az vm list --resource-group <resource-group>Automatic OS image upgrade
Automatic OS image upgrade lets Azure update the operating system image used by a virtual machine scale set as new image versions are published. In plain terms, instead of manually replacing every instance, the scale set can roll newer OS disks across the fleet in batches. It helps keep Windows and Linux scale-out workers current. The.
Source: Microsoft Learn - Automatic OS image upgrades with Azure Virtual Machine Scale Sets Reviewed 2026-05-10T00:00:00Z
- Exam trap
- Enabling automatic upgrades on stateful workloads that cannot tolerate instance replacement.
- Production check
- Show the scale set and confirm enableAutomaticOSUpgrade is true where intended.
Article details and learning context
- Aliases
- VMSS automatic OS image upgrade, automatic OS upgrade, scale set automatic image upgrade, enable-auto-os-upgrade
- Difficulty
- intermediate
- CLI mappings
- 4
- Last verified
- 2026-05-10T00:00:00Z
Understand the concept
In plain English
Automatic OS image upgrade lets Azure update the operating system image used by a virtual machine scale set as new image versions are published. In plain terms, instead of manually replacing every instance, the scale set can roll newer OS disks across the fleet in batches. It helps keep Windows and Linux scale-out workers current. The feature is strongest when instances are stateless, health checks are meaningful, and applications can tolerate rolling replacement. It is not a substitute for patch governance or application testing.
Why it matters
Automatic OS image upgrade matters because fleets drift when every image update requires manual coordination. Old images can carry security exposure, inconsistent libraries, and operational surprises. Scale sets are designed for replaceable capacity, so rolling image upgrades fit the model when applications are stateless and health-aware. The feature reduces repetitive maintenance while preserving availability through batch rollout. It also creates a cleaner story for compliance evidence: the fleet follows approved image versions rather than forgotten instances. The danger is enabling it before health checks, rollback, custom extensions, and workload readiness are proven. The safest teams document the owner, expected signal, rollout boundary, and rollback path for Automatic OS image upgrade before production use.
Official wording and source
Automatic OS image upgrade lets Azure update the operating system image used by a virtual machine scale set as new image versions are published. Microsoft Learn places it in Automatic OS image upgrades with Azure Virtual Machine Scale Sets; operators confirm scope, configuration, dependencies, and production impact.
Technical context
Technically, automatic OS image upgrade is configured on the scale set model through the automaticOSUpgradePolicy enableAutomaticOSUpgrade setting or Azure CLI flags. When a new eligible image version is available and replicated to the region, Azure upgrades instances in a rolling manner. The process integrates with application health probes and the Application Health extension. Upgrade policy mode and automatic OS image upgrade policy are separate concerns. Custom image scenarios can use Azure Compute Gallery. Existing instances may need to be brought to the latest scale set model.
Exam context
Where it is used
Where you see it
- You see automatic OS image upgrade in VM scale set upgrade policy settings where enableAutomaticOSUpgrade controls image rollout behavior. during governance review and incident response.
- It appears in compute fleet maintenance plans that rely on rolling batches, health probes, and replaceable instances for safe updates. during governance review and incident response.
- It shows up in security reviews when teams need evidence that scale set instances follow current platform or gallery images. during governance review and incident response.
Common situations
- Keep VM scale set workers current with platform image updates.
- Reduce manual image maintenance for stateless compute fleets.
- Support security compliance by standardizing image rollout behavior.
- Use canary scale sets or regions before enabling automated rollout broadly.
Illustrative Azure scenarios
These examples show how the concept can affect design and operations. They are illustrative scenarios, not customer claims.
Scenario 01 Automatic OS image upgrade in action Scenario, objectives, solution, measured impact, and takeaway.
StoneRiver Payments ran a VM scale set of stateless fraud-scoring workers and spent one weekend each month manually replacing OS images.
- Reduce manual image-maintenance windows.
- Keep workers current with approved platform images.
- Preserve fraud-scoring availability during rollout.
- Create auditable upgrade evidence.
The compute team enabled automatic OS image upgrade on the VM scale set with rolling upgrade behavior and the Application Health extension. The fraud-scoring service already ran statelessly behind a load balancer, so instances could be replaced in batches. Azure CLI checks captured scale set model settings, instance health, and latest model status before and after rollout. A canary scale set received image updates first, and production only enabled the policy after startup scripts, extensions, and scoring latency passed validation. Runbooks documented rollback and capacity headroom requirements. The team also documented owners, review cadence, rollback steps, acceptance criteria, and the evidence operators should collect during the next production review.
- Monthly manual maintenance effort dropped from 18 hours to three hours of review.
- Image compliance across fraud workers reached 99% within two rollout cycles.
- No scoring outage occurred during rolling replacement.
- Security audit evidence was produced from CLI exports instead of manual screenshots.
Automatic OS image upgrade is strongest for stateless scale sets with real health checks and enough capacity for rolling replacement.
Scenario 02 Automatic OS image upgrade in action Scenario, objectives, solution, measured impact, and takeaway.
GreenForge Manufacturing used custom gallery images for plant-floor processing agents and struggled to roll patched images across regions.
- Roll approved gallery image versions safely.
- Control regional rollout order.
- Detect unhealthy agents before too many instances upgraded.
- Reduce unpatched image exposure.
Architects published hardened images through Azure Compute Gallery and replicated new versions region by region. VM scale sets used automatic OS image upgrade so each plant received the latest replicated image in rolling batches. Health probes validated agent connectivity to local event gateways before the next batch proceeded. Azure CLI reports showed image reference, upgrade policy, and instance health for each region. A pilot plant received every image first, and the team delayed replication to larger regions until the pilot completed twenty-four hours without errors. The team also documented owners, review cadence, rollback steps, acceptance criteria, and the evidence operators should collect during the next production review.
- Average time to deploy patched images across plants dropped from 21 days to five days.
- Unhealthy-agent detection stopped one flawed image before broad replication.
- Regional rollout evidence became available within minutes.
- Unpatched exposure hours fell by 72% quarter over quarter.
Automatic image upgrades can support custom-image governance when gallery replication, canaries, and health checks are part of the design.
Scenario 03 Automatic OS image upgrade in action Scenario, objectives, solution, measured impact, and takeaway.
Northstar Learning hosted exam-processing workers on Linux scale sets and needed a safer way to consume publisher image updates.
- Apply newer Linux images without full-fleet downtime.
- Keep exam processing within a fifteen-minute backlog target.
- Verify extension compatibility before production rollout.
- Document rollback steps for operations.
The platform team created a staging scale set that mirrored production extensions, managed identity, and startup scripts. Automatic OS image upgrade was enabled there first, with synthetic exam jobs validating package dependencies and upload paths. After two successful image updates, production scale sets were configured with rolling upgrades and health probes. Azure CLI runbooks checked instance view, latest model alignment, and failed extension statuses. During exam windows, operators could pause rollout by disabling the policy and manually controlling capacity. The team also documented owners, review cadence, rollback steps, acceptance criteria, and the evidence operators should collect during the next production review. Those notes made the pattern reusable for adjacent teams without turning the case into a one-off hero effort.
- Exam backlog stayed below eleven minutes during the first production image rollout.
- Extension-related failures were caught in staging before production.
- Manual image update tickets dropped by 80%.
- Operations completed rollback drills in under ten minutes.
Automatic OS image upgrade reduces maintenance risk when staging parity and workload-specific health signals are taken seriously.
Azure CLI
Azure CLI is useful for automatic OS image upgrade because scale set upgrade posture must be visible across fleets. Use CLI to show the current scale set model, enable automatic OS upgrades, inspect instance health, and verify whether instances are on the latest model. The commands help separate image rollout issues from application failures or extension failures. CLI evidence is especially valuable for security and platform reviews, where teams need to prove which fleets are automated and which still require manual image management.
Useful for
- Enable automatic OS image upgrade on a VM scale set with rolling upgrade behavior.
- Show scale set model settings to confirm whether automatic image upgrades are configured.
- Inspect instance view and latest model status after a new image rollout.
- Support compliance reviews by exporting scale sets that do or do not use automatic OS image upgrades.
Before you run a command
- Confirm the scale set is stateless or safely replaceable during rolling instance upgrades.
- Verify health probes or the Application Health extension represent real application readiness.
- Review image source, region replication, extension behavior, and rollback expectations.
- Make sure capacity headroom is sufficient for batch replacement without violating service objectives.
What the output tells you
- Scale set model output shows whether automatic OS image upgrade is enabled.
- Instance view output shows health, provisioning state, and whether instances are aligned with the latest model.
- Rolling upgrade output helps identify failed batches, paused rollouts, or unhealthy instances.
- Image reference information connects the fleet to the platform or gallery image version being applied.
Mapped commands
Vm operations
directaz vm show --name <vm-name> --resource-group <resource-group>az vm create --name <vm-name> --resource-group <resource-group> --image <image>az vm start --name <vm-name> --resource-group <resource-group>az vm stop --name <vm-name> --resource-group <resource-group>Architecture context
Technically, automatic OS image upgrade is configured on the scale set model through the automaticOSUpgradePolicy enableAutomaticOSUpgrade setting or Azure CLI flags. When a new eligible image version is available and replicated to the region, Azure upgrades instances in a rolling manner. The process integrates with application health probes and the Application Health extension. Upgrade policy mode and automatic OS image upgrade policy are separate concerns. Custom image scenarios can use Azure Compute Gallery. Existing instances may need to be brought to the latest scale set model.
- Security
- Security benefits come from reducing the window in which scale set instances run outdated OS images. New platform images may include security fixes, hardened defaults, and vendor updates. Still, automatic upgrade must be governed. Operators should know which publishers and image versions are trusted, how custom images are validated, and whether extensions or bootstrap scripts introduce risk. Managed identities, disk encryption, network exposure, and extension permissions remain separate controls. A compromised build pipeline or unhealthy custom image can spread through automation, so image approval, staged rollout, and health validation are essential. The safest teams document the owner, expected signal, rollout boundary, and rollback path for Automatic OS image upgrade before production use.
- Cost
- Cost impact is usually positive when automation replaces manual patch windows and reduces emergency remediation, but there are tradeoffs. Rolling upgrades may require temporary capacity headroom so the service remains available while instances are replaced. Failed upgrades can leave unhealthy instances, extra troubleshooting time, or repeated redeployments. Custom image pipelines and gallery replication also have costs. Teams should budget for canary environments, monitoring, and validation rather than treating the feature as free maintenance. The biggest savings come from standardizing image governance across many scale sets instead of fixing drift one fleet at a time. The safest teams document the owner, expected signal, rollout boundary, and rollback path for Automatic OS image upgrade before production use.
- Reliability
- Reliability depends on rolling behavior and health signals. Automatic OS image upgrade can preserve service availability by updating batches instead of replacing the whole scale set at once. That only works if load balancing, health probes, application readiness, and capacity headroom are correct. Stateful workloads, local disk dependencies, fragile startup scripts, and slow extension provisioning can cause outages during replacement. Test the rollout on a smaller scale set or canary region, monitor instance health, and validate rollback procedures. The feature should make routine maintenance boring, not turn every image release into a surprise. The safest teams document the owner, expected signal, rollout boundary, and rollback path for Automatic OS image upgrade before production use.
- Performance
- Performance can improve when newer OS images include kernel, driver, runtime, or security updates, but upgrades can also expose regressions. Rolling replacement temporarily changes fleet composition, cache warmth, and available capacity. Applications should be measured for startup time, readiness, CPU, memory, disk, network, and dependency latency before and after image changes. Keep enough instances available during upgrade batches to maintain throughput. If performance drops after a new image, compare canary results, instance view, extension logs, and application metrics. Automation should accelerate safe updates, not bypass performance validation. The safest teams document the owner, expected signal, rollout boundary, and rollback path for Automatic OS image upgrade before production use.
- Operations
- Operationally, automatic OS image upgrade needs ownership across platform, security, and application teams. Document image source, scale set model, health extension, batch behavior, maintenance windows, and rollback process. Operators should inspect upgrade status, instance view, latest model state, and failed instance details. Release calendars should include image publisher cadence and custom gallery replication timing. During incidents, determine whether failures came from the new image, extension sequencing, application startup, or regional replication. Keep commands and dashboards ready before enabling the feature broadly across production fleets. The safest teams document the owner, expected signal, rollout boundary, and rollback path for Automatic OS image upgrade before production use.
Common mistakes
- Enabling automatic upgrades on stateful workloads that cannot tolerate instance replacement.
- Using weak or missing health probes, so Azure cannot judge whether a batch is safe.
- Confusing upgrade policy mode with the separate automatic OS image upgrade policy.
- Forgetting custom image replication, extension sequencing, or startup scripts during rollout planning.