Enable Automatic OS Upgrades
More Info:
Ensure that operating system (OS) upgrades are automatically applied to your Microsoft Azure virtual machine scale sets when a newer version of the OS image is released by the image publishers. Automatic OS Upgrades feature supports both Windows and Linux images, and can be enabled for all virtual machine sizes. An automatic OS upgrade works by replacing the boot (OS) disk of a virtual machine instance running within a scale set with a new disk created using the latest image version available. Any configured extensions and custom data scripts are run on the OS disk, while persisted data disks are retained.Risk Level
MediumAddress
SecurityCompliance Standards
HITRUST, NISTCSFTriage and Remediation
Remediation
Using Console
Using Console
To enable Automatic OS Upgrades in Azure, follow these steps:
- Log in to the Azure portal.
- Select the Virtual Machine that you want to configure.
- In the Virtual Machine pane, select the “Update Management” option.
- In the “Update Management” pane, select the “Schedule update deployments” option.
- In the “Schedule update deployments” pane, select the “Automatic” option for “OS upgrades”.
- Choose the maintenance window time that suits your needs.
- Click on the “Save” button to save the changes.
Using CLI
Using CLI
To remediate the misconfiguration of not having automatic OS upgrades enabled for Azure using Azure CLI, you can follow these steps:
- Open the Azure CLI and log in to your Azure account using the command:
az login - Once you are logged in, set the subscription where the virtual machine is located using the command:
az account set --subscription <subscription_id> - Identify the virtual machine that needs to have automatic OS upgrades enabled using the command:
az vm list - Once you have identified the virtual machine, run the following command to enable automatic OS upgrades:
az vm auto-upgrade --resource-group <resource_group_name> --name <vm_name> --set upgradePolicy.mode="Automatic" - This command will enable automatic OS upgrades for the specified virtual machine.
Using Python
Using Python
To remediate the misconfiguration “Enable Automatic OS Upgrades” for Azure using Python, you can follow these steps:
-
Import the required Azure Python SDK modules:
-
Authenticate and create a client object for the Azure subscription:
Replace
<client_id>,<secret>, and<tenant_id>with the appropriate values for your Azure account. -
Create a client object for the Azure Resource Manager:
-
Get the list of virtual machines in the Azure subscription:
-
For each virtual machine, enable automatic OS upgrades:
This will enable automatic OS upgrades for all virtual machines in the subscription.