MicrosoftDocs / azure-docs

Open source documentation of Microsoft Azure
https://docs.microsoft.com/azure
Creative Commons Attribution 4.0 International
10.31k stars 21.5k forks source link

WUA Agent > Compliance Scan - which Agent for Linux? #120414

Closed CodussMaximus closed 9 months ago

CodussMaximus commented 9 months ago

[

Windows: WUA Agent, for Windows and states a compliance scan schedule.

Linux: What agent is the compliance scan schedule run under?

]


Document Details

Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

SaibabaBalapur-MSFT commented 9 months ago

@CodingMaximus Thanks for your feedback! We will investigate and update as appropriate.

AnuragSingh-MSFT commented 9 months ago

@CodingMaximus, thank you for this query.

For Linux, the "Log Analytics agent" (omsagent) installed as part of onboarding to Azure Automation Update management is used to query for updates. This is done by OMSagent using the available package manager depending on the OS (Yum, APT) to query and apply updates. For more details, see the image and table available here - About Update Management

Hope this helps. Please let me know if you have any questions.

CodussMaximus commented 9 months ago

Thank you, but I can't see where the OMSagent plays a part. But no need to worry, we'll use Update Manager instead.

AnuragSingh-MSFT commented 9 months ago

@CodingMaximus, thank you for the reply. Migrating to Update Manager is definitely the current recommendation as Azure Automation Update Management will retire on 31 August 2024.

Regarding your question about OMSAgent - In the legacy solution for updates using Azure Automation Update Management, when Azure Automation account is connected to LA workspace, a solution pack (Updates solution) gets deployed to LA workspace. If it is deployed, it is available under the "Legacy solutions" menu of the LA workspace. This solution contains add-on rules which trigger the update query on the machine and report it to LA workspace - this part is done by OMSagent itself, which downloads the new configuration, runs those rules, collects update information and reports it to LA workspace. The actual installation is triggered using the "Runbook Worker", for details see Runbook Worker types.

Hope this helps.