Microsoft.Compute virtualMachineScaleSets 2017-12-01

Bicep resource definition

The virtualMachineScaleSets resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Compute/virtualMachineScaleSets resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Compute/virtualMachineScaleSets@2017-12-01' = {
  identity: {
    identityIds: [
      'string'
    ]
    type: 'string'
  }
  location: 'string'
  name: 'string'
  plan: {
    name: 'string'
    product: 'string'
    promotionCode: 'string'
    publisher: 'string'
  }
  properties: {
    overprovision: bool
    platformFaultDomainCount: int
    singlePlacementGroup: bool
    upgradePolicy: {
      automaticOSUpgrade: bool
      autoOSUpgradePolicy: {
        disableAutoRollback: bool
      }
      mode: 'string'
      rollingUpgradePolicy: {
        maxBatchInstancePercent: int
        maxUnhealthyInstancePercent: int
        maxUnhealthyUpgradedInstancePercent: int
        pauseTimeBetweenBatches: 'string'
      }
    }
    virtualMachineProfile: {
      diagnosticsProfile: {
        bootDiagnostics: {
          enabled: bool
          storageUri: 'string'
        }
      }
      evictionPolicy: 'string'
      extensionProfile: {
        extensions: [
          {
            name: 'string'
            properties: {
              autoUpgradeMinorVersion: bool
              forceUpdateTag: 'string'
              protectedSettings: any(Azure.Bicep.Types.Concrete.AnyType)
              publisher: 'string'
              settings: any(Azure.Bicep.Types.Concrete.AnyType)
              type: 'string'
              typeHandlerVersion: 'string'
            }
          }
        ]
      }
      licenseType: 'string'
      networkProfile: {
        healthProbe: {
          id: 'string'
        }
        networkInterfaceConfigurations: [
          {
            id: 'string'
            name: 'string'
            properties: {
              dnsSettings: {
                dnsServers: [
                  'string'
                ]
              }
              enableAcceleratedNetworking: bool
              enableIPForwarding: bool
              ipConfigurations: [
                {
                  id: 'string'
                  name: 'string'
                  properties: {
                    applicationGatewayBackendAddressPools: [
                      {
                        id: 'string'
                      }
                    ]
                    loadBalancerBackendAddressPools: [
                      {
                        id: 'string'
                      }
                    ]
                    loadBalancerInboundNatPools: [
                      {
                        id: 'string'
                      }
                    ]
                    primary: bool
                    privateIPAddressVersion: 'string'
                    publicIPAddressConfiguration: {
                      name: 'string'
                      properties: {
                        dnsSettings: {
                          domainNameLabel: 'string'
                        }
                        idleTimeoutInMinutes: int
                      }
                    }
                    subnet: {
                      id: 'string'
                    }
                  }
                }
              ]
              networkSecurityGroup: {
                id: 'string'
              }
              primary: bool
            }
          }
        ]
      }
      osProfile: {
        adminPassword: 'string'
        adminUsername: 'string'
        computerNamePrefix: 'string'
        customData: 'string'
        linuxConfiguration: {
          disablePasswordAuthentication: bool
          ssh: {
            publicKeys: [
              {
                keyData: 'string'
                path: 'string'
              }
            ]
          }
        }
        secrets: [
          {
            sourceVault: {
              id: 'string'
            }
            vaultCertificates: [
              {
                certificateStore: 'string'
                certificateUrl: 'string'
              }
            ]
          }
        ]
        windowsConfiguration: {
          additionalUnattendContent: [
            {
              componentName: 'Microsoft-Windows-Shell-Setup'
              content: 'string'
              passName: 'OobeSystem'
              settingName: 'string'
            }
          ]
          enableAutomaticUpdates: bool
          provisionVMAgent: bool
          timeZone: 'string'
          winRM: {
            listeners: [
              {
                certificateUrl: 'string'
                protocol: 'string'
              }
            ]
          }
        }
      }
      priority: 'string'
      storageProfile: {
        dataDisks: [
          {
            caching: 'string'
            createOption: 'string'
            diskSizeGB: int
            lun: int
            managedDisk: {
              storageAccountType: 'string'
            }
            name: 'string'
            writeAcceleratorEnabled: bool
          }
        ]
        imageReference: {
          id: 'string'
          offer: 'string'
          publisher: 'string'
          sku: 'string'
          version: 'string'
        }
        osDisk: {
          caching: 'string'
          createOption: 'string'
          image: {
            uri: 'string'
          }
          managedDisk: {
            storageAccountType: 'string'
          }
          name: 'string'
          osType: 'string'
          vhdContainers: [
            'string'
          ]
          writeAcceleratorEnabled: bool
        }
      }
    }
    zoneBalance: bool
  }
  sku: {
    capacity: int
    name: 'string'
    tier: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
  zones: [
    'string'
  ]
}

Property values

AdditionalUnattendContent

Name Description Value
componentName The component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup. 'Microsoft-Windows-Shell-Setup'
content Specifies the XML formatted content that is added to the unattend.xml file for the specified path and component. The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted. string
passName The pass name. Currently, the only allowable value is OobeSystem. 'OobeSystem'
settingName Specifies the name of the setting to which the content applies. Possible values are: FirstLogonCommands and AutoLogon. 'AutoLogon'
'FirstLogonCommands'

ApiEntityReference

Name Description Value
id The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/... string

AutoOSUpgradePolicy

Name Description Value
disableAutoRollback Whether OS image rollback feature should be disabled. Default value is false. bool

BootDiagnostics

Name Description Value
enabled Whether boot diagnostics should be enabled on the Virtual Machine. bool
storageUri Uri of the storage account to use for placing the console output and screenshot. string

DiagnosticsProfile

Name Description Value
bootDiagnostics Boot Diagnostics is a debugging feature which allows you to view Console Output and Screenshot to diagnose VM status.

You can easily view the output of your console log.

Azure also enables you to see a screenshot of the VM from the hypervisor.
BootDiagnostics

ImageReference

Name Description Value
id Resource Id string
offer Specifies the offer of the platform image or marketplace image used to create the virtual machine. string
publisher The image publisher. string
sku The image SKU. string
version Specifies the version of the platform image or marketplace image used to create the virtual machine. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available. string

LinuxConfiguration

Name Description Value
disablePasswordAuthentication Specifies whether password authentication should be disabled. bool
ssh Specifies the ssh key configuration for a Linux OS. SshConfiguration

Microsoft.Compute/virtualMachineScaleSets

Name Description Value
identity The identity of the virtual machine scale set, if configured. VirtualMachineScaleSetIdentity
location Resource location string (required)
name The resource name string (required)
plan Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. In the Azure portal, find the marketplace image that you want to use and then click Want to deploy programmatically, Get Started ->. Enter any required information and then click Save. Plan
properties Describes the properties of a Virtual Machine Scale Set. VirtualMachineScaleSetProperties
sku The virtual machine scale set sku. Sku
tags Resource tags Dictionary of tag names and values. See Tags in templates
zones The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set. string[]

Plan

Name Description Value
name The plan ID. string
product Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. string
promotionCode The promotion code. string
publisher The publisher ID. string

ResourceTags

Name Description Value

RollingUpgradePolicy

Name Description Value
maxBatchInstancePercent The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. The default value for this parameter is 20%. int

Constraints:
Min value = 5
Max value = 100
maxUnhealthyInstancePercent The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. The default value for this parameter is 20%. int

Constraints:
Min value = 5
Max value = 100
maxUnhealthyUpgradedInstancePercent The maximum percentage of upgraded virtual machine instances that can be found to be in an unhealthy state. This check will happen after each batch is upgraded. If this percentage is ever exceeded, the rolling update aborts. The default value for this parameter is 20%. int

Constraints:
Min value = 0
Max value = 100
pauseTimeBetweenBatches The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. The default value is 0 seconds (PT0S). string

Sku

Name Description Value
capacity Specifies the number of virtual machines in the scale set. int
name The sku name. string
tier Specifies the tier of virtual machines in a scale set.

Possible Values:

Standard

Basic
string

SshConfiguration

Name Description Value
publicKeys The list of SSH public keys used to authenticate with linux based VMs. SshPublicKey[]

SshPublicKey

Name Description Value
keyData SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format.

For creating ssh keys, see Create SSH keys on Linux and Mac for Linux VMs in Azure.
string
path Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys string

SubResource

Name Description Value
id Resource Id string

UpgradePolicy

Name Description Value
automaticOSUpgrade Whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the image becomes available. bool
autoOSUpgradePolicy Configuration parameters used for performing automatic OS Upgrade. AutoOSUpgradePolicy
mode Specifies the mode of an upgrade to virtual machines in the scale set.

Possible values are:

Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action.

Automatic - All virtual machines in the scale set are automatically updated at the same time.
'Automatic'
'Manual'
'Rolling'
rollingUpgradePolicy The configuration parameters used while performing a rolling upgrade. RollingUpgradePolicy

VaultCertificate

Name Description Value
certificateStore For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account.

For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted.
string
certificateUrl This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8:

{
"data":"<Base64-encoded-certificate>",
"dataType":"pfx",
"password":"<pfx-file-password>"
}
string

VaultSecretGroup

Name Description Value
sourceVault The relative URL of the Key Vault containing all of the certificates in VaultCertificates. SubResource
vaultCertificates The list of key vault references in SourceVault which contain certificates. VaultCertificate[]

VirtualHardDisk

Name Description Value
uri Specifies the virtual hard disk's uri. string

VirtualMachineScaleSetDataDisk

Name Description Value
caching Specifies the caching requirements.

Possible values are:

None

ReadOnly

ReadWrite

Default: None for Standard storage. ReadOnly for Premium storage
'None'
'ReadOnly'
'ReadWrite'
createOption The create option. 'Attach'
'Empty'
'FromImage' (required)
diskSizeGB Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image.

This value cannot be larger than 1023 GB
int
lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. int (required)
managedDisk The managed disk parameters. VirtualMachineScaleSetManagedDiskParameters
name The disk name. string
writeAcceleratorEnabled Specifies whether writeAccelerator should be enabled or disabled on the disk. bool

VirtualMachineScaleSetExtension

Name Description Value
name The name of the extension. string
properties Describes the properties of a Virtual Machine Scale Set Extension. VirtualMachineScaleSetExtensionProperties

VirtualMachineScaleSetExtensionProfile

Name Description Value
extensions The virtual machine scale set child extension resources. VirtualMachineScaleSetExtension[]

VirtualMachineScaleSetExtensionProperties

Name Description Value
autoUpgradeMinorVersion Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. bool
forceUpdateTag If a value is provided and is different from the previous value, the extension handler will be forced to update even if the extension configuration has not changed. string
protectedSettings The extension can contain either protectedSettings or protectedSettingsFromKeyVault or no protected settings at all. any
publisher The name of the extension handler publisher. string
settings Json formatted public settings for the extension. any
type Specifies the type of the extension; an example is "CustomScriptExtension". string
typeHandlerVersion Specifies the version of the script handler. string

VirtualMachineScaleSetIdentity

Name Description Value
identityIds The list of user identities associated with the virtual machine scale set. The user identity references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/identities/{identityName}'. string[]
type The type of identity used for the virtual machine scale set. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine scale set. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned'

VirtualMachineScaleSetIPConfiguration

Name Description Value
id Resource Id string
name The IP configuration name. string (required)
properties Describes a virtual machine scale set network profile's IP configuration properties. VirtualMachineScaleSetIPConfigurationProperties

VirtualMachineScaleSetIPConfigurationProperties

Name Description Value
applicationGatewayBackendAddressPools Specifies an array of references to backend address pools of application gateways. A scale set can reference backend address pools of multiple application gateways. Multiple scale sets cannot use the same application gateway. SubResource[]
loadBalancerBackendAddressPools Specifies an array of references to backend address pools of load balancers. A scale set can reference backend address pools of one public and one internal load balancer. Multiple scale sets cannot use the same load balancer. SubResource[]
loadBalancerInboundNatPools Specifies an array of references to inbound Nat pools of the load balancers. A scale set can reference inbound nat pools of one public and one internal load balancer. Multiple scale sets cannot use the same load balancer SubResource[]
primary Specifies the primary network interface in case the virtual machine has more than 1 network interface. bool
privateIPAddressVersion Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. 'IPv4'
'IPv6'
publicIPAddressConfiguration The publicIPAddressConfiguration. VirtualMachineScaleSetPublicIPAddressConfiguration
subnet Specifies the identifier of the subnet. ApiEntityReference

VirtualMachineScaleSetManagedDiskParameters

Name Description Value
storageAccountType Specifies the storage account type for the managed disk. Managed OS disk storage account type can only be set when you create the scale set. Possible values are: Standard_LRS or Premium_LRS. 'Premium_LRS'
'Standard_LRS'

VirtualMachineScaleSetNetworkConfiguration

Name Description Value
id Resource Id string
name The network configuration name. string (required)
properties Describes a virtual machine scale set network profile's IP configuration. VirtualMachineScaleSetNetworkConfigurationProperties

VirtualMachineScaleSetNetworkConfigurationDnsSettings

Name Description Value
dnsServers List of DNS servers IP addresses string[]

VirtualMachineScaleSetNetworkConfigurationProperties

Name Description Value
dnsSettings The dns settings to be applied on the network interfaces. VirtualMachineScaleSetNetworkConfigurationDnsSettings
enableAcceleratedNetworking Specifies whether the network interface is accelerated networking-enabled. bool
enableIPForwarding Whether IP forwarding enabled on this NIC. bool
ipConfigurations Specifies the IP configurations of the network interface. VirtualMachineScaleSetIPConfiguration[] (required)
networkSecurityGroup The network security group. SubResource
primary Specifies the primary network interface in case the virtual machine has more than 1 network interface. bool

VirtualMachineScaleSetNetworkProfile

Name Description Value
healthProbe A reference to a load balancer probe used to determine the health of an instance in the virtual machine scale set. The reference will be in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/loadBalancers/{loadBalancerName}/probes/{probeName}'. ApiEntityReference
networkInterfaceConfigurations The list of network configurations. VirtualMachineScaleSetNetworkConfiguration[]

VirtualMachineScaleSetOSDisk

Name Description Value
caching Specifies the caching requirements.

Possible values are:

None

ReadOnly

ReadWrite

Default: None for Standard storage. ReadOnly for Premium storage
'None'
'ReadOnly'
'ReadWrite'
createOption Specifies how the virtual machines in the scale set should be created.

The only allowed value is: FromImage \u2013 This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described.
'Attach'
'Empty'
'FromImage' (required)
image Specifies information about the unmanaged user image to base the scale set on. VirtualHardDisk
managedDisk The managed disk parameters. VirtualMachineScaleSetManagedDiskParameters
name The disk name. string
osType This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD.

Possible values are:

Windows

Linux
'Linux'
'Windows'
vhdContainers Specifies the container urls that are used to store operating system disks for the scale set. string[]
writeAcceleratorEnabled Specifies whether writeAccelerator should be enabled or disabled on the disk. bool

VirtualMachineScaleSetOSProfile

Name Description Value
adminPassword Specifies the password of the administrator account.

Minimum-length (Windows): 8 characters

Minimum-length (Linux): 6 characters

Max-length (Windows): 123 characters

Max-length (Linux): 72 characters

Complexity requirements: 3 out of 4 conditions below need to be fulfilled
Has lower characters
Has upper characters
Has a digit
Has a special character (Regex match [\W_])

Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!"

For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM

For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension
string
adminUsername Specifies the name of the administrator account.

Windows-only restriction: Cannot end in "."

Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5".

Minimum-length (Linux): 1 character

Max-length (Linux): 64 characters

Max-length (Windows): 20 characters

<li> For root access to the Linux VM, see Using root privileges on Linux virtual machines in Azure
<li> For a list of built-in system users on Linux that should not be used in this field, see Selecting User Names for Linux on Azure
string
computerNamePrefix Specifies the computer name prefix for all of the virtual machines in the scale set. Computer name prefixes must be 1 to 15 characters long. string
customData Specifies a base-64 encoded string of custom data. The base-64 encoded string is decoded to a binary array that is saved as a file on the Virtual Machine. The maximum length of the binary array is 65535 bytes.

For using cloud-init for your VM, see Using cloud-init to customize a Linux VM during creation
string
linuxConfiguration Specifies the Linux operating system settings on the virtual machine.

For a list of supported Linux distributions, see Linux on Azure-Endorsed Distributions

For running non-endorsed distributions, see Information for Non-Endorsed Distributions.
LinuxConfiguration
secrets Specifies set of certificates that should be installed onto the virtual machines in the scale set. VaultSecretGroup[]
windowsConfiguration Specifies Windows operating system settings on the virtual machine. WindowsConfiguration

VirtualMachineScaleSetProperties

Name Description Value
overprovision Specifies whether the Virtual Machine Scale Set should be overprovisioned. bool
platformFaultDomainCount Fault Domain count for each placement group. int
singlePlacementGroup When true this limits the scale set to a single placement group, of max size 100 virtual machines. bool
upgradePolicy The upgrade policy. UpgradePolicy
virtualMachineProfile The virtual machine profile. VirtualMachineScaleSetVMProfile
zoneBalance Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage. bool

VirtualMachineScaleSetPublicIPAddressConfiguration

Name Description Value
name The publicIP address configuration name. string (required)
properties Describes a virtual machines scale set IP Configuration's PublicIPAddress configuration VirtualMachineScaleSetPublicIPAddressConfigurationProperties

VirtualMachineScaleSetPublicIPAddressConfigurationDnsSettings

Name Description Value
domainNameLabel The Domain name label.The concatenation of the domain name label and vm index will be the domain name labels of the PublicIPAddress resources that will be created string (required)

VirtualMachineScaleSetPublicIPAddressConfigurationProperties

Name Description Value
dnsSettings The dns settings to be applied on the publicIP addresses . VirtualMachineScaleSetPublicIPAddressConfigurationDnsSettings
idleTimeoutInMinutes The idle timeout of the public IP address. int

VirtualMachineScaleSetStorageProfile

Name Description Value
dataDisks Specifies the parameters that are used to add data disks to the virtual machines in the scale set.

For more information about disks, see About disks and VHDs for Azure virtual machines.
VirtualMachineScaleSetDataDisk[]
imageReference Specifies information about the image to use. You can specify information about platform images, marketplace images, or virtual machine images. This element is required when you want to use a platform image, marketplace image, or virtual machine image, but is not used in other creation operations. ImageReference
osDisk Specifies information about the operating system disk used by the virtual machines in the scale set.

For more information about disks, see About disks and VHDs for Azure virtual machines.
VirtualMachineScaleSetOSDisk

VirtualMachineScaleSetVMProfile

Name Description Value
diagnosticsProfile Specifies the boot diagnostic settings state.

Minimum api-version: 2015-06-15.
DiagnosticsProfile
evictionPolicy Specifies the eviction policy for virtual machines in a low priority scale set.

Minimum api-version: 2017-10-30-preview
'Deallocate'
'Delete'
extensionProfile Specifies a collection of settings for extensions installed on virtual machines in the scale set. VirtualMachineScaleSetExtensionProfile
licenseType Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system.

Possible values are:

Windows_Client

Windows_Server

If this element is included in a request for an update, the value must match the initial value. This value cannot be updated.

For more information, see Azure Hybrid Use Benefit for Windows Server

Minimum api-version: 2015-06-15
string
networkProfile Specifies properties of the network interfaces of the virtual machines in the scale set. VirtualMachineScaleSetNetworkProfile
osProfile Specifies the operating system settings for the virtual machines in the scale set. VirtualMachineScaleSetOSProfile
priority Specifies the priority for the virtual machines in the scale set.

Minimum api-version: 2017-10-30-preview
'Low'
'Regular'
storageProfile Specifies the storage settings for the virtual machine disks. VirtualMachineScaleSetStorageProfile

WindowsConfiguration

Name Description Value
additionalUnattendContent Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. AdditionalUnattendContent[]
enableAutomaticUpdates Indicates whether virtual machine is enabled for automatic updates. bool
provisionVMAgent Indicates whether virtual machine agent should be provisioned on the virtual machine.

When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later.
bool
timeZone Specifies the time zone of the virtual machine. e.g. "Pacific Standard Time" string
winRM Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. WinRMConfiguration

WinRMConfiguration

Name Description Value
listeners The list of Windows Remote Management listeners WinRMListener[]

WinRMListener

Name Description Value
certificateUrl This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8:

{
"data":"<Base64-encoded-certificate>",
"dataType":"pfx",
"password":"<pfx-file-password>"
}
string
protocol Specifies the protocol of listener.

Possible values are:
http

https
'Http'
'Https'

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File Description
Azure Game Developer Virtual Machine Scale Set Azure Game Developer Virtual Machine Scale Set includes Licencsed Engines like Unreal.
Deploy a 5 Node Secure Cluster This template allows you to deploy a secure 5 node Service Fabric Cluster running Windows Server 2019 Datacenter on a Standard_D2_v2 Size VMSS.
Deploy a Nextflow genomics cluster This template deploys a scalable Nextflow cluster with a Jumpbox, n cluster nodes, docker support and shared storage.
Deploy a trusted launch capable Windows VM Scale Set This template allows you to deploy a trusted launch capable VM Scale Set of Windows VMs using the latest patched version of Windows Server 2016, Windows Server 2019 or Windows Server 2022 Azure Edition. These VMs are behind a load balancer with NAT rules for RDP connections. If you enable Secureboot and vTPM, the Guest Attestation extension will be installed on your VMSS. This extension will perform remote attestation by the cloud.
Deploy a VM Scale Set with Windows VMs and Auto Scale This template allows you to deploy a simple VM Scale Set of Windows VMs using the latest patched version of Windows 2008-R2-SP1, 2012-Datacenter, or 2012-R2-Datacenter. These VMs are behind a load balancer with NAT rules for RDP connections. They also have Auto Scale integrated
Deploy a VMSS that connects each VM to an Azure Files share This template deploys an Ubuntu Virtual Machine Scale Set and uses a custom script extension to connect each VM to an Azure Files share
Deploy a Windows VM scale set with Azure Application Gateway This template allows you to deploy a simple Windows VM Scale Set integrated with Azure Application Gateway, and supports up to 1000 VMs
Deploy VM Scale Set with Python Bottle server & AutoScale Deploy a VM Scale Set behind a load balancer/NAT & each VM running a simple Python Bottle app that does work. With Autoscale configured Scale Set will scale out & in as needed
VM Scale Set with autoscale running an IIS WebApp Deploys a Windows VM Scale Set running IIS and a very basic .NET MVC web app. The VMSS PowerShell DSC Extension is leveraged to do the IIS install and WebDeploy package deployment.
VMSS Flexible Orchestration Mode Quickstart Linux This template deploys a simple VM Scale Set with instances behind an Azure Load Balancer. The VM Scale set is in Flexible Orchestration Mode. Use the os parameter to choose Linux (Ubuntu) or Windows (Windows Server Datacenter 2019) deployment. NOTE: This quickstart template enables network access to VM management ports (SSH, RDP) from any internet address, and should not be used for production deployments.
VMSS with Public IP Prefix Template for deploying VMSS with Public IP Prefix

ARM template resource definition

The virtualMachineScaleSets resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Compute/virtualMachineScaleSets resource, add the following JSON to your template.

{
  "type": "Microsoft.Compute/virtualMachineScaleSets",
  "apiVersion": "2017-12-01",
  "name": "string",
  "identity": {
    "identityIds": [ "string" ],
    "type": "string"
  },
  "location": "string",
  "plan": {
    "name": "string",
    "product": "string",
    "promotionCode": "string",
    "publisher": "string"
  },
  "properties": {
    "overprovision": "bool",
    "platformFaultDomainCount": "int",
    "singlePlacementGroup": "bool",
    "upgradePolicy": {
      "automaticOSUpgrade": "bool",
      "autoOSUpgradePolicy": {
        "disableAutoRollback": "bool"
      },
      "mode": "string",
      "rollingUpgradePolicy": {
        "maxBatchInstancePercent": "int",
        "maxUnhealthyInstancePercent": "int",
        "maxUnhealthyUpgradedInstancePercent": "int",
        "pauseTimeBetweenBatches": "string"
      }
    },
    "virtualMachineProfile": {
      "diagnosticsProfile": {
        "bootDiagnostics": {
          "enabled": "bool",
          "storageUri": "string"
        }
      },
      "evictionPolicy": "string",
      "extensionProfile": {
        "extensions": [
          {
            "name": "string",
            "properties": {
              "autoUpgradeMinorVersion": "bool",
              "forceUpdateTag": "string",
              "protectedSettings": {},
              "publisher": "string",
              "settings": {},
              "type": "string",
              "typeHandlerVersion": "string"
            }
          }
        ]
      },
      "licenseType": "string",
      "networkProfile": {
        "healthProbe": {
          "id": "string"
        },
        "networkInterfaceConfigurations": [
          {
            "id": "string",
            "name": "string",
            "properties": {
              "dnsSettings": {
                "dnsServers": [ "string" ]
              },
              "enableAcceleratedNetworking": "bool",
              "enableIPForwarding": "bool",
              "ipConfigurations": [
                {
                  "id": "string",
                  "name": "string",
                  "properties": {
                    "applicationGatewayBackendAddressPools": [
                      {
                        "id": "string"
                      }
                    ],
                    "loadBalancerBackendAddressPools": [
                      {
                        "id": "string"
                      }
                    ],
                    "loadBalancerInboundNatPools": [
                      {
                        "id": "string"
                      }
                    ],
                    "primary": "bool",
                    "privateIPAddressVersion": "string",
                    "publicIPAddressConfiguration": {
                      "name": "string",
                      "properties": {
                        "dnsSettings": {
                          "domainNameLabel": "string"
                        },
                        "idleTimeoutInMinutes": "int"
                      }
                    },
                    "subnet": {
                      "id": "string"
                    }
                  }
                }
              ],
              "networkSecurityGroup": {
                "id": "string"
              },
              "primary": "bool"
            }
          }
        ]
      },
      "osProfile": {
        "adminPassword": "string",
        "adminUsername": "string",
        "computerNamePrefix": "string",
        "customData": "string",
        "linuxConfiguration": {
          "disablePasswordAuthentication": "bool",
          "ssh": {
            "publicKeys": [
              {
                "keyData": "string",
                "path": "string"
              }
            ]
          }
        },
        "secrets": [
          {
            "sourceVault": {
              "id": "string"
            },
            "vaultCertificates": [
              {
                "certificateStore": "string",
                "certificateUrl": "string"
              }
            ]
          }
        ],
        "windowsConfiguration": {
          "additionalUnattendContent": [
            {
              "componentName": "Microsoft-Windows-Shell-Setup",
              "content": "string",
              "passName": "OobeSystem",
              "settingName": "string"
            }
          ],
          "enableAutomaticUpdates": "bool",
          "provisionVMAgent": "bool",
          "timeZone": "string",
          "winRM": {
            "listeners": [
              {
                "certificateUrl": "string",
                "protocol": "string"
              }
            ]
          }
        }
      },
      "priority": "string",
      "storageProfile": {
        "dataDisks": [
          {
            "caching": "string",
            "createOption": "string",
            "diskSizeGB": "int",
            "lun": "int",
            "managedDisk": {
              "storageAccountType": "string"
            },
            "name": "string",
            "writeAcceleratorEnabled": "bool"
          }
        ],
        "imageReference": {
          "id": "string",
          "offer": "string",
          "publisher": "string",
          "sku": "string",
          "version": "string"
        },
        "osDisk": {
          "caching": "string",
          "createOption": "string",
          "image": {
            "uri": "string"
          },
          "managedDisk": {
            "storageAccountType": "string"
          },
          "name": "string",
          "osType": "string",
          "vhdContainers": [ "string" ],
          "writeAcceleratorEnabled": "bool"
        }
      }
    },
    "zoneBalance": "bool"
  },
  "sku": {
    "capacity": "int",
    "name": "string",
    "tier": "string"
  },
  "tags": {
    "{customized property}": "string"
  },
  "zones": [ "string" ]
}

Property values

AdditionalUnattendContent

Name Description Value
componentName The component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup. 'Microsoft-Windows-Shell-Setup'
content Specifies the XML formatted content that is added to the unattend.xml file for the specified path and component. The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted. string
passName The pass name. Currently, the only allowable value is OobeSystem. 'OobeSystem'
settingName Specifies the name of the setting to which the content applies. Possible values are: FirstLogonCommands and AutoLogon. 'AutoLogon'
'FirstLogonCommands'

ApiEntityReference

Name Description Value
id The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/... string

AutoOSUpgradePolicy

Name Description Value
disableAutoRollback Whether OS image rollback feature should be disabled. Default value is false. bool

BootDiagnostics

Name Description Value
enabled Whether boot diagnostics should be enabled on the Virtual Machine. bool
storageUri Uri of the storage account to use for placing the console output and screenshot. string

DiagnosticsProfile

Name Description Value
bootDiagnostics Boot Diagnostics is a debugging feature which allows you to view Console Output and Screenshot to diagnose VM status.

You can easily view the output of your console log.

Azure also enables you to see a screenshot of the VM from the hypervisor.
BootDiagnostics

ImageReference

Name Description Value
id Resource Id string
offer Specifies the offer of the platform image or marketplace image used to create the virtual machine. string
publisher The image publisher. string
sku The image SKU. string
version Specifies the version of the platform image or marketplace image used to create the virtual machine. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available. string

LinuxConfiguration

Name Description Value
disablePasswordAuthentication Specifies whether password authentication should be disabled. bool
ssh Specifies the ssh key configuration for a Linux OS. SshConfiguration

Microsoft.Compute/virtualMachineScaleSets

Name Description Value
apiVersion The api version '2017-12-01'
identity The identity of the virtual machine scale set, if configured. VirtualMachineScaleSetIdentity
location Resource location string (required)
name The resource name string (required)
plan Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. In the Azure portal, find the marketplace image that you want to use and then click Want to deploy programmatically, Get Started ->. Enter any required information and then click Save. Plan
properties Describes the properties of a Virtual Machine Scale Set. VirtualMachineScaleSetProperties
sku The virtual machine scale set sku. Sku
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.Compute/virtualMachineScaleSets'
zones The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set. string[]

Plan

Name Description Value
name The plan ID. string
product Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. string
promotionCode The promotion code. string
publisher The publisher ID. string

ResourceTags

Name Description Value

RollingUpgradePolicy

Name Description Value
maxBatchInstancePercent The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. The default value for this parameter is 20%. int

Constraints:
Min value = 5
Max value = 100
maxUnhealthyInstancePercent The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. The default value for this parameter is 20%. int

Constraints:
Min value = 5
Max value = 100
maxUnhealthyUpgradedInstancePercent The maximum percentage of upgraded virtual machine instances that can be found to be in an unhealthy state. This check will happen after each batch is upgraded. If this percentage is ever exceeded, the rolling update aborts. The default value for this parameter is 20%. int

Constraints:
Min value = 0
Max value = 100
pauseTimeBetweenBatches The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. The default value is 0 seconds (PT0S). string

Sku

Name Description Value
capacity Specifies the number of virtual machines in the scale set. int
name The sku name. string
tier Specifies the tier of virtual machines in a scale set.

Possible Values:

Standard

Basic
string

SshConfiguration

Name Description Value
publicKeys The list of SSH public keys used to authenticate with linux based VMs. SshPublicKey[]

SshPublicKey

Name Description Value
keyData SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format.

For creating ssh keys, see Create SSH keys on Linux and Mac for Linux VMs in Azure.
string
path Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys string

SubResource

Name Description Value
id Resource Id string

UpgradePolicy

Name Description Value
automaticOSUpgrade Whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the image becomes available. bool
autoOSUpgradePolicy Configuration parameters used for performing automatic OS Upgrade. AutoOSUpgradePolicy
mode Specifies the mode of an upgrade to virtual machines in the scale set.

Possible values are:

Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action.

Automatic - All virtual machines in the scale set are automatically updated at the same time.
'Automatic'
'Manual'
'Rolling'
rollingUpgradePolicy The configuration parameters used while performing a rolling upgrade. RollingUpgradePolicy

VaultCertificate

Name Description Value
certificateStore For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account.

For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted.
string
certificateUrl This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8:

{
"data":"<Base64-encoded-certificate>",
"dataType":"pfx",
"password":"<pfx-file-password>"
}
string

VaultSecretGroup

Name Description Value
sourceVault The relative URL of the Key Vault containing all of the certificates in VaultCertificates. SubResource
vaultCertificates The list of key vault references in SourceVault which contain certificates. VaultCertificate[]

VirtualHardDisk

Name Description Value
uri Specifies the virtual hard disk's uri. string

VirtualMachineScaleSetDataDisk

Name Description Value
caching Specifies the caching requirements.

Possible values are:

None

ReadOnly

ReadWrite

Default: None for Standard storage. ReadOnly for Premium storage
'None'
'ReadOnly'
'ReadWrite'
createOption The create option. 'Attach'
'Empty'
'FromImage' (required)
diskSizeGB Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image.

This value cannot be larger than 1023 GB
int
lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. int (required)
managedDisk The managed disk parameters. VirtualMachineScaleSetManagedDiskParameters
name The disk name. string
writeAcceleratorEnabled Specifies whether writeAccelerator should be enabled or disabled on the disk. bool

VirtualMachineScaleSetExtension

Name Description Value
name The name of the extension. string
properties Describes the properties of a Virtual Machine Scale Set Extension. VirtualMachineScaleSetExtensionProperties

VirtualMachineScaleSetExtensionProfile

Name Description Value
extensions The virtual machine scale set child extension resources. VirtualMachineScaleSetExtension[]

VirtualMachineScaleSetExtensionProperties

Name Description Value
autoUpgradeMinorVersion Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. bool
forceUpdateTag If a value is provided and is different from the previous value, the extension handler will be forced to update even if the extension configuration has not changed. string
protectedSettings The extension can contain either protectedSettings or protectedSettingsFromKeyVault or no protected settings at all. any
publisher The name of the extension handler publisher. string
settings Json formatted public settings for the extension. any
type Specifies the type of the extension; an example is "CustomScriptExtension". string
typeHandlerVersion Specifies the version of the script handler. string

VirtualMachineScaleSetIdentity

Name Description Value
identityIds The list of user identities associated with the virtual machine scale set. The user identity references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/identities/{identityName}'. string[]
type The type of identity used for the virtual machine scale set. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine scale set. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned'

VirtualMachineScaleSetIPConfiguration

Name Description Value
id Resource Id string
name The IP configuration name. string (required)
properties Describes a virtual machine scale set network profile's IP configuration properties. VirtualMachineScaleSetIPConfigurationProperties

VirtualMachineScaleSetIPConfigurationProperties

Name Description Value
applicationGatewayBackendAddressPools Specifies an array of references to backend address pools of application gateways. A scale set can reference backend address pools of multiple application gateways. Multiple scale sets cannot use the same application gateway. SubResource[]
loadBalancerBackendAddressPools Specifies an array of references to backend address pools of load balancers. A scale set can reference backend address pools of one public and one internal load balancer. Multiple scale sets cannot use the same load balancer. SubResource[]
loadBalancerInboundNatPools Specifies an array of references to inbound Nat pools of the load balancers. A scale set can reference inbound nat pools of one public and one internal load balancer. Multiple scale sets cannot use the same load balancer SubResource[]
primary Specifies the primary network interface in case the virtual machine has more than 1 network interface. bool
privateIPAddressVersion Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. 'IPv4'
'IPv6'
publicIPAddressConfiguration The publicIPAddressConfiguration. VirtualMachineScaleSetPublicIPAddressConfiguration
subnet Specifies the identifier of the subnet. ApiEntityReference

VirtualMachineScaleSetManagedDiskParameters

Name Description Value
storageAccountType Specifies the storage account type for the managed disk. Managed OS disk storage account type can only be set when you create the scale set. Possible values are: Standard_LRS or Premium_LRS. 'Premium_LRS'
'Standard_LRS'

VirtualMachineScaleSetNetworkConfiguration

Name Description Value
id Resource Id string
name The network configuration name. string (required)
properties Describes a virtual machine scale set network profile's IP configuration. VirtualMachineScaleSetNetworkConfigurationProperties

VirtualMachineScaleSetNetworkConfigurationDnsSettings

Name Description Value
dnsServers List of DNS servers IP addresses string[]

VirtualMachineScaleSetNetworkConfigurationProperties

Name Description Value
dnsSettings The dns settings to be applied on the network interfaces. VirtualMachineScaleSetNetworkConfigurationDnsSettings
enableAcceleratedNetworking Specifies whether the network interface is accelerated networking-enabled. bool
enableIPForwarding Whether IP forwarding enabled on this NIC. bool
ipConfigurations Specifies the IP configurations of the network interface. VirtualMachineScaleSetIPConfiguration[] (required)
networkSecurityGroup The network security group. SubResource
primary Specifies the primary network interface in case the virtual machine has more than 1 network interface. bool

VirtualMachineScaleSetNetworkProfile

Name Description Value
healthProbe A reference to a load balancer probe used to determine the health of an instance in the virtual machine scale set. The reference will be in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/loadBalancers/{loadBalancerName}/probes/{probeName}'. ApiEntityReference
networkInterfaceConfigurations The list of network configurations. VirtualMachineScaleSetNetworkConfiguration[]

VirtualMachineScaleSetOSDisk

Name Description Value
caching Specifies the caching requirements.

Possible values are:

None

ReadOnly

ReadWrite

Default: None for Standard storage. ReadOnly for Premium storage
'None'
'ReadOnly'
'ReadWrite'
createOption Specifies how the virtual machines in the scale set should be created.

The only allowed value is: FromImage \u2013 This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described.
'Attach'
'Empty'
'FromImage' (required)
image Specifies information about the unmanaged user image to base the scale set on. VirtualHardDisk
managedDisk The managed disk parameters. VirtualMachineScaleSetManagedDiskParameters
name The disk name. string
osType This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD.

Possible values are:

Windows

Linux
'Linux'
'Windows'
vhdContainers Specifies the container urls that are used to store operating system disks for the scale set. string[]
writeAcceleratorEnabled Specifies whether writeAccelerator should be enabled or disabled on the disk. bool

VirtualMachineScaleSetOSProfile

Name Description Value
adminPassword Specifies the password of the administrator account.

Minimum-length (Windows): 8 characters

Minimum-length (Linux): 6 characters

Max-length (Windows): 123 characters

Max-length (Linux): 72 characters

Complexity requirements: 3 out of 4 conditions below need to be fulfilled
Has lower characters
Has upper characters
Has a digit
Has a special character (Regex match [\W_])

Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!"

For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM

For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension
string
adminUsername Specifies the name of the administrator account.

Windows-only restriction: Cannot end in "."

Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5".

Minimum-length (Linux): 1 character

Max-length (Linux): 64 characters

Max-length (Windows): 20 characters

<li> For root access to the Linux VM, see Using root privileges on Linux virtual machines in Azure
<li> For a list of built-in system users on Linux that should not be used in this field, see Selecting User Names for Linux on Azure
string
computerNamePrefix Specifies the computer name prefix for all of the virtual machines in the scale set. Computer name prefixes must be 1 to 15 characters long. string
customData Specifies a base-64 encoded string of custom data. The base-64 encoded string is decoded to a binary array that is saved as a file on the Virtual Machine. The maximum length of the binary array is 65535 bytes.

For using cloud-init for your VM, see Using cloud-init to customize a Linux VM during creation
string
linuxConfiguration Specifies the Linux operating system settings on the virtual machine.

For a list of supported Linux distributions, see Linux on Azure-Endorsed Distributions

For running non-endorsed distributions, see Information for Non-Endorsed Distributions.
LinuxConfiguration
secrets Specifies set of certificates that should be installed onto the virtual machines in the scale set. VaultSecretGroup[]
windowsConfiguration Specifies Windows operating system settings on the virtual machine. WindowsConfiguration

VirtualMachineScaleSetProperties

Name Description Value
overprovision Specifies whether the Virtual Machine Scale Set should be overprovisioned. bool
platformFaultDomainCount Fault Domain count for each placement group. int
singlePlacementGroup When true this limits the scale set to a single placement group, of max size 100 virtual machines. bool
upgradePolicy The upgrade policy. UpgradePolicy
virtualMachineProfile The virtual machine profile. VirtualMachineScaleSetVMProfile
zoneBalance Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage. bool

VirtualMachineScaleSetPublicIPAddressConfiguration

Name Description Value
name The publicIP address configuration name. string (required)
properties Describes a virtual machines scale set IP Configuration's PublicIPAddress configuration VirtualMachineScaleSetPublicIPAddressConfigurationProperties

VirtualMachineScaleSetPublicIPAddressConfigurationDnsSettings

Name Description Value
domainNameLabel The Domain name label.The concatenation of the domain name label and vm index will be the domain name labels of the PublicIPAddress resources that will be created string (required)

VirtualMachineScaleSetPublicIPAddressConfigurationProperties

Name Description Value
dnsSettings The dns settings to be applied on the publicIP addresses . VirtualMachineScaleSetPublicIPAddressConfigurationDnsSettings
idleTimeoutInMinutes The idle timeout of the public IP address. int

VirtualMachineScaleSetStorageProfile

Name Description Value
dataDisks Specifies the parameters that are used to add data disks to the virtual machines in the scale set.

For more information about disks, see About disks and VHDs for Azure virtual machines.
VirtualMachineScaleSetDataDisk[]
imageReference Specifies information about the image to use. You can specify information about platform images, marketplace images, or virtual machine images. This element is required when you want to use a platform image, marketplace image, or virtual machine image, but is not used in other creation operations. ImageReference
osDisk Specifies information about the operating system disk used by the virtual machines in the scale set.

For more information about disks, see About disks and VHDs for Azure virtual machines.
VirtualMachineScaleSetOSDisk

VirtualMachineScaleSetVMProfile

Name Description Value
diagnosticsProfile Specifies the boot diagnostic settings state.

Minimum api-version: 2015-06-15.
DiagnosticsProfile
evictionPolicy Specifies the eviction policy for virtual machines in a low priority scale set.

Minimum api-version: 2017-10-30-preview
'Deallocate'
'Delete'
extensionProfile Specifies a collection of settings for extensions installed on virtual machines in the scale set. VirtualMachineScaleSetExtensionProfile
licenseType Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system.

Possible values are:

Windows_Client

Windows_Server

If this element is included in a request for an update, the value must match the initial value. This value cannot be updated.

For more information, see Azure Hybrid Use Benefit for Windows Server

Minimum api-version: 2015-06-15
string
networkProfile Specifies properties of the network interfaces of the virtual machines in the scale set. VirtualMachineScaleSetNetworkProfile
osProfile Specifies the operating system settings for the virtual machines in the scale set. VirtualMachineScaleSetOSProfile
priority Specifies the priority for the virtual machines in the scale set.

Minimum api-version: 2017-10-30-preview
'Low'
'Regular'
storageProfile Specifies the storage settings for the virtual machine disks. VirtualMachineScaleSetStorageProfile

WindowsConfiguration

Name Description Value
additionalUnattendContent Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. AdditionalUnattendContent[]
enableAutomaticUpdates Indicates whether virtual machine is enabled for automatic updates. bool
provisionVMAgent Indicates whether virtual machine agent should be provisioned on the virtual machine.

When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later.
bool
timeZone Specifies the time zone of the virtual machine. e.g. "Pacific Standard Time" string
winRM Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. WinRMConfiguration

WinRMConfiguration

Name Description Value
listeners The list of Windows Remote Management listeners WinRMListener[]

WinRMListener

Name Description Value
certificateUrl This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8:

{
"data":"<Base64-encoded-certificate>",
"dataType":"pfx",
"password":"<pfx-file-password>"
}
string
protocol Specifies the protocol of listener.

Possible values are:
http

https
'Http'
'Https'

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Add multiple VMs into a Virtual Machine Scale Set

Deploy to Azure
This template will create N number of VM's with managed disks, public IPs and network interfaces. It will create the VMs in a Virtual Machine Scale Set in Flexible Orchestration mode. They will be provisioned in a Virtual Network which will also be created as part of the deployment
Autoscale LANSA Windows VM ScaleSet with Azure SQL Database

Deploy to Azure
The template deploys a Windows VMSS with a desired count of VMs in the scale set and a LANSA MSI to install into each VM. Once the VM Scale Set is deployed a custom script extension is used to install the LANSA MSI)
Azure Container Service Engine (acs-engine) - Swarm Mode

Deploy to Azure
The Azure Container Service Engine (acs-engine) generates ARM (Azure Resource Manager) templates for Docker enabled clusters on Microsoft Azure with your choice of DC/OS, Kubernetes, Swarm Mode, or Swarm orchestrators. The input to the tool is a cluster definition. The cluster definition is very similar to (in many cases the same as) the ARM template syntax used to deploy a Microsoft Azure Container Service cluster.
Azure Game Developer Virtual Machine Scale Set

Deploy to Azure
Azure Game Developer Virtual Machine Scale Set includes Licencsed Engines like Unreal.
Azure VM Scale Set as clients of Intel Lustre

Deploy to Azure
This template creates a set of Intel Lustre 2.7 clients using Azure VM Scale Sets and Azure gallery OpenLogic CentOS 6.6 or 7.0 images and mounts an existing Intel Lustre filesystem
Confidential VM Scale Set with confidential disk encryption

Deploy to Azure
This template allows you to deploy a confidential VM Scale Set with confidential OS disk encryption enabled using the latest patched version of several Windows and Linux image versions.
Couchbase Enterprise

Deploy to Azure
Azure Resource Manager (ARM) templates to install Couchbase Enterprise
Create and encrypt a new Linux VMSS with jumpbox

Deploy to Azure
This template deploys a Linux VMSS using the latest Linux image, adds data volumes, and then encrypts the data volumes of each Linux VMSS instance. It also deploys a jumpbox with a public IP address in the same virtual network as the Linux VMSS instances with private IP addresses. This allows connecting to the jumpbox via its public IP address, and then connecting to the Linux VMSS instances via private IP addresses.
Create and encrypt a new Windows VMSS with jumpbox

Deploy to Azure
This template allows you to deploy a simple VM Scale Set of Windows VMs using the lastest patched version of serveral Windows versions. This template also deploys a jumpbox with a public IP address in the same virtual network. You can connect to the jumpbox via this public IP address, then connect from there to VMs in the scale set via private IP addresses.This template enables encryption on the VM Scale Set of Windows VMs.
Deploy a 3 Nodetype Secure Cluster with NSGs enabled

Deploy to Azure
This template allows you to deploy a secure 3 nodetype Service fabric Cluster running Windows server 2016 Data center on a Standard_D2 Size VMs. Use this template allows you ro control the inbound and outbound network traffic using Network Security Groups.
Deploy a 5 Node Secure Cluster

Deploy to Azure
This template allows you to deploy a secure 5 node Service Fabric Cluster running Windows Server 2019 Datacenter on a Standard_D2_v2 Size VMSS.
Deploy a 5 Node Ubuntu Service Fabric Cluster

Deploy to Azure
This template allows you to deploy a secure 5 node Service Fabric Cluster running Ubuntu on a Standard_D2_V2 Size VMSS.
Deploy a Linux VMSS wth primary/secondary architecture

Deploy to Azure
This template allows you to deploy a Linux VMSS with a Custom Script Extension in primary secondary architecture
Deploy a Nextflow genomics cluster

Deploy to Azure
This template deploys a scalable Nextflow cluster with a Jumpbox, n cluster nodes, docker support and shared storage.
Deploy a Scale Set into an existing vnet

Deploy to Azure
This template deploys a VM Scale Set into an exsisting vnet.
Deploy a Scale Set into an existing vnet on Windows

Deploy to Azure
This template deploys a Windows 2016 Datacenter VM Scale Set into an exsisting resource group, vnet and subnet.
Deploy a simple VM Scale Set with Linux VMs

Deploy to Azure
This template allows you to deploy a simple VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 14.04.4-LTS or 16.04-LTS. These VMs are behind a load balancer with NAT rules for ssh connections.
Deploy a simple VM Scale Set with Linux VMs and a Jumpbox

Deploy to Azure
This template allows you to deploy a simple VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 15.10 or 14.04.4-LTS. There is also a jumpbox to enable connections from outside of the VNet the VMs are in.
Deploy a simple VM Scale Set with Windows VMs

Deploy to Azure
This template allows you to deploy a simple VM Scale Set of Windows VMs using the lastest patched version of various Windows Versions. These VMs are behind a load balancer with NAT rules for rdp connections.
Deploy a simple VM Scale Set with Windows VMs and a Jumpbox

Deploy to Azure
This template allows you to deploy a simple VM Scale Set of Windows VMs using the lastest patched version of serveral Windows versions. This template also deploys a jumpbox with a public IP address in the same virtual network. You can connect to the jumpbox via this public IP address, then connect from there to VMs in the scale set via private IP addresses.
Deploy a trusted launch capable Windows VM Scale Set

Deploy to Azure
This template allows you to deploy a trusted launch capable VM Scale Set of Windows VMs using the latest patched version of Windows Server 2016, Windows Server 2019 or Windows Server 2022 Azure Edition. These VMs are behind a load balancer with NAT rules for RDP connections. If you enable Secureboot and vTPM, the Guest Attestation extension will be installed on your VMSS. This extension will perform remote attestation by the cloud.
Deploy a VM Scale Set from the Azure Data Science VM

Deploy to Azure
These templates deploy VM scale sets, using the Azure Data Science VMs as a source image.
Deploy a VM Scale Set with a Linux custom image

Deploy to Azure
This template allows you to deploy a custom VM Linux image inside an Scale Set. These VMs are behind a load balancer with HTTP load balancing (by default on port 80). The example uses a custom script to do the application deployment and update, you may have to provide your custom script for your own update procedure. You will have to provide a generalized image of your VM in the same subscription and region where you create the VMSS.
Deploy a VM Scale Set with a Windows custom image

Deploy to Azure
This template allows you to deploy a simple VM Scale Set usng a custom Windows image. These VMs are behind a load balancer with HTTP load balancing (by default on port 80)
Deploy a VM Scale Set with Linux VMs and Auto Scale

Deploy to Azure
This template allows you to deploy a simple VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 15.04 or 14.04.4-LTS. These VMs are behind a load balancer with NAT rules for ssh connections.They also have Auto Scale integrated
Deploy a VM Scale Set with Linux VMs behind ILB

Deploy to Azure
This template allows you to deploy a VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 15.10 or 14.04.4-LTS. These VMs are behind an internal load balancer with NAT rules for ssh connections.
Deploy a VM Scale Set with Linux VMs in Availabilty Zones

Deploy to Azure
This template allows you to deploy a simple VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 14.04.4-LTS or 16.04-LTS. These VMs are behind a load balancer with NAT rules for ssh connections.
Deploy a VM Scale Set with Windows VMs and Auto Scale

Deploy to Azure
This template allows you to deploy a simple VM Scale Set of Windows VMs using the latest patched version of Windows 2008-R2-SP1, 2012-Datacenter, or 2012-R2-Datacenter. These VMs are behind a load balancer with NAT rules for RDP connections. They also have Auto Scale integrated
Deploy a VM Scale Set with Windows VMs in Availability Zones

Deploy to Azure
This template allows you to deploy a VM Scale Set of Windows VMs using the lastest patched version of various Windows Versions. These VMs are behind a load balancer with NAT rules for rdp connections.
Deploy a VMSS that connects each VM to an Azure Files share

Deploy to Azure
This template deploys an Ubuntu Virtual Machine Scale Set and uses a custom script extension to connect each VM to an Azure Files share
Deploy a Windows VM Scale Set with a Custom Script Extension

Deploy to Azure
This template allows you to deploy a VM Scale Set of Windows VMs using the lastest patched version of various Windows Versions. These VMs have a custom script extension for customization and are behind a load balancer with NAT rules for rdp connections.
Deploy a Windows VM scale set with Azure Application Gateway

Deploy to Azure
This template allows you to deploy a simple Windows VM Scale Set integrated with Azure Application Gateway, and supports up to 1000 VMs
Deploy an Autoscale Setting for Virtual Machine ScaleSet

Deploy to Azure
This template allows you to deploy an autoscale policy for Virtual Machine ScaleSet resource.
Deploy an Ubuntu VM scale set with Azure Application Gateway

Deploy to Azure
This template allows you to deploy a simple Ubuntu VM Scale Set integrated with Azure Application Gateway, and supports up to 1000 VMs
Deploy Darktrace Autoscaling vSensors

Deploy to Azure
This template allows you to deploy an automatically autoscaling deployment of Darktrace vSensors
Deploy Drupal with VM Scale Set, Azure Files and Mysql

Deploy to Azure
Deploy a VM Scale Set behind a load balancer/NAT & each VM running Drupal (Apache / PHP). All nodes share the created Azure file share storage and MySQL database
Deploy VM Scale Set with LB probe and automatic repairs

Deploy to Azure
This template allows you to deploy a VM scale set of Linux VMs behind a load balancer with health probe configured. The scale set also has automatic instance repairs policy enabled with a grace period of 30 minutes.
Deploy VM Scale Set with Python Bottle server & AutoScale

Deploy to Azure
Deploy a VM Scale Set behind a load balancer/NAT & each VM running a simple Python Bottle app that does work. With Autoscale configured Scale Set will scale out & in as needed
Deploy Windows VMSS configure windows featurtes SSL DSC

Deploy to Azure
This template allows you to deploy two Windows VMSS, configure windows features like IIS/Web Role, .Net Framework 4.5, windows auth, application initialization, download application deployment packages, URL Rewrite & SSL configuration using DSC and Azure Key Vault
Disable encryption on an existing Linux VMSS

Deploy to Azure
Disables encryption on an existing Linux VMSS
Enable data volume encryption on a running Linux VMSS

Deploy to Azure
Enables data volume encryption on a running Linux VMSS
Install Elasticsearch cluster on a Virtual Machine Scale Set

Deploy to Azure
This template deploys an Elasticsearch cluster on a Virtual Machine scale set. The template provisions 3 dedicated master nodes, with an optional number of data nodes, which run on managed disks.
JBoss EAP on RHEL (clustered, VMSS)

Deploy to Azure
This template allows you to create RHEL 8.6 VMSS instances running JBoss EAP 7.4 cluster and also deploys a web application called eap-session-replication, you can log into the admin console using the JBoss EAP username and password configured at the time of the deployment.
Kubernetes cluster with VMSS Cluster Autoscaler

Deploy to Azure
This template deploys a vanilla kubernetes cluster initialized using kubeadm. It deploys a configured master node with a cluster autoscaler. A pre-configured Virtual Machine Scale Set (VMSS) is also deployed and automatically attached to the cluster. The cluster autoscaler can then automatically scale up/down the cluster depending on the workload of the cluster.
Simple VM Scale Set with Linux VMs and public IPv4 per VM

Deploy to Azure
This template demonstrates deploying a simple scale set with load balancer, inbound NAT rules, and public IP per VM.
SSL enabled VM Scale Set

Deploy to Azure
Deploys web servers configures with SSL certificates deployed securely form Azure Key Vault
Virtual Machine Scaleset example using Availability Zones

Deploy to Azure
This template creates a VMSS placed in separate Availability Zones with a load balancer.
VM Scale Set with autoscale running an IIS WebApp

Deploy to Azure
Deploys a Windows VM Scale Set running IIS and a very basic .NET MVC web app. The VMSS PowerShell DSC Extension is leveraged to do the IIS install and WebDeploy package deployment.
VMSS deploy of IPv6 in Azure Virtual Network (VNET)

Deploy to Azure
Create VM Scale Set with dual stack IPv4/IPv6 VNET and Std Load Balancer.
VMSS Flexible Orchestration Mode Quickstart Linux

Deploy to Azure
This template deploys a simple VM Scale Set with instances behind an Azure Load Balancer. The VM Scale set is in Flexible Orchestration Mode. Use the os parameter to choose Linux (Ubuntu) or Windows (Windows Server Datacenter 2019) deployment. NOTE: This quickstart template enables network access to VM management ports (SSH, RDP) from any internet address, and should not be used for production deployments.
VMSS with Public IP Prefix

Deploy to Azure
Template for deploying VMSS with Public IP Prefix

Terraform (AzAPI provider) resource definition

The virtualMachineScaleSets resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Compute/virtualMachineScaleSets resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Compute/virtualMachineScaleSets@2017-12-01"
  name = "string"
  identity = {
    identityIds = [
      "string"
    ]
    type = "string"
  }
  location = "string"
  plan = {
    name = "string"
    product = "string"
    promotionCode = "string"
    publisher = "string"
  }
  sku = {
    capacity = int
    name = "string"
    tier = "string"
  }
  tags = {
    {customized property} = "string"
  }
  zones = [
    "string"
  ]
  body = jsonencode({
    properties = {
      overprovision = bool
      platformFaultDomainCount = int
      singlePlacementGroup = bool
      upgradePolicy = {
        automaticOSUpgrade = bool
        autoOSUpgradePolicy = {
          disableAutoRollback = bool
        }
        mode = "string"
        rollingUpgradePolicy = {
          maxBatchInstancePercent = int
          maxUnhealthyInstancePercent = int
          maxUnhealthyUpgradedInstancePercent = int
          pauseTimeBetweenBatches = "string"
        }
      }
      virtualMachineProfile = {
        diagnosticsProfile = {
          bootDiagnostics = {
            enabled = bool
            storageUri = "string"
          }
        }
        evictionPolicy = "string"
        extensionProfile = {
          extensions = [
            {
              name = "string"
              properties = {
                autoUpgradeMinorVersion = bool
                forceUpdateTag = "string"
                protectedSettings = ?
                publisher = "string"
                settings = ?
                type = "string"
                typeHandlerVersion = "string"
              }
            }
          ]
        }
        licenseType = "string"
        networkProfile = {
          healthProbe = {
            id = "string"
          }
          networkInterfaceConfigurations = [
            {
              id = "string"
              name = "string"
              properties = {
                dnsSettings = {
                  dnsServers = [
                    "string"
                  ]
                }
                enableAcceleratedNetworking = bool
                enableIPForwarding = bool
                ipConfigurations = [
                  {
                    id = "string"
                    name = "string"
                    properties = {
                      applicationGatewayBackendAddressPools = [
                        {
                          id = "string"
                        }
                      ]
                      loadBalancerBackendAddressPools = [
                        {
                          id = "string"
                        }
                      ]
                      loadBalancerInboundNatPools = [
                        {
                          id = "string"
                        }
                      ]
                      primary = bool
                      privateIPAddressVersion = "string"
                      publicIPAddressConfiguration = {
                        name = "string"
                        properties = {
                          dnsSettings = {
                            domainNameLabel = "string"
                          }
                          idleTimeoutInMinutes = int
                        }
                      }
                      subnet = {
                        id = "string"
                      }
                    }
                  }
                ]
                networkSecurityGroup = {
                  id = "string"
                }
                primary = bool
              }
            }
          ]
        }
        osProfile = {
          adminPassword = "string"
          adminUsername = "string"
          computerNamePrefix = "string"
          customData = "string"
          linuxConfiguration = {
            disablePasswordAuthentication = bool
            ssh = {
              publicKeys = [
                {
                  keyData = "string"
                  path = "string"
                }
              ]
            }
          }
          secrets = [
            {
              sourceVault = {
                id = "string"
              }
              vaultCertificates = [
                {
                  certificateStore = "string"
                  certificateUrl = "string"
                }
              ]
            }
          ]
          windowsConfiguration = {
            additionalUnattendContent = [
              {
                componentName = "Microsoft-Windows-Shell-Setup"
                content = "string"
                passName = "OobeSystem"
                settingName = "string"
              }
            ]
            enableAutomaticUpdates = bool
            provisionVMAgent = bool
            timeZone = "string"
            winRM = {
              listeners = [
                {
                  certificateUrl = "string"
                  protocol = "string"
                }
              ]
            }
          }
        }
        priority = "string"
        storageProfile = {
          dataDisks = [
            {
              caching = "string"
              createOption = "string"
              diskSizeGB = int
              lun = int
              managedDisk = {
                storageAccountType = "string"
              }
              name = "string"
              writeAcceleratorEnabled = bool
            }
          ]
          imageReference = {
            id = "string"
            offer = "string"
            publisher = "string"
            sku = "string"
            version = "string"
          }
          osDisk = {
            caching = "string"
            createOption = "string"
            image = {
              uri = "string"
            }
            managedDisk = {
              storageAccountType = "string"
            }
            name = "string"
            osType = "string"
            vhdContainers = [
              "string"
            ]
            writeAcceleratorEnabled = bool
          }
        }
      }
      zoneBalance = bool
    }
  })
}

Property values

AdditionalUnattendContent

Name Description Value
componentName The component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup. 'Microsoft-Windows-Shell-Setup'
content Specifies the XML formatted content that is added to the unattend.xml file for the specified path and component. The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted. string
passName The pass name. Currently, the only allowable value is OobeSystem. 'OobeSystem'
settingName Specifies the name of the setting to which the content applies. Possible values are: FirstLogonCommands and AutoLogon. 'AutoLogon'
'FirstLogonCommands'

ApiEntityReference

Name Description Value
id The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/... string

AutoOSUpgradePolicy

Name Description Value
disableAutoRollback Whether OS image rollback feature should be disabled. Default value is false. bool

BootDiagnostics

Name Description Value
enabled Whether boot diagnostics should be enabled on the Virtual Machine. bool
storageUri Uri of the storage account to use for placing the console output and screenshot. string

DiagnosticsProfile

Name Description Value
bootDiagnostics Boot Diagnostics is a debugging feature which allows you to view Console Output and Screenshot to diagnose VM status.

You can easily view the output of your console log.

Azure also enables you to see a screenshot of the VM from the hypervisor.
BootDiagnostics

ImageReference

Name Description Value
id Resource Id string
offer Specifies the offer of the platform image or marketplace image used to create the virtual machine. string
publisher The image publisher. string
sku The image SKU. string
version Specifies the version of the platform image or marketplace image used to create the virtual machine. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available. string

LinuxConfiguration

Name Description Value
disablePasswordAuthentication Specifies whether password authentication should be disabled. bool
ssh Specifies the ssh key configuration for a Linux OS. SshConfiguration

Microsoft.Compute/virtualMachineScaleSets

Name Description Value
identity The identity of the virtual machine scale set, if configured. VirtualMachineScaleSetIdentity
location Resource location string (required)
name The resource name string (required)
plan Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. In the Azure portal, find the marketplace image that you want to use and then click Want to deploy programmatically, Get Started ->. Enter any required information and then click Save. Plan
properties Describes the properties of a Virtual Machine Scale Set. VirtualMachineScaleSetProperties
sku The virtual machine scale set sku. Sku
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.Compute/virtualMachineScaleSets@2017-12-01"
zones The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set. string[]

Plan

Name Description Value
name The plan ID. string
product Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. string
promotionCode The promotion code. string
publisher The publisher ID. string

ResourceTags

Name Description Value

RollingUpgradePolicy

Name Description Value
maxBatchInstancePercent The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. The default value for this parameter is 20%. int

Constraints:
Min value = 5
Max value = 100
maxUnhealthyInstancePercent The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. The default value for this parameter is 20%. int

Constraints:
Min value = 5
Max value = 100
maxUnhealthyUpgradedInstancePercent The maximum percentage of upgraded virtual machine instances that can be found to be in an unhealthy state. This check will happen after each batch is upgraded. If this percentage is ever exceeded, the rolling update aborts. The default value for this parameter is 20%. int

Constraints:
Min value = 0
Max value = 100
pauseTimeBetweenBatches The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. The default value is 0 seconds (PT0S). string

Sku

Name Description Value
capacity Specifies the number of virtual machines in the scale set. int
name The sku name. string
tier Specifies the tier of virtual machines in a scale set.

Possible Values:

Standard

Basic
string

SshConfiguration

Name Description Value
publicKeys The list of SSH public keys used to authenticate with linux based VMs. SshPublicKey[]

SshPublicKey

Name Description Value
keyData SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format.

For creating ssh keys, see Create SSH keys on Linux and Mac for Linux VMs in Azure.
string
path Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys string

SubResource

Name Description Value
id Resource Id string

UpgradePolicy

Name Description Value
automaticOSUpgrade Whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the image becomes available. bool
autoOSUpgradePolicy Configuration parameters used for performing automatic OS Upgrade. AutoOSUpgradePolicy
mode Specifies the mode of an upgrade to virtual machines in the scale set.

Possible values are:

Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action.

Automatic - All virtual machines in the scale set are automatically updated at the same time.
'Automatic'
'Manual'
'Rolling'
rollingUpgradePolicy The configuration parameters used while performing a rolling upgrade. RollingUpgradePolicy

VaultCertificate

Name Description Value
certificateStore For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account.

For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted.
string
certificateUrl This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8:

{
"data":"<Base64-encoded-certificate>",
"dataType":"pfx",
"password":"<pfx-file-password>"
}
string

VaultSecretGroup

Name Description Value
sourceVault The relative URL of the Key Vault containing all of the certificates in VaultCertificates. SubResource
vaultCertificates The list of key vault references in SourceVault which contain certificates. VaultCertificate[]

VirtualHardDisk

Name Description Value
uri Specifies the virtual hard disk's uri. string

VirtualMachineScaleSetDataDisk

Name Description Value
caching Specifies the caching requirements.

Possible values are:

None

ReadOnly

ReadWrite

Default: None for Standard storage. ReadOnly for Premium storage
'None'
'ReadOnly'
'ReadWrite'
createOption The create option. 'Attach'
'Empty'
'FromImage' (required)
diskSizeGB Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image.

This value cannot be larger than 1023 GB
int
lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. int (required)
managedDisk The managed disk parameters. VirtualMachineScaleSetManagedDiskParameters
name The disk name. string
writeAcceleratorEnabled Specifies whether writeAccelerator should be enabled or disabled on the disk. bool

VirtualMachineScaleSetExtension

Name Description Value
name The name of the extension. string
properties Describes the properties of a Virtual Machine Scale Set Extension. VirtualMachineScaleSetExtensionProperties

VirtualMachineScaleSetExtensionProfile

Name Description Value
extensions The virtual machine scale set child extension resources. VirtualMachineScaleSetExtension[]

VirtualMachineScaleSetExtensionProperties

Name Description Value
autoUpgradeMinorVersion Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. bool
forceUpdateTag If a value is provided and is different from the previous value, the extension handler will be forced to update even if the extension configuration has not changed. string
protectedSettings The extension can contain either protectedSettings or protectedSettingsFromKeyVault or no protected settings at all. any
publisher The name of the extension handler publisher. string
settings Json formatted public settings for the extension. any
type Specifies the type of the extension; an example is "CustomScriptExtension". string
typeHandlerVersion Specifies the version of the script handler. string

VirtualMachineScaleSetIdentity

Name Description Value
identityIds The list of user identities associated with the virtual machine scale set. The user identity references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/identities/{identityName}'. string[]
type The type of identity used for the virtual machine scale set. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine scale set. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned'

VirtualMachineScaleSetIPConfiguration

Name Description Value
id Resource Id string
name The IP configuration name. string (required)
properties Describes a virtual machine scale set network profile's IP configuration properties. VirtualMachineScaleSetIPConfigurationProperties

VirtualMachineScaleSetIPConfigurationProperties

Name Description Value
applicationGatewayBackendAddressPools Specifies an array of references to backend address pools of application gateways. A scale set can reference backend address pools of multiple application gateways. Multiple scale sets cannot use the same application gateway. SubResource[]
loadBalancerBackendAddressPools Specifies an array of references to backend address pools of load balancers. A scale set can reference backend address pools of one public and one internal load balancer. Multiple scale sets cannot use the same load balancer. SubResource[]
loadBalancerInboundNatPools Specifies an array of references to inbound Nat pools of the load balancers. A scale set can reference inbound nat pools of one public and one internal load balancer. Multiple scale sets cannot use the same load balancer SubResource[]
primary Specifies the primary network interface in case the virtual machine has more than 1 network interface. bool
privateIPAddressVersion Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. 'IPv4'
'IPv6'
publicIPAddressConfiguration The publicIPAddressConfiguration. VirtualMachineScaleSetPublicIPAddressConfiguration
subnet Specifies the identifier of the subnet. ApiEntityReference

VirtualMachineScaleSetManagedDiskParameters

Name Description Value
storageAccountType Specifies the storage account type for the managed disk. Managed OS disk storage account type can only be set when you create the scale set. Possible values are: Standard_LRS or Premium_LRS. 'Premium_LRS'
'Standard_LRS'

VirtualMachineScaleSetNetworkConfiguration

Name Description Value
id Resource Id string
name The network configuration name. string (required)
properties Describes a virtual machine scale set network profile's IP configuration. VirtualMachineScaleSetNetworkConfigurationProperties

VirtualMachineScaleSetNetworkConfigurationDnsSettings

Name Description Value
dnsServers List of DNS servers IP addresses string[]

VirtualMachineScaleSetNetworkConfigurationProperties

Name Description Value
dnsSettings The dns settings to be applied on the network interfaces. VirtualMachineScaleSetNetworkConfigurationDnsSettings
enableAcceleratedNetworking Specifies whether the network interface is accelerated networking-enabled. bool
enableIPForwarding Whether IP forwarding enabled on this NIC. bool
ipConfigurations Specifies the IP configurations of the network interface. VirtualMachineScaleSetIPConfiguration[] (required)
networkSecurityGroup The network security group. SubResource
primary Specifies the primary network interface in case the virtual machine has more than 1 network interface. bool

VirtualMachineScaleSetNetworkProfile

Name Description Value
healthProbe A reference to a load balancer probe used to determine the health of an instance in the virtual machine scale set. The reference will be in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/loadBalancers/{loadBalancerName}/probes/{probeName}'. ApiEntityReference
networkInterfaceConfigurations The list of network configurations. VirtualMachineScaleSetNetworkConfiguration[]

VirtualMachineScaleSetOSDisk

Name Description Value
caching Specifies the caching requirements.

Possible values are:

None

ReadOnly

ReadWrite

Default: None for Standard storage. ReadOnly for Premium storage
'None'
'ReadOnly'
'ReadWrite'
createOption Specifies how the virtual machines in the scale set should be created.

The only allowed value is: FromImage \u2013 This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described.
'Attach'
'Empty'
'FromImage' (required)
image Specifies information about the unmanaged user image to base the scale set on. VirtualHardDisk
managedDisk The managed disk parameters. VirtualMachineScaleSetManagedDiskParameters
name The disk name. string
osType This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD.

Possible values are:

Windows

Linux
'Linux'
'Windows'
vhdContainers Specifies the container urls that are used to store operating system disks for the scale set. string[]
writeAcceleratorEnabled Specifies whether writeAccelerator should be enabled or disabled on the disk. bool

VirtualMachineScaleSetOSProfile

Name Description Value
adminPassword Specifies the password of the administrator account.

Minimum-length (Windows): 8 characters

Minimum-length (Linux): 6 characters

Max-length (Windows): 123 characters

Max-length (Linux): 72 characters

Complexity requirements: 3 out of 4 conditions below need to be fulfilled
Has lower characters
Has upper characters
Has a digit
Has a special character (Regex match [\W_])

Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!"

For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM

For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension
string
adminUsername Specifies the name of the administrator account.

Windows-only restriction: Cannot end in "."

Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5".

Minimum-length (Linux): 1 character

Max-length (Linux): 64 characters

Max-length (Windows): 20 characters

<li> For root access to the Linux VM, see Using root privileges on Linux virtual machines in Azure
<li> For a list of built-in system users on Linux that should not be used in this field, see Selecting User Names for Linux on Azure
string
computerNamePrefix Specifies the computer name prefix for all of the virtual machines in the scale set. Computer name prefixes must be 1 to 15 characters long. string
customData Specifies a base-64 encoded string of custom data. The base-64 encoded string is decoded to a binary array that is saved as a file on the Virtual Machine. The maximum length of the binary array is 65535 bytes.

For using cloud-init for your VM, see Using cloud-init to customize a Linux VM during creation
string
linuxConfiguration Specifies the Linux operating system settings on the virtual machine.

For a list of supported Linux distributions, see Linux on Azure-Endorsed Distributions

For running non-endorsed distributions, see Information for Non-Endorsed Distributions.
LinuxConfiguration
secrets Specifies set of certificates that should be installed onto the virtual machines in the scale set. VaultSecretGroup[]
windowsConfiguration Specifies Windows operating system settings on the virtual machine. WindowsConfiguration

VirtualMachineScaleSetProperties

Name Description Value
overprovision Specifies whether the Virtual Machine Scale Set should be overprovisioned. bool
platformFaultDomainCount Fault Domain count for each placement group. int
singlePlacementGroup When true this limits the scale set to a single placement group, of max size 100 virtual machines. bool
upgradePolicy The upgrade policy. UpgradePolicy
virtualMachineProfile The virtual machine profile. VirtualMachineScaleSetVMProfile
zoneBalance Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage. bool

VirtualMachineScaleSetPublicIPAddressConfiguration

Name Description Value
name The publicIP address configuration name. string (required)
properties Describes a virtual machines scale set IP Configuration's PublicIPAddress configuration VirtualMachineScaleSetPublicIPAddressConfigurationProperties

VirtualMachineScaleSetPublicIPAddressConfigurationDnsSettings

Name Description Value
domainNameLabel The Domain name label.The concatenation of the domain name label and vm index will be the domain name labels of the PublicIPAddress resources that will be created string (required)

VirtualMachineScaleSetPublicIPAddressConfigurationProperties

Name Description Value
dnsSettings The dns settings to be applied on the publicIP addresses . VirtualMachineScaleSetPublicIPAddressConfigurationDnsSettings
idleTimeoutInMinutes The idle timeout of the public IP address. int

VirtualMachineScaleSetStorageProfile

Name Description Value
dataDisks Specifies the parameters that are used to add data disks to the virtual machines in the scale set.

For more information about disks, see About disks and VHDs for Azure virtual machines.
VirtualMachineScaleSetDataDisk[]
imageReference Specifies information about the image to use. You can specify information about platform images, marketplace images, or virtual machine images. This element is required when you want to use a platform image, marketplace image, or virtual machine image, but is not used in other creation operations. ImageReference
osDisk Specifies information about the operating system disk used by the virtual machines in the scale set.

For more information about disks, see About disks and VHDs for Azure virtual machines.
VirtualMachineScaleSetOSDisk

VirtualMachineScaleSetVMProfile

Name Description Value
diagnosticsProfile Specifies the boot diagnostic settings state.

Minimum api-version: 2015-06-15.
DiagnosticsProfile
evictionPolicy Specifies the eviction policy for virtual machines in a low priority scale set.

Minimum api-version: 2017-10-30-preview
'Deallocate'
'Delete'
extensionProfile Specifies a collection of settings for extensions installed on virtual machines in the scale set. VirtualMachineScaleSetExtensionProfile
licenseType Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system.

Possible values are:

Windows_Client

Windows_Server

If this element is included in a request for an update, the value must match the initial value. This value cannot be updated.

For more information, see Azure Hybrid Use Benefit for Windows Server

Minimum api-version: 2015-06-15
string
networkProfile Specifies properties of the network interfaces of the virtual machines in the scale set. VirtualMachineScaleSetNetworkProfile
osProfile Specifies the operating system settings for the virtual machines in the scale set. VirtualMachineScaleSetOSProfile
priority Specifies the priority for the virtual machines in the scale set.

Minimum api-version: 2017-10-30-preview
'Low'
'Regular'
storageProfile Specifies the storage settings for the virtual machine disks. VirtualMachineScaleSetStorageProfile

WindowsConfiguration

Name Description Value
additionalUnattendContent Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. AdditionalUnattendContent[]
enableAutomaticUpdates Indicates whether virtual machine is enabled for automatic updates. bool
provisionVMAgent Indicates whether virtual machine agent should be provisioned on the virtual machine.

When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later.
bool
timeZone Specifies the time zone of the virtual machine. e.g. "Pacific Standard Time" string
winRM Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. WinRMConfiguration

WinRMConfiguration

Name Description Value
listeners The list of Windows Remote Management listeners WinRMListener[]

WinRMListener

Name Description Value
certificateUrl This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8:

{
"data":"<Base64-encoded-certificate>",
"dataType":"pfx",
"password":"<pfx-file-password>"
}
string
protocol Specifies the protocol of listener.

Possible values are:
http

https
'Http'
'Https'