through the documentation and then I'm a hands-on person I got to try it myself to go off and to try it Yep and somebody in the chat Janisq7 is asking whether or not you provide beer when needed while doing your your your learnings you got it so my flame flameproof hat my is a tillion durables t3 hats has been around for a very very long time it does keep my head warm and also keep the flames at bay in case things happen to go wrong and then for my evening routines I do happen to have a particular beverage of different types that are in use to be able to help with the learnings it's a knowledge-based lubricant I guess I will say that's a nice way of putting that got it but it only lubricates the first couple after that it's a knowledge inhibitor it comes a blocker at that point in time that's it for for what we have here you know what we don't have any other people asking any questions right now I just want to once again say thank you very much for joining us it's been a lot of fun doing this particular learning mechanism I want to say thank you Pierre for saving my demo but because of my video that would not play which was quite strange because I did do testing in case Oren's watching this and is going to give me grief for not testing my demos beforehand but I'm glad that you had the live environment that we could go off and play with instead got your back buddy got your back much appreciated but again tune in on the 16th for the final episode of this particular LearnLive series we're going to be talking about hybrid backup and restore it's going to be myself and Thomas Maurer going to be covering that one there and I want to say thank you Pierre for joining me for this one here and thank all of you for joining us for this 90 minutes of learning around update management and of course if you want to subscribe and like in whatever platform you're watching us on that way you'll be notified then next time we come on to give you another one of these wonderful episodes and with that I'm going to say hey producer guy roll the exit thank you very much and we'll catch you next week