diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py
index dea881d2853..b1b4c8bfc8e 100644
--- a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py
+++ b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py
@@ -68,6 +68,7 @@
     CONST_NETWORK_PLUGIN_AZURE,
     CONST_NETWORK_PLUGIN_MODE_OVERLAY,
     CONST_NETWORK_DATAPLANE_CILIUM,
+    CONST_NETWORK_POLICY_CILIUM,
     CONST_PRIVATE_DNS_ZONE_NONE,
     CONST_PRIVATE_DNS_ZONE_SYSTEM,
     CONST_AZURE_KEYVAULT_SECRETS_PROVIDER_ADDON_NAME,
@@ -3436,6 +3437,11 @@ def update_network_plugin_settings(self, mc: ManagedCluster) -> ManagedCluster:
         network_policy = self.context.get_network_policy()
         if network_policy:
             mc.network_profile.network_policy = network_policy
+        elif network_dataplane == CONST_NETWORK_DATAPLANE_CILIUM:
+            # force network_policy to "cilium" when network_dataplane is "cilium" to pass validation in aks rp
+            # this was needed because api version 2023-08-02preview introduced --network-policy=none
+            # without forcing network_policy to "cilium" here, when upgrading to cilium without specifying --network-policy, it will be set to none by default and validation in aks rp will fail.
+            mc.network_profile.network_policy = CONST_NETWORK_POLICY_CILIUM
 
         return mc
 
diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py
index 08796cc011a..d31a05ea8ae 100644
--- a/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py
+++ b/src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py
@@ -5104,6 +5104,7 @@ def test_update_network_plugin_settings(self):
                 network_plugin="azure",
                 network_plugin_mode="overlay",
                 network_dataplane="cilium",
+                network_policy="",
                 pod_cidr="100.64.0.0/16",
                 service_cidr="192.168.0.0/16"
             ),
@@ -5121,6 +5122,7 @@ def test_update_network_plugin_settings(self):
                 network_plugin="azure",
                 network_plugin_mode="overlay",
                 network_dataplane="cilium",
+                network_policy="cilium",
                 pod_cidr="100.64.0.0/16",
                 service_cidr="192.168.0.0/16",
             ),