Ensure that automatic upgrades are enabled for Azure Virtual Machine Extension

MEDIUM

Description

Automatic upgrades have been disabled for Azure Virtual Machine Extensions. This can lead to missing important updates and bugfixes to the Vms.

Remediation

In Azure Console -

  1. Open the Azure Portal and go to Virtual Machines.
  2. Choose the Virtual Machine you wish to edit.
  3. Under Settings, select Extensions + applications.
  4. Select the extension and if the extension supports automatic upgrades, you can select Enable Automatic Upgrade.

In Terraform -

  1. In the azurerm_virtual_machine_extension resource, set automatic_upgrade_enabled to true.

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_extension#automatic_upgrade_enabled

Policy Details

Rule Reference ID: AC_AZURE_0111
CSP: Azure
Remediation Available: Yes
Resource Category: Compute
Resource Type: Virtual Machine

Frameworks