Azure Virtual Machines
      Back to home
      1. Knowledge Base
      2. Azure Knowledge Base
      3. Azure Virtual Machines

      Automatic OS Upgrades Disabled

      Ensures that automatic operating system (OS) upgrades feature is enabled for all virtual machine scale sets.

      Risk Level: Medium

      Description

      This plugin ensures that the Azure Virtual Machine (VM) scale sets have the automatic operating system (OS) upgrades feature enabled. The automatic upgrade feature helps in keeping all the scale sets in your Azure subscriptions up-to-date with the latest versions by safely and automatically upgrading the OS disk as and when required. 

      About the Service

      Azure Virtual Machines:

      Azure Virtual Machines (VM) are one of several forms of scalable, on-demand computing resources offered by Azure. VMs are typically used when you require more control over the computing environment than the other options provide.  To know more, read here.

      Impact

      If the automatic OS upgrades feature is disabled then the user will have to manually apply the latest OS image to the scale set whenever it is published by the image publishers. This would require you to manually track all upgrades on a regular basis. 

      Steps to Reproduce

      Using Azure Console-

      1. Log In to your Azure Console.
      2. Navigate to the Home portal of the Azure Console and click on All services.
      3. Select Virtual machine scale sets under Compute to access all the virtual machine scale sets present in the directory. You can use this link here to navigate directly if you’re already logged in.
      4. In the list of Virtual Machine (VM) scale sets displayed, select a scale set you wish to investigate.
      5. From the navigation panel on the left side of the console, go to Upgrade policy in the Settings section.
      6. If the Upgrade mode is not set to Automatic, then the Automatic OS Upgrades feature is not enabled for the selected Azure virtual machine scale set.
      7. Repeat steps 4 to 6 for all the scale sets you want to investigate in the selected directory.
      8. If you have multiple directories, repeat steps 2 to 7 for each directory in your Azure Console. 

      Steps for Remediation

      Determine whether or not you truly require the automatic OS upgrades feature to be disabled. If not, make the necessary changes to enable it using the steps below.


      Using GCP Console-

      1. Log In to your Azure Console.
      2. Navigate to the Home portal of the Azure Console and click on All services.
      3. Select Virtual machine scale sets under Compute to access all the virtual machine scale sets present in the directory. You can use this link here to navigate directly if you’re already logged in.
      4. From the list of scale sets, choose the VM scale set you want to reconfigure. (In case you aren’t sure which one needs to be configured, follow the steps to reproduce listed above to determine which scale set to choose.)
      5. From the navigation panel on the left side of the console, go to Upgrade policy in the Settings section.


      6. Select the Automatic option from the drop-down available for Upgrade mode.


      7. Click Save to apply all the changes.
      8. Repeat steps 3 to 7 for all the VM scale sets you want to reconfigure in the selected directory.
      9. If you have multiple directories, repeat steps 2 to 8 for each directory in your Azure Console.

      Please feel free to reach out to support@pingsafe.ai with any questions that you may have.

      Thanks

      PingSafe Support