README.md

Azure Automation Account / Monthly deployment schedules

Configuration options

To set how far in the future (in months) to prepare deployment rings set variable $monthsToProvision

To set deployment rings populate tags to $deploymentRings hash table in format

<TagName> = <Time-Span for delayed deployment>

Example:

$deploymentRings = @{
    "GRP_USA_pw2A" = New-TimeSpan -Days 0
    "GRP_USA_pw3A" = New-TimeSpan -Days 7
}

Sample output

Deployment for next two months with two deploment rings with one week between them.

Info

Patch tuesday is calculated by a function from https://mulderfiles.nl/2017/12/28/determine-patch-tuesday-date-with-powershell/.

deploymentRings.ps1

<# https://mulderfiles.nl/2017/12/28/determine-patch-tuesday-date-with-powershell/ #>
Function Get-PatchTuesday {
  Param(
    [Parameter(Mandatory=$false,ValueFromPipeline=$true)] 
    [int]$Month = (Get-Date).Month,
    [Parameter(Mandatory=$false)]
    [int]$Year = (Get-Date).Year
  )
  Write-Verbose "Patch Tuesday Month                : $($Month)"
  Write-Verbose "Patch Tuesday Year                 : $($Year)"
  $FindNthDay = 2
  $WeekDay = "Tuesday"
  $WorkingDate = Get-Date -Month $Month -Year $Year
  $WorkingMonth = $WorkingDate.Month.ToString()
  $WorkingYear = $WorkingDate.Year.ToString()
  [datetime]$StrtMonth = $WorkingMonth + "/1/" + $WorkingYear
  while ($StrtMonth.DayofWeek -ine $WeekDay)
  {
    $StrtMonth = $StrtMonth.AddDays(1)
  }
  $PatchTuesday = $StrtMonth.AddDays(7*($FindNthDay-1))
  return $PatchTuesday
}

$monthsToProvision = 3
$subscriptionId = "e9d0d083-015e-41dd-bf36-ab3e031968f8"
$resourceGroup = @{
    ResourceGroupName = "DefaultResourceGroup-WEU"
    AutomationAccountName = "Automate-e9d0d083-015e-41dd-bf36-ab3e031968f8-WEU"
}

$deploymentRings = @{
    "GRP_USA_pw2A" = New-TimeSpan -Days 0
    "GRP_USA_pw3A" = New-TimeSpan -Days 7
}

for($i = 0; $i -lt $monthsToProvision; $i++) {
    $day = Get-Date
    $day = $day.AddMonths($i)

    $patchTuesday = (Get-PatchTuesday -Year $day.Year -Month $day.Month).AddDays(1)
    if($patchTuesday -le (Get-Date)) {
        continue
    }

    foreach($ringTag in $deploymentRings.Keys) {
        $NewQueryParams = $resourceGroup + @{
            Scope = "/subscriptions/$($subscriptionId)"
            Tag   = @{ TagName = $ringTag }
        }
        $Query = New-AzAutomationUpdateManagementAzureQuery @NewQueryParams
        
        # Schedule 
        $TimeZone = (Get-TimeZone -Id UTC).ID
        $StartTime = Get-Date -Year $patchTuesday.Year -Day $patchTuesday.Day -Month $patchTuesday.Month -Hour 6 -Minute 30
        $StartTime = $StartTime + $deploymentRings[$ringTag]
        
        $schedule = New-AzAutomationSchedule @ResourceGroup -Name "$($ringTag) $($patchTuesday.ToString('yyyy-MM'))" -StartTime $StartTime -TimeZone $TimeZone -OneTime 
        $UpdateParams = $ResourceGroup + @{
            Schedule                      = $schedule
            AzureQuery                    = $Query
            Duration                      = '04:00:00'
            IncludedUpdateClassification  = 'Critical', 'Security', 'Updates','FeaturePack','ServicePack','UpdateRollup'
            RebootSetting                 = "Always"
        }
        
        New-AzAutomationSoftwareUpdateConfiguration -Windows @UpdateParams 
    }
}