How to automate Windows Update on Azure VM Scale Sets with Service Fabric

Question

How to automate Windows Update on Azure VM Scale Sets with Service Fabric

mrcode 51

Hi everyone,

We have a few Virtual Machine Scale Sets in Azure running Windows, and inside each scale set we have several instances. These are managed using Service Fabric.

The problem: We are struggling to find a smooth way to apply Windows Updates to these instances.

Today’s process (manual):

In Service Fabric, we deactivate node 1.
Connect to the VM using Remote Desktop.
Download and install Windows Updates manually.
Reboot the instance.
Wait for the instance to come back online and for all our applications to start properly.
Activate the node in Service Fabric again.
Repeat the same steps for node 2, node 3, and so on.

This is very time-consuming.

What we want: We’re looking for a way to automate this process – ideally, we would like to have a simple button or command to trigger the update process in a controlled way. We do have different maintenance windows that we need to follow, and we also want to monitor the process manually in case something goes wrong. So a fully automatic schedule is not ideal in our case.

Our question: What are our options for automating Windows Updates on VM Scale Sets using Service Fabric? Is there any built-in solution in Azure or Service Fabric that supports this kind of controlled update process?

We appreciate any suggestions, tools, or best practices you can share.

Thanks in advance!

Jilakara Hemalatha 3,365 Reputation points Microsoft External Staff Moderator

2025-08-06T02:53:20.6466667+00:00
Hi mrcode,

To provide the best possible assistance, I need to clarify a few details about your environment. Could you please confirm the following questions

Could you please confirm whether your setup is based on a classic Service Fabric cluster or a Service Fabric Managed Cluster?

If you are using a classic Service Fabric cluster, are you currently leveraging Azure Update Manager to streamline and automate the Windows Update process across your Virtual Machine Scale Sets (VMSS)?

What durability level (e.g., Bronze, Silver, or Gold) is currently configured for your Service Fabric cluster?

Are your VMSS instances based on custom images, or are they using standard marketplace images?

This information will help ensure that any recommendations are suitable for your current setup and requirements.
mrcode 51 Reputation points

2025-08-06T10:51:57.0333333+00:00
Hi @Jilakara Hemalatha

classic Service Fabric cluster

No

Silver

Standard

Answer accepted by question author

0 additional answers

Your answer

Jilakara Hemalatha 3,365 Reputation points Microsoft External Staff Moderator

2025-08-06T02:53:20.6466667+00:00

Hi mrcode,

To provide the best possible assistance, I need to clarify a few details about your environment. Could you please confirm the following questions

Could you please confirm whether your setup is based on a classic Service Fabric cluster or a Service Fabric Managed Cluster?

If you are using a classic Service Fabric cluster, are you currently leveraging Azure Update Manager to streamline and automate the Windows Update process across your Virtual Machine Scale Sets (VMSS)?

What durability level (e.g., Bronze, Silver, or Gold) is currently configured for your Service Fabric cluster?

Are your VMSS instances based on custom images, or are they using standard marketplace images?

This information will help ensure that any recommendations are suitable for your current setup and requirements.
mrcode 51 Reputation points

2025-08-06T10:51:57.0333333+00:00

Hi @Jilakara Hemalatha

classic Service Fabric cluster

No

Silver

Standard

Answer 1

Jilakara Hemalatha 3,365 Microsoft External Staff Moderator

Hi mrcode,

For environments utilizing a classic Service Fabric cluster with a silver durability level, Azure provides support for automatic OS image upgrades. This feature enables seamless updates to the OS disk across all instances within the associated Virtual Machine Scale Set (VMSS), enhancing security and reducing maintenance overhead.

To enable automatic OS upgrades, update your scale set model definition with the appropriate configuration properties. Additionally, it is essential to disable Windows Update within the deployment template to avoid conflicts with Azure's managed update process.

Once these changes are deployed:

All VM instances in the scale set will be reimaged.
The scale set will be configured for automatic OS updates, ensuring future OS patches are applied without manual intervention.

Please find the below documentation for reference:
https://free.blessedness.top/en-us/azure/service-fabric/how-to-patch-cluster-nodes-windows?wt.mc_id=knowledgesearch_inproduct_azure-cxp-community-insider#enable-auto-os-upgrades-and-disable-windows-update

Please let me know if you have any queries.

mrcode 51 Reputation points

2025-08-07T16:26:08.05+00:00
Hi @Jilakara Hemalatha

Thank you for the detailed answer!

We have a few follow-up questions and concerns:

How is the timing of the upgrade controlled? Is there a way for us to define when the upgrade starts, or does Azure control this automatically? We want to avoid unexpected updates outside of our planned maintenance windows.

Does the automatic update process handle one VM at a time? We want to make sure that only one node is upgraded at a time, to avoid any disruptions to the cluster. Is this behaviour guaranteed?

What happens to custom data on the C: drive (like log files or temp files)? Since the process reimages the VM, what happens to data stored locally on the OS disk? Do we need to use custom script extensions or other tools to preserve or move this data?

We’d appreciate any clarification or best practices related to these topics.

Thanks again for your support!
Jilakara Hemalatha 3,365 Reputation points Microsoft External Staff Moderator

2025-08-08T09:51:39.1033333+00:00
Hi mrcode,

How is the timing of the upgrade controlled?

You can fully define when automatic upgrades and maintenance occur by configuring maintenance windows or schedules. This prevents unexpected updates outside your planned maintenance windows.

Maintenance Configurations for VM Scale Sets

Define a start time, window duration (minimum 5 hours), and recurrence.

Assign to your scale set to control OS image upgrade timing.

Supported document: - Maintenance control for Azure Virtual Machine Scale Sets

https://free.blessedness.top/en-us/azure/virtual-machines/virtual-machine-scale-sets-maintenance-control

Azure Update Manager patch scheduling" Create custom patch schedules (daily/weekly/monthly).

Specify start time and maintenance window duration.

Supported documents: -

https://free.blessedness.top/en-us/azure/update-manager/updates-maintenance-schedules
https://free.blessedness.top/en-us/azure/update-manager/scheduled-patching?tabs=schedule-updates-single-machine%2Cschedule-updates-scale-overview%2Cwindows-maintenance

Orchestration: One VM (or Batch) at a Time

Azure guarantees a rolling upgrade model that upgrades only a subset of nodes at once, preserving cluster availability.

VM Scale Sets automatic OS image upgrades: Upgrades occur in sequential batches (default max 20% per batch, at least one VM). Next batch starts only after health checks pass.

Automatic Extension Upgrade for VMs and Scale Sets: Extension upgrades follow update domains, ensuring one domain at a time. Automatic rollback if health probes fail.

Supported document: - Automatic Extension Upgrade for VMs and scale sets in Azure

https://free.blessedness.top/en-us/azure/virtual-machines/automatic-extension-upgrade?tabs=RestAPI1%2CRestAPI2

Availability Sets and Update Domains: Within an availability set, Azure applies maintenance one update domain at a time.

Supported document: -Guest updates and host maintenance overview – Azure Virtual Machines

https://free.blessedness.top/en-us/azure/virtual-machines/updates-maintenance-overview

https://free.blessedness.top/en-us/azure/service-fabric/service-fabric-patch-orchestration-application

Handling Custom Data on the OS (C:) Dri\ve

Upgrades that reimage the OS disk replace the VM’s C: drive, so any data there is not preserved unless explicitly managed.

OS disk replacement behavior: New OS disk is created from the updated image; old C: contents are discarded. - Data disks are retained.

Preserving custom data: Use Custom Script Extension to back up logs/temp files to Azure Blob Storage or attached data disks before upgrade. Leverage cloud-init or custom data scripts to restore or rehydrate data after upgrade. Best practices to upgrade a VM Scale Set between OS versions https://free.blessedness.top/en-us/answers/questions/2179822/best-practices-to-upgrade-a-vm-scale-set-between-o Please let me know if you have any queries.
mrcode 51 Reputation points

2025-08-22T07:54:57.8366667+00:00

Hi @Jilakara Hemalatha ,

I have a follow-up question regarding automatic OS updates and how they work with Service Fabric.

When I test upgrading my VM Scale Set, it doesn’t seem to respect Service Fabric (Bronze). Shouldn’t the update deactivate the node first so that all processes are moved to another node?

Right now, it seems like the node just gets marked as Down in Service Fabric, without any graceful migration of workloads.

Is there a way to make automatic OS upgrades work properly with Service Fabric so that nodes are deactivated and workloads are moved safely before the update?

Thanks for any guidance!
Jilakara Hemalatha 3,365 Reputation points Microsoft External Staff Moderator

2025-08-25T04:12:25.4166667+00:00

What you're seeing is normal behavior for a Service Fabric cluster with Bronze durability. At this level, automatic OS upgrades on VM Scale Sets don’t work in coordination with Service Fabric. So, when an upgrade happens the node is reimaged directly, and Service Fabric marks it as Down.

To manage this properly, you can use tools like the Patch Orchestration Application (POA) or Azure Update Manager with custom scripts to deactivate and reactivate nodes safely.

For automatic OS image upgrades, your Service Fabric cluster needs to be set to silver or gold durability.

Reference:

https://free.blessedness.top/en-us/azure/service-fabric/service-fabric-patch-orchestration-application

https://free.blessedness.top/en-us/azure/update-manager/

https://free.blessedness.top/en-us/azure/service-fabric/service-fabric-cluster-upgrade

Share via

How to automate Windows Update on Azure VM Scale Sets with Service Fabric

0 additional answers

Your answer