Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
8,057 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 52%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
Hello,
Did anyone find a solution ?
Azure Compute Gallery Image - Unable to interact with Publisher field in Azure Policy
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 23%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
Arron Campbell
16
Reputation points
I've created some image definitions and versions in an Azure Compute Gallery. While creating these through the portal I entered the Publisher, Image and SKU fields.
I want to deploy an Azure Policy which limits available images to those which are published by me, under the name 'MyPublisher'.
The Policy definition includes the following rule with the deny effect:
"not": {
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "MyPublisher"
}
]
}
I've tested this with against the Ubuntu images in the public Azure Marketplace, using the value of 'Canonical' for the imagePublisher field and verified that the policy works.
While creating the Azure Compute Gallery images through the portal I entered the Publisher, Image and SKU fields.
When I view the images in the portal, these properties are not displayed on their own lines, and seem to somehow have been mashed together -
Publisher :: Offer :: SKU : MyPublisher :: Windows :: Server2019
If I look at the ARM template of the image the properties appear to be present:
{
"type": "Microsoft.Compute/galleries/images",
"apiVersion": "2021-10-01",
"name": "[concat(parameters('gallery_name'), '/mygalleryimage')]",
"location": "uksouth",
"properties": {
"hyperVGeneration": "V2",
"osType": "Windows",
"osState": "Generalized",
"identifier": {
"publisher": "MyPublisher",
"offer": "Windows",
"sku": "Server2019"
},
I've noticed a difference when I view the ARM template of VM's deployed with my own image or with a public Marketplace image.
My image only contains the property 'id' in the 'imageReference' property of the VM's 'storageProfile' property, whereas the published images contain the expected Publisher, Offer and SKU fields.
Built from Marketplace image:
"imageReference": {
"publisher": "Canonical",
"offer": "UbuntuServer",
"sku": "18_04-lts-gen2",
"version": "latest"
}
Built from my image:
"imageReference": {
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/mycomputerg/providers/Microsoft.Compute/galleries/MyComputeGallery/images/mypublishedimage"
}
The Publisher, Offer and SKU are all visible when viewing the images through PowerShell commands.
Is this a limitation of the images from the Compute Gallery, or have I made an error in the Policy definition?