Microsoft.Batch batchAccounts/pools

Bicep resource definition

The batchAccounts/pools resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Batch/batchAccounts/pools resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Batch/batchAccounts/pools@2024-07-01' = {
  parent: resourceSymbolicName
  identity: {
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  name: 'string'
  properties: {
    applicationLicenses: [
      'string'
    ]
    applicationPackages: [
      {
        id: 'string'
        version: 'string'
      }
    ]
    certificates: [
      {
        id: 'string'
        storeLocation: 'string'
        storeName: 'string'
        visibility: [
          'string'
        ]
      }
    ]
    deploymentConfiguration: {
      virtualMachineConfiguration: {
        containerConfiguration: {
          containerImageNames: [
            'string'
          ]
          containerRegistries: [
            {
              identityReference: {
                resourceId: 'string'
              }
              password: 'string'
              registryServer: 'string'
              username: 'string'
            }
          ]
          type: 'string'
        }
        dataDisks: [
          {
            caching: 'string'
            diskSizeGB: int
            lun: int
            storageAccountType: 'string'
          }
        ]
        diskEncryptionConfiguration: {
          targets: [
            'string'
          ]
        }
        extensions: [
          {
            autoUpgradeMinorVersion: bool
            enableAutomaticUpgrade: bool
            name: 'string'
            protectedSettings: any(Azure.Bicep.Types.Concrete.AnyType)
            provisionAfterExtensions: [
              'string'
            ]
            publisher: 'string'
            settings: any(Azure.Bicep.Types.Concrete.AnyType)
            type: 'string'
            typeHandlerVersion: 'string'
          }
        ]
        imageReference: {
          communityGalleryImageId: 'string'
          id: 'string'
          offer: 'string'
          publisher: 'string'
          sharedGalleryImageId: 'string'
          sku: 'string'
          version: 'string'
        }
        licenseType: 'string'
        nodeAgentSkuId: 'string'
        nodePlacementConfiguration: {
          policy: 'string'
        }
        osDisk: {
          caching: 'string'
          diskSizeGB: int
          ephemeralOSDiskSettings: {
            placement: 'CacheDisk'
          }
          managedDisk: {
            securityProfile: {
              securityEncryptionType: 'string'
            }
            storageAccountType: 'string'
          }
          writeAcceleratorEnabled: bool
        }
        securityProfile: {
          encryptionAtHost: bool
          securityType: 'string'
          uefiSettings: {
            secureBootEnabled: bool
            vTpmEnabled: bool
          }
        }
        serviceArtifactReference: {
          id: 'string'
        }
        windowsConfiguration: {
          enableAutomaticUpdates: bool
        }
      }
    }
    displayName: 'string'
    interNodeCommunication: 'string'
    metadata: [
      {
        name: 'string'
        value: 'string'
      }
    ]
    mountConfiguration: [
      {
        azureBlobFileSystemConfiguration: {
          accountKey: 'string'
          accountName: 'string'
          blobfuseOptions: 'string'
          containerName: 'string'
          identityReference: {
            resourceId: 'string'
          }
          relativeMountPath: 'string'
          sasKey: 'string'
        }
        azureFileShareConfiguration: {
          accountKey: 'string'
          accountName: 'string'
          azureFileUrl: 'string'
          mountOptions: 'string'
          relativeMountPath: 'string'
        }
        cifsMountConfiguration: {
          mountOptions: 'string'
          password: 'string'
          relativeMountPath: 'string'
          source: 'string'
          userName: 'string'
        }
        nfsMountConfiguration: {
          mountOptions: 'string'
          relativeMountPath: 'string'
          source: 'string'
        }
      }
    ]
    networkConfiguration: {
      dynamicVnetAssignmentScope: 'string'
      enableAcceleratedNetworking: bool
      endpointConfiguration: {
        inboundNatPools: [
          {
            backendPort: int
            frontendPortRangeEnd: int
            frontendPortRangeStart: int
            name: 'string'
            networkSecurityGroupRules: [
              {
                access: 'string'
                priority: int
                sourceAddressPrefix: 'string'
                sourcePortRanges: [
                  'string'
                ]
              }
            ]
            protocol: 'string'
          }
        ]
      }
      publicIPAddressConfiguration: {
        ipAddressIds: [
          'string'
        ]
        provision: 'string'
      }
      subnetId: 'string'
    }
    resourceTags: {
      {customized property}: 'string'
    }
    scaleSettings: {
      autoScale: {
        evaluationInterval: 'string'
        formula: 'string'
      }
      fixedScale: {
        nodeDeallocationOption: 'string'
        resizeTimeout: 'string'
        targetDedicatedNodes: int
        targetLowPriorityNodes: int
      }
    }
    startTask: {
      commandLine: 'string'
      containerSettings: {
        containerHostBatchBindMounts: [
          {
            isReadOnly: bool
            source: 'string'
          }
        ]
        containerRunOptions: 'string'
        imageName: 'string'
        registry: {
          identityReference: {
            resourceId: 'string'
          }
          password: 'string'
          registryServer: 'string'
          username: 'string'
        }
        workingDirectory: 'string'
      }
      environmentSettings: [
        {
          name: 'string'
          value: 'string'
        }
      ]
      maxTaskRetryCount: int
      resourceFiles: [
        {
          autoStorageContainerName: 'string'
          blobPrefix: 'string'
          fileMode: 'string'
          filePath: 'string'
          httpUrl: 'string'
          identityReference: {
            resourceId: 'string'
          }
          storageContainerUrl: 'string'
        }
      ]
      userIdentity: {
        autoUser: {
          elevationLevel: 'string'
          scope: 'string'
        }
        userName: 'string'
      }
      waitForSuccess: bool
    }
    targetNodeCommunicationMode: 'string'
    taskSchedulingPolicy: {
      nodeFillType: 'string'
    }
    taskSlotsPerNode: int
    upgradePolicy: {
      automaticOSUpgradePolicy: {
        disableAutomaticRollback: bool
        enableAutomaticOSUpgrade: bool
        osRollingUpgradeDeferral: bool
        useRollingUpgradePolicy: bool
      }
      mode: 'string'
      rollingUpgradePolicy: {
        enableCrossZoneUpgrade: bool
        maxBatchInstancePercent: int
        maxUnhealthyInstancePercent: int
        maxUnhealthyUpgradedInstancePercent: int
        pauseTimeBetweenBatches: 'string'
        prioritizeUnhealthyInstances: bool
        rollbackFailedInstancesOnPolicyBreach: bool
      }
    }
    userAccounts: [
      {
        elevationLevel: 'string'
        linuxUserConfiguration: {
          gid: int
          sshPrivateKey: 'string'
          uid: int
        }
        name: 'string'
        password: 'string'
        windowsUserConfiguration: {
          loginMode: 'string'
        }
      }
    ]
    vmSize: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}

Property values

ApplicationPackageReference

Name Description Value
id The ID of the application package to install. This must be inside the same batch account as the pool. This can either be a reference to a specific version or the default version if one exists. string (required)
version If this is omitted, and no default version is specified for this application, the request fails with the error code InvalidApplicationPackageReferences. If you are calling the REST API directly, the HTTP status code is 409. string

AutomaticOSUpgradePolicy

Name Description Value
disableAutomaticRollback Whether OS image rollback feature should be disabled. bool
enableAutomaticOSUpgrade Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available.

If this is set to true for Windows based pools, WindowsConfiguration.enableAutomaticUpdates cannot be set to true.
bool
osRollingUpgradeDeferral Defer OS upgrades on the TVMs if they are running tasks. bool
useRollingUpgradePolicy Indicates whether rolling upgrade policy should be used during Auto OS Upgrade. Auto OS Upgrade will fallback to the default policy if no policy is defined on the VMSS. bool

AutoScaleSettings

Name Description Value
evaluationInterval If omitted, the default value is 15 minutes (PT15M). string
formula A formula for the desired number of compute nodes in the pool. string (required)

AutoUserSpecification

Name Description Value
elevationLevel The default value is nonAdmin. 'Admin'
'NonAdmin'
scope The default value is Pool. If the pool is running Windows a value of Task should be specified if stricter isolation between tasks is required. For example, if the task mutates the registry in a way which could impact other tasks, or if certificates have been specified on the pool which should not be accessible by normal tasks but should be accessible by start tasks. 'Pool'
'Task'

AzureBlobFileSystemConfiguration

Name Description Value
accountKey This property is mutually exclusive with both sasKey and identity; exactly one must be specified. string

Constraints:
Sensitive value. Pass in as a secure parameter.
accountName The Azure Storage Account name. string (required)
blobfuseOptions These are 'net use' options in Windows and 'mount' options in Linux. string
containerName The Azure Blob Storage Container name. string (required)
identityReference This property is mutually exclusive with both accountKey and sasKey; exactly one must be specified. ComputeNodeIdentityReference
relativeMountPath All file systems are mounted relative to the Batch mounts directory, accessible via the AZ_BATCH_NODE_MOUNTS_DIR environment variable. string (required)
sasKey This property is mutually exclusive with both accountKey and identity; exactly one must be specified. string

Constraints:
Sensitive value. Pass in as a secure parameter.

AzureFileShareConfiguration

Name Description Value
accountKey The Azure Storage account key. string

Constraints:
Sensitive value. Pass in as a secure parameter. (required)
accountName The Azure Storage account name. string (required)
azureFileUrl This is of the form 'https://{account}.file.core.windows.net/'. string (required)
mountOptions These are 'net use' options in Windows and 'mount' options in Linux. string
relativeMountPath All file systems are mounted relative to the Batch mounts directory, accessible via the AZ_BATCH_NODE_MOUNTS_DIR environment variable. string (required)

AzureProxyResourceTags

Name Description Value

BatchPoolIdentity

Name Description Value
type The type of identity used for the Batch Pool. 'None'
'UserAssigned' (required)
userAssignedIdentities The list of user identities associated with the Batch pool. BatchPoolIdentityUserAssignedIdentities

BatchPoolIdentityUserAssignedIdentities

Name Description Value

CertificateReference

Name Description Value
id The fully qualified ID of the certificate to install on the pool. This must be inside the same batch account as the pool. string (required)
storeLocation The default value is currentUser. This property is applicable only for pools configured with Windows compute nodes. For Linux compute nodes, the certificates are stored in a directory inside the task working directory and an environment variable AZ_BATCH_CERTIFICATES_DIR is supplied to the task to query for this location. For certificates with visibility of 'remoteUser', a 'certs' directory is created in the user's home directory (e.g., /home/{user-name}/certs) and certificates are placed in that directory. 'CurrentUser'
'LocalMachine'
storeName This property is applicable only for pools configured with Windows compute nodes. Common store names include: My, Root, CA, Trust, Disallowed, TrustedPeople, TrustedPublisher, AuthRoot, AddressBook, but any custom store name can also be used. The default value is My. string
visibility Which user accounts on the compute node should have access to the private data of the certificate. String array containing any of:
'RemoteUser'
'StartTask'
'Task'

CifsMountConfiguration

Name Description Value
mountOptions These are 'net use' options in Windows and 'mount' options in Linux. string
password The password to use for authentication against the CIFS file system. string

Constraints:
Sensitive value. Pass in as a secure parameter. (required)
relativeMountPath All file systems are mounted relative to the Batch mounts directory, accessible via the AZ_BATCH_NODE_MOUNTS_DIR environment variable. string (required)
source The URI of the file system to mount. string (required)
userName The user to use for authentication against the CIFS file system. string (required)

ComputeNodeIdentityReference

Name Description Value
resourceId The ARM resource id of the user assigned identity. string

ContainerConfiguration

Name Description Value
containerImageNames This is the full image reference, as would be specified to "docker pull". An image will be sourced from the default Docker registry unless the image is fully qualified with an alternative registry. string[]
containerRegistries If any images must be downloaded from a private registry which requires credentials, then those credentials must be provided here. ContainerRegistry[]
type The container technology to be used. 'CriCompatible'
'DockerCompatible' (required)

ContainerHostBatchBindMountEntry

Name Description Value
isReadOnly For Linux, if you mount this path as a read/write mode, this does not mean that all users in container have the read/write access for the path, it depends on the access in host VM. If this path is mounted read-only, all users within the container will not be able to modify the path. bool
source The paths which will be mounted to container task's container. 'Applications'
'JobPrep'
'Shared'
'Startup'
'Task'
'VfsMounts'

ContainerRegistry

Name Description Value
identityReference The reference to a user assigned identity associated with the Batch pool which a compute node will use. ComputeNodeIdentityReference
password The password to log into the registry server. string

Constraints:
Sensitive value. Pass in as a secure parameter.
registryServer If omitted, the default is "docker.io". string
username The user name to log into the registry server. string

DataDisk

Name Description Value
caching Values are:

none - The caching mode for the disk is not enabled.
readOnly - The caching mode for the disk is read only.
readWrite - The caching mode for the disk is read and write.

The default value for caching is none. For information about the caching options see: https://blogs.msdn.microsoft.com/windowsazurestorage/2012/06/27/exploring-windows-azure-drives-disks-and-images/.
'None'
'ReadOnly'
'ReadWrite'
diskSizeGB The initial disk size in GB when creating new data disk. int (required)
lun The lun is used to uniquely identify each data disk. If attaching multiple disks, each should have a distinct lun. The value must be between 0 and 63, inclusive. int (required)
storageAccountType If omitted, the default is "Standard_LRS". Values are:

Standard_LRS - The data disk should use standard locally redundant storage.
Premium_LRS - The data disk should use premium locally redundant storage.
'Premium_LRS'
'StandardSSD_LRS'
'Standard_LRS'

DeploymentConfiguration

Name Description Value
virtualMachineConfiguration The configuration for compute nodes in a pool based on the Azure Virtual Machines infrastructure. VirtualMachineConfiguration

DiffDiskSettings

Name Description Value
placement This property can be used by user in the request to choose which location the operating system should be in. e.g., cache disk space for Ephemeral OS disk provisioning. For more information on Ephemeral OS disk size requirements, please refer to Ephemeral OS disk size requirements for Windows VMs at /azure/virtual-machines/windows/ephemeral-os-disks#size-requirements and Linux VMs at /azure/virtual-machines/linux/ephemeral-os-disks#size-requirements. 'CacheDisk'

DiskEncryptionConfiguration

Name Description Value
targets On Linux pool, only "TemporaryDisk" is supported; on Windows pool, "OsDisk" and "TemporaryDisk" must be specified. String array containing any of:
'OsDisk'
'TemporaryDisk'

EnvironmentSetting

Name Description Value
name The name of the environment variable. string (required)
value The value of the environment variable. string

FixedScaleSettings

Name Description Value
nodeDeallocationOption If omitted, the default value is Requeue. 'Requeue'
'RetainedData'
'TaskCompletion'
'Terminate'
resizeTimeout The default value is 15 minutes. Timeout values use ISO 8601 format. For example, use PT10M for 10 minutes. The minimum value is 5 minutes. If you specify a value less than 5 minutes, the Batch service rejects the request with an error; if you are calling the REST API directly, the HTTP status code is 400 (Bad Request). string
targetDedicatedNodes At least one of targetDedicatedNodes, targetLowPriorityNodes must be set. int
targetLowPriorityNodes At least one of targetDedicatedNodes, targetLowPriorityNodes must be set. int

ImageReference

Name Description Value
communityGalleryImageId This property is mutually exclusive with other properties and can be fetched from community gallery image GET call. string
id This property is mutually exclusive with other properties. The Azure Compute Gallery Image must have replicas in the same region as the Azure Batch account. For information about the firewall settings for the Batch node agent to communicate with the Batch service see /azure/batch/batch-api-basics#virtual-network-vnet-and-firewall-configuration. string
offer For example, UbuntuServer or WindowsServer. string
publisher For example, Canonical or MicrosoftWindowsServer. string
sharedGalleryImageId This property is mutually exclusive with other properties and can be fetched from shared gallery image GET call. string
sku For example, 18.04-LTS or 2022-datacenter. string
version A value of 'latest' can be specified to select the latest version of an image. If omitted, the default is 'latest'. string

InboundNatPool

Name Description Value
backendPort This must be unique within a Batch pool. Acceptable values are between 1 and 65535 except for 29876 and 29877 as these are reserved. If any reserved values are provided the request fails with HTTP status code 400. int (required)
frontendPortRangeEnd Acceptable values range between 1 and 65534 except ports from 50000 to 55000 which are reserved by the Batch service. All ranges within a pool must be distinct and cannot overlap. If any reserved or overlapping values are provided the request fails with HTTP status code 400. int (required)
frontendPortRangeStart Acceptable values range between 1 and 65534 except ports from 50000 to 55000 which are reserved. All ranges within a pool must be distinct and cannot overlap. If any reserved or overlapping values are provided the request fails with HTTP status code 400. int (required)
name The name must be unique within a Batch pool, can contain letters, numbers, underscores, periods, and hyphens. Names must start with a letter or number, must end with a letter, number, or underscore, and cannot exceed 77 characters. If any invalid values are provided the request fails with HTTP status code 400. string (required)
networkSecurityGroupRules The maximum number of rules that can be specified across all the endpoints on a Batch pool is 25. If no network security group rules are specified, a default rule will be created to allow inbound access to the specified backendPort. If the maximum number of network security group rules is exceeded the request fails with HTTP status code 400. NetworkSecurityGroupRule[]
protocol The protocol of the endpoint. 'TCP'
'UDP' (required)

LinuxUserConfiguration

Name Description Value
gid The uid and gid properties must be specified together or not at all. If not specified the underlying operating system picks the gid. int
sshPrivateKey The private key must not be password protected. The private key is used to automatically configure asymmetric-key based authentication for SSH between nodes in a Linux pool when the pool's enableInterNodeCommunication property is true (it is ignored if enableInterNodeCommunication is false). It does this by placing the key pair into the user's .ssh directory. If not specified, password-less SSH is not configured between nodes (no modification of the user's .ssh directory is done). string

Constraints:
Sensitive value. Pass in as a secure parameter.
uid The uid and gid properties must be specified together or not at all. If not specified the underlying operating system picks the uid. int

ManagedDisk

Name Description Value
securityProfile Specifies the security profile settings for the managed disk. Note: It can only be set for Confidential VMs and is required when using Confidential VMs. VMDiskSecurityProfile
storageAccountType The storage account type for use in creating data disks or OS disk. 'Premium_LRS'
'StandardSSD_LRS'
'Standard_LRS'

MetadataItem

Name Description Value
name The name of the metadata item. string (required)
value The value of the metadata item. string (required)

Microsoft.Batch/batchAccounts/pools

Name Description Value
identity The type of identity used for the Batch Pool. BatchPoolIdentity
name The resource name string

Constraints:
Min length = 1
Max length = 1
Pattern = ^[a-zA-Z0-9_-]+$ (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: batchAccounts
properties The properties associated with the pool. PoolProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates

MountConfiguration

Name Description Value
azureBlobFileSystemConfiguration This property is mutually exclusive with all other properties. AzureBlobFileSystemConfiguration
azureFileShareConfiguration This property is mutually exclusive with all other properties. AzureFileShareConfiguration
cifsMountConfiguration This property is mutually exclusive with all other properties. CifsMountConfiguration
nfsMountConfiguration This property is mutually exclusive with all other properties. NFSMountConfiguration

NetworkConfiguration

Name Description Value
dynamicVnetAssignmentScope The scope of dynamic vnet assignment. 'job'
'none'
enableAcceleratedNetworking Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, which may lead to improved networking performance. For more details, see: /azure/virtual-network/accelerated-networking-overview. bool
endpointConfiguration The endpoint configuration for a pool. PoolEndpointConfiguration
publicIPAddressConfiguration The public IP Address configuration of the networking configuration of a Pool. PublicIPAddressConfiguration
subnetId The virtual network must be in the same region and subscription as the Azure Batch account. The specified subnet should have enough free IP addresses to accommodate the number of nodes in the pool. If the subnet doesn't have enough free IP addresses, the pool will partially allocate compute nodes and a resize error will occur. The 'MicrosoftAzureBatch' service principal must have the 'Classic Virtual Machine Contributor' Role-Based Access Control (RBAC) role for the specified VNet. The specified subnet must allow communication from the Azure Batch service to be able to schedule tasks on the compute nodes. This can be verified by checking if the specified VNet has any associated Network Security Groups (NSG). If communication to the compute nodes in the specified subnet is denied by an NSG, then the Batch service will set the state of the compute nodes to unusable. If the specified VNet has any associated Network Security Groups (NSG), then a few reserved system ports must be enabled for inbound communication,including ports 29876 and 29877. Also enable outbound connections to Azure Storage on port 443. For more details see: /azure/batch/batch-api-basics#virtual-network-vnet-and-firewall-configuration string

NetworkSecurityGroupRule

Name Description Value
access The action that should be taken for a specified IP address, subnet range or tag. 'Allow'
'Deny' (required)
priority Priorities within a pool must be unique and are evaluated in order of priority. The lower the number the higher the priority. For example, rules could be specified with order numbers of 150, 250, and 350. The rule with the order number of 150 takes precedence over the rule that has an order of 250. Allowed priorities are 150 to 4096. If any reserved or duplicate values are provided the request fails with HTTP status code 400. int (required)
sourceAddressPrefix Valid values are a single IP address (i.e. 10.10.10.10), IP subnet (i.e. 192.168.1.0/24), default tag, or * (for all addresses). If any other values are provided the request fails with HTTP status code 400. string (required)
sourcePortRanges Valid values are '*' (for all ports 0 - 65535) or arrays of ports or port ranges (i.e. 100-200). The ports should in the range of 0 to 65535 and the port ranges or ports can't overlap. If any other values are provided the request fails with HTTP status code 400. Default value will be *. string[]

NFSMountConfiguration

Name Description Value
mountOptions These are 'net use' options in Windows and 'mount' options in Linux. string
relativeMountPath All file systems are mounted relative to the Batch mounts directory, accessible via the AZ_BATCH_NODE_MOUNTS_DIR environment variable. string (required)
source The URI of the file system to mount. string (required)

NodePlacementConfiguration

Name Description Value
policy Allocation policy used by Batch Service to provision the nodes. If not specified, Batch will use the regional policy. 'Regional'
'Zonal'

OSDisk

Name Description Value
caching The type of caching to enable for the disk. 'None'
'ReadOnly'
'ReadWrite'
diskSizeGB The initial disk size in GB when creating new OS disk. int
ephemeralOSDiskSettings Specifies the ephemeral Disk Settings for the operating system disk used by the virtual machine. DiffDiskSettings
managedDisk ManagedDisk
writeAcceleratorEnabled Specifies whether writeAccelerator should be enabled or disabled on the disk. bool

PoolEndpointConfiguration

Name Description Value
inboundNatPools The maximum number of inbound NAT pools per Batch pool is 5. If the maximum number of inbound NAT pools is exceeded the request fails with HTTP status code 400. This cannot be specified if the IPAddressProvisioningType is NoPublicIPAddresses. InboundNatPool[] (required)

PoolProperties

Name Description Value
applicationLicenses The list of application licenses must be a subset of available Batch service application licenses. If a license is requested which is not supported, pool creation will fail. string[]
applicationPackages Changes to application package references affect all new compute nodes joining the pool, but do not affect compute nodes that are already in the pool until they are rebooted or reimaged. There is a maximum of 10 application package references on any given pool. ApplicationPackageReference[]
certificates For Windows compute nodes, the Batch service installs the certificates to the specified certificate store and location. For Linux compute nodes, the certificates are stored in a directory inside the task working directory and an environment variable AZ_BATCH_CERTIFICATES_DIR is supplied to the task to query for this location. For certificates with visibility of 'remoteUser', a 'certs' directory is created in the user's home directory (e.g., /home/{user-name}/certs) and certificates are placed in that directory.

Warning: This property is deprecated and will be removed after February, 2024. Please use the Azure KeyVault Extension instead.
CertificateReference[]
deploymentConfiguration Deployment configuration properties. DeploymentConfiguration
displayName The display name need not be unique and can contain any Unicode characters up to a maximum length of 1024. string
interNodeCommunication This imposes restrictions on which nodes can be assigned to the pool. Enabling this value can reduce the chance of the requested number of nodes to be allocated in the pool. If not specified, this value defaults to 'Disabled'. 'Disabled'
'Enabled'
metadata The Batch service does not assign any meaning to metadata; it is solely for the use of user code. MetadataItem[]
mountConfiguration This supports Azure Files, NFS, CIFS/SMB, and Blobfuse. MountConfiguration[]
networkConfiguration The network configuration for a pool. NetworkConfiguration
resourceTags The user-defined tags to be associated with the Azure Batch Pool. When specified, these tags are propagated to the backing Azure resources associated with the pool. This property can only be specified when the Batch account was created with the poolAllocationMode property set to 'UserSubscription'. PoolPropertiesResourceTags
scaleSettings Defines the desired size of the pool. This can either be 'fixedScale' where the requested targetDedicatedNodes is specified, or 'autoScale' which defines a formula which is periodically reevaluated. If this property is not specified, the pool will have a fixed scale with 0 targetDedicatedNodes. ScaleSettings
startTask In an PATCH (update) operation, this property can be set to an empty object to remove the start task from the pool. StartTask
targetNodeCommunicationMode If omitted, the default value is Default. 'Classic'
'Default'
'Simplified'
taskSchedulingPolicy If not specified, the default is spread. TaskSchedulingPolicy
taskSlotsPerNode The default value is 1. The maximum value is the smaller of 4 times the number of cores of the vmSize of the pool or 256. int
upgradePolicy Describes an upgrade policy - automatic, manual, or rolling. UpgradePolicy
userAccounts The list of user accounts to be created on each node in the pool. UserAccount[]
vmSize For information about available VM sizes, see Sizes for Virtual Machines (Linux) (https://azure.microsoft.com/documentation/articles/virtual-machines-linux-sizes/) or Sizes for Virtual Machines (Windows) (https://azure.microsoft.com/documentation/articles/virtual-machines-windows-sizes/). Batch supports all Azure VM sizes except STANDARD_A0 and those with premium storage (STANDARD_GS, STANDARD_DS, and STANDARD_DSV2 series). string

PoolPropertiesResourceTags

Name Description Value

PublicIPAddressConfiguration

Name Description Value
ipAddressIds The number of IPs specified here limits the maximum size of the Pool - 100 dedicated nodes or 100 Spot/low-priority nodes can be allocated for each public IP. For example, a pool needing 250 dedicated VMs would need at least 3 public IPs specified. Each element of this collection is of the form: /subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.Network/publicIPAddresses/{ip}. string[]
provision The default value is BatchManaged 'BatchManaged'
'NoPublicIPAddresses'
'UserManaged'

ResourceFile

Name Description Value
autoStorageContainerName The autoStorageContainerName, storageContainerUrl and httpUrl properties are mutually exclusive and one of them must be specified. string
blobPrefix The property is valid only when autoStorageContainerName or storageContainerUrl is used. This prefix can be a partial filename or a subdirectory. If a prefix is not specified, all the files in the container will be downloaded. string
fileMode This property applies only to files being downloaded to Linux compute nodes. It will be ignored if it is specified for a resourceFile which will be downloaded to a Windows node. If this property is not specified for a Linux node, then a default value of 0770 is applied to the file. string
filePath If the httpUrl property is specified, the filePath is required and describes the path which the file will be downloaded to, including the filename. Otherwise, if the autoStorageContainerName or storageContainerUrl property is specified, filePath is optional and is the directory to download the files to. In the case where filePath is used as a directory, any directory structure already associated with the input data will be retained in full and appended to the specified filePath directory. The specified relative path cannot break out of the task's working directory (for example by using '..'). string
httpUrl The autoStorageContainerName, storageContainerUrl and httpUrl properties are mutually exclusive and one of them must be specified. If the URL points to Azure Blob Storage, it must be readable from compute nodes. There are three ways to get such a URL for a blob in Azure storage: include a Shared Access Signature (SAS) granting read permissions on the blob, use a managed identity with read permission, or set the ACL for the blob or its container to allow public access. string
identityReference The reference to a user assigned identity associated with the Batch pool which a compute node will use. ComputeNodeIdentityReference
storageContainerUrl The autoStorageContainerName, storageContainerUrl and httpUrl properties are mutually exclusive and one of them must be specified. This URL must be readable and listable from compute nodes. There are three ways to get such a URL for a container in Azure storage: include a Shared Access Signature (SAS) granting read and list permissions on the container, use a managed identity with read and list permissions, or set the ACL for the container to allow public access. string

RollingUpgradePolicy

Name Description Value
enableCrossZoneUpgrade Allow VMSS to ignore AZ boundaries when constructing upgrade batches. Take into consideration the Update Domain and maxBatchInstancePercent to determine the batch size. If this field is not set, Azure Azure Batch will not set its default value. The value of enableCrossZoneUpgrade on the created VirtualMachineScaleSet will be decided by the default configurations on VirtualMachineScaleSet. This field is able to be set to true or false only when using NodePlacementConfiguration as Zonal. bool
maxBatchInstancePercent The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. The value of this field should be between 5 and 100, inclusive. If both maxBatchInstancePercent and maxUnhealthyInstancePercent are assigned with value, the value of maxBatchInstancePercent should not be more than maxUnhealthyInstancePercent. int

Constraints:
Min value = 5
Max value = 100
maxUnhealthyInstancePercent The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. The value of this field should be between 5 and 100, inclusive. If both maxBatchInstancePercent and maxUnhealthyInstancePercent are assigned with value, the value of maxBatchInstancePercent should not be more than maxUnhealthyInstancePercent. int

Constraints:
Min value = 5
Max value = 100
maxUnhealthyUpgradedInstancePercent The maximum percentage of upgraded virtual machine instances that can be found to be in an unhealthy state. This check will happen after each batch is upgraded. If this percentage is ever exceeded, the rolling update aborts. The value of this field should be between 0 and 100, inclusive. int

Constraints:
Min value = 0
Max value = 100
pauseTimeBetweenBatches The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. string
prioritizeUnhealthyInstances Upgrade all unhealthy instances in a scale set before any healthy instances. bool
rollbackFailedInstancesOnPolicyBreach Rollback failed instances to previous model if the Rolling Upgrade policy is violated. bool

ScaleSettings

Name Description Value
autoScale This property and fixedScale are mutually exclusive and one of the properties must be specified. AutoScaleSettings
fixedScale This property and autoScale are mutually exclusive and one of the properties must be specified. FixedScaleSettings

SecurityProfile

Name Description Value
encryptionAtHost This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. bool
securityType Specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UefiSettings. 'confidentialVM'
'trustedLaunch'
uefiSettings Specifies the security settings like secure boot and vTPM used while creating the virtual machine. UefiSettings

ServiceArtifactReference

Name Description Value
id The service artifact reference id in the form of /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/galleries/{galleryName}/serviceArtifacts/{serviceArtifactName}/vmArtifactsProfiles/{vmArtifactsProfilesName} string (required)

StartTask

Name Description Value
commandLine The command line does not run under a shell, and therefore cannot take advantage of shell features such as environment variable expansion. If you want to take advantage of such features, you should invoke the shell in the command line, for example using "cmd /c MyCommand" in Windows or "/bin/sh -c MyCommand" in Linux. Required if any other properties of the startTask are specified. string
containerSettings When this is specified, all directories recursively below the AZ_BATCH_NODE_ROOT_DIR (the root of Azure Batch directories on the node) are mapped into the container, all task environment variables are mapped into the container, and the task command line is executed in the container. TaskContainerSettings
environmentSettings A list of environment variable settings for the start task. EnvironmentSetting[]
maxTaskRetryCount The Batch service retries a task if its exit code is nonzero. Note that this value specifically controls the number of retries. The Batch service will try the task once, and may then retry up to this limit. For example, if the maximum retry count is 3, Batch tries the task up to 4 times (one initial try and 3 retries). If the maximum retry count is 0, the Batch service does not retry the task. If the maximum retry count is -1, the Batch service retries the task without limit. Default is 0 int
resourceFiles A list of files that the Batch service will download to the compute node before running the command line. ResourceFile[]
userIdentity If omitted, the task runs as a non-administrative user unique to the task. UserIdentity
waitForSuccess If true and the start task fails on a compute node, the Batch service retries the start task up to its maximum retry count (maxTaskRetryCount). If the task has still not completed successfully after all retries, then the Batch service marks the compute node unusable, and will not schedule tasks to it. This condition can be detected via the node state and scheduling error detail. If false, the Batch service will not wait for the start task to complete. In this case, other tasks can start executing on the compute node while the start task is still running; and even if the start task fails, new tasks will continue to be scheduled on the node. The default is true. bool

TaskContainerSettings

Name Description Value
containerHostBatchBindMounts If this array is null or be not present, container task will mount entire temporary disk drive in windows (or AZ_BATCH_NODE_ROOT_DIR in Linux). It won't' mount any data paths into container if this array is set as empty. ContainerHostBatchBindMountEntry[]
containerRunOptions These additional options are supplied as arguments to the "docker create" command, in addition to those controlled by the Batch Service. string
imageName This is the full image reference, as would be specified to "docker pull". If no tag is provided as part of the image name, the tag ":latest" is used as a default. string (required)
registry This setting can be omitted if was already provided at pool creation. ContainerRegistry
workingDirectory A flag to indicate where the container task working directory is. The default is 'taskWorkingDirectory'. 'ContainerImageDefault'
'TaskWorkingDirectory'

TaskSchedulingPolicy

Name Description Value
nodeFillType How tasks should be distributed across compute nodes. 'Pack'
'Spread' (required)

UefiSettings

Name Description Value
secureBootEnabled Specifies whether secure boot should be enabled on the virtual machine. bool
vTpmEnabled Specifies whether vTPM should be enabled on the virtual machine. bool

UpgradePolicy

Name Description Value
automaticOSUpgradePolicy The configuration parameters used for performing automatic OS upgrade. AutomaticOSUpgradePolicy
mode Specifies the mode of an upgrade to virtual machines in the scale set.

Possible values are:

Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action.

Automatic - All virtual machines in the scale set are automatically updated at the same time.

Rolling - Scale set performs updates in batches with an optional pause time in between.
'automatic'
'manual'
'rolling' (required)
rollingUpgradePolicy The configuration parameters used while performing a rolling upgrade. RollingUpgradePolicy

UserAccount

Name Description Value
elevationLevel nonAdmin - The auto user is a standard user without elevated access. admin - The auto user is a user with elevated access and operates with full Administrator permissions. The default value is nonAdmin. 'Admin'
'NonAdmin'
linuxUserConfiguration This property is ignored if specified on a Windows pool. If not specified, the user is created with the default options. LinuxUserConfiguration
name The name of the user account. Names can contain any Unicode characters up to a maximum length of 20. string (required)
password The password for the user account. string

Constraints:
Sensitive value. Pass in as a secure parameter. (required)
windowsUserConfiguration This property can only be specified if the user is on a Windows pool. If not specified and on a Windows pool, the user is created with the default options. WindowsUserConfiguration

UserAssignedIdentities

Name Description Value

UserIdentity

Name Description Value
autoUser The userName and autoUser properties are mutually exclusive; you must specify one but not both. AutoUserSpecification
userName The userName and autoUser properties are mutually exclusive; you must specify one but not both. string

VirtualMachineConfiguration

Name Description Value
containerConfiguration If specified, setup is performed on each node in the pool to allow tasks to run in containers. All regular tasks and job manager tasks run on this pool must specify the containerSettings property, and all other tasks may specify it. ContainerConfiguration
dataDisks This property must be specified if the compute nodes in the pool need to have empty data disks attached to them. DataDisk[]
diskEncryptionConfiguration If specified, encryption is performed on each node in the pool during node provisioning. DiskEncryptionConfiguration
extensions If specified, the extensions mentioned in this configuration will be installed on each node. VMExtension[]
imageReference A reference to an Azure Virtual Machines Marketplace image or the Azure Image resource of a custom Virtual Machine. To get the list of all imageReferences verified by Azure Batch, see the 'List supported node agent SKUs' operation. ImageReference (required)
licenseType This only applies to images that contain the Windows operating system, and should only be used when you hold valid on-premises licenses for the nodes which will be deployed. If omitted, no on-premises licensing discount is applied. Values are:

Windows_Server - The on-premises license is for Windows Server.
Windows_Client - The on-premises license is for Windows Client.
string
nodeAgentSkuId The Batch node agent is a program that runs on each node in the pool, and provides the command-and-control interface between the node and the Batch service. There are different implementations of the node agent, known as SKUs, for different operating systems. You must specify a node agent SKU which matches the selected image reference. To get the list of supported node agent SKUs along with their list of verified image references, see the 'List supported node agent SKUs' operation. string (required)
nodePlacementConfiguration This configuration will specify rules on how nodes in the pool will be physically allocated. NodePlacementConfiguration
osDisk Contains configuration for ephemeral OSDisk settings. OSDisk
securityProfile Specifies the security profile settings for the virtual machine or virtual machine scale set. SecurityProfile
serviceArtifactReference The service artifact reference id in the form of /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/galleries/{galleryName}/serviceArtifacts/{serviceArtifactName}/vmArtifactsProfiles/{vmArtifactsProfilesName} ServiceArtifactReference
windowsConfiguration This property must not be specified if the imageReference specifies a Linux OS image. WindowsConfiguration

VMDiskSecurityProfile

Name Description Value
securityEncryptionType Specifies the EncryptionType of the managed disk. It is set to VMGuestStateOnly for encryption of just the VMGuestState blob, and NonPersistedTPM for not persisting firmware state in the VMGuestState blob. Note: It can be set for only Confidential VMs and required when using Confidential VMs. 'NonPersistedTPM'
'VMGuestStateOnly'

VMExtension

Name Description Value
autoUpgradeMinorVersion Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. bool
enableAutomaticUpgrade Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. bool
name The name of the virtual machine extension. string (required)
protectedSettings The extension can contain either protectedSettings or protectedSettingsFromKeyVault or no protected settings at all. any
provisionAfterExtensions Collection of extension names after which this extension needs to be provisioned. string[]
publisher The name of the extension handler publisher. string (required)
settings JSON formatted public settings for the extension. any
type The type of the extensions. string (required)
typeHandlerVersion The version of script handler. string

WindowsConfiguration

Name Description Value
enableAutomaticUpdates If omitted, the default value is true. bool

WindowsUserConfiguration

Name Description Value
loginMode Specifies login mode for the user. The default value is Interactive. 'Batch'
'Interactive'

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File Description
Azure Batch pool without public IP addresses This template creates Azure Batch simplified node communication pool without public IP addresses.

ARM template resource definition

The batchAccounts/pools resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Batch/batchAccounts/pools resource, add the following JSON to your template.

{
  "type": "Microsoft.Batch/batchAccounts/pools",
  "apiVersion": "2024-07-01",
  "name": "string",
  "identity": {
    "type": "string",
    "userAssignedIdentities": {
      "{customized property}": {
      }
    }
  },
  "properties": {
    "applicationLicenses": [ "string" ],
    "applicationPackages": [
      {
        "id": "string",
        "version": "string"
      }
    ],
    "certificates": [
      {
        "id": "string",
        "storeLocation": "string",
        "storeName": "string",
        "visibility": [ "string" ]
      }
    ],
    "deploymentConfiguration": {
      "virtualMachineConfiguration": {
        "containerConfiguration": {
          "containerImageNames": [ "string" ],
          "containerRegistries": [
            {
              "identityReference": {
                "resourceId": "string"
              },
              "password": "string",
              "registryServer": "string",
              "username": "string"
            }
          ],
          "type": "string"
        },
        "dataDisks": [
          {
            "caching": "string",
            "diskSizeGB": "int",
            "lun": "int",
            "storageAccountType": "string"
          }
        ],
        "diskEncryptionConfiguration": {
          "targets": [ "string" ]
        },
        "extensions": [
          {
            "autoUpgradeMinorVersion": "bool",
            "enableAutomaticUpgrade": "bool",
            "name": "string",
            "protectedSettings": {},
            "provisionAfterExtensions": [ "string" ],
            "publisher": "string",
            "settings": {},
            "type": "string",
            "typeHandlerVersion": "string"
          }
        ],
        "imageReference": {
          "communityGalleryImageId": "string",
          "id": "string",
          "offer": "string",
          "publisher": "string",
          "sharedGalleryImageId": "string",
          "sku": "string",
          "version": "string"
        },
        "licenseType": "string",
        "nodeAgentSkuId": "string",
        "nodePlacementConfiguration": {
          "policy": "string"
        },
        "osDisk": {
          "caching": "string",
          "diskSizeGB": "int",
          "ephemeralOSDiskSettings": {
            "placement": "CacheDisk"
          },
          "managedDisk": {
            "securityProfile": {
              "securityEncryptionType": "string"
            },
            "storageAccountType": "string"
          },
          "writeAcceleratorEnabled": "bool"
        },
        "securityProfile": {
          "encryptionAtHost": "bool",
          "securityType": "string",
          "uefiSettings": {
            "secureBootEnabled": "bool",
            "vTpmEnabled": "bool"
          }
        },
        "serviceArtifactReference": {
          "id": "string"
        },
        "windowsConfiguration": {
          "enableAutomaticUpdates": "bool"
        }
      }
    },
    "displayName": "string",
    "interNodeCommunication": "string",
    "metadata": [
      {
        "name": "string",
        "value": "string"
      }
    ],
    "mountConfiguration": [
      {
        "azureBlobFileSystemConfiguration": {
          "accountKey": "string",
          "accountName": "string",
          "blobfuseOptions": "string",
          "containerName": "string",
          "identityReference": {
            "resourceId": "string"
          },
          "relativeMountPath": "string",
          "sasKey": "string"
        },
        "azureFileShareConfiguration": {
          "accountKey": "string",
          "accountName": "string",
          "azureFileUrl": "string",
          "mountOptions": "string",
          "relativeMountPath": "string"
        },
        "cifsMountConfiguration": {
          "mountOptions": "string",
          "password": "string",
          "relativeMountPath": "string",
          "source": "string",
          "userName": "string"
        },
        "nfsMountConfiguration": {
          "mountOptions": "string",
          "relativeMountPath": "string",
          "source": "string"
        }
      }
    ],
    "networkConfiguration": {
      "dynamicVnetAssignmentScope": "string",
      "enableAcceleratedNetworking": "bool",
      "endpointConfiguration": {
        "inboundNatPools": [
          {
            "backendPort": "int",
            "frontendPortRangeEnd": "int",
            "frontendPortRangeStart": "int",
            "name": "string",
            "networkSecurityGroupRules": [
              {
                "access": "string",
                "priority": "int",
                "sourceAddressPrefix": "string",
                "sourcePortRanges": [ "string" ]
              }
            ],
            "protocol": "string"
          }
        ]
      },
      "publicIPAddressConfiguration": {
        "ipAddressIds": [ "string" ],
        "provision": "string"
      },
      "subnetId": "string"
    },
    "resourceTags": {
      "{customized property}": "string"
    },
    "scaleSettings": {
      "autoScale": {
        "evaluationInterval": "string",
        "formula": "string"
      },
      "fixedScale": {
        "nodeDeallocationOption": "string",
        "resizeTimeout": "string",
        "targetDedicatedNodes": "int",
        "targetLowPriorityNodes": "int"
      }
    },
    "startTask": {
      "commandLine": "string",
      "containerSettings": {
        "containerHostBatchBindMounts": [
          {
            "isReadOnly": "bool",
            "source": "string"
          }
        ],
        "containerRunOptions": "string",
        "imageName": "string",
        "registry": {
          "identityReference": {
            "resourceId": "string"
          },
          "password": "string",
          "registryServer": "string",
          "username": "string"
        },
        "workingDirectory": "string"
      },
      "environmentSettings": [
        {
          "name": "string",
          "value": "string"
        }
      ],
      "maxTaskRetryCount": "int",
      "resourceFiles": [
        {
          "autoStorageContainerName": "string",
          "blobPrefix": "string",
          "fileMode": "string",
          "filePath": "string",
          "httpUrl": "string",
          "identityReference": {
            "resourceId": "string"
          },
          "storageContainerUrl": "string"
        }
      ],
      "userIdentity": {
        "autoUser": {
          "elevationLevel": "string",
          "scope": "string"
        },
        "userName": "string"
      },
      "waitForSuccess": "bool"
    },
    "targetNodeCommunicationMode": "string",
    "taskSchedulingPolicy": {
      "nodeFillType": "string"
    },
    "taskSlotsPerNode": "int",
    "upgradePolicy": {
      "automaticOSUpgradePolicy": {
        "disableAutomaticRollback": "bool",
        "enableAutomaticOSUpgrade": "bool",
        "osRollingUpgradeDeferral": "bool",
        "useRollingUpgradePolicy": "bool"
      },
      "mode": "string",
      "rollingUpgradePolicy": {
        "enableCrossZoneUpgrade": "bool",
        "maxBatchInstancePercent": "int",
        "maxUnhealthyInstancePercent": "int",
        "maxUnhealthyUpgradedInstancePercent": "int",
        "pauseTimeBetweenBatches": "string",
        "prioritizeUnhealthyInstances": "bool",
        "rollbackFailedInstancesOnPolicyBreach": "bool"
      }
    },
    "userAccounts": [
      {
        "elevationLevel": "string",
        "linuxUserConfiguration": {
          "gid": "int",
          "sshPrivateKey": "string",
          "uid": "int"
        },
        "name": "string",
        "password": "string",
        "windowsUserConfiguration": {
          "loginMode": "string"
        }
      }
    ],
    "vmSize": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property values

ApplicationPackageReference

Name Description Value
id The ID of the application package to install. This must be inside the same batch account as the pool. This can either be a reference to a specific version or the default version if one exists. string (required)
version If this is omitted, and no default version is specified for this application, the request fails with the error code InvalidApplicationPackageReferences. If you are calling the REST API directly, the HTTP status code is 409. string

AutomaticOSUpgradePolicy

Name Description Value
disableAutomaticRollback Whether OS image rollback feature should be disabled. bool
enableAutomaticOSUpgrade Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available.

If this is set to true for Windows based pools, WindowsConfiguration.enableAutomaticUpdates cannot be set to true.
bool
osRollingUpgradeDeferral Defer OS upgrades on the TVMs if they are running tasks. bool
useRollingUpgradePolicy Indicates whether rolling upgrade policy should be used during Auto OS Upgrade. Auto OS Upgrade will fallback to the default policy if no policy is defined on the VMSS. bool

AutoScaleSettings

Name Description Value
evaluationInterval If omitted, the default value is 15 minutes (PT15M). string
formula A formula for the desired number of compute nodes in the pool. string (required)

AutoUserSpecification

Name Description Value
elevationLevel The default value is nonAdmin. 'Admin'
'NonAdmin'
scope The default value is Pool. If the pool is running Windows a value of Task should be specified if stricter isolation between tasks is required. For example, if the task mutates the registry in a way which could impact other tasks, or if certificates have been specified on the pool which should not be accessible by normal tasks but should be accessible by start tasks. 'Pool'
'Task'

AzureBlobFileSystemConfiguration

Name Description Value
accountKey This property is mutually exclusive with both sasKey and identity; exactly one must be specified. string

Constraints:
Sensitive value. Pass in as a secure parameter.
accountName The Azure Storage Account name. string (required)
blobfuseOptions These are 'net use' options in Windows and 'mount' options in Linux. string
containerName The Azure Blob Storage Container name. string (required)
identityReference This property is mutually exclusive with both accountKey and sasKey; exactly one must be specified. ComputeNodeIdentityReference
relativeMountPath All file systems are mounted relative to the Batch mounts directory, accessible via the AZ_BATCH_NODE_MOUNTS_DIR environment variable. string (required)
sasKey This property is mutually exclusive with both accountKey and identity; exactly one must be specified. string

Constraints:
Sensitive value. Pass in as a secure parameter.

AzureFileShareConfiguration

Name Description Value
accountKey The Azure Storage account key. string

Constraints:
Sensitive value. Pass in as a secure parameter. (required)
accountName The Azure Storage account name. string (required)
azureFileUrl This is of the form 'https://{account}.file.core.windows.net/'. string (required)
mountOptions These are 'net use' options in Windows and 'mount' options in Linux. string
relativeMountPath All file systems are mounted relative to the Batch mounts directory, accessible via the AZ_BATCH_NODE_MOUNTS_DIR environment variable. string (required)

AzureProxyResourceTags

Name Description Value

BatchPoolIdentity

Name Description Value
type The type of identity used for the Batch Pool. 'None'
'UserAssigned' (required)
userAssignedIdentities The list of user identities associated with the Batch pool. BatchPoolIdentityUserAssignedIdentities

BatchPoolIdentityUserAssignedIdentities

Name Description Value

CertificateReference

Name Description Value
id The fully qualified ID of the certificate to install on the pool. This must be inside the same batch account as the pool. string (required)
storeLocation The default value is currentUser. This property is applicable only for pools configured with Windows compute nodes. For Linux compute nodes, the certificates are stored in a directory inside the task working directory and an environment variable AZ_BATCH_CERTIFICATES_DIR is supplied to the task to query for this location. For certificates with visibility of 'remoteUser', a 'certs' directory is created in the user's home directory (e.g., /home/{user-name}/certs) and certificates are placed in that directory. 'CurrentUser'
'LocalMachine'
storeName This property is applicable only for pools configured with Windows compute nodes. Common store names include: My, Root, CA, Trust, Disallowed, TrustedPeople, TrustedPublisher, AuthRoot, AddressBook, but any custom store name can also be used. The default value is My. string
visibility Which user accounts on the compute node should have access to the private data of the certificate. String array containing any of:
'RemoteUser'
'StartTask'
'Task'

CifsMountConfiguration

Name Description Value
mountOptions These are 'net use' options in Windows and 'mount' options in Linux. string
password The password to use for authentication against the CIFS file system. string

Constraints:
Sensitive value. Pass in as a secure parameter. (required)
relativeMountPath All file systems are mounted relative to the Batch mounts directory, accessible via the AZ_BATCH_NODE_MOUNTS_DIR environment variable. string (required)
source The URI of the file system to mount. string (required)
userName The user to use for authentication against the CIFS file system. string (required)

ComputeNodeIdentityReference

Name Description Value
resourceId The ARM resource id of the user assigned identity. string

ContainerConfiguration

Name Description Value
containerImageNames This is the full image reference, as would be specified to "docker pull". An image will be sourced from the default Docker registry unless the image is fully qualified with an alternative registry. string[]
containerRegistries If any images must be downloaded from a private registry which requires credentials, then those credentials must be provided here. ContainerRegistry[]
type The container technology to be used. 'CriCompatible'
'DockerCompatible' (required)

ContainerHostBatchBindMountEntry

Name Description Value
isReadOnly For Linux, if you mount this path as a read/write mode, this does not mean that all users in container have the read/write access for the path, it depends on the access in host VM. If this path is mounted read-only, all users within the container will not be able to modify the path. bool
source The paths which will be mounted to container task's container. 'Applications'
'JobPrep'
'Shared'
'Startup'
'Task'
'VfsMounts'

ContainerRegistry

Name Description Value
identityReference The reference to a user assigned identity associated with the Batch pool which a compute node will use. ComputeNodeIdentityReference
password The password to log into the registry server. string

Constraints:
Sensitive value. Pass in as a secure parameter.
registryServer If omitted, the default is "docker.io". string
username The user name to log into the registry server. string

DataDisk

Name Description Value
caching Values are:

none - The caching mode for the disk is not enabled.
readOnly - The caching mode for the disk is read only.
readWrite - The caching mode for the disk is read and write.

The default value for caching is none. For information about the caching options see: https://blogs.msdn.microsoft.com/windowsazurestorage/2012/06/27/exploring-windows-azure-drives-disks-and-images/.
'None'
'ReadOnly'
'ReadWrite'
diskSizeGB The initial disk size in GB when creating new data disk. int (required)
lun The lun is used to uniquely identify each data disk. If attaching multiple disks, each should have a distinct lun. The value must be between 0 and 63, inclusive. int (required)
storageAccountType If omitted, the default is "Standard_LRS". Values are:

Standard_LRS - The data disk should use standard locally redundant storage.
Premium_LRS - The data disk should use premium locally redundant storage.
'Premium_LRS'
'StandardSSD_LRS'
'Standard_LRS'

DeploymentConfiguration

Name Description Value
virtualMachineConfiguration The configuration for compute nodes in a pool based on the Azure Virtual Machines infrastructure. VirtualMachineConfiguration

DiffDiskSettings

Name Description Value
placement This property can be used by user in the request to choose which location the operating system should be in. e.g., cache disk space for Ephemeral OS disk provisioning. For more information on Ephemeral OS disk size requirements, please refer to Ephemeral OS disk size requirements for Windows VMs at /azure/virtual-machines/windows/ephemeral-os-disks#size-requirements and Linux VMs at /azure/virtual-machines/linux/ephemeral-os-disks#size-requirements. 'CacheDisk'

DiskEncryptionConfiguration

Name Description Value
targets On Linux pool, only "TemporaryDisk" is supported; on Windows pool, "OsDisk" and "TemporaryDisk" must be specified. String array containing any of:
'OsDisk'
'TemporaryDisk'

EnvironmentSetting

Name Description Value
name The name of the environment variable. string (required)
value The value of the environment variable. string

FixedScaleSettings

Name Description Value
nodeDeallocationOption If omitted, the default value is Requeue. 'Requeue'
'RetainedData'
'TaskCompletion'
'Terminate'
resizeTimeout The default value is 15 minutes. Timeout values use ISO 8601 format. For example, use PT10M for 10 minutes. The minimum value is 5 minutes. If you specify a value less than 5 minutes, the Batch service rejects the request with an error; if you are calling the REST API directly, the HTTP status code is 400 (Bad Request). string
targetDedicatedNodes At least one of targetDedicatedNodes, targetLowPriorityNodes must be set. int
targetLowPriorityNodes At least one of targetDedicatedNodes, targetLowPriorityNodes must be set. int

ImageReference

Name Description Value
communityGalleryImageId This property is mutually exclusive with other properties and can be fetched from community gallery image GET call. string
id This property is mutually exclusive with other properties. The Azure Compute Gallery Image must have replicas in the same region as the Azure Batch account. For information about the firewall settings for the Batch node agent to communicate with the Batch service see /azure/batch/batch-api-basics#virtual-network-vnet-and-firewall-configuration. string
offer For example, UbuntuServer or WindowsServer. string
publisher For example, Canonical or MicrosoftWindowsServer. string
sharedGalleryImageId This property is mutually exclusive with other properties and can be fetched from shared gallery image GET call. string
sku For example, 18.04-LTS or 2022-datacenter. string
version A value of 'latest' can be specified to select the latest version of an image. If omitted, the default is 'latest'. string

InboundNatPool

Name Description Value
backendPort This must be unique within a Batch pool. Acceptable values are between 1 and 65535 except for 29876 and 29877 as these are reserved. If any reserved values are provided the request fails with HTTP status code 400. int (required)
frontendPortRangeEnd Acceptable values range between 1 and 65534 except ports from 50000 to 55000 which are reserved by the Batch service. All ranges within a pool must be distinct and cannot overlap. If any reserved or overlapping values are provided the request fails with HTTP status code 400. int (required)
frontendPortRangeStart Acceptable values range between 1 and 65534 except ports from 50000 to 55000 which are reserved. All ranges within a pool must be distinct and cannot overlap. If any reserved or overlapping values are provided the request fails with HTTP status code 400. int (required)
name The name must be unique within a Batch pool, can contain letters, numbers, underscores, periods, and hyphens. Names must start with a letter or number, must end with a letter, number, or underscore, and cannot exceed 77 characters. If any invalid values are provided the request fails with HTTP status code 400. string (required)
networkSecurityGroupRules The maximum number of rules that can be specified across all the endpoints on a Batch pool is 25. If no network security group rules are specified, a default rule will be created to allow inbound access to the specified backendPort. If the maximum number of network security group rules is exceeded the request fails with HTTP status code 400. NetworkSecurityGroupRule[]
protocol The protocol of the endpoint. 'TCP'
'UDP' (required)

LinuxUserConfiguration

Name Description Value
gid The uid and gid properties must be specified together or not at all. If not specified the underlying operating system picks the gid. int
sshPrivateKey The private key must not be password protected. The private key is used to automatically configure asymmetric-key based authentication for SSH between nodes in a Linux pool when the pool's enableInterNodeCommunication property is true (it is ignored if enableInterNodeCommunication is false). It does this by placing the key pair into the user's .ssh directory. If not specified, password-less SSH is not configured between nodes (no modification of the user's .ssh directory is done). string

Constraints:
Sensitive value. Pass in as a secure parameter.
uid The uid and gid properties must be specified together or not at all. If not specified the underlying operating system picks the uid. int

ManagedDisk

Name Description Value
securityProfile Specifies the security profile settings for the managed disk. Note: It can only be set for Confidential VMs and is required when using Confidential VMs. VMDiskSecurityProfile
storageAccountType The storage account type for use in creating data disks or OS disk. 'Premium_LRS'
'StandardSSD_LRS'
'Standard_LRS'

MetadataItem

Name Description Value
name The name of the metadata item. string (required)
value The value of the metadata item. string (required)

Microsoft.Batch/batchAccounts/pools

Name Description Value
apiVersion The api version '2024-07-01'
identity The type of identity used for the Batch Pool. BatchPoolIdentity
name The resource name string

Constraints:
Min length = 1
Max length = 1
Pattern = ^[a-zA-Z0-9_-]+$ (required)
properties The properties associated with the pool. PoolProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.Batch/batchAccounts/pools'

MountConfiguration

Name Description Value
azureBlobFileSystemConfiguration This property is mutually exclusive with all other properties. AzureBlobFileSystemConfiguration
azureFileShareConfiguration This property is mutually exclusive with all other properties. AzureFileShareConfiguration
cifsMountConfiguration This property is mutually exclusive with all other properties. CifsMountConfiguration
nfsMountConfiguration This property is mutually exclusive with all other properties. NFSMountConfiguration

NetworkConfiguration

Name Description Value
dynamicVnetAssignmentScope The scope of dynamic vnet assignment. 'job'
'none'
enableAcceleratedNetworking Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, which may lead to improved networking performance. For more details, see: /azure/virtual-network/accelerated-networking-overview. bool
endpointConfiguration The endpoint configuration for a pool. PoolEndpointConfiguration
publicIPAddressConfiguration The public IP Address configuration of the networking configuration of a Pool. PublicIPAddressConfiguration
subnetId The virtual network must be in the same region and subscription as the Azure Batch account. The specified subnet should have enough free IP addresses to accommodate the number of nodes in the pool. If the subnet doesn't have enough free IP addresses, the pool will partially allocate compute nodes and a resize error will occur. The 'MicrosoftAzureBatch' service principal must have the 'Classic Virtual Machine Contributor' Role-Based Access Control (RBAC) role for the specified VNet. The specified subnet must allow communication from the Azure Batch service to be able to schedule tasks on the compute nodes. This can be verified by checking if the specified VNet has any associated Network Security Groups (NSG). If communication to the compute nodes in the specified subnet is denied by an NSG, then the Batch service will set the state of the compute nodes to unusable. If the specified VNet has any associated Network Security Groups (NSG), then a few reserved system ports must be enabled for inbound communication,including ports 29876 and 29877. Also enable outbound connections to Azure Storage on port 443. For more details see: /azure/batch/batch-api-basics#virtual-network-vnet-and-firewall-configuration string

NetworkSecurityGroupRule

Name Description Value
access The action that should be taken for a specified IP address, subnet range or tag. 'Allow'
'Deny' (required)
priority Priorities within a pool must be unique and are evaluated in order of priority. The lower the number the higher the priority. For example, rules could be specified with order numbers of 150, 250, and 350. The rule with the order number of 150 takes precedence over the rule that has an order of 250. Allowed priorities are 150 to 4096. If any reserved or duplicate values are provided the request fails with HTTP status code 400. int (required)
sourceAddressPrefix Valid values are a single IP address (i.e. 10.10.10.10), IP subnet (i.e. 192.168.1.0/24), default tag, or * (for all addresses). If any other values are provided the request fails with HTTP status code 400. string (required)
sourcePortRanges Valid values are '*' (for all ports 0 - 65535) or arrays of ports or port ranges (i.e. 100-200). The ports should in the range of 0 to 65535 and the port ranges or ports can't overlap. If any other values are provided the request fails with HTTP status code 400. Default value will be *. string[]

NFSMountConfiguration

Name Description Value
mountOptions These are 'net use' options in Windows and 'mount' options in Linux. string
relativeMountPath All file systems are mounted relative to the Batch mounts directory, accessible via the AZ_BATCH_NODE_MOUNTS_DIR environment variable. string (required)
source The URI of the file system to mount. string (required)

NodePlacementConfiguration

Name Description Value
policy Allocation policy used by Batch Service to provision the nodes. If not specified, Batch will use the regional policy. 'Regional'
'Zonal'

OSDisk

Name Description Value
caching The type of caching to enable for the disk. 'None'
'ReadOnly'
'ReadWrite'
diskSizeGB The initial disk size in GB when creating new OS disk. int
ephemeralOSDiskSettings Specifies the ephemeral Disk Settings for the operating system disk used by the virtual machine. DiffDiskSettings
managedDisk ManagedDisk
writeAcceleratorEnabled Specifies whether writeAccelerator should be enabled or disabled on the disk. bool

PoolEndpointConfiguration

Name Description Value
inboundNatPools The maximum number of inbound NAT pools per Batch pool is 5. If the maximum number of inbound NAT pools is exceeded the request fails with HTTP status code 400. This cannot be specified if the IPAddressProvisioningType is NoPublicIPAddresses. InboundNatPool[] (required)

PoolProperties

Name Description Value
applicationLicenses The list of application licenses must be a subset of available Batch service application licenses. If a license is requested which is not supported, pool creation will fail. string[]
applicationPackages Changes to application package references affect all new compute nodes joining the pool, but do not affect compute nodes that are already in the pool until they are rebooted or reimaged. There is a maximum of 10 application package references on any given pool. ApplicationPackageReference[]
certificates For Windows compute nodes, the Batch service installs the certificates to the specified certificate store and location. For Linux compute nodes, the certificates are stored in a directory inside the task working directory and an environment variable AZ_BATCH_CERTIFICATES_DIR is supplied to the task to query for this location. For certificates with visibility of 'remoteUser', a 'certs' directory is created in the user's home directory (e.g., /home/{user-name}/certs) and certificates are placed in that directory.

Warning: This property is deprecated and will be removed after February, 2024. Please use the Azure KeyVault Extension instead.
CertificateReference[]
deploymentConfiguration Deployment configuration properties. DeploymentConfiguration
displayName The display name need not be unique and can contain any Unicode characters up to a maximum length of 1024. string
interNodeCommunication This imposes restrictions on which nodes can be assigned to the pool. Enabling this value can reduce the chance of the requested number of nodes to be allocated in the pool. If not specified, this value defaults to 'Disabled'. 'Disabled'
'Enabled'
metadata The Batch service does not assign any meaning to metadata; it is solely for the use of user code. MetadataItem[]
mountConfiguration This supports Azure Files, NFS, CIFS/SMB, and Blobfuse. MountConfiguration[]
networkConfiguration The network configuration for a pool. NetworkConfiguration
resourceTags The user-defined tags to be associated with the Azure Batch Pool. When specified, these tags are propagated to the backing Azure resources associated with the pool. This property can only be specified when the Batch account was created with the poolAllocationMode property set to 'UserSubscription'. PoolPropertiesResourceTags
scaleSettings Defines the desired size of the pool. This can either be 'fixedScale' where the requested targetDedicatedNodes is specified, or 'autoScale' which defines a formula which is periodically reevaluated. If this property is not specified, the pool will have a fixed scale with 0 targetDedicatedNodes. ScaleSettings
startTask In an PATCH (update) operation, this property can be set to an empty object to remove the start task from the pool. StartTask
targetNodeCommunicationMode If omitted, the default value is Default. 'Classic'
'Default'
'Simplified'
taskSchedulingPolicy If not specified, the default is spread. TaskSchedulingPolicy
taskSlotsPerNode The default value is 1. The maximum value is the smaller of 4 times the number of cores of the vmSize of the pool or 256. int
upgradePolicy Describes an upgrade policy - automatic, manual, or rolling. UpgradePolicy
userAccounts The list of user accounts to be created on each node in the pool. UserAccount[]
vmSize For information about available VM sizes, see Sizes for Virtual Machines (Linux) (https://azure.microsoft.com/documentation/articles/virtual-machines-linux-sizes/) or Sizes for Virtual Machines (Windows) (https://azure.microsoft.com/documentation/articles/virtual-machines-windows-sizes/). Batch supports all Azure VM sizes except STANDARD_A0 and those with premium storage (STANDARD_GS, STANDARD_DS, and STANDARD_DSV2 series). string

PoolPropertiesResourceTags

Name Description Value

PublicIPAddressConfiguration

Name Description Value
ipAddressIds The number of IPs specified here limits the maximum size of the Pool - 100 dedicated nodes or 100 Spot/low-priority nodes can be allocated for each public IP. For example, a pool needing 250 dedicated VMs would need at least 3 public IPs specified. Each element of this collection is of the form: /subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.Network/publicIPAddresses/{ip}. string[]
provision The default value is BatchManaged 'BatchManaged'
'NoPublicIPAddresses'
'UserManaged'

ResourceFile

Name Description Value
autoStorageContainerName The autoStorageContainerName, storageContainerUrl and httpUrl properties are mutually exclusive and one of them must be specified. string
blobPrefix The property is valid only when autoStorageContainerName or storageContainerUrl is used. This prefix can be a partial filename or a subdirectory. If a prefix is not specified, all the files in the container will be downloaded. string
fileMode This property applies only to files being downloaded to Linux compute nodes. It will be ignored if it is specified for a resourceFile which will be downloaded to a Windows node. If this property is not specified for a Linux node, then a default value of 0770 is applied to the file. string
filePath If the httpUrl property is specified, the filePath is required and describes the path which the file will be downloaded to, including the filename. Otherwise, if the autoStorageContainerName or storageContainerUrl property is specified, filePath is optional and is the directory to download the files to. In the case where filePath is used as a directory, any directory structure already associated with the input data will be retained in full and appended to the specified filePath directory. The specified relative path cannot break out of the task's working directory (for example by using '..'). string
httpUrl The autoStorageContainerName, storageContainerUrl and httpUrl properties are mutually exclusive and one of them must be specified. If the URL points to Azure Blob Storage, it must be readable from compute nodes. There are three ways to get such a URL for a blob in Azure storage: include a Shared Access Signature (SAS) granting read permissions on the blob, use a managed identity with read permission, or set the ACL for the blob or its container to allow public access. string
identityReference The reference to a user assigned identity associated with the Batch pool which a compute node will use. ComputeNodeIdentityReference
storageContainerUrl The autoStorageContainerName, storageContainerUrl and httpUrl properties are mutually exclusive and one of them must be specified. This URL must be readable and listable from compute nodes. There are three ways to get such a URL for a container in Azure storage: include a Shared Access Signature (SAS) granting read and list permissions on the container, use a managed identity with read and list permissions, or set the ACL for the container to allow public access. string

RollingUpgradePolicy

Name Description Value
enableCrossZoneUpgrade Allow VMSS to ignore AZ boundaries when constructing upgrade batches. Take into consideration the Update Domain and maxBatchInstancePercent to determine the batch size. If this field is not set, Azure Azure Batch will not set its default value. The value of enableCrossZoneUpgrade on the created VirtualMachineScaleSet will be decided by the default configurations on VirtualMachineScaleSet. This field is able to be set to true or false only when using NodePlacementConfiguration as Zonal. bool
maxBatchInstancePercent The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. The value of this field should be between 5 and 100, inclusive. If both maxBatchInstancePercent and maxUnhealthyInstancePercent are assigned with value, the value of maxBatchInstancePercent should not be more than maxUnhealthyInstancePercent. int

Constraints:
Min value = 5
Max value = 100
maxUnhealthyInstancePercent The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. The value of this field should be between 5 and 100, inclusive. If both maxBatchInstancePercent and maxUnhealthyInstancePercent are assigned with value, the value of maxBatchInstancePercent should not be more than maxUnhealthyInstancePercent. int

Constraints:
Min value = 5
Max value = 100
maxUnhealthyUpgradedInstancePercent The maximum percentage of upgraded virtual machine instances that can be found to be in an unhealthy state. This check will happen after each batch is upgraded. If this percentage is ever exceeded, the rolling update aborts. The value of this field should be between 0 and 100, inclusive. int

Constraints:
Min value = 0
Max value = 100
pauseTimeBetweenBatches The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. string
prioritizeUnhealthyInstances Upgrade all unhealthy instances in a scale set before any healthy instances. bool
rollbackFailedInstancesOnPolicyBreach Rollback failed instances to previous model if the Rolling Upgrade policy is violated. bool

ScaleSettings

Name Description Value
autoScale This property and fixedScale are mutually exclusive and one of the properties must be specified. AutoScaleSettings
fixedScale This property and autoScale are mutually exclusive and one of the properties must be specified. FixedScaleSettings

SecurityProfile

Name Description Value
encryptionAtHost This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. bool
securityType Specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UefiSettings. 'confidentialVM'
'trustedLaunch'
uefiSettings Specifies the security settings like secure boot and vTPM used while creating the virtual machine. UefiSettings

ServiceArtifactReference

Name Description Value
id The service artifact reference id in the form of /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/galleries/{galleryName}/serviceArtifacts/{serviceArtifactName}/vmArtifactsProfiles/{vmArtifactsProfilesName} string (required)

StartTask

Name Description Value
commandLine The command line does not run under a shell, and therefore cannot take advantage of shell features such as environment variable expansion. If you want to take advantage of such features, you should invoke the shell in the command line, for example using "cmd /c MyCommand" in Windows or "/bin/sh -c MyCommand" in Linux. Required if any other properties of the startTask are specified. string
containerSettings When this is specified, all directories recursively below the AZ_BATCH_NODE_ROOT_DIR (the root of Azure Batch directories on the node) are mapped into the container, all task environment variables are mapped into the container, and the task command line is executed in the container. TaskContainerSettings
environmentSettings A list of environment variable settings for the start task. EnvironmentSetting[]
maxTaskRetryCount The Batch service retries a task if its exit code is nonzero. Note that this value specifically controls the number of retries. The Batch service will try the task once, and may then retry up to this limit. For example, if the maximum retry count is 3, Batch tries the task up to 4 times (one initial try and 3 retries). If the maximum retry count is 0, the Batch service does not retry the task. If the maximum retry count is -1, the Batch service retries the task without limit. Default is 0 int
resourceFiles A list of files that the Batch service will download to the compute node before running the command line. ResourceFile[]
userIdentity If omitted, the task runs as a non-administrative user unique to the task. UserIdentity
waitForSuccess If true and the start task fails on a compute node, the Batch service retries the start task up to its maximum retry count (maxTaskRetryCount). If the task has still not completed successfully after all retries, then the Batch service marks the compute node unusable, and will not schedule tasks to it. This condition can be detected via the node state and scheduling error detail. If false, the Batch service will not wait for the start task to complete. In this case, other tasks can start executing on the compute node while the start task is still running; and even if the start task fails, new tasks will continue to be scheduled on the node. The default is true. bool

TaskContainerSettings

Name Description Value
containerHostBatchBindMounts If this array is null or be not present, container task will mount entire temporary disk drive in windows (or AZ_BATCH_NODE_ROOT_DIR in Linux). It won't' mount any data paths into container if this array is set as empty. ContainerHostBatchBindMountEntry[]
containerRunOptions These additional options are supplied as arguments to the "docker create" command, in addition to those controlled by the Batch Service. string
imageName This is the full image reference, as would be specified to "docker pull". If no tag is provided as part of the image name, the tag ":latest" is used as a default. string (required)
registry This setting can be omitted if was already provided at pool creation. ContainerRegistry
workingDirectory A flag to indicate where the container task working directory is. The default is 'taskWorkingDirectory'. 'ContainerImageDefault'
'TaskWorkingDirectory'

TaskSchedulingPolicy

Name Description Value
nodeFillType How tasks should be distributed across compute nodes. 'Pack'
'Spread' (required)

UefiSettings

Name Description Value
secureBootEnabled Specifies whether secure boot should be enabled on the virtual machine. bool
vTpmEnabled Specifies whether vTPM should be enabled on the virtual machine. bool

UpgradePolicy

Name Description Value
automaticOSUpgradePolicy The configuration parameters used for performing automatic OS upgrade. AutomaticOSUpgradePolicy
mode Specifies the mode of an upgrade to virtual machines in the scale set.

Possible values are:

Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action.

Automatic - All virtual machines in the scale set are automatically updated at the same time.

Rolling - Scale set performs updates in batches with an optional pause time in between.
'automatic'
'manual'
'rolling' (required)
rollingUpgradePolicy The configuration parameters used while performing a rolling upgrade. RollingUpgradePolicy

UserAccount

Name Description Value
elevationLevel nonAdmin - The auto user is a standard user without elevated access. admin - The auto user is a user with elevated access and operates with full Administrator permissions. The default value is nonAdmin. 'Admin'
'NonAdmin'
linuxUserConfiguration This property is ignored if specified on a Windows pool. If not specified, the user is created with the default options. LinuxUserConfiguration
name The name of the user account. Names can contain any Unicode characters up to a maximum length of 20. string (required)
password The password for the user account. string

Constraints:
Sensitive value. Pass in as a secure parameter. (required)
windowsUserConfiguration This property can only be specified if the user is on a Windows pool. If not specified and on a Windows pool, the user is created with the default options. WindowsUserConfiguration

UserAssignedIdentities

Name Description Value

UserIdentity

Name Description Value
autoUser The userName and autoUser properties are mutually exclusive; you must specify one but not both. AutoUserSpecification
userName The userName and autoUser properties are mutually exclusive; you must specify one but not both. string

VirtualMachineConfiguration

Name Description Value
containerConfiguration If specified, setup is performed on each node in the pool to allow tasks to run in containers. All regular tasks and job manager tasks run on this pool must specify the containerSettings property, and all other tasks may specify it. ContainerConfiguration
dataDisks This property must be specified if the compute nodes in the pool need to have empty data disks attached to them. DataDisk[]
diskEncryptionConfiguration If specified, encryption is performed on each node in the pool during node provisioning. DiskEncryptionConfiguration
extensions If specified, the extensions mentioned in this configuration will be installed on each node. VMExtension[]
imageReference A reference to an Azure Virtual Machines Marketplace image or the Azure Image resource of a custom Virtual Machine. To get the list of all imageReferences verified by Azure Batch, see the 'List supported node agent SKUs' operation. ImageReference (required)
licenseType This only applies to images that contain the Windows operating system, and should only be used when you hold valid on-premises licenses for the nodes which will be deployed. If omitted, no on-premises licensing discount is applied. Values are:

Windows_Server - The on-premises license is for Windows Server.
Windows_Client - The on-premises license is for Windows Client.
string
nodeAgentSkuId The Batch node agent is a program that runs on each node in the pool, and provides the command-and-control interface between the node and the Batch service. There are different implementations of the node agent, known as SKUs, for different operating systems. You must specify a node agent SKU which matches the selected image reference. To get the list of supported node agent SKUs along with their list of verified image references, see the 'List supported node agent SKUs' operation. string (required)
nodePlacementConfiguration This configuration will specify rules on how nodes in the pool will be physically allocated. NodePlacementConfiguration
osDisk Contains configuration for ephemeral OSDisk settings. OSDisk
securityProfile Specifies the security profile settings for the virtual machine or virtual machine scale set. SecurityProfile
serviceArtifactReference The service artifact reference id in the form of /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/galleries/{galleryName}/serviceArtifacts/{serviceArtifactName}/vmArtifactsProfiles/{vmArtifactsProfilesName} ServiceArtifactReference
windowsConfiguration This property must not be specified if the imageReference specifies a Linux OS image. WindowsConfiguration

VMDiskSecurityProfile

Name Description Value
securityEncryptionType Specifies the EncryptionType of the managed disk. It is set to VMGuestStateOnly for encryption of just the VMGuestState blob, and NonPersistedTPM for not persisting firmware state in the VMGuestState blob. Note: It can be set for only Confidential VMs and required when using Confidential VMs. 'NonPersistedTPM'
'VMGuestStateOnly'

VMExtension

Name Description Value
autoUpgradeMinorVersion Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. bool
enableAutomaticUpgrade Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. bool
name The name of the virtual machine extension. string (required)
protectedSettings The extension can contain either protectedSettings or protectedSettingsFromKeyVault or no protected settings at all. any
provisionAfterExtensions Collection of extension names after which this extension needs to be provisioned. string[]
publisher The name of the extension handler publisher. string (required)
settings JSON formatted public settings for the extension. any
type The type of the extensions. string (required)
typeHandlerVersion The version of script handler. string

WindowsConfiguration

Name Description Value
enableAutomaticUpdates If omitted, the default value is true. bool

WindowsUserConfiguration

Name Description Value
loginMode Specifies login mode for the user. The default value is Interactive. 'Batch'
'Interactive'

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Azure Batch pool without public IP addresses

Deploy to Azure
This template creates Azure Batch simplified node communication pool without public IP addresses.

Terraform (AzAPI provider) resource definition

The batchAccounts/pools resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Batch/batchAccounts/pools resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Batch/batchAccounts/pools@2024-07-01"
  name = "string"
  identity = {
    type = "string"
    userAssignedIdentities = {
      {customized property} = {
      }
    }
  }
  tags = {
    {customized property} = "string"
  }
  body = jsonencode({
    properties = {
      applicationLicenses = [
        "string"
      ]
      applicationPackages = [
        {
          id = "string"
          version = "string"
        }
      ]
      certificates = [
        {
          id = "string"
          storeLocation = "string"
          storeName = "string"
          visibility = [
            "string"
          ]
        }
      ]
      deploymentConfiguration = {
        virtualMachineConfiguration = {
          containerConfiguration = {
            containerImageNames = [
              "string"
            ]
            containerRegistries = [
              {
                identityReference = {
                  resourceId = "string"
                }
                password = "string"
                registryServer = "string"
                username = "string"
              }
            ]
            type = "string"
          }
          dataDisks = [
            {
              caching = "string"
              diskSizeGB = int
              lun = int
              storageAccountType = "string"
            }
          ]
          diskEncryptionConfiguration = {
            targets = [
              "string"
            ]
          }
          extensions = [
            {
              autoUpgradeMinorVersion = bool
              enableAutomaticUpgrade = bool
              name = "string"
              protectedSettings = ?
              provisionAfterExtensions = [
                "string"
              ]
              publisher = "string"
              settings = ?
              type = "string"
              typeHandlerVersion = "string"
            }
          ]
          imageReference = {
            communityGalleryImageId = "string"
            id = "string"
            offer = "string"
            publisher = "string"
            sharedGalleryImageId = "string"
            sku = "string"
            version = "string"
          }
          licenseType = "string"
          nodeAgentSkuId = "string"
          nodePlacementConfiguration = {
            policy = "string"
          }
          osDisk = {
            caching = "string"
            diskSizeGB = int
            ephemeralOSDiskSettings = {
              placement = "CacheDisk"
            }
            managedDisk = {
              securityProfile = {
                securityEncryptionType = "string"
              }
              storageAccountType = "string"
            }
            writeAcceleratorEnabled = bool
          }
          securityProfile = {
            encryptionAtHost = bool
            securityType = "string"
            uefiSettings = {
              secureBootEnabled = bool
              vTpmEnabled = bool
            }
          }
          serviceArtifactReference = {
            id = "string"
          }
          windowsConfiguration = {
            enableAutomaticUpdates = bool
          }
        }
      }
      displayName = "string"
      interNodeCommunication = "string"
      metadata = [
        {
          name = "string"
          value = "string"
        }
      ]
      mountConfiguration = [
        {
          azureBlobFileSystemConfiguration = {
            accountKey = "string"
            accountName = "string"
            blobfuseOptions = "string"
            containerName = "string"
            identityReference = {
              resourceId = "string"
            }
            relativeMountPath = "string"
            sasKey = "string"
          }
          azureFileShareConfiguration = {
            accountKey = "string"
            accountName = "string"
            azureFileUrl = "string"
            mountOptions = "string"
            relativeMountPath = "string"
          }
          cifsMountConfiguration = {
            mountOptions = "string"
            password = "string"
            relativeMountPath = "string"
            source = "string"
            userName = "string"
          }
          nfsMountConfiguration = {
            mountOptions = "string"
            relativeMountPath = "string"
            source = "string"
          }
        }
      ]
      networkConfiguration = {
        dynamicVnetAssignmentScope = "string"
        enableAcceleratedNetworking = bool
        endpointConfiguration = {
          inboundNatPools = [
            {
              backendPort = int
              frontendPortRangeEnd = int
              frontendPortRangeStart = int
              name = "string"
              networkSecurityGroupRules = [
                {
                  access = "string"
                  priority = int
                  sourceAddressPrefix = "string"
                  sourcePortRanges = [
                    "string"
                  ]
                }
              ]
              protocol = "string"
            }
          ]
        }
        publicIPAddressConfiguration = {
          ipAddressIds = [
            "string"
          ]
          provision = "string"
        }
        subnetId = "string"
      }
      resourceTags = {
        {customized property} = "string"
      }
      scaleSettings = {
        autoScale = {
          evaluationInterval = "string"
          formula = "string"
        }
        fixedScale = {
          nodeDeallocationOption = "string"
          resizeTimeout = "string"
          targetDedicatedNodes = int
          targetLowPriorityNodes = int
        }
      }
      startTask = {
        commandLine = "string"
        containerSettings = {
          containerHostBatchBindMounts = [
            {
              isReadOnly = bool
              source = "string"
            }
          ]
          containerRunOptions = "string"
          imageName = "string"
          registry = {
            identityReference = {
              resourceId = "string"
            }
            password = "string"
            registryServer = "string"
            username = "string"
          }
          workingDirectory = "string"
        }
        environmentSettings = [
          {
            name = "string"
            value = "string"
          }
        ]
        maxTaskRetryCount = int
        resourceFiles = [
          {
            autoStorageContainerName = "string"
            blobPrefix = "string"
            fileMode = "string"
            filePath = "string"
            httpUrl = "string"
            identityReference = {
              resourceId = "string"
            }
            storageContainerUrl = "string"
          }
        ]
        userIdentity = {
          autoUser = {
            elevationLevel = "string"
            scope = "string"
          }
          userName = "string"
        }
        waitForSuccess = bool
      }
      targetNodeCommunicationMode = "string"
      taskSchedulingPolicy = {
        nodeFillType = "string"
      }
      taskSlotsPerNode = int
      upgradePolicy = {
        automaticOSUpgradePolicy = {
          disableAutomaticRollback = bool
          enableAutomaticOSUpgrade = bool
          osRollingUpgradeDeferral = bool
          useRollingUpgradePolicy = bool
        }
        mode = "string"
        rollingUpgradePolicy = {
          enableCrossZoneUpgrade = bool
          maxBatchInstancePercent = int
          maxUnhealthyInstancePercent = int
          maxUnhealthyUpgradedInstancePercent = int
          pauseTimeBetweenBatches = "string"
          prioritizeUnhealthyInstances = bool
          rollbackFailedInstancesOnPolicyBreach = bool
        }
      }
      userAccounts = [
        {
          elevationLevel = "string"
          linuxUserConfiguration = {
            gid = int
            sshPrivateKey = "string"
            uid = int
          }
          name = "string"
          password = "string"
          windowsUserConfiguration = {
            loginMode = "string"
          }
        }
      ]
      vmSize = "string"
    }
  })
}

Property values

ApplicationPackageReference

Name Description Value
id The ID of the application package to install. This must be inside the same batch account as the pool. This can either be a reference to a specific version or the default version if one exists. string (required)
version If this is omitted, and no default version is specified for this application, the request fails with the error code InvalidApplicationPackageReferences. If you are calling the REST API directly, the HTTP status code is 409. string

AutomaticOSUpgradePolicy

Name Description Value
disableAutomaticRollback Whether OS image rollback feature should be disabled. bool
enableAutomaticOSUpgrade Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available.

If this is set to true for Windows based pools, WindowsConfiguration.enableAutomaticUpdates cannot be set to true.
bool
osRollingUpgradeDeferral Defer OS upgrades on the TVMs if they are running tasks. bool
useRollingUpgradePolicy Indicates whether rolling upgrade policy should be used during Auto OS Upgrade. Auto OS Upgrade will fallback to the default policy if no policy is defined on the VMSS. bool

AutoScaleSettings

Name Description Value
evaluationInterval If omitted, the default value is 15 minutes (PT15M). string
formula A formula for the desired number of compute nodes in the pool. string (required)

AutoUserSpecification

Name Description Value
elevationLevel The default value is nonAdmin. 'Admin'
'NonAdmin'
scope The default value is Pool. If the pool is running Windows a value of Task should be specified if stricter isolation between tasks is required. For example, if the task mutates the registry in a way which could impact other tasks, or if certificates have been specified on the pool which should not be accessible by normal tasks but should be accessible by start tasks. 'Pool'
'Task'

AzureBlobFileSystemConfiguration

Name Description Value
accountKey This property is mutually exclusive with both sasKey and identity; exactly one must be specified. string

Constraints:
Sensitive value. Pass in as a secure parameter.
accountName The Azure Storage Account name. string (required)
blobfuseOptions These are 'net use' options in Windows and 'mount' options in Linux. string
containerName The Azure Blob Storage Container name. string (required)
identityReference This property is mutually exclusive with both accountKey and sasKey; exactly one must be specified. ComputeNodeIdentityReference
relativeMountPath All file systems are mounted relative to the Batch mounts directory, accessible via the AZ_BATCH_NODE_MOUNTS_DIR environment variable. string (required)
sasKey This property is mutually exclusive with both accountKey and identity; exactly one must be specified. string

Constraints:
Sensitive value. Pass in as a secure parameter.

AzureFileShareConfiguration

Name Description Value
accountKey The Azure Storage account key. string

Constraints:
Sensitive value. Pass in as a secure parameter. (required)
accountName The Azure Storage account name. string (required)
azureFileUrl This is of the form 'https://{account}.file.core.windows.net/'. string (required)
mountOptions These are 'net use' options in Windows and 'mount' options in Linux. string
relativeMountPath All file systems are mounted relative to the Batch mounts directory, accessible via the AZ_BATCH_NODE_MOUNTS_DIR environment variable. string (required)

AzureProxyResourceTags

Name Description Value

BatchPoolIdentity

Name Description Value
type The type of identity used for the Batch Pool. 'None'
'UserAssigned' (required)
userAssignedIdentities The list of user identities associated with the Batch pool. BatchPoolIdentityUserAssignedIdentities

BatchPoolIdentityUserAssignedIdentities

Name Description Value

CertificateReference

Name Description Value
id The fully qualified ID of the certificate to install on the pool. This must be inside the same batch account as the pool. string (required)
storeLocation The default value is currentUser. This property is applicable only for pools configured with Windows compute nodes. For Linux compute nodes, the certificates are stored in a directory inside the task working directory and an environment variable AZ_BATCH_CERTIFICATES_DIR is supplied to the task to query for this location. For certificates with visibility of 'remoteUser', a 'certs' directory is created in the user's home directory (e.g., /home/{user-name}/certs) and certificates are placed in that directory. 'CurrentUser'
'LocalMachine'
storeName This property is applicable only for pools configured with Windows compute nodes. Common store names include: My, Root, CA, Trust, Disallowed, TrustedPeople, TrustedPublisher, AuthRoot, AddressBook, but any custom store name can also be used. The default value is My. string
visibility Which user accounts on the compute node should have access to the private data of the certificate. String array containing any of:
'RemoteUser'
'StartTask'
'Task'

CifsMountConfiguration

Name Description Value
mountOptions These are 'net use' options in Windows and 'mount' options in Linux. string
password The password to use for authentication against the CIFS file system. string

Constraints:
Sensitive value. Pass in as a secure parameter. (required)
relativeMountPath All file systems are mounted relative to the Batch mounts directory, accessible via the AZ_BATCH_NODE_MOUNTS_DIR environment variable. string (required)
source The URI of the file system to mount. string (required)
userName The user to use for authentication against the CIFS file system. string (required)

ComputeNodeIdentityReference

Name Description Value
resourceId The ARM resource id of the user assigned identity. string

ContainerConfiguration

Name Description Value
containerImageNames This is the full image reference, as would be specified to "docker pull". An image will be sourced from the default Docker registry unless the image is fully qualified with an alternative registry. string[]
containerRegistries If any images must be downloaded from a private registry which requires credentials, then those credentials must be provided here. ContainerRegistry[]
type The container technology to be used. 'CriCompatible'
'DockerCompatible' (required)

ContainerHostBatchBindMountEntry

Name Description Value
isReadOnly For Linux, if you mount this path as a read/write mode, this does not mean that all users in container have the read/write access for the path, it depends on the access in host VM. If this path is mounted read-only, all users within the container will not be able to modify the path. bool
source The paths which will be mounted to container task's container. 'Applications'
'JobPrep'
'Shared'
'Startup'
'Task'
'VfsMounts'

ContainerRegistry

Name Description Value
identityReference The reference to a user assigned identity associated with the Batch pool which a compute node will use. ComputeNodeIdentityReference
password The password to log into the registry server. string

Constraints:
Sensitive value. Pass in as a secure parameter.
registryServer If omitted, the default is "docker.io". string
username The user name to log into the registry server. string

DataDisk

Name Description Value
caching Values are:

none - The caching mode for the disk is not enabled.
readOnly - The caching mode for the disk is read only.
readWrite - The caching mode for the disk is read and write.

The default value for caching is none. For information about the caching options see: https://blogs.msdn.microsoft.com/windowsazurestorage/2012/06/27/exploring-windows-azure-drives-disks-and-images/.
'None'
'ReadOnly'
'ReadWrite'
diskSizeGB The initial disk size in GB when creating new data disk. int (required)
lun The lun is used to uniquely identify each data disk. If attaching multiple disks, each should have a distinct lun. The value must be between 0 and 63, inclusive. int (required)
storageAccountType If omitted, the default is "Standard_LRS". Values are:

Standard_LRS - The data disk should use standard locally redundant storage.
Premium_LRS - The data disk should use premium locally redundant storage.
'Premium_LRS'
'StandardSSD_LRS'
'Standard_LRS'

DeploymentConfiguration

Name Description Value
virtualMachineConfiguration The configuration for compute nodes in a pool based on the Azure Virtual Machines infrastructure. VirtualMachineConfiguration

DiffDiskSettings

Name Description Value
placement This property can be used by user in the request to choose which location the operating system should be in. e.g., cache disk space for Ephemeral OS disk provisioning. For more information on Ephemeral OS disk size requirements, please refer to Ephemeral OS disk size requirements for Windows VMs at /azure/virtual-machines/windows/ephemeral-os-disks#size-requirements and Linux VMs at /azure/virtual-machines/linux/ephemeral-os-disks#size-requirements. 'CacheDisk'

DiskEncryptionConfiguration

Name Description Value
targets On Linux pool, only "TemporaryDisk" is supported; on Windows pool, "OsDisk" and "TemporaryDisk" must be specified. String array containing any of:
'OsDisk'
'TemporaryDisk'

EnvironmentSetting

Name Description Value
name The name of the environment variable. string (required)
value The value of the environment variable. string

FixedScaleSettings

Name Description Value
nodeDeallocationOption If omitted, the default value is Requeue. 'Requeue'
'RetainedData'
'TaskCompletion'
'Terminate'
resizeTimeout The default value is 15 minutes. Timeout values use ISO 8601 format. For example, use PT10M for 10 minutes. The minimum value is 5 minutes. If you specify a value less than 5 minutes, the Batch service rejects the request with an error; if you are calling the REST API directly, the HTTP status code is 400 (Bad Request). string
targetDedicatedNodes At least one of targetDedicatedNodes, targetLowPriorityNodes must be set. int
targetLowPriorityNodes At least one of targetDedicatedNodes, targetLowPriorityNodes must be set. int

ImageReference

Name Description Value
communityGalleryImageId This property is mutually exclusive with other properties and can be fetched from community gallery image GET call. string
id This property is mutually exclusive with other properties. The Azure Compute Gallery Image must have replicas in the same region as the Azure Batch account. For information about the firewall settings for the Batch node agent to communicate with the Batch service see /azure/batch/batch-api-basics#virtual-network-vnet-and-firewall-configuration. string
offer For example, UbuntuServer or WindowsServer. string
publisher For example, Canonical or MicrosoftWindowsServer. string
sharedGalleryImageId This property is mutually exclusive with other properties and can be fetched from shared gallery image GET call. string
sku For example, 18.04-LTS or 2022-datacenter. string
version A value of 'latest' can be specified to select the latest version of an image. If omitted, the default is 'latest'. string

InboundNatPool

Name Description Value
backendPort This must be unique within a Batch pool. Acceptable values are between 1 and 65535 except for 29876 and 29877 as these are reserved. If any reserved values are provided the request fails with HTTP status code 400. int (required)
frontendPortRangeEnd Acceptable values range between 1 and 65534 except ports from 50000 to 55000 which are reserved by the Batch service. All ranges within a pool must be distinct and cannot overlap. If any reserved or overlapping values are provided the request fails with HTTP status code 400. int (required)
frontendPortRangeStart Acceptable values range between 1 and 65534 except ports from 50000 to 55000 which are reserved. All ranges within a pool must be distinct and cannot overlap. If any reserved or overlapping values are provided the request fails with HTTP status code 400. int (required)
name The name must be unique within a Batch pool, can contain letters, numbers, underscores, periods, and hyphens. Names must start with a letter or number, must end with a letter, number, or underscore, and cannot exceed 77 characters. If any invalid values are provided the request fails with HTTP status code 400. string (required)
networkSecurityGroupRules The maximum number of rules that can be specified across all the endpoints on a Batch pool is 25. If no network security group rules are specified, a default rule will be created to allow inbound access to the specified backendPort. If the maximum number of network security group rules is exceeded the request fails with HTTP status code 400. NetworkSecurityGroupRule[]
protocol The protocol of the endpoint. 'TCP'
'UDP' (required)

LinuxUserConfiguration

Name Description Value
gid The uid and gid properties must be specified together or not at all. If not specified the underlying operating system picks the gid. int
sshPrivateKey The private key must not be password protected. The private key is used to automatically configure asymmetric-key based authentication for SSH between nodes in a Linux pool when the pool's enableInterNodeCommunication property is true (it is ignored if enableInterNodeCommunication is false). It does this by placing the key pair into the user's .ssh directory. If not specified, password-less SSH is not configured between nodes (no modification of the user's .ssh directory is done). string

Constraints:
Sensitive value. Pass in as a secure parameter.
uid The uid and gid properties must be specified together or not at all. If not specified the underlying operating system picks the uid. int

ManagedDisk

Name Description Value
securityProfile Specifies the security profile settings for the managed disk. Note: It can only be set for Confidential VMs and is required when using Confidential VMs. VMDiskSecurityProfile
storageAccountType The storage account type for use in creating data disks or OS disk. 'Premium_LRS'
'StandardSSD_LRS'
'Standard_LRS'

MetadataItem

Name Description Value
name The name of the metadata item. string (required)
value The value of the metadata item. string (required)

Microsoft.Batch/batchAccounts/pools

Name Description Value
identity The type of identity used for the Batch Pool. BatchPoolIdentity
name The resource name string

Constraints:
Min length = 1
Max length = 1
Pattern = ^[a-zA-Z0-9_-]+$ (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: batchAccounts
properties The properties associated with the pool. PoolProperties
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.Batch/batchAccounts/pools@2024-07-01"

MountConfiguration

Name Description Value
azureBlobFileSystemConfiguration This property is mutually exclusive with all other properties. AzureBlobFileSystemConfiguration
azureFileShareConfiguration This property is mutually exclusive with all other properties. AzureFileShareConfiguration
cifsMountConfiguration This property is mutually exclusive with all other properties. CifsMountConfiguration
nfsMountConfiguration This property is mutually exclusive with all other properties. NFSMountConfiguration

NetworkConfiguration

Name Description Value
dynamicVnetAssignmentScope The scope of dynamic vnet assignment. 'job'
'none'
enableAcceleratedNetworking Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, which may lead to improved networking performance. For more details, see: /azure/virtual-network/accelerated-networking-overview. bool
endpointConfiguration The endpoint configuration for a pool. PoolEndpointConfiguration
publicIPAddressConfiguration The public IP Address configuration of the networking configuration of a Pool. PublicIPAddressConfiguration
subnetId The virtual network must be in the same region and subscription as the Azure Batch account. The specified subnet should have enough free IP addresses to accommodate the number of nodes in the pool. If the subnet doesn't have enough free IP addresses, the pool will partially allocate compute nodes and a resize error will occur. The 'MicrosoftAzureBatch' service principal must have the 'Classic Virtual Machine Contributor' Role-Based Access Control (RBAC) role for the specified VNet. The specified subnet must allow communication from the Azure Batch service to be able to schedule tasks on the compute nodes. This can be verified by checking if the specified VNet has any associated Network Security Groups (NSG). If communication to the compute nodes in the specified subnet is denied by an NSG, then the Batch service will set the state of the compute nodes to unusable. If the specified VNet has any associated Network Security Groups (NSG), then a few reserved system ports must be enabled for inbound communication,including ports 29876 and 29877. Also enable outbound connections to Azure Storage on port 443. For more details see: /azure/batch/batch-api-basics#virtual-network-vnet-and-firewall-configuration string

NetworkSecurityGroupRule

Name Description Value
access The action that should be taken for a specified IP address, subnet range or tag. 'Allow'
'Deny' (required)
priority Priorities within a pool must be unique and are evaluated in order of priority. The lower the number the higher the priority. For example, rules could be specified with order numbers of 150, 250, and 350. The rule with the order number of 150 takes precedence over the rule that has an order of 250. Allowed priorities are 150 to 4096. If any reserved or duplicate values are provided the request fails with HTTP status code 400. int (required)
sourceAddressPrefix Valid values are a single IP address (i.e. 10.10.10.10), IP subnet (i.e. 192.168.1.0/24), default tag, or * (for all addresses). If any other values are provided the request fails with HTTP status code 400. string (required)
sourcePortRanges Valid values are '*' (for all ports 0 - 65535) or arrays of ports or port ranges (i.e. 100-200). The ports should in the range of 0 to 65535 and the port ranges or ports can't overlap. If any other values are provided the request fails with HTTP status code 400. Default value will be *. string[]

NFSMountConfiguration

Name Description Value
mountOptions These are 'net use' options in Windows and 'mount' options in Linux. string
relativeMountPath All file systems are mounted relative to the Batch mounts directory, accessible via the AZ_BATCH_NODE_MOUNTS_DIR environment variable. string (required)
source The URI of the file system to mount. string (required)

NodePlacementConfiguration

Name Description Value
policy Allocation policy used by Batch Service to provision the nodes. If not specified, Batch will use the regional policy. 'Regional'
'Zonal'

OSDisk

Name Description Value
caching The type of caching to enable for the disk. 'None'
'ReadOnly'
'ReadWrite'
diskSizeGB The initial disk size in GB when creating new OS disk. int
ephemeralOSDiskSettings Specifies the ephemeral Disk Settings for the operating system disk used by the virtual machine. DiffDiskSettings
managedDisk ManagedDisk
writeAcceleratorEnabled Specifies whether writeAccelerator should be enabled or disabled on the disk. bool

PoolEndpointConfiguration

Name Description Value
inboundNatPools The maximum number of inbound NAT pools per Batch pool is 5. If the maximum number of inbound NAT pools is exceeded the request fails with HTTP status code 400. This cannot be specified if the IPAddressProvisioningType is NoPublicIPAddresses. InboundNatPool[] (required)

PoolProperties

Name Description Value
applicationLicenses The list of application licenses must be a subset of available Batch service application licenses. If a license is requested which is not supported, pool creation will fail. string[]
applicationPackages Changes to application package references affect all new compute nodes joining the pool, but do not affect compute nodes that are already in the pool until they are rebooted or reimaged. There is a maximum of 10 application package references on any given pool. ApplicationPackageReference[]
certificates For Windows compute nodes, the Batch service installs the certificates to the specified certificate store and location. For Linux compute nodes, the certificates are stored in a directory inside the task working directory and an environment variable AZ_BATCH_CERTIFICATES_DIR is supplied to the task to query for this location. For certificates with visibility of 'remoteUser', a 'certs' directory is created in the user's home directory (e.g., /home/{user-name}/certs) and certificates are placed in that directory.

Warning: This property is deprecated and will be removed after February, 2024. Please use the Azure KeyVault Extension instead.
CertificateReference[]
deploymentConfiguration Deployment configuration properties. DeploymentConfiguration
displayName The display name need not be unique and can contain any Unicode characters up to a maximum length of 1024. string
interNodeCommunication This imposes restrictions on which nodes can be assigned to the pool. Enabling this value can reduce the chance of the requested number of nodes to be allocated in the pool. If not specified, this value defaults to 'Disabled'. 'Disabled'
'Enabled'
metadata The Batch service does not assign any meaning to metadata; it is solely for the use of user code. MetadataItem[]
mountConfiguration This supports Azure Files, NFS, CIFS/SMB, and Blobfuse. MountConfiguration[]
networkConfiguration The network configuration for a pool. NetworkConfiguration
resourceTags The user-defined tags to be associated with the Azure Batch Pool. When specified, these tags are propagated to the backing Azure resources associated with the pool. This property can only be specified when the Batch account was created with the poolAllocationMode property set to 'UserSubscription'. PoolPropertiesResourceTags
scaleSettings Defines the desired size of the pool. This can either be 'fixedScale' where the requested targetDedicatedNodes is specified, or 'autoScale' which defines a formula which is periodically reevaluated. If this property is not specified, the pool will have a fixed scale with 0 targetDedicatedNodes. ScaleSettings
startTask In an PATCH (update) operation, this property can be set to an empty object to remove the start task from the pool. StartTask
targetNodeCommunicationMode If omitted, the default value is Default. 'Classic'
'Default'
'Simplified'
taskSchedulingPolicy If not specified, the default is spread. TaskSchedulingPolicy
taskSlotsPerNode The default value is 1. The maximum value is the smaller of 4 times the number of cores of the vmSize of the pool or 256. int
upgradePolicy Describes an upgrade policy - automatic, manual, or rolling. UpgradePolicy
userAccounts The list of user accounts to be created on each node in the pool. UserAccount[]
vmSize For information about available VM sizes, see Sizes for Virtual Machines (Linux) (https://azure.microsoft.com/documentation/articles/virtual-machines-linux-sizes/) or Sizes for Virtual Machines (Windows) (https://azure.microsoft.com/documentation/articles/virtual-machines-windows-sizes/). Batch supports all Azure VM sizes except STANDARD_A0 and those with premium storage (STANDARD_GS, STANDARD_DS, and STANDARD_DSV2 series). string

PoolPropertiesResourceTags

Name Description Value

PublicIPAddressConfiguration

Name Description Value
ipAddressIds The number of IPs specified here limits the maximum size of the Pool - 100 dedicated nodes or 100 Spot/low-priority nodes can be allocated for each public IP. For example, a pool needing 250 dedicated VMs would need at least 3 public IPs specified. Each element of this collection is of the form: /subscriptions/{subscription}/resourceGroups/{group}/providers/Microsoft.Network/publicIPAddresses/{ip}. string[]
provision The default value is BatchManaged 'BatchManaged'
'NoPublicIPAddresses'
'UserManaged'

ResourceFile

Name Description Value
autoStorageContainerName The autoStorageContainerName, storageContainerUrl and httpUrl properties are mutually exclusive and one of them must be specified. string
blobPrefix The property is valid only when autoStorageContainerName or storageContainerUrl is used. This prefix can be a partial filename or a subdirectory. If a prefix is not specified, all the files in the container will be downloaded. string
fileMode This property applies only to files being downloaded to Linux compute nodes. It will be ignored if it is specified for a resourceFile which will be downloaded to a Windows node. If this property is not specified for a Linux node, then a default value of 0770 is applied to the file. string
filePath If the httpUrl property is specified, the filePath is required and describes the path which the file will be downloaded to, including the filename. Otherwise, if the autoStorageContainerName or storageContainerUrl property is specified, filePath is optional and is the directory to download the files to. In the case where filePath is used as a directory, any directory structure already associated with the input data will be retained in full and appended to the specified filePath directory. The specified relative path cannot break out of the task's working directory (for example by using '..'). string
httpUrl The autoStorageContainerName, storageContainerUrl and httpUrl properties are mutually exclusive and one of them must be specified. If the URL points to Azure Blob Storage, it must be readable from compute nodes. There are three ways to get such a URL for a blob in Azure storage: include a Shared Access Signature (SAS) granting read permissions on the blob, use a managed identity with read permission, or set the ACL for the blob or its container to allow public access. string
identityReference The reference to a user assigned identity associated with the Batch pool which a compute node will use. ComputeNodeIdentityReference
storageContainerUrl The autoStorageContainerName, storageContainerUrl and httpUrl properties are mutually exclusive and one of them must be specified. This URL must be readable and listable from compute nodes. There are three ways to get such a URL for a container in Azure storage: include a Shared Access Signature (SAS) granting read and list permissions on the container, use a managed identity with read and list permissions, or set the ACL for the container to allow public access. string

RollingUpgradePolicy

Name Description Value
enableCrossZoneUpgrade Allow VMSS to ignore AZ boundaries when constructing upgrade batches. Take into consideration the Update Domain and maxBatchInstancePercent to determine the batch size. If this field is not set, Azure Azure Batch will not set its default value. The value of enableCrossZoneUpgrade on the created VirtualMachineScaleSet will be decided by the default configurations on VirtualMachineScaleSet. This field is able to be set to true or false only when using NodePlacementConfiguration as Zonal. bool
maxBatchInstancePercent The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. The value of this field should be between 5 and 100, inclusive. If both maxBatchInstancePercent and maxUnhealthyInstancePercent are assigned with value, the value of maxBatchInstancePercent should not be more than maxUnhealthyInstancePercent. int

Constraints:
Min value = 5
Max value = 100
maxUnhealthyInstancePercent The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. The value of this field should be between 5 and 100, inclusive. If both maxBatchInstancePercent and maxUnhealthyInstancePercent are assigned with value, the value of maxBatchInstancePercent should not be more than maxUnhealthyInstancePercent. int

Constraints:
Min value = 5
Max value = 100
maxUnhealthyUpgradedInstancePercent The maximum percentage of upgraded virtual machine instances that can be found to be in an unhealthy state. This check will happen after each batch is upgraded. If this percentage is ever exceeded, the rolling update aborts. The value of this field should be between 0 and 100, inclusive. int

Constraints:
Min value = 0
Max value = 100
pauseTimeBetweenBatches The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. string
prioritizeUnhealthyInstances Upgrade all unhealthy instances in a scale set before any healthy instances. bool
rollbackFailedInstancesOnPolicyBreach Rollback failed instances to previous model if the Rolling Upgrade policy is violated. bool

ScaleSettings

Name Description Value
autoScale This property and fixedScale are mutually exclusive and one of the properties must be specified. AutoScaleSettings
fixedScale This property and autoScale are mutually exclusive and one of the properties must be specified. FixedScaleSettings

SecurityProfile

Name Description Value
encryptionAtHost This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. bool
securityType Specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UefiSettings. 'confidentialVM'
'trustedLaunch'
uefiSettings Specifies the security settings like secure boot and vTPM used while creating the virtual machine. UefiSettings

ServiceArtifactReference

Name Description Value
id The service artifact reference id in the form of /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/galleries/{galleryName}/serviceArtifacts/{serviceArtifactName}/vmArtifactsProfiles/{vmArtifactsProfilesName} string (required)

StartTask

Name Description Value
commandLine The command line does not run under a shell, and therefore cannot take advantage of shell features such as environment variable expansion. If you want to take advantage of such features, you should invoke the shell in the command line, for example using "cmd /c MyCommand" in Windows or "/bin/sh -c MyCommand" in Linux. Required if any other properties of the startTask are specified. string
containerSettings When this is specified, all directories recursively below the AZ_BATCH_NODE_ROOT_DIR (the root of Azure Batch directories on the node) are mapped into the container, all task environment variables are mapped into the container, and the task command line is executed in the container. TaskContainerSettings
environmentSettings A list of environment variable settings for the start task. EnvironmentSetting[]
maxTaskRetryCount The Batch service retries a task if its exit code is nonzero. Note that this value specifically controls the number of retries. The Batch service will try the task once, and may then retry up to this limit. For example, if the maximum retry count is 3, Batch tries the task up to 4 times (one initial try and 3 retries). If the maximum retry count is 0, the Batch service does not retry the task. If the maximum retry count is -1, the Batch service retries the task without limit. Default is 0 int
resourceFiles A list of files that the Batch service will download to the compute node before running the command line. ResourceFile[]
userIdentity If omitted, the task runs as a non-administrative user unique to the task. UserIdentity
waitForSuccess If true and the start task fails on a compute node, the Batch service retries the start task up to its maximum retry count (maxTaskRetryCount). If the task has still not completed successfully after all retries, then the Batch service marks the compute node unusable, and will not schedule tasks to it. This condition can be detected via the node state and scheduling error detail. If false, the Batch service will not wait for the start task to complete. In this case, other tasks can start executing on the compute node while the start task is still running; and even if the start task fails, new tasks will continue to be scheduled on the node. The default is true. bool

TaskContainerSettings

Name Description Value
containerHostBatchBindMounts If this array is null or be not present, container task will mount entire temporary disk drive in windows (or AZ_BATCH_NODE_ROOT_DIR in Linux). It won't' mount any data paths into container if this array is set as empty. ContainerHostBatchBindMountEntry[]
containerRunOptions These additional options are supplied as arguments to the "docker create" command, in addition to those controlled by the Batch Service. string
imageName This is the full image reference, as would be specified to "docker pull". If no tag is provided as part of the image name, the tag ":latest" is used as a default. string (required)
registry This setting can be omitted if was already provided at pool creation. ContainerRegistry
workingDirectory A flag to indicate where the container task working directory is. The default is 'taskWorkingDirectory'. 'ContainerImageDefault'
'TaskWorkingDirectory'

TaskSchedulingPolicy

Name Description Value
nodeFillType How tasks should be distributed across compute nodes. 'Pack'
'Spread' (required)

UefiSettings

Name Description Value
secureBootEnabled Specifies whether secure boot should be enabled on the virtual machine. bool
vTpmEnabled Specifies whether vTPM should be enabled on the virtual machine. bool

UpgradePolicy

Name Description Value
automaticOSUpgradePolicy The configuration parameters used for performing automatic OS upgrade. AutomaticOSUpgradePolicy
mode Specifies the mode of an upgrade to virtual machines in the scale set.

Possible values are:

Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action.

Automatic - All virtual machines in the scale set are automatically updated at the same time.

Rolling - Scale set performs updates in batches with an optional pause time in between.
'automatic'
'manual'
'rolling' (required)
rollingUpgradePolicy The configuration parameters used while performing a rolling upgrade. RollingUpgradePolicy

UserAccount

Name Description Value
elevationLevel nonAdmin - The auto user is a standard user without elevated access. admin - The auto user is a user with elevated access and operates with full Administrator permissions. The default value is nonAdmin. 'Admin'
'NonAdmin'
linuxUserConfiguration This property is ignored if specified on a Windows pool. If not specified, the user is created with the default options. LinuxUserConfiguration
name The name of the user account. Names can contain any Unicode characters up to a maximum length of 20. string (required)
password The password for the user account. string

Constraints:
Sensitive value. Pass in as a secure parameter. (required)
windowsUserConfiguration This property can only be specified if the user is on a Windows pool. If not specified and on a Windows pool, the user is created with the default options. WindowsUserConfiguration

UserAssignedIdentities

Name Description Value

UserIdentity

Name Description Value
autoUser The userName and autoUser properties are mutually exclusive; you must specify one but not both. AutoUserSpecification
userName The userName and autoUser properties are mutually exclusive; you must specify one but not both. string

VirtualMachineConfiguration

Name Description Value
containerConfiguration If specified, setup is performed on each node in the pool to allow tasks to run in containers. All regular tasks and job manager tasks run on this pool must specify the containerSettings property, and all other tasks may specify it. ContainerConfiguration
dataDisks This property must be specified if the compute nodes in the pool need to have empty data disks attached to them. DataDisk[]
diskEncryptionConfiguration If specified, encryption is performed on each node in the pool during node provisioning. DiskEncryptionConfiguration
extensions If specified, the extensions mentioned in this configuration will be installed on each node. VMExtension[]
imageReference A reference to an Azure Virtual Machines Marketplace image or the Azure Image resource of a custom Virtual Machine. To get the list of all imageReferences verified by Azure Batch, see the 'List supported node agent SKUs' operation. ImageReference (required)
licenseType This only applies to images that contain the Windows operating system, and should only be used when you hold valid on-premises licenses for the nodes which will be deployed. If omitted, no on-premises licensing discount is applied. Values are:

Windows_Server - The on-premises license is for Windows Server.
Windows_Client - The on-premises license is for Windows Client.
string
nodeAgentSkuId The Batch node agent is a program that runs on each node in the pool, and provides the command-and-control interface between the node and the Batch service. There are different implementations of the node agent, known as SKUs, for different operating systems. You must specify a node agent SKU which matches the selected image reference. To get the list of supported node agent SKUs along with their list of verified image references, see the 'List supported node agent SKUs' operation. string (required)
nodePlacementConfiguration This configuration will specify rules on how nodes in the pool will be physically allocated. NodePlacementConfiguration
osDisk Contains configuration for ephemeral OSDisk settings. OSDisk
securityProfile Specifies the security profile settings for the virtual machine or virtual machine scale set. SecurityProfile
serviceArtifactReference The service artifact reference id in the form of /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/galleries/{galleryName}/serviceArtifacts/{serviceArtifactName}/vmArtifactsProfiles/{vmArtifactsProfilesName} ServiceArtifactReference
windowsConfiguration This property must not be specified if the imageReference specifies a Linux OS image. WindowsConfiguration

VMDiskSecurityProfile

Name Description Value
securityEncryptionType Specifies the EncryptionType of the managed disk. It is set to VMGuestStateOnly for encryption of just the VMGuestState blob, and NonPersistedTPM for not persisting firmware state in the VMGuestState blob. Note: It can be set for only Confidential VMs and required when using Confidential VMs. 'NonPersistedTPM'
'VMGuestStateOnly'

VMExtension

Name Description Value
autoUpgradeMinorVersion Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. bool
enableAutomaticUpgrade Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. bool
name The name of the virtual machine extension. string (required)
protectedSettings The extension can contain either protectedSettings or protectedSettingsFromKeyVault or no protected settings at all. any
provisionAfterExtensions Collection of extension names after which this extension needs to be provisioned. string[]
publisher The name of the extension handler publisher. string (required)
settings JSON formatted public settings for the extension. any
type The type of the extensions. string (required)
typeHandlerVersion The version of script handler. string

WindowsConfiguration

Name Description Value
enableAutomaticUpdates If omitted, the default value is true. bool

WindowsUserConfiguration

Name Description Value
loginMode Specifies login mode for the user. The default value is Interactive. 'Batch'
'Interactive'