question

KarthickG avatar image
0 Votes"
KarthickG asked karishmatiwari-msft answered

Service Fabric VM Scale Set System updates

Azure security center recommends System Updates for Service Fabric VM scale set, How way to handle the scenario.

azure-security-centerazure-service-fabric
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Can you please share the message details /screenshot about the security center update you are seeing?

0 Votes 0 ·
KarthickG avatar image
0 Votes"
KarthickG answered

@karishmatiwari-msft

System updates on virtual machine scale sets should be installed

96788-image.png



image.png (34.9 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

karishmatiwari-msft avatar image
0 Votes"
karishmatiwari-msft answered

Apologies for the delay.

Please go to that particular VMSS in Azure portal and under Settings/Operating system, check the status of the following:

97714-image.png

Make sure it is On. Enabling automatic OS image upgrades on your scale set helps to ease update management by safely and automatically upgrading the OS disk for all instances in the scale set. Learn more about Azure virtual machine scale set automatic OS image upgrades


Now, as far as the upgrade policy goes, that is for when changes are made to the VMSS model. If it is set to automatic, the instances will upgrade to the reflect the new VMSS model automatically. If it is set to manual, you will have to upgrade them manually. If it is set to rolling, it will do the updates in batches. This is outlined here: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-upgrade-scale-set#how-to-bring-vms-up-to-date-with-the-latest-scale-set-model

97645-image.png

Additionally, below are the latency times for Security Center scans of vulnerabilities, updates, and issues:

· Operating system security configurations – data is updated within 48 hours

· System updates – data is updated within 24 hours

· Endpoint Protection issues – data is updated within 8 hours

https://docs.microsoft.com/en-us/azure/security-center/faq-vms#how-often-does-security-center-scan-for-operating-system-vulnerabilities-system-updates-and-endpoint-protection-issues
Let me know if this answers your question.
Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer.



image.png (53.2 KiB)
image.png (54.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.