Ensure that operating system (OS) upgrades are automatically applied to your Microsoft Azure virtual machine scale sets when a newer version of the OS image is released by the image publishers. Automatic OS Upgrades feature supports both Windows and Linux images, and can be enabled for all virtual machine sizes. An automatic OS upgrade works by replacing the boot (OS) disk of a virtual machine instance running within a scale set with a new disk created using the latest image version available. Any configured extensions and custom data scripts are run on the OS disk, while persisted data disks are retained. To minimize the application downtime, the upgrades take place in multiple batches, with a maximum of 20% of the scale set upgrading at any time.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
Enabling automatic OS image upgrades for your VM scale sets can help ease the update management by safely and securely upgrading the instance OS disks. With automatic OS upgrades enabled, you don't have to manually manage image updates on your scale set. The Azure OS upgrade orchestrator will automatically apply the latest available image version to your virtual machine scale set instances without any manual intervention.
Note: The OS platform images currently supported by the feature are listed at this URL.
To determine if Automatic OS Upgrades feature is enabled for your Azure virtual machine scale sets, perform the following operations:
Remediation / Resolution
To enable automatic OS image upgrades for your Microsoft Azure virtual machine scale sets, perform the following operations:
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Enable Automatic OS Upgrades
Risk level: Medium