Share via

How to automate Windows Update on Azure VM Scale Sets with Service Fabric

mrcode 26 Reputation points
2025-08-05T10:57:57.0166667+00:00

Hi everyone,

We have a few Virtual Machine Scale Sets in Azure running Windows, and inside each scale set we have several instances. These are managed using Service Fabric.

The problem: We are struggling to find a smooth way to apply Windows Updates to these instances.

Today’s process (manual):

  1. In Service Fabric, we deactivate node 1.
  2. Connect to the VM using Remote Desktop.
  3. Download and install Windows Updates manually.
  4. Reboot the instance.
  5. Wait for the instance to come back online and for all our applications to start properly.
  6. Activate the node in Service Fabric again.
  7. Repeat the same steps for node 2, node 3, and so on.

This is very time-consuming.

What we want: We’re looking for a way to automate this process – ideally, we would like to have a simple button or command to trigger the update process in a controlled way. We do have different maintenance windows that we need to follow, and we also want to monitor the process manually in case something goes wrong. So a fully automatic schedule is not ideal in our case.

Our question: What are our options for automating Windows Updates on VM Scale Sets using Service Fabric? Is there any built-in solution in Azure or Service Fabric that supports this kind of controlled update process?

We appreciate any suggestions, tools, or best practices you can share.

Thanks in advance!

Azure Virtual Machine Scale Sets
Azure Virtual Machine Scale Sets
Azure compute resources that are used to create and manage groups of heterogeneous load-balanced virtual machines.

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jilakara Hemalatha 5 Reputation points Microsoft External Staff Moderator
    2025-08-07T11:26:00.31+00:00

    Hi mrcode,

    For environments utilizing a classic Service Fabric cluster with a silver durability level, Azure provides support for automatic OS image upgrades. This feature enables seamless updates to the OS disk across all instances within the associated Virtual Machine Scale Set (VMSS), enhancing security and reducing maintenance overhead.

    To enable automatic OS upgrades, update your scale set model definition with the appropriate configuration properties. Additionally, it is essential to disable Windows Update within the deployment template to avoid conflicts with Azure's managed update process.

    Once these changes are deployed:

    • All VM instances in the scale set will be reimaged.
    • The scale set will be configured for automatic OS updates, ensuring future OS patches are applied without manual intervention.

    Please find the below documentation for reference:
    https://learn.microsoft.com/en-us/azure/service-fabric/how-to-patch-cluster-nodes-windows?wt.mc_id=knowledgesearch_inproduct_azure-cxp-community-insider#enable-auto-os-upgrades-and-disable-windows-update

    Please let me know if you have any queries.

  2. Jilakara Hemalatha 5 Reputation points Microsoft External Staff Moderator
    2025-08-08T09:51:39.1033333+00:00

    Hi mrcode,

    1. How is the timing of the upgrade controlled?

    You can fully define when automatic upgrades and maintenance occur by configuring maintenance windows or schedules. This prevents unexpected updates outside your planned maintenance windows.

    • Maintenance Configurations for VM Scale Sets

    Define a start time, window duration (minimum 5 hours), and recurrence.

    Assign to your scale set to control OS image upgrade timing.

    Supported document: - Maintenance control for Azure Virtual Machine Scale Sets

    https://learn.microsoft.com/en-us/azure/virtual-machines/virtual-machine-scale-sets-maintenance-control

    • Azure Update Manager patch scheduling" Create custom patch schedules (daily/weekly/monthly).

    Specify start time and maintenance window duration.

    Supported documents: -

    https://learn.microsoft.com/en-us/azure/update-manager/updates-maintenance-schedules
    https://learn.microsoft.com/en-us/azure/update-manager/scheduled-patching?tabs=schedule-updates-single-machine%2Cschedule-updates-scale-overview%2Cwindows-maintenance

    1. Orchestration: One VM (or Batch) at a Time

    Azure guarantees a rolling upgrade model that upgrades only a subset of nodes at once, preserving cluster availability.

    • VM Scale Sets automatic OS image upgrades: Upgrades occur in sequential batches (default max 20% per batch, at least one VM). Next batch starts only after health checks pass.
    • Automatic Extension Upgrade for VMs and Scale Sets: Extension upgrades follow update domains, ensuring one domain at a time. Automatic rollback if health probes fail.

    Supported document: - Automatic Extension Upgrade for VMs and scale sets in Azure

    https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-extension-upgrade?tabs=RestAPI1%2CRestAPI2

    • Availability Sets and Update Domains: Within an availability set, Azure applies maintenance one update domain at a time.

    Supported document: -Guest updates and host maintenance overview – Azure Virtual Machines

    https://learn.microsoft.com/en-us/azure/virtual-machines/updates-maintenance-overview

    https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-patch-orchestration-application

    1. Handling Custom Data on the OS (C:) Dri\ve

    Upgrades that reimage the OS disk replace the VM’s C: drive, so any data there is not preserved unless explicitly managed.

    • OS disk replacement behavior: New OS disk is created from the updated image; old C: contents are discarded. - Data disks are retained.
    • Preserving custom data: Use Custom Script Extension to back up logs/temp files to Azure Blob Storage or attached data disks before upgrade. Leverage cloud-init or custom data scripts to restore or rehydrate data after upgrade. Best practices to upgrade a VM Scale Set between OS versions https://learn.microsoft.com/en-us/answers/questions/2179822/best-practices-to-upgrade-a-vm-scale-set-between-o Please let me know if you have any queries.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.