We are making automatic extension upgrades for Azure Arc-enabled servers even more automatic! Now, when you deploy an extension to your server, automatic extension upgrades will be enabled by default to help keep your extensions up to date with the latest security and feature improvements. You don't need to do anything to take advantage of this change -- all your existing ARM templates, Azure Policies, and deployment scripts will honor the new default. Extensions that are already installed on your servers will remain unchanged and retain their current automatic upgrade preference.
The fastest way to find out which of your Azure Arc-enabled server extensions have automatic upgrades enabled is to use Azure Resource Graph:
| where type =~ "microsoft.hybridcompute/machines/extensions"
| project id, publisher = properties.publisher, type = properties.type, automaticUpgradesEnabled = properties.enableAutomaticUpgrade
If you need to prevent an extension from automatically upgrading on a server (for example, if it has strict change windows and can only be updated at certain times), you can opt out of this behavior when deploying the extension by setting the enableAutomaticUpgrade property in your ARM template, PowerShell, or CLI command to false. You can also update the setting anytime after the extension is deployed by modifying the extension. The below PowerShell command shows how to disable automatic extension upgrades for an Azure Log Analytics Agent extension on a Linux server:
We're also working on a portal experience to let you manage automatic extension upgrade preferences in the browser and an Azure policy that will let you audit and enforce this setting across an entire resource group, subscription, or management group. Stay tuned for these new features!
Ryan on behalf of the Azure Arc-enabled servers team