diff --git a/.devops/packer-deploy-pipelines.yml b/.devops/packer-deploy-pipelines.yml
new file mode 100644
index 0000000000..6b4956d8f7
--- /dev/null
+++ b/.devops/packer-deploy-pipelines.yml
@@ -0,0 +1,97 @@
+# only manual
+trigger: none
+pr: none
+
+parameters:
+  - name: 'DEV'
+    displayName: 'Run on DEV environment'
+    type: boolean
+    default: True
+    values:
+      - False
+      - True
+  - name: 'UAT'
+    displayName: 'Run on UAT environment'
+    type: boolean
+    default: True
+    values:
+      - False
+      - True
+  - name: 'PROD'
+    displayName: 'Run on PROD environment'
+    type: boolean
+    default: True
+    values:
+      - False
+      - True
+
+variables:
+  TIME_OUT: 20
+  # working dir
+  WORKING_DIR: 'src/packer'
+  DOMAIN_NAME: 'packer'
+  poolNameDev: '$(TF_POOL_NAME_DEV)'
+  poolNameUat: '$(TF_POOL_NAME_UAT)'
+  poolNameProd: '$(TF_POOL_NAME_PROD)'
+  #PLAN
+  azureServiceConnectionPlanNameDev: '$(TF_AZURE_SERVICE_CONNECTION_PLAN_NAME_DEV)'
+  azureServiceConnectionPlanNameUat: '$(TF_AZURE_SERVICE_CONNECTION_PLAN_NAME_UAT)'
+  azureServiceConnectionPlanNameProd: '$(TF_AZURE_SERVICE_CONNECTION_PLAN_NAME_PROD)'
+  #APPLY
+  azureServiceConnectionApplyNameDev: '$(TF_AZURE_SERVICE_CONNECTION_APPLY_NAME_DEV)'
+  azureServiceConnectionApplyNameUat: '$(TF_AZURE_SERVICE_CONNECTION_APPLY_NAME_UAT)'
+  azureServiceConnectionApplyNameProd: '$(TF_AZURE_SERVICE_CONNECTION_APPLY_NAME_PROD)'
+  githubEndpointName: '$(TF_GITHUB_SERVICE_ENDPOINT_NAME)'
+
+
+
+pool:
+  vmImage: 'ubuntu-latest'
+
+resources:
+  repositories:
+    - repository: terraform
+      type: github
+      name: pagopa/azure-pipeline-templates
+      ref: refs/tags/v6.1.0
+      endpoint: "io-azure-devops-github-ro"
+
+stages:
+#DEV
+  - ${{ if eq(parameters['DEV'], true) }}:
+    - template: templates/terraform-plan-apply/template.yaml@terraform
+      parameters:
+        FULL_DOMAIN_NAME: "${{variables.DOMAIN_NAME}}"
+        TF_ENVIRONMENT_FOLDER: "dev"
+        ENVIRONMENT: "DEV"
+        AZURE_DEVOPS_POOL_AGENT_NAME: "${{variables.poolNameDev}}"
+        WORKINGDIR: ${{ variables.WORKING_DIR }}
+        AZURE_SERVICE_CONNECTION_PLAN_NAME: "${{variables.azureServiceConnectionPlanNameDev}}"
+        AZURE_SERVICE_CONNECTION_APPLY_NAME: "${{variables.azureServiceConnectionApplyNameDev}}"
+
+
+#UAT
+  - ${{ if eq(parameters['UAT'], true) }}:
+    - template: templates/terraform-plan-apply/template.yaml@terraform
+      parameters:
+        FULL_DOMAIN_NAME: "${{variables.DOMAIN_NAME}}"
+        TF_ENVIRONMENT_FOLDER: "uat"
+        ENVIRONMENT: "UAT"
+        AZURE_DEVOPS_POOL_AGENT_NAME: "${{variables.poolNameUat}}"
+        WORKINGDIR: ${{ variables.WORKING_DIR }}
+        AZURE_SERVICE_CONNECTION_PLAN_NAME: "${{variables.azureServiceConnectionPlanNameUat}}"
+        AZURE_SERVICE_CONNECTION_APPLY_NAME: "${{variables.azureServiceConnectionApplyNameUat}}"
+
+
+#PROD
+  - ${{ if eq(parameters['PROD'], true) }}:
+    - template: templates/terraform-plan-apply/template.yaml@terraform
+      parameters:
+        FULL_DOMAIN_NAME: "${{variables.DOMAIN_NAME}}"
+        TF_ENVIRONMENT_FOLDER: "prod"
+        ENVIRONMENT: "PROD"
+        AZURE_DEVOPS_POOL_AGENT_NAME: "${{variables.poolNameProd}}"
+        WORKINGDIR: ${{ variables.WORKING_DIR }}
+        AZURE_SERVICE_CONNECTION_PLAN_NAME: "${{variables.azureServiceConnectionPlanNameProd}}"
+        AZURE_SERVICE_CONNECTION_APPLY_NAME: "${{variables.azureServiceConnectionApplyNameProd}}"
+
diff --git a/src/next-core/07_azure_devops_agent.tf b/src/next-core/07_azure_devops_agent.tf
index c76ece4698..24744935d5 100644
--- a/src/next-core/07_azure_devops_agent.tf
+++ b/src/next-core/07_azure_devops_agent.tf
@@ -29,7 +29,7 @@ module "azdoa_li_app" {
   subscription_id     = data.azurerm_subscription.current.subscription_id
   location            = var.location
   image_type          = "custom" # enables usage of "source_image_name"
-  source_image_name   = "pagopa-${var.env_short}-azdo-agent-ubuntu2204-image-v2"
+  source_image_name   = var.azdo_agent_vm_image_name
   vm_sku              = "Standard_B2ms"
 
   zones        = var.devops_agent_zones
@@ -47,7 +47,7 @@ module "azdoa_li_infra" {
   subscription_id     = data.azurerm_subscription.current.subscription_id
   location            = var.location
   image_type          = "custom" # enables usage of "source_image_name"
-  source_image_name   = "pagopa-${var.env_short}-azdo-agent-ubuntu2204-image-v2"
+  source_image_name   = var.azdo_agent_vm_image_name
   vm_sku              = "Standard_B2ms"
 
   zones        = var.devops_agent_zones
@@ -56,6 +56,36 @@ module "azdoa_li_infra" {
   tags = var.tags
 }
 
+resource "azurerm_virtual_machine_scale_set_extension" "custom_script_extension_infra" {
+  count                        = var.is_feature_enabled.azdoa && var.is_feature_enabled.azdoa_extension ? 1 : 0
+  name                         = "CustomScript"
+  virtual_machine_scale_set_id = module.azdoa_li_infra[0].scale_set_id
+  publisher                    = "Microsoft.Azure.Extensions"
+  type                         = "CustomScript"
+  type_handler_version         = "2.1"
+  settings = jsonencode({
+    "commandToExecute" = <<EOL
+    echo "nothing to do"
+    EOL
+  })
+}
+
+
+resource "azurerm_virtual_machine_scale_set_extension" "custom_script_extension_app" {
+  count                        = var.is_feature_enabled.azdoa && var.is_feature_enabled.azdoa_extension ? 1 : 0
+  name                         = "CustomScript"
+  virtual_machine_scale_set_id = module.azdoa_li_app[0].scale_set_id
+  publisher                    = "Microsoft.Azure.Extensions"
+  type                         = "CustomScript"
+  type_handler_version         = "2.1"
+  settings = jsonencode({
+    "commandToExecute" = <<EOL
+    echo "nothing to do"
+    EOL
+  })
+}
+
+
 #
 # Load Tests
 #
diff --git a/src/next-core/99_variables.tf b/src/next-core/99_variables.tf
index 21390ae4ed..793f3969ca 100644
--- a/src/next-core/99_variables.tf
+++ b/src/next-core/99_variables.tf
@@ -649,6 +649,7 @@ variable "is_feature_enabled" {
     dns_forwarder_lb          = optional(bool, false)
     postgres_private_dns      = bool
     azdoa                     = optional(bool, true)
+    azdoa_extension           = optional(bool, false)
   })
   description = "Features enabled in this domain"
 }
@@ -706,3 +707,8 @@ variable "cidr_subnet_loadtest_agent" {
   default     = null
 }
 
+variable "azdo_agent_vm_image_name" {
+  type        = string
+  description = "(Required) Azure devops agent image name"
+}
+
diff --git a/src/next-core/README.md b/src/next-core/README.md
index 7944571c5b..db595dbbc8 100644
--- a/src/next-core/README.md
+++ b/src/next-core/README.md
@@ -131,6 +131,8 @@
 | [azurerm_subnet_route_table_association.rt_sia_for_apim_v2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_route_table_association) | resource |
 | [azurerm_subnet_route_table_association.rt_sia_for_appgw_integration](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_route_table_association) | resource |
 | [azurerm_user_assigned_identity.appgateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource |
+| [azurerm_virtual_machine_scale_set_extension.custom_script_extension_app](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_scale_set_extension) | resource |
+| [azurerm_virtual_machine_scale_set_extension.custom_script_extension_infra](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_scale_set_extension) | resource |
 | [null_resource.change_auth_donations_blob_container_logo10](https://registry.terraform.io/providers/hashicorp/null/3.1.1/docs/resources/resource) | resource |
 | [null_resource.change_auth_donations_blob_container_logo7](https://registry.terraform.io/providers/hashicorp/null/3.1.1/docs/resources/resource) | resource |
 | [null_resource.change_auth_donations_blob_container_logo8](https://registry.terraform.io/providers/hashicorp/null/3.1.1/docs/resources/resource) | resource |
@@ -214,6 +216,7 @@
 | <a name="input_app_gateway_sku_name"></a> [app\_gateway\_sku\_name](#input\_app\_gateway\_sku\_name) | The Name of the SKU to use for this Application Gateway. Possible values are Standard\_Small, Standard\_Medium, Standard\_Large, Standard\_v2, WAF\_Medium, WAF\_Large, and WAF\_v2 | `string` | n/a | yes |
 | <a name="input_app_gateway_sku_tier"></a> [app\_gateway\_sku\_tier](#input\_app\_gateway\_sku\_tier) | The Tier of the SKU to use for this Application Gateway. Possible values are Standard, Standard\_v2, WAF and WAF\_v2 | `string` | n/a | yes |
 | <a name="input_app_gateway_waf_enabled"></a> [app\_gateway\_waf\_enabled](#input\_app\_gateway\_waf\_enabled) | Enable waf | `bool` | `false` | no |
+| <a name="input_azdo_agent_vm_image_name"></a> [azdo\_agent\_vm\_image\_name](#input\_azdo\_agent\_vm\_image\_name) | (Required) Azure devops agent image name | `string` | n/a | yes |
 | <a name="input_base_path_nodo_fatturazione"></a> [base\_path\_nodo\_fatturazione](#input\_base\_path\_nodo\_fatturazione) | base nodo on cloud | `string` | n/a | yes |
 | <a name="input_base_path_nodo_fatturazione_dev"></a> [base\_path\_nodo\_fatturazione\_dev](#input\_base\_path\_nodo\_fatturazione\_dev) | base nodo on cloud | `string` | `"/fatturazione-dev"` | no |
 | <a name="input_base_path_nodo_oncloud"></a> [base\_path\_nodo\_oncloud](#input\_base\_path\_nodo\_oncloud) | base nodo on cloud | `string` | n/a | yes |
@@ -269,7 +272,7 @@
 | <a name="input_integration_appgateway_private_ip"></a> [integration\_appgateway\_private\_ip](#input\_integration\_appgateway\_private\_ip) | Integration app gateway private ip | `string` | n/a | yes |
 | <a name="input_integration_appgateway_zones"></a> [integration\_appgateway\_zones](#input\_integration\_appgateway\_zones) | Integration app gateway private ip | `list(number)` | n/a | yes |
 | <a name="input_ip_nodo"></a> [ip\_nodo](#input\_ip\_nodo) | Nodo pagamenti ip | `string` | n/a | yes |
-| <a name="input_is_feature_enabled"></a> [is\_feature\_enabled](#input\_is\_feature\_enabled) | Features enabled in this domain | <pre>object({<br>    vnet_ita                  = bool,<br>    container_app_tools_cae   = optional(bool, false),<br>    node_forwarder_ha_enabled = bool<br>    vpn                       = optional(bool, false)<br>    dns_forwarder_lb          = optional(bool, false)<br>    postgres_private_dns      = bool<br>    azdoa                     = optional(bool, true)<br>  })</pre> | n/a | yes |
+| <a name="input_is_feature_enabled"></a> [is\_feature\_enabled](#input\_is\_feature\_enabled) | Features enabled in this domain | <pre>object({<br>    vnet_ita                  = bool,<br>    container_app_tools_cae   = optional(bool, false),<br>    node_forwarder_ha_enabled = bool<br>    vpn                       = optional(bool, false)<br>    dns_forwarder_lb          = optional(bool, false)<br>    postgres_private_dns      = bool<br>    azdoa                     = optional(bool, true)<br>    azdoa_extension           = optional(bool, false)<br>  })</pre> | n/a | yes |
 | <a name="input_lb_aks"></a> [lb\_aks](#input\_lb\_aks) | IP load balancer AKS Nexi/SIA | `string` | `"0.0.0.0"` | no |
 | <a name="input_location"></a> [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes |
 | <a name="input_location_ita"></a> [location\_ita](#input\_location\_ita) | Main location | `string` | `"italynorth"` | no |
diff --git a/src/next-core/env/dev/terraform.tfvars b/src/next-core/env/dev/terraform.tfvars
index d3a7d552c0..879c9ba8a6 100644
--- a/src/next-core/env/dev/terraform.tfvars
+++ b/src/next-core/env/dev/terraform.tfvars
@@ -689,4 +689,4 @@ node_forwarder_zone_balancing_enabled = false
 node_forwarder_sku                    = "B1"
 
 dns_forwarder_vm_image_name = "pagopa-d-dns-forwarder-ubuntu2204-image-v1"
-
+azdo_agent_vm_image_name    = "pagopa-d-azdo-agent-ubuntu2204-image-v3"
diff --git a/src/next-core/env/prod/terraform.tfvars b/src/next-core/env/prod/terraform.tfvars
index 8232f12f8b..e0bf4454bf 100644
--- a/src/next-core/env/prod/terraform.tfvars
+++ b/src/next-core/env/prod/terraform.tfvars
@@ -682,3 +682,4 @@ node_forwarder_zone_balancing_enabled = true
 node_forwarder_sku                    = "P3v3"
 devops_agent_zones                    = [1, 2, 3]
 devops_agent_balance_zones            = false
+azdo_agent_vm_image_name              = "pagopa-p-azdo-agent-ubuntu2204-image-v4"
diff --git a/src/next-core/env/uat/terraform.tfvars b/src/next-core/env/uat/terraform.tfvars
index d98a6fcfdd..0aa33cb367 100644
--- a/src/next-core/env/uat/terraform.tfvars
+++ b/src/next-core/env/uat/terraform.tfvars
@@ -655,4 +655,5 @@ eventhubs_04 = [
 node_forwarder_logging_level          = "DEBUG"
 node_forwarder_zone_balancing_enabled = false
 node_forwarder_sku                    = "B1"
+azdo_agent_vm_image_name              = "pagopa-u-azdo-agent-ubuntu2204-image-v3"
 
diff --git a/src/packer/01_azure_devops_agent.tf b/src/packer/01_azure_devops_agent.tf
index 93e2e9409e..f52a7aebbf 100644
--- a/src/packer/01_azure_devops_agent.tf
+++ b/src/packer/01_azure_devops_agent.tf
@@ -2,13 +2,15 @@ data "azurerm_resource_group" "resource_group" {
   name = "${local.product}-azdoa-rg"
 }
 
+
 module "azdoa_custom_image" {
-  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent_custom_image?ref=v6.20.0"
+  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent_custom_image?ref=v8.14.0"
   resource_group_name = data.azurerm_resource_group.resource_group.name
   location            = var.location
   image_name          = "${local.product}-azdo-agent-ubuntu2204-image"
-  image_version       = "v2"
+  image_version       = var.azdo_agent_image_version
   subscription_id     = data.azurerm_subscription.current.subscription_id
+  prefix              = local.product
 
-  tags = var.tags
 }
+
diff --git a/src/packer/01_dns_forwarder_image.tf b/src/packer/01_dns_forwarder_image.tf
index 6e8c425321..476c28f81a 100644
--- a/src/packer/01_dns_forwarder_image.tf
+++ b/src/packer/01_dns_forwarder_image.tf
@@ -1,11 +1,9 @@
 module "dns_forwarder_image" {
-  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//dns_forwarder_vm_image?ref=v7.20.0"
+  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//dns_forwarder_vm_image?ref=v8.14.0"
   resource_group_name = data.azurerm_resource_group.rg_vnet_core.name
   location            = var.location
   image_name          = "${local.product}-dns-forwarder-ubuntu2204-image"
   image_version       = var.dns_forwarder_backup_image_version
   subscription_id     = data.azurerm_subscription.current.subscription_id
   prefix              = local.product
-
-  tags = var.tags
 }
diff --git a/src/packer/99_variables.tf b/src/packer/99_variables.tf
index 7e5721eba9..425c815583 100644
--- a/src/packer/99_variables.tf
+++ b/src/packer/99_variables.tf
@@ -58,3 +58,9 @@ variable "dns_forwarder_backup_image_version" {
   type        = string
   description = "Version string to allow to force the creation of the image"
 }
+
+variable "azdo_agent_image_version" {
+  type        = string
+  description = "Version string to allow to force the creation of the image"
+}
+
diff --git a/src/packer/README.md b/src/packer/README.md
index 284d5d74ed..cefc43a5f1 100644
--- a/src/packer/README.md
+++ b/src/packer/README.md
@@ -14,8 +14,8 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_azdoa_custom_image"></a> [azdoa\_custom\_image](#module\_azdoa\_custom\_image) | git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent_custom_image | v6.20.0 |
-| <a name="module_dns_forwarder_image"></a> [dns\_forwarder\_image](#module\_dns\_forwarder\_image) | git::https://github.com/pagopa/terraform-azurerm-v3.git//dns_forwarder_vm_image | v7.20.0 |
+| <a name="module_azdoa_custom_image"></a> [azdoa\_custom\_image](#module\_azdoa\_custom\_image) | git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent_custom_image | v8.14.0 |
+| <a name="module_dns_forwarder_image"></a> [dns\_forwarder\_image](#module\_dns\_forwarder\_image) | git::https://github.com/pagopa/terraform-azurerm-v3.git//dns_forwarder_vm_image | v8.14.0 |
 
 ## Resources
 
@@ -31,6 +31,7 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_azdo_agent_image_version"></a> [azdo\_agent\_image\_version](#input\_azdo\_agent\_image\_version) | Version string to allow to force the creation of the image | `string` | n/a | yes |
 | <a name="input_dns_forwarder_backup_image_version"></a> [dns\_forwarder\_backup\_image\_version](#input\_dns\_forwarder\_backup\_image\_version) | Version string to allow to force the creation of the image | `string` | n/a | yes |
 | <a name="input_env"></a> [env](#input\_env) | n/a | `string` | n/a | yes |
 | <a name="input_env_short"></a> [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes |
diff --git a/src/packer/env/dev/terraform.tfvars b/src/packer/env/dev/terraform.tfvars
index d83936a8e3..5129137646 100644
--- a/src/packer/env/dev/terraform.tfvars
+++ b/src/packer/env/dev/terraform.tfvars
@@ -14,4 +14,5 @@ tags = {
   CostCenter  = "TS310 - PAGAMENTI & SERVIZI"
 }
 
-dns_forwarder_backup_image_version = "v1"
+dns_forwarder_backup_image_version = "v5"
+azdo_agent_image_version           = "v3"
diff --git a/src/packer/env/prod/terraform.tfvars b/src/packer/env/prod/terraform.tfvars
index 5c37924a95..947b36422e 100644
--- a/src/packer/env/prod/terraform.tfvars
+++ b/src/packer/env/prod/terraform.tfvars
@@ -14,4 +14,5 @@ tags = {
   CostCenter  = "TS310 - PAGAMENTI & SERVIZI"
 }
 
-dns_forwarder_backup_image_version = "v1"
+dns_forwarder_backup_image_version = "v5"
+azdo_agent_image_version           = "v4"
diff --git a/src/packer/env/uat/terraform.tfvars b/src/packer/env/uat/terraform.tfvars
index bc6efcfefe..140b93d91a 100644
--- a/src/packer/env/uat/terraform.tfvars
+++ b/src/packer/env/uat/terraform.tfvars
@@ -14,4 +14,5 @@ tags = {
   CostCenter  = "TS310 - PAGAMENTI & SERVIZI"
 }
 
-dns_forwarder_backup_image_version = "v4"
+dns_forwarder_backup_image_version = "v5"
+azdo_agent_image_version           = "v3"