# Deploy the Azure automation runbooks There are two runbooks to deploy in your Azure automation account - the summarizer and the trend processor. {% hint style="warning" %} Before running the Azure automation runbooks for the first time, make sure you already have some data from your workstations in your log analytics workspace, otherwise the runbooks will fail. Check the **Logs > Custom logs** section in your workspace for the presence of the **SU\_\*** custom logs. {% endhint %} ## Deploy the summarizer runbook The software updates summarizer runbook does the following: * Gathers additional Windows update-related information from public Microsoft sources to aid in the compliance calculations and error reporting * Summarizes the latest available software updates data from your workstations by calculating compliance against the most recent cumulative updates * Determines the current support status of your workstations * Posts the resulting summary data back to the log analytics workspace for the Power BI report to consume ### Download Download the runbook from here: {% embed url="" %} ### Set variables Open the runbook script for editing and set 4 variables at the top of the script:

**$ResourceGroupName** Enter the name of the resource group containing your log analytics workspace. **$WorkspaceName** Enter the name of the log analytics workspace. **$WorkspaceID** Enter the Workspace ID of your log analytics workspace. **$PrimaryKey** Enter the primary key for your log analytics workspace. {% hint style="warning" %} If you rotate / regenerate the workspace keys, remember to update the runbook. {% endhint %} {% hint style="success" %} If you prefer, you can use [encrypted variables](https://learn.microsoft.com/en-us/azure/automation/shared-resources/variables?tabs=azure-powershell) to store these values rather than adding them in clear text to the runbook script. {% endhint %} ### First run edits For the first execution of this runbook, you should **comment out** a couple of lines in the script to allow the runbook to retrieve Windows update and Windows setup error codes from Microsoft. On lines **894**, **895** and **937**, add a hash (#) to the beginning of the lines to comment them out, eg: (the code region is collapsed in this example)

After the first run, you can remove these hashes to allow the code section to execute only on the appropriate days. The reason this code only runs on day 7 or day 21 of the month is simply to prevent the obtained data from ageing out of the workspace. The data rarely changes so there is no need to run this code with every execution of the runbook. {% hint style="warning" %} Be sure to **uncomment** those lines again after the first run! {% endhint %} ### Create the runbook * In your Azure automation account, go to **Process Automation > Runbooks**. * Click **Import a runbook** * Use the option **Browse for file** against **Upload a runbook file** * Click the folder icon to browse for the runbook file * For the **Runbook type**, select **PowerShell** * For the **Runtime version**, select **5.1** * Enter a description if desired

Click **Import**, then **Publish** to publish the runbook. ### Start the Runbook {% hint style="warning" %} The first execution of this runbook will result in the error below. This is an expected error, so do not worry! The reason is that the log analytics query is referencing tables that have only just been created seconds ago by the script, and it takes time for the data to be ingested into the workspace. After the first execution, wait at least 5-10 minutes then execute the runbook again. There should be no further errors once the new data has been ingested. {% endhint %}

Execute the runbook for the first time by clicking **Start**. In the job view that appears, click the **All Logs** tab. Once the runbook has completed, you'll see results similar to below which includes the query statistics.

### Schedule the runbook Now you can schedule the runbook to execute at regular intervals. The interval you choose depends on: * How often you want compliance data to be refreshed * How many devices are reporting in (ie volume of data) In an environment with close to 9000 devices, I run this every 4 hours. The beauty is that you are in control here. For example, immediately after so-called 'patch Tuesday' you could run this more frequently to provide more timely updates on device compliance. Later in the month, you could reduce the frequency when a majority of devices are updated and data freshness may be less important. * In the automation runbook, click **Link to schedule** * Select the **Schedule (Link a schedule to your runbook)** option in the next pane * Click **Add a schedule** * Enter your schedule parameters. In the example below, I am creating a schedule starting at 02:00 and repeating indefinitely every 4 hours.

* Click **Create**, then **OK** to set the schedule. ## Deploy the trend processor runbook The trend processor summarizes current data for cumulative and feature update compliance and posts this data into separate tables in the log analytics workspace. This is done to offload the processing of trend data from the Power BI report queries as it can consume significant resources over longer time periods. ### Download Download the trend processor runbook from here. {% embed url="" %} ### Set variables As you did for the first runbook, open this runbook for editing and set 4 variables at the top of the script:

**$ResourceGroupName** Enter the name of the resource group containing your log analytics workspace. **$WorkspaceName** Enter the name of the log analytics workspace. **$WorkspaceID** Enter the workspaceID of your log analytics workspace. **$PrimaryKey** Enter the primary key for your log analytics workspace. {% hint style="warning" %} If you rotate / regenerate the workspace keys, remember to update the runbook. {% endhint %} {% hint style="success" %} If you prefer, you can use [encrypted variables](https://learn.microsoft.com/en-us/azure/automation/shared-resources/variables?tabs=azure-powershell) to store these values rather than adding them in clear text in the runbook script. {% endhint %} ### Create the runbook * In your Azure automation account, go to **Process Automation > Runbooks**. * Click **Import a runbook** * Use the option **Browse for file** against **Upload a runbook file** * Click the folder icon to browse for the runbook file * For the **Runbook type**, select **PowerShell** * For the **Runtime version**, select **5.1** * Enter a description if desired

Click **Import**, then **Publish** to publish the runbook. ### Start the runbook {% hint style="warning" %} The timing for executing this runbook is important as it depends on the data created by the previous runbook. Wait at least 5-10 minutes after the first runbook has completed before starting this one to allow time for the data to be ingested into the workspace. {% endhint %} Execute the runbook for the first time by clicking **Start**. In the job view that appears, click the **All Logs** tab. Once the runbook has completed, you'll see results similar to below which includes the query statistics.

### Schedule the runbook Now you can schedule the runbook to execute at regular intervals. The interval you choose depends on: * How often you want trend data points * How frequently you are running the summarizer runbook {% hint style="warning" %} As already mentioned, the timing for executing this runbook is important as it depends on data that has been created by the summarizer runbook. You should ideally schedule this to run at least 5-10 minutes after the summarizer runbook has completed to allow time for data ingestion. Schedule this to run after every execution of the summarizer runbook. {% endhint %} I run this every 4 hours, and 30 minutes after the start time of the summarizer runbook to allow ample time for data ingestion to complete. You could run it *less* frequently, but not *more* frequently than the schedule of the summarizer runbook otherwise you'll not be adding any new data. * In the automation runbook, click **Link to schedule** * Select the **Schedule (Link a schedule to your runbook)** option in the next pane * Click **Add a schedule** * Enter your schedule parameters. In the example below, I am creating a schedule starting at 02:30 and repeating indefinitely every 4 hours.

Click **Create**, then **OK** to set the schedule. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.smsagent.blog/microsoft-endpoint-manager-reporting/windows-update-for-business-custom-reporting/deploy-the-solution/deploy-the-azure-automation-runbooks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.