More Info:

Ensure that unhealthy virtual machine instances are automatically deleted from the scale sets and new ones are created, using the latest instance model settings. Automatic Instance Repairs feature relies on health checks performed for individual instances running in a scale set. These virtual machine instances can be configured to emit an application health status using the Azure Application Health extension or a load balancer health probe. If a VM instance is found to be unhealthy, as reported by the Application Health extension or by the associated load balancer health probe, then the scale set performs the repair action by deleting the unhealthy instance and creating a new one to replace it.

Risk Level

Medium

Address

Security

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

To remediate the misconfiguration of not having Automatic Instance Repairs enabled in Azure, you can follow these steps:
  1. Log in to the Azure portal and navigate to the Virtual Machines section.
  2. Select the virtual machine that you want to enable automatic instance repairs for.
  3. In the virtual machine’s overview page, click on the “Automation options” tab.
  4. In the “Automation options” tab, toggle the “Automatic Repairs” option to “On”.
  5. In the “Automatic Repairs” section, you can configure the settings for automatic repairs. You can choose to enable automatic repairs for the operating system or data disks, and set a repair grace period.
  6. Once you have configured the automatic repair settings, click on the “Save” button to apply the changes.
  7. Azure will now automatically detect and repair any issues with your virtual machine, helping to ensure maximum availability and uptime.
That’s it! By following these steps, you can remediate the misconfiguration of not having automatic instance repairs enabled in Azure.

To enable automatic instance repairs in Azure using Azure CLI, follow these steps:
  1. Open the Azure CLI on your computer.
  2. Log in to your Azure account using the following command: 
    az login
  3. Once you are logged in, select the subscription that contains the virtual machine you want to enable automatic instance repairs for using the following command: 
    az account set --subscription <subscription_id>
  4. Next, enable automatic instance repairs for the virtual machine by running the following command: 
    az vm update --resource-group <resource_group_name> --name <vm_name> --set automaticRepairsEnabled=true
    Replace <resource_group_name> with the name of the resource group that contains the virtual machine and <vm_name> with the name of the virtual machine.
  5. After running the command, Azure will enable automatic instance repairs for the virtual machine. You can verify that automatic instance repairs are enabled by running the following command: 
    az vm show --resource-group <resource_group_name> --name <vm_name> --query automaticRepairsEnabled
    If the command returns “true”, automatic instance repairs are enabled for the virtual machine.
That’s it! You have successfully remediated the misconfiguration by enabling automatic instance repairs for the virtual machine in Azure using Azure CLI.
To enable automatic instance repairs for Azure using Python, you can follow the below steps:Step 1: Install the Azure SDK for Python using pip command as shown below:
pip install azure-mgmt-compute
Step 2: Import the required modules as shown below:
from azure.identity import AzureCliCredential
from azure.mgmt.compute import ComputeManagementClient
Step 3: Authenticate and create a compute management client instance as shown below:
credential = AzureCliCredential()
subscription_id = '<your-subscription-id>'
compute_client = ComputeManagementClient(credential, subscription_id)
Step 4: Get the resource group and virtual machine name for which you want to enable automatic instance repairs as shown below:
resource_group_name = '<your-resource-group-name>'
vm_name = '<your-vm-name>'
Step 5: Enable automatic instance repairs for the virtual machine using the below code:
vm = compute_client.virtual_machines.get(resource_group_name, vm_name)
vm.instance_view.auto_upgrade_policy = 'Rolling'
compute_client.virtual_machines.create_or_update(resource_group_name, vm_name, vm)
In the above code, we are getting the virtual machine instance, setting the auto-upgrade policy to “Rolling”, and then updating the virtual machine with the new policy.Step 6: Verify if the automatic instance repairs are enabled for the virtual machine using the below code:
vm = compute_client.virtual_machines.get(resource_group_name, vm_name)
print(vm.instance_view.auto_upgrade_policy)
The above code will print the auto-upgrade policy of the virtual machine, which should be “Rolling” if the automatic instance repairs are enabled.That’s it! You have successfully enabled automatic instance repairs for Azure virtual machine using Python.