Compute Virtual Machines premium

Automatic OS image upgrade

Automatic OS image upgrade lets Azure update the operating system image used by a virtual machine scale set as new image versions are published. In plain terms, instead of manually replacing every instance, the scale set can roll newer OS disks across the fleet in batches. It helps keep Windows and Linux scale-out workers current. The feature is strongest when instances are stateless, health checks are meaningful, and applications can tolerate rolling replacement. It is not a substitute for patch governance or application testing.

Back to glossary browser Open Microsoft Learn source
Aliases
VMSS automatic OS image upgrade, automatic OS upgrade, scale set automatic image upgrade, enable-auto-os-upgrade
Difficulty
intermediate
CLI mappings
4
Last verified
2026-05-10T00:00:00Z

Microsoft Learn

Automatic OS image upgrade lets Azure update the operating system image used by a virtual machine scale set as new image versions are published. Microsoft Learn places it in Automatic OS image upgrades with Azure Virtual Machine Scale Sets; operators confirm scope, configuration, dependencies, and production impact.

Microsoft Learn: Automatic OS image upgrades with Azure Virtual Machine Scale Sets2026-05-10T00:00:00Z

Technical context

Technically, automatic OS image upgrade is configured on the scale set model through the automaticOSUpgradePolicy enableAutomaticOSUpgrade setting or Azure CLI flags. When a new eligible image version is available and replicated to the region, Azure upgrades instances in a rolling manner. The process integrates with application health probes and the Application Health extension. Upgrade policy mode and automatic OS image upgrade policy are separate concerns. Custom image scenarios can use Azure Compute Gallery. Existing instances may need to be brought to the latest scale set model.

Why it matters

Automatic OS image upgrade matters because fleets drift when every image update requires manual coordination. Old images can carry security exposure, inconsistent libraries, and operational surprises. Scale sets are designed for replaceable capacity, so rolling image upgrades fit the model when applications are stateless and health-aware. The feature reduces repetitive maintenance while preserving availability through batch rollout. It also creates a cleaner story for compliance evidence: the fleet follows approved image versions rather than forgotten instances. The danger is enabling it before health checks, rollback, custom extensions, and workload readiness are proven. The safest teams document the owner, expected signal, rollout boundary, and rollback path for Automatic OS image upgrade before production use.

Where you see it

Signals, screens, and Azure surfaces where this term usually becomes operational.

Signal 01

You see automatic OS image upgrade in VM scale set upgrade policy settings where enableAutomaticOSUpgrade controls image rollout behavior. during governance review and incident response.

Signal 02

It appears in compute fleet maintenance plans that rely on rolling batches, health probes, and replaceable instances for safe updates. during governance review and incident response.

Signal 03

It shows up in security reviews when teams need evidence that scale set instances follow current platform or gallery images. during governance review and incident response.

When this becomes relevant

Specific situations where this term helps solve real Azure design, operations, migration, security, reliability, cost, or governance problems.

  • Keep VM scale set workers current with platform image updates.
  • Reduce manual image maintenance for stateless compute fleets.
  • Support security compliance by standardizing image rollout behavior.
  • Use canary scale sets or regions before enabling automated rollout broadly.

Real-world case studies

Different enterprise-style examples that show the term being used to hit measurable objectives.

Case study 01

Automatic OS image upgrade in action

Scenario, objectives, solution, measured impact, and takeaway.

Scenario

StoneRiver Payments ran a VM scale set of stateless fraud-scoring workers and spent one weekend each month manually replacing OS images.

Business/Technical Objectives
  • Reduce manual image-maintenance windows.
  • Keep workers current with approved platform images.
  • Preserve fraud-scoring availability during rollout.
  • Create auditable upgrade evidence.
Solution Using Automatic OS image upgrade

The compute team enabled automatic OS image upgrade on the VM scale set with rolling upgrade behavior and the Application Health extension. The fraud-scoring service already ran statelessly behind a load balancer, so instances could be replaced in batches. Azure CLI checks captured scale set model settings, instance health, and latest model status before and after rollout. A canary scale set received image updates first, and production only enabled the policy after startup scripts, extensions, and scoring latency passed validation. Runbooks documented rollback and capacity headroom requirements. The team also documented owners, review cadence, rollback steps, acceptance criteria, and the evidence operators should collect during the next production review.

Results & Business Impact
  • Monthly manual maintenance effort dropped from 18 hours to three hours of review.
  • Image compliance across fraud workers reached 99% within two rollout cycles.
  • No scoring outage occurred during rolling replacement.
  • Security audit evidence was produced from CLI exports instead of manual screenshots.
Key Takeaway for Glossary Readers

Automatic OS image upgrade is strongest for stateless scale sets with real health checks and enough capacity for rolling replacement.

Case study 02

Automatic OS image upgrade in action

Scenario, objectives, solution, measured impact, and takeaway.

Scenario

GreenForge Manufacturing used custom gallery images for plant-floor processing agents and struggled to roll patched images across regions.

Business/Technical Objectives
  • Roll approved gallery image versions safely.
  • Control regional rollout order.
  • Detect unhealthy agents before too many instances upgraded.
  • Reduce unpatched image exposure.
Solution Using Automatic OS image upgrade

Architects published hardened images through Azure Compute Gallery and replicated new versions region by region. VM scale sets used automatic OS image upgrade so each plant received the latest replicated image in rolling batches. Health probes validated agent connectivity to local event gateways before the next batch proceeded. Azure CLI reports showed image reference, upgrade policy, and instance health for each region. A pilot plant received every image first, and the team delayed replication to larger regions until the pilot completed twenty-four hours without errors. The team also documented owners, review cadence, rollback steps, acceptance criteria, and the evidence operators should collect during the next production review.

Results & Business Impact
  • Average time to deploy patched images across plants dropped from 21 days to five days.
  • Unhealthy-agent detection stopped one flawed image before broad replication.
  • Regional rollout evidence became available within minutes.
  • Unpatched exposure hours fell by 72% quarter over quarter.
Key Takeaway for Glossary Readers

Automatic image upgrades can support custom-image governance when gallery replication, canaries, and health checks are part of the design.

Case study 03

Automatic OS image upgrade in action

Scenario, objectives, solution, measured impact, and takeaway.

Scenario

Northstar Learning hosted exam-processing workers on Linux scale sets and needed a safer way to consume publisher image updates.

Business/Technical Objectives
  • Apply newer Linux images without full-fleet downtime.
  • Keep exam processing within a fifteen-minute backlog target.
  • Verify extension compatibility before production rollout.
  • Document rollback steps for operations.
Solution Using Automatic OS image upgrade

The platform team created a staging scale set that mirrored production extensions, managed identity, and startup scripts. Automatic OS image upgrade was enabled there first, with synthetic exam jobs validating package dependencies and upload paths. After two successful image updates, production scale sets were configured with rolling upgrades and health probes. Azure CLI runbooks checked instance view, latest model alignment, and failed extension statuses. During exam windows, operators could pause rollout by disabling the policy and manually controlling capacity. The team also documented owners, review cadence, rollback steps, acceptance criteria, and the evidence operators should collect during the next production review. Those notes made the pattern reusable for adjacent teams without turning the case into a one-off hero effort.

Results & Business Impact
  • Exam backlog stayed below eleven minutes during the first production image rollout.
  • Extension-related failures were caught in staging before production.
  • Manual image update tickets dropped by 80%.
  • Operations completed rollback drills in under ten minutes.
Key Takeaway for Glossary Readers

Automatic OS image upgrade reduces maintenance risk when staging parity and workload-specific health signals are taken seriously.

Why use Azure CLI for this?

Azure CLI is useful for automatic OS image upgrade because scale set upgrade posture must be visible across fleets. Use CLI to show the current scale set model, enable automatic OS upgrades, inspect instance health, and verify whether instances are on the latest model. The commands help separate image rollout issues from application failures or extension failures. CLI evidence is especially valuable for security and platform reviews, where teams need to prove which fleets are automated and which still require manual image management.

CLI use cases

  • Enable automatic OS image upgrade on a VM scale set with rolling upgrade behavior.
  • Show scale set model settings to confirm whether automatic image upgrades are configured.
  • Inspect instance view and latest model status after a new image rollout.
  • Support compliance reviews by exporting scale sets that do or do not use automatic OS image upgrades.

Before you run CLI

  • Confirm the scale set is stateless or safely replaceable during rolling instance upgrades.
  • Verify health probes or the Application Health extension represent real application readiness.
  • Review image source, region replication, extension behavior, and rollback expectations.
  • Make sure capacity headroom is sufficient for batch replacement without violating service objectives.

What output tells you

  • Scale set model output shows whether automatic OS image upgrade is enabled.
  • Instance view output shows health, provisioning state, and whether instances are aligned with the latest model.
  • Rolling upgrade output helps identify failed batches, paused rollouts, or unhealthy instances.
  • Image reference information connects the fleet to the platform or gallery image version being applied.

Mapped Azure CLI commands

Vm operations

direct
az vm list --resource-group <resource-group>
az vmdiscoverCompute
read-only Microsoft docs
az vm show --name <vm-name> --resource-group <resource-group>
az vmdiscoverCompute
read-only Microsoft docs
az vm create --name <vm-name> --resource-group <resource-group> --image <image>
az vmprovisionCompute
cost-impacting Microsoft docs
az vm start --name <vm-name> --resource-group <resource-group>
az vmoperateCompute
mutating Microsoft docs
az vm stop --name <vm-name> --resource-group <resource-group>
az vmoperateCompute
mutating Microsoft docs

Architecture context

Technically, automatic OS image upgrade is configured on the scale set model through the automaticOSUpgradePolicy enableAutomaticOSUpgrade setting or Azure CLI flags. When a new eligible image version is available and replicated to the region, Azure upgrades instances in a rolling manner. The process integrates with application health probes and the Application Health extension. Upgrade policy mode and automatic OS image upgrade policy are separate concerns. Custom image scenarios can use Azure Compute Gallery. Existing instances may need to be brought to the latest scale set model.

Security

Security benefits come from reducing the window in which scale set instances run outdated OS images. New platform images may include security fixes, hardened defaults, and vendor updates. Still, automatic upgrade must be governed. Operators should know which publishers and image versions are trusted, how custom images are validated, and whether extensions or bootstrap scripts introduce risk. Managed identities, disk encryption, network exposure, and extension permissions remain separate controls. A compromised build pipeline or unhealthy custom image can spread through automation, so image approval, staged rollout, and health validation are essential. The safest teams document the owner, expected signal, rollout boundary, and rollback path for Automatic OS image upgrade before production use.

Cost

Cost impact is usually positive when automation replaces manual patch windows and reduces emergency remediation, but there are tradeoffs. Rolling upgrades may require temporary capacity headroom so the service remains available while instances are replaced. Failed upgrades can leave unhealthy instances, extra troubleshooting time, or repeated redeployments. Custom image pipelines and gallery replication also have costs. Teams should budget for canary environments, monitoring, and validation rather than treating the feature as free maintenance. The biggest savings come from standardizing image governance across many scale sets instead of fixing drift one fleet at a time. The safest teams document the owner, expected signal, rollout boundary, and rollback path for Automatic OS image upgrade before production use.

Reliability

Reliability depends on rolling behavior and health signals. Automatic OS image upgrade can preserve service availability by updating batches instead of replacing the whole scale set at once. That only works if load balancing, health probes, application readiness, and capacity headroom are correct. Stateful workloads, local disk dependencies, fragile startup scripts, and slow extension provisioning can cause outages during replacement. Test the rollout on a smaller scale set or canary region, monitor instance health, and validate rollback procedures. The feature should make routine maintenance boring, not turn every image release into a surprise. The safest teams document the owner, expected signal, rollout boundary, and rollback path for Automatic OS image upgrade before production use.

Performance

Performance can improve when newer OS images include kernel, driver, runtime, or security updates, but upgrades can also expose regressions. Rolling replacement temporarily changes fleet composition, cache warmth, and available capacity. Applications should be measured for startup time, readiness, CPU, memory, disk, network, and dependency latency before and after image changes. Keep enough instances available during upgrade batches to maintain throughput. If performance drops after a new image, compare canary results, instance view, extension logs, and application metrics. Automation should accelerate safe updates, not bypass performance validation. The safest teams document the owner, expected signal, rollout boundary, and rollback path for Automatic OS image upgrade before production use.

Operations

Operationally, automatic OS image upgrade needs ownership across platform, security, and application teams. Document image source, scale set model, health extension, batch behavior, maintenance windows, and rollback process. Operators should inspect upgrade status, instance view, latest model state, and failed instance details. Release calendars should include image publisher cadence and custom gallery replication timing. During incidents, determine whether failures came from the new image, extension sequencing, application startup, or regional replication. Keep commands and dashboards ready before enabling the feature broadly across production fleets. The safest teams document the owner, expected signal, rollout boundary, and rollback path for Automatic OS image upgrade before production use.

Common mistakes

  • Enabling automatic upgrades on stateful workloads that cannot tolerate instance replacement.
  • Using weak or missing health probes, so Azure cannot judge whether a batch is safe.
  • Confusing upgrade policy mode with the separate automatic OS image upgrade policy.
  • Forgetting custom image replication, extension sequencing, or startup scripts during rollout planning.