This is an example script for Update Management pre/post actions. It requires the ThreadJobs module. starts VMs which aren't currently running to install updates. It can be used in conjunction with UpdateManagement-TurnOffVMs to turn off the machines which were started.
As per the article: https://learn.microsoft.com/en-us/azure/automation/shared-resources/variables?tabs=azure-powershell A Microsoft Defender for Cloud recommendation is to encrypt all Azure Automation variables as described in Automation account variables should be encrypted. Would it be possible to encrypt the automation variables? We are using this script as-is, which is causing us a compliance issue. Is it as simple as amending line 173 -Encrypted $false to $true? Would that have any impact on update-management-turn-off-vms?