In Microsoft Azure, Automatic Extension Upgrade ensures that VM extensions are automatically updated to the latest minor version without manual intervention. This helps keep virtual machines and scale sets secure, stable, and compliant.
It applies to:
- Azure Virtual Machines
- Azure Virtual Machine Scale Sets (VMSS)
Prerequisites
Before enabling automatic upgrades:
- VM or VMSS must already have extensions installed
- Extensions must support automatic upgrade
- VM must be in running state
- For VMSS, orchestration mode must be Uniform or Flexible
Supported extensions
To check if your extensions are supported for automatic upgrade, view Automatic Upgrade status on Azure Portal – Extension blade.
Following are popular extensions supported for automatic upgrades (and more are added periodically):
| Publisher | Type |
|---|---|
| Microsoft.Azure.Automation.HybridWorker | HybridWorkerForLinux |
| Microsoft.Azure.Automation.HybridWorker | HybridWorkerForWindows |
| Microsoft.Azure.AzureDefenderForSQL | AdvancedThreatProtection.Windows |
| Microsoft.Azure.AzureDefenderForSQL | VulnerabilityAssessment.Windows |
| Microsoft.Azure.AzureDefenderForServers | MDE.Linux |
| Microsoft.Azure.AzureDefenderForServers | MDE.Windows |
| Microsoft.Azure.ChangeTrackingAndInventory | ChangeTracking-Linux |
| Microsoft.Azure.ChangeTrackingAndInventory | ChangeTracking-Windows |
| Microsoft.Azure.Diagnostics | LinuxDiagnostic |
| Microsoft.Azure.Extensions.Edp | LinuxHibernateTestExtension |
| Microsoft.Azure.Extensions.Edp | WindowsHibernateTestExtension |
| Microsoft.Azure.FleetDiagnostics | FleetDiagnosticsForWindows |
| Microsoft.Azure.Geneva | GenevaMonitoring |
| Microsoft.Azure.KeyVault | KeyVaultForLinux |
| Microsoft.Azure.KeyVault | KeyVaultForWindows |
| Microsoft.Azure.Labservices | Agent.Linux |
| Microsoft.Azure.Labservices | Agent.Windows |
| Microsoft.Azure.Monitor | AzureMonitorLinuxAgent |
| Microsoft.Azure.Monitor | AzureMonitorWindowsAgent |
| Microsoft.Azure.Monitoring.DependencyAgent.EDP | DependencyAgentLinux |
| Microsoft.Azure.Monitoring.DependencyAgent.EDP | DependencyAgentWindows |
| Microsoft.Azure.Monitoring.DependencyAgent | DependencyAgentLinux |
| Microsoft.Azure.Monitoring.DependencyAgent | DependencyAgentWindows |
| Microsoft.Azure.NetworkWatcher | NetworkWatcherAgentLinux |
| Microsoft.Azure.NetworkWatcher | NetworkWatcherAgentWindows |
| Microsoft.Azure.Networking.DNS | DNSClientCache |
| Microsoft.Azure.SCOMMI | GatewayServer |
| Microsoft.Azure.SCOMMI | WindowsAgent |
| Microsoft.Azure.Security.AntimalwareSignature | AntimalwareConfiguration |
| Microsoft.Azure.Security.Dsms | DSMSForWindows |
| Microsoft.Azure.Security.LinuxAttestation | GuestAttestation |
| Microsoft.Azure.Security.Monitoring | AzureSecurityLinuxAgent |
| Microsoft.Azure.Security.Monitoring | AzureSecurityWindowsAgent |
| Microsoft.Azure.Security.WindowsAttestation | GuestAttestation |
| Microsoft.Azure.Security.WindowsCodeIntegrity | CodeIntegrityAgent |
| Microsoft.Azure.ServiceFabric | ServiceFabricLinuxNode |
| Microsoft.Azure.Watson | WatsonLinuxAgent |
| Microsoft.Azure.Workloads | MonitoringExtensionLinux |
| Microsoft.Azure.Workloads | MonitoringExtensionWindows |
| Microsoft.CPlat.Core | LinuxHibernateExtension |
| Microsoft.CPlat.Core | WindowsHibernateExtension |
| Microsoft.CPlat.ProxyAgent | ProxyAgentLinux |
| Microsoft.CPlat.ProxyAgent | ProxyAgentWindows |
| Microsoft.EnterpriseCloud.Monitoring | MicrosoftMonitoringAgent |
| Microsoft.EnterpriseCloud.Monitoring | OmsAgentForLinux |
| Microsoft.GuestConfiguration | ConfigurationForLinux |
| Microsoft.GuestConfiguration | ConfigurationForWindows |
| Microsoft.ManagedServices | ApplicationHealthLinux |
| Microsoft.ManagedServices | ApplicationHealthWindows |
| Microsoft.OSTCExtensions | DSCForLinux |
| Microsoft.Sentinel.AzureMonitorAgentExtensions | MicrosoftDnsAgent |
| Microsoft.SqlServer.Management | SqlIaaSAgent |
| Microsoft.SqlServer.Management | SqlIaaSAgentLinux |
Enable Automatic Extension Upgrade on Azure Virtual Machines
Step 1: Open the Virtual Machine
- Sign in to the Azure Portal
- Navigate to Virtual Machines
- Select your target VM
Step 2: Go to Extensions + applications
- In the left menu, select Extensions + applications
- Review installed extensions
Step 3: Enable Automatic Upgrade
- Select an extension (e.g., Azure Monitor Agent)
- Click Settings
- Set Automatic upgrade = On
- Click Save
Azure will now automatically apply minor version updates when released.
Step 4: Verify Upgrade Status
- Check Extension status
- Review Activity Log
- Monitor extension version changes over time
Enable Automatic Extension Upgrade on Virtual Machine Scale Sets (VMSS)
Step 1: Open the Scale Set
- Azure Portal → Virtual Machine Scale Sets
- Select your VMSS
Step 2: Navigate to Extensions
- Select Extensions
- Choose an existing extension or add a new one
Step 3: Enable Automatic Upgrade
- Set Automatic upgrade = Enabled
- Save the configuration
Step 4: Configure Upgrade Policy (Recommended)
- Go to Upgrade policy
- Choose one:
- Automatic – Azure upgrades instances automatically
- Rolling – Controlled rollout with health checks
- Manual – You trigger upgrades
✔ Rolling is recommended for production workloads
Step 5: Monitor Extension Rollout
- View Instance status
- Check Health probes
- Review Activity logs
Difference between EnableAutomaticUpgrade and AutoUpgradeMinorVersion
AutoUpgradeMinorVersion
- This property applies during VM creation and when upgrading the VM with a new configuration.
- When set to true, the latest minor version of the extension is automatically installed on the VM.
- It overrides the TypeHandlerVersion with the latest stable minor version available.
- During a VM configuration upgrade, if a new minor version is available, it is treated as a configuration change, and the extension is reinstalled with the latest minor version.
- This ensures newly created VMs stay up to date with the latest stable minor extension version.
- To manually set the extension to a specific version, set this property to false.
EnableAutomaticUpgrade
- This property applies to existing VMs and does not affect the version installed during VM creation.
- After VM creation, if the VM is not running the latest minor version of the extension, enabling this property triggers an automatic upgrade.
- Upgrades occur without causing a VM reboot and are rolled out in a safe, rolling manner. Failed upgrades are immediately rolled back to maintain high availability and reliability.
- This feature ensures existing VMs remain secure and up to date by automatically updating them to the latest minor version.
Reference: Automatic Extension Upgrade for virtual machines and scale sets in Azure
