diff --git a/src/azure-cli/azure/cli/command_modules/acs/managed_cluster_decorator.py b/src/azure-cli/azure/cli/command_modules/acs/managed_cluster_decorator.py
index df48993aaac..62ec6b7926a 100644
--- a/src/azure-cli/azure/cli/command_modules/acs/managed_cluster_decorator.py
+++ b/src/azure-cli/azure/cli/command_modules/acs/managed_cluster_decorator.py
@@ -2367,12 +2367,25 @@ def get_sku_name(self) -> str:
         return skuName
 
     @staticmethod
-    def _raise_missing_vnet_subnet_for_outbound_type(outbound_type: str, sku_name: str) -> None:
+    def _raise_missing_vnet_subnet_for_outbound_type(
+        outbound_type: str, sku_name: str, decorator_mode: DecoratorMode
+    ) -> None:
         if outbound_type == CONST_OUTBOUND_TYPE_USER_DEFINED_ROUTING:
             subnet_requirement = "a route table with egress rules"
         else:
             subnet_requirement = "a NAT gateway with outbound ips"
 
+        if decorator_mode == DecoratorMode.UPDATE:
+            raise InvalidArgumentValueError(
+                "Updating --outbound-type to {outbound_type} is only supported for clusters created with "
+                "a custom virtual network (BYO VNet). Clusters using a managed virtual network cannot be "
+                "updated to this outbound type. Please refer to "
+                "https://learn.microsoft.com/en-us/azure/aks/egress-outboundtype#updating-outboundtype-after-cluster-creation "  # pylint:disable=line-too-long
+                "for more details.".format(
+                    outbound_type=outbound_type,
+                )
+            )
+
         if sku_name == CONST_MANAGED_CLUSTER_SKU_NAME_AUTOMATIC:
             raise RequiredArgumentMissingError(
                 "For an Automatic cluster using Managed System Pool BYO VNet, --system-node-subnet-id, "
@@ -2491,7 +2504,9 @@ def _get_outbound_type(
                 CONST_OUTBOUND_TYPE_USER_ASSIGNED_NAT_GATEWAY,
             ]:
                 if not read_from_mc and self.get_vnet_subnet_id() in ["", None] and not byo_subnets_configured:
-                    self._raise_missing_vnet_subnet_for_outbound_type(outbound_type, skuName)
+                    self._raise_missing_vnet_subnet_for_outbound_type(
+                        outbound_type, skuName, self.decorator_mode
+                    )
             if outbound_type == CONST_OUTBOUND_TYPE_MANAGED_NAT_GATEWAY:
                 if self.get_vnet_subnet_id() not in ["", None] or byo_subnets_set:
                     raise InvalidArgumentValueError(
diff --git a/src/azure-cli/azure/cli/command_modules/acs/tests/latest/test_managed_cluster_decorator.py b/src/azure-cli/azure/cli/command_modules/acs/tests/latest/test_managed_cluster_decorator.py
index 211269efdb9..5cd494afdd0 100644
--- a/src/azure-cli/azure/cli/command_modules/acs/tests/latest/test_managed_cluster_decorator.py
+++ b/src/azure-cli/azure/cli/command_modules/acs/tests/latest/test_managed_cluster_decorator.py
@@ -2320,6 +2320,21 @@ def test_get_outbound_type(self):
             ctx_existing_byo.attach_mc(mc_existing_byo)
             self.assertEqual(ctx_existing_byo.get_outbound_type(), outbound_type)
 
+        ctx_update_managed_vnet = AKSManagedClusterContext(
+            self.cmd,
+            AKSManagedClusterParamDict({"outbound_type": CONST_OUTBOUND_TYPE_USER_DEFINED_ROUTING}),
+            self.models,
+            DecoratorMode.UPDATE,
+        )
+        ctx_update_managed_vnet.agentpool_context = mock.MagicMock()
+        ctx_update_managed_vnet.agentpool_context.get_vnet_subnet_id.return_value = None
+        ctx_update_managed_vnet.attach_mc(mc_14)
+        with self.assertRaisesRegex(
+            InvalidArgumentValueError,
+            "only supported for clusters created with a custom virtual network",
+        ):
+            ctx_update_managed_vnet.get_outbound_type()
+
         ctx_14_1 = AKSManagedClusterContext(
             self.cmd,
             AKSManagedClusterParamDict({