diff --git a/docs/pages/upgrading/overview.mdx b/docs/pages/upgrading/overview.mdx
index 0f229ba86f285..929e405fde558 100644
--- a/docs/pages/upgrading/overview.mdx
+++ b/docs/pages/upgrading/overview.mdx
@@ -34,13 +34,20 @@ Teleport cluster:
    Restore](../admin-guides/management/operations/backup-restore.mdx).
 
 1. If several Auth Service instances are running in a high availability
-   configuration (for example, in an AWS Auto Scaling group), you must shrink
-   the group to **just one Auth Service** before performing an upgrade.
+   configuration (for example, in an AWS Auto Scaling group), you may perform
+   rolling upgrades **if you adhere to the following criteria**. If the criteria
+   cannot be met, then you must shrink the group to **just one Auth Service** before
+   performing an upgrade.
+
+    1.1 No features introduced in the new release are used during the upgrade process.
+
+    - No Teleport clients (tctl, tsh, tbot, etc.) are upgraded until after the Auth, Proxy,
+        and agents have been upgraded.
 
 1. Upgrade the **Auth Service** to the next **major version first**. If there
    are data format changes introduced in the new version, the Auth Service
    performs the necessary migrations.  After the upgrade, start the Auth Service
-   and CONFIRM that it's in a healthy state before continuing.
+   and CONFIRM that the cluster is in a healthy state before continuing.
 
 1. Upgrade Proxy Service instances to the same version number as the Auth
    Service. Proxy Service instances are stateless and can be upgraded in any
@@ -48,14 +55,16 @@ Teleport cluster:
 
 1. Upgrade your Teleport agents to the same version number as the Auth Service.
    You can upgrade resource agents in any sequence or at the same time.
-   
+
    If you are upgrading more then one version number, repeat these steps until
    you reach your target major version number.
 
+1. Upgrade your Teleport clients (tctl, tsh, tbot, terraform-provider, event-handler, etc.).
+
 ## Upgrading multiple Teleport clusters
 
 When upgrading multiple Teleport clusters with a trust relationship, you must
-upgrade in the following sequence to avoid compatibility issues. 
+upgrade in the following sequence to avoid compatibility issues.
 
 You must upgrade all clusters one major version at a time. For example, if you
 would like to upgrade your clusters from v10 to v12, you must follow the