Microsoft.Compute virtualMachines 2024-03-01
Bicep resource definition
The virtualMachines resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Compute/virtualMachines resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Compute/virtualMachines@2024-03-01' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
extendedLocation: {
name: 'string'
type: 'EdgeZone'
}
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
plan: {
name: 'string'
product: 'string'
promotionCode: 'string'
publisher: 'string'
}
properties: {
additionalCapabilities: {
hibernationEnabled: bool
ultraSSDEnabled: bool
}
applicationProfile: {
galleryApplications: [
{
configurationReference: 'string'
enableAutomaticUpgrade: bool
order: int
packageReferenceId: 'string'
tags: 'string'
treatFailureAsDeploymentFailure: bool
}
]
}
availabilitySet: {
id: 'string'
}
billingProfile: {
maxPrice: json('decimal-as-string')
}
capacityReservation: {
capacityReservationGroup: {
id: 'string'
}
}
diagnosticsProfile: {
bootDiagnostics: {
enabled: bool
storageUri: 'string'
}
}
evictionPolicy: 'string'
extensionsTimeBudget: 'string'
hardwareProfile: {
vmSize: 'string'
vmSizeProperties: {
vCPUsAvailable: int
vCPUsPerCore: int
}
}
host: {
id: 'string'
}
hostGroup: {
id: 'string'
}
licenseType: 'string'
networkProfile: {
networkApiVersion: '2020-11-01'
networkInterfaceConfigurations: [
{
name: 'string'
properties: {
auxiliaryMode: 'string'
auxiliarySku: 'string'
deleteOption: 'string'
disableTcpStateTracking: bool
dnsSettings: {
dnsServers: [
'string'
]
}
dscpConfiguration: {
id: 'string'
}
enableAcceleratedNetworking: bool
enableFpga: bool
enableIPForwarding: bool
ipConfigurations: [
{
name: 'string'
properties: {
applicationGatewayBackendAddressPools: [
{
id: 'string'
}
]
applicationSecurityGroups: [
{
id: 'string'
}
]
loadBalancerBackendAddressPools: [
{
id: 'string'
}
]
primary: bool
privateIPAddressVersion: 'string'
publicIPAddressConfiguration: {
name: 'string'
properties: {
deleteOption: 'string'
dnsSettings: {
domainNameLabel: 'string'
domainNameLabelScope: 'string'
}
idleTimeoutInMinutes: int
ipTags: [
{
ipTagType: 'string'
tag: 'string'
}
]
publicIPAddressVersion: 'string'
publicIPAllocationMethod: 'string'
publicIPPrefix: {
id: 'string'
}
}
sku: {
name: 'string'
tier: 'string'
}
}
subnet: {
id: 'string'
}
}
}
]
networkSecurityGroup: {
id: 'string'
}
primary: bool
}
}
]
networkInterfaces: [
{
id: 'string'
properties: {
deleteOption: 'string'
primary: bool
}
}
]
}
osProfile: {
adminPassword: 'string'
adminUsername: 'string'
allowExtensionOperations: bool
computerName: 'string'
customData: 'string'
linuxConfiguration: {
disablePasswordAuthentication: bool
enableVMAgentPlatformUpdates: bool
patchSettings: {
assessmentMode: 'string'
automaticByPlatformSettings: {
bypassPlatformSafetyChecksOnUserSchedule: bool
rebootSetting: 'string'
}
patchMode: 'string'
}
provisionVMAgent: bool
ssh: {
publicKeys: [
{
keyData: 'string'
path: 'string'
}
]
}
}
requireGuestProvisionSignal: bool
secrets: [
{
sourceVault: {
id: 'string'
}
vaultCertificates: [
{
certificateStore: 'string'
certificateUrl: 'string'
}
]
}
]
windowsConfiguration: {
additionalUnattendContent: [
{
componentName: 'Microsoft-Windows-Shell-Setup'
content: 'string'
passName: 'OobeSystem'
settingName: 'string'
}
]
enableAutomaticUpdates: bool
enableVMAgentPlatformUpdates: bool
patchSettings: {
assessmentMode: 'string'
automaticByPlatformSettings: {
bypassPlatformSafetyChecksOnUserSchedule: bool
rebootSetting: 'string'
}
enableHotpatching: bool
patchMode: 'string'
}
provisionVMAgent: bool
timeZone: 'string'
winRM: {
listeners: [
{
certificateUrl: 'string'
protocol: 'string'
}
]
}
}
}
platformFaultDomain: int
priority: 'string'
proximityPlacementGroup: {
id: 'string'
}
scheduledEventsPolicy: {
scheduledEventsAdditionalPublishingTargets: {
eventGridAndResourceGraph: {
enable: bool
}
}
userInitiatedReboot: {
automaticallyApprove: bool
}
userInitiatedRedeploy: {
automaticallyApprove: bool
}
}
scheduledEventsProfile: {
osImageNotificationProfile: {
enable: bool
notBeforeTimeout: 'string'
}
terminateNotificationProfile: {
enable: bool
notBeforeTimeout: 'string'
}
}
securityProfile: {
encryptionAtHost: bool
encryptionIdentity: {
userAssignedIdentityResourceId: 'string'
}
proxyAgentSettings: {
enabled: bool
keyIncarnationId: int
mode: 'string'
}
securityType: 'string'
uefiSettings: {
secureBootEnabled: bool
vTpmEnabled: bool
}
}
storageProfile: {
dataDisks: [
{
caching: 'string'
createOption: 'string'
deleteOption: 'string'
detachOption: 'ForceDetach'
diskSizeGB: int
image: {
uri: 'string'
}
lun: int
managedDisk: {
diskEncryptionSet: {
id: 'string'
}
id: 'string'
securityProfile: {
diskEncryptionSet: {
id: 'string'
}
securityEncryptionType: 'string'
}
storageAccountType: 'string'
}
name: 'string'
sourceResource: {
id: 'string'
}
toBeDetached: bool
vhd: {
uri: 'string'
}
writeAcceleratorEnabled: bool
}
]
diskControllerType: 'string'
imageReference: {
communityGalleryImageId: 'string'
id: 'string'
offer: 'string'
publisher: 'string'
sharedGalleryImageId: 'string'
sku: 'string'
version: 'string'
}
osDisk: {
caching: 'string'
createOption: 'string'
deleteOption: 'string'
diffDiskSettings: {
option: 'Local'
placement: 'string'
}
diskSizeGB: int
encryptionSettings: {
diskEncryptionKey: {
secretUrl: 'string'
sourceVault: {
id: 'string'
}
}
enabled: bool
keyEncryptionKey: {
keyUrl: 'string'
sourceVault: {
id: 'string'
}
}
}
image: {
uri: 'string'
}
managedDisk: {
diskEncryptionSet: {
id: 'string'
}
id: 'string'
securityProfile: {
diskEncryptionSet: {
id: 'string'
}
securityEncryptionType: 'string'
}
storageAccountType: 'string'
}
name: 'string'
osType: 'string'
vhd: {
uri: 'string'
}
writeAcceleratorEnabled: bool
}
}
userData: 'string'
virtualMachineScaleSet: {
id: 'string'
}
}
zones: [
'string' or int
]
}
Property values
virtualMachines
Name | Description | Value |
---|---|---|
name | The resource name | string (required) Character limit: 1-15 (Windows) 1-64 (Linux) Valid characters: Can't use spaces, control characters, or these characters: ~ ! @ # $ % ^ & * ( ) = + _ [ ] { } \ | ; : . ' " , < > / ? Windows VMs can't include period or end with hyphen. Linux VMs can't end with period or hyphen. |
location | Resource location | string (required) |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
extendedLocation | The extended location of the Virtual Machine. | ExtendedLocation |
identity | The identity of the virtual machine, if configured. | VirtualMachineIdentity |
plan | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. In the Azure portal, find the marketplace image that you want to use and then click Want to deploy programmatically, Get Started ->. Enter any required information and then click Save. | Plan |
properties | Describes the properties of a Virtual Machine. | VirtualMachineProperties |
zones | The virtual machine zones. | Array of availability zones as string or int. |
ExtendedLocation
Name | Description | Value |
---|---|---|
name | The name of the extended location. | string |
type | The type of the extended location. | 'EdgeZone' |
VirtualMachineIdentity
Name | Description | Value |
---|---|---|
type | The type of identity used for the virtual machine. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
userAssignedIdentities | The list of user identities associated with the Virtual Machine. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | UserAssignedIdentities |
UserAssignedIdentities
Name | Description | Value |
---|---|---|
{customized property} | UserAssignedIdentitiesValue |
UserAssignedIdentitiesValue
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
Plan
Name | Description | Value |
---|---|---|
name | The plan ID. | string |
product | Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. | string |
promotionCode | The promotion code. | string |
publisher | The publisher ID. | string |
VirtualMachineProperties
Name | Description | Value |
---|---|---|
additionalCapabilities | Specifies additional capabilities enabled or disabled on the virtual machine. | AdditionalCapabilities |
applicationProfile | Specifies the gallery applications that should be made available to the VM/VMSS. | ApplicationProfile |
availabilitySet | Specifies information about the availability set that the virtual machine should be assigned to. Virtual machines specified in the same availability set are allocated to different nodes to maximize availability. For more information about availability sets, see Availability sets overview. For more information on Azure planned maintenance, see Maintenance and updates for Virtual Machines in Azure. Currently, a VM can only be added to availability set at creation time. The availability set to which the VM is being added should be under the same resource group as the availability set resource. An existing VM cannot be added to an availability set. This property cannot exist along with a non-null properties.virtualMachineScaleSet reference. | SubResource |
billingProfile | Specifies the billing related details of a Azure Spot virtual machine. Minimum api-version: 2019-03-01. | BillingProfile |
capacityReservation | Specifies information about the capacity reservation that is used to allocate virtual machine. Minimum api-version: 2021-04-01. | CapacityReservationProfile |
diagnosticsProfile | Specifies the boot diagnostic settings state. Minimum api-version: 2015-06-15. | DiagnosticsProfile |
evictionPolicy | Specifies the eviction policy for the Azure Spot virtual machine and Azure Spot scale set. For Azure Spot virtual machines, both 'Deallocate' and 'Delete' are supported and the minimum api-version is 2019-03-01. For Azure Spot scale sets, both 'Deallocate' and 'Delete' are supported and the minimum api-version is 2017-10-30-preview. | 'Deallocate' 'Delete' |
extensionsTimeBudget | Specifies the time alloted for all extensions to start. The time duration should be between 15 minutes and 120 minutes (inclusive) and should be specified in ISO 8601 format. The default value is 90 minutes (PT1H30M). Minimum api-version: 2020-06-01. | string |
hardwareProfile | Specifies the hardware settings for the virtual machine. | HardwareProfile |
host | Specifies information about the dedicated host that the virtual machine resides in. Minimum api-version: 2018-10-01. | SubResource |
hostGroup | Specifies information about the dedicated host group that the virtual machine resides in. Note: User cannot specify both host and hostGroup properties. Minimum api-version: 2020-06-01. | SubResource |
licenseType | Specifies that the image or disk that is being used was licensed on-premises. Possible values for Windows Server operating system are: Windows_Client Windows_Server Possible values for Linux Server operating system are: RHEL_BYOS (for RHEL) SLES_BYOS (for SUSE) For more information, see Azure Hybrid Use Benefit for Windows Server Azure Hybrid Use Benefit for Linux Server Minimum api-version: 2015-06-15 |
string |
networkProfile | Specifies the network interfaces of the virtual machine. | NetworkProfile |
osProfile | Specifies the operating system settings used while creating the virtual machine. Some of the settings cannot be changed once VM is provisioned. | OSProfile |
platformFaultDomain | Specifies the scale set logical fault domain into which the Virtual Machine will be created. By default, the Virtual Machine will by automatically assigned to a fault domain that best maintains balance across available fault domains. This is applicable only if the 'virtualMachineScaleSet' property of this Virtual Machine is set. The Virtual Machine Scale Set that is referenced, must have 'platformFaultDomainCount' greater than 1. This property cannot be updated once the Virtual Machine is created. Fault domain assignment can be viewed in the Virtual Machine Instance View. Minimum api‐version: 2020‐12‐01. | int |
priority | Specifies the priority for the virtual machine. Minimum api-version: 2019-03-01 | 'Low' 'Regular' 'Spot' |
proximityPlacementGroup | Specifies information about the proximity placement group that the virtual machine should be assigned to. Minimum api-version: 2018-04-01. | SubResource |
scheduledEventsPolicy | Specifies Redeploy, Reboot and ScheduledEventsAdditionalPublishingTargets Scheduled Event related configurations for the virtual machine. | ScheduledEventsPolicy |
scheduledEventsProfile | Specifies Scheduled Event related configurations. | ScheduledEventsProfile |
securityProfile | Specifies the Security related profile settings for the virtual machine. | SecurityProfile |
storageProfile | Specifies the storage settings for the virtual machine disks. | StorageProfile |
userData | UserData for the VM, which must be base-64 encoded. Customer should not pass any secrets in here. Minimum api-version: 2021-03-01. | string |
virtualMachineScaleSet | Specifies information about the virtual machine scale set that the virtual machine should be assigned to. Virtual machines specified in the same virtual machine scale set are allocated to different nodes to maximize availability. Currently, a VM can only be added to virtual machine scale set at creation time. An existing VM cannot be added to a virtual machine scale set. This property cannot exist along with a non-null properties.availabilitySet reference. Minimum api‐version: 2019‐03‐01. | SubResource |
AdditionalCapabilities
Name | Description | Value |
---|---|---|
hibernationEnabled | The flag that enables or disables hibernation capability on the VM. | bool |
ultraSSDEnabled | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. | bool |
ApplicationProfile
Name | Description | Value |
---|---|---|
galleryApplications | Specifies the gallery applications that should be made available to the VM/VMSS | VMGalleryApplication[] |
VMGalleryApplication
Name | Description | Value |
---|---|---|
configurationReference | Optional, Specifies the uri to an azure blob that will replace the default configuration for the package if provided | string |
enableAutomaticUpgrade | If set to true, when a new Gallery Application version is available in PIR/SIG, it will be automatically updated for the VM/VMSS | bool |
order | Optional, Specifies the order in which the packages have to be installed | int |
packageReferenceId | Specifies the GalleryApplicationVersion resource id on the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/applications/{application}/versions/{version} | string (required) |
tags | Optional, Specifies a passthrough value for more generic context. | string |
treatFailureAsDeploymentFailure | Optional, If true, any failure for any operation in the VmApplication will fail the deployment | bool |
SubResource
Name | Description | Value |
---|---|---|
id | Resource Id | string |
BillingProfile
Name | Description | Value |
---|---|---|
maxPrice | Specifies the maximum price you are willing to pay for a Azure Spot VM/VMSS. This price is in US Dollars. This price will be compared with the current Azure Spot price for the VM size. Also, the prices are compared at the time of create/update of Azure Spot VM/VMSS and the operation will only succeed if the maxPrice is greater than the current Azure Spot price. The maxPrice will also be used for evicting a Azure Spot VM/VMSS if the current Azure Spot price goes beyond the maxPrice after creation of VM/VMSS. Possible values are: - Any decimal value greater than zero. Example: 0.01538 -1 – indicates default price to be up-to on-demand. You can set the maxPrice to -1 to indicate that the Azure Spot VM/VMSS should not be evicted for price reasons. Also, the default max price is -1 if it is not provided by you. Minimum api-version: 2019-03-01. To specify a decimal value, use the json() function. |
int or json decimal |
CapacityReservationProfile
Name | Description | Value |
---|---|---|
capacityReservationGroup | Specifies the capacity reservation group resource id that should be used for allocating the virtual machine or scaleset vm instances provided enough capacity has been reserved. Please refer to https://aka.ms/CapacityReservation for more details. |
SubResource |
DiagnosticsProfile
Name | Description | Value |
---|---|---|
bootDiagnostics | Boot Diagnostics is a debugging feature which allows you to view Console Output and Screenshot to diagnose VM status. NOTE: If storageUri is being specified then ensure that the storage account is in the same region and subscription as the VM. You can easily view the output of your console log. Azure also enables you to see a screenshot of the VM from the hypervisor. | BootDiagnostics |
BootDiagnostics
Name | Description | Value |
---|---|---|
enabled | Whether boot diagnostics should be enabled on the Virtual Machine. | bool |
storageUri | Uri of the storage account to use for placing the console output and screenshot. If storageUri is not specified while enabling boot diagnostics, managed storage will be used. | string |
HardwareProfile
Name | Description | Value |
---|---|---|
vmSize | Specifies the size of the virtual machine. The enum data type is currently deprecated and will be removed by December 23rd 2023. The recommended way to get the list of available sizes is using these APIs: List all available virtual machine sizes in an availability set, List all available virtual machine sizes in a region, List all available virtual machine sizes for resizing. For more information about virtual machine sizes, see Sizes for virtual machines. The available VM sizes depend on region and availability set. | 'Basic_A0' 'Basic_A1' 'Basic_A2' 'Basic_A3' 'Basic_A4' 'Standard_A0' 'Standard_A1' 'Standard_A10' 'Standard_A11' 'Standard_A1_v2' 'Standard_A2' 'Standard_A2_v2' 'Standard_A2m_v2' 'Standard_A3' 'Standard_A4' 'Standard_A4_v2' 'Standard_A4m_v2' 'Standard_A5' 'Standard_A6' 'Standard_A7' 'Standard_A8' 'Standard_A8_v2' 'Standard_A8m_v2' 'Standard_A9' 'Standard_B1ms' 'Standard_B1s' 'Standard_B2ms' 'Standard_B2s' 'Standard_B4ms' 'Standard_B8ms' 'Standard_D1' 'Standard_D11' 'Standard_D11_v2' 'Standard_D12' 'Standard_D12_v2' 'Standard_D13' 'Standard_D13_v2' 'Standard_D14' 'Standard_D14_v2' 'Standard_D15_v2' 'Standard_D16_v3' 'Standard_D16s_v3' 'Standard_D1_v2' 'Standard_D2' 'Standard_D2_v2' 'Standard_D2_v3' 'Standard_D2s_v3' 'Standard_D3' 'Standard_D32_v3' 'Standard_D32s_v3' 'Standard_D3_v2' 'Standard_D4' 'Standard_D4_v2' 'Standard_D4_v3' 'Standard_D4s_v3' 'Standard_D5_v2' 'Standard_D64_v3' 'Standard_D64s_v3' 'Standard_D8_v3' 'Standard_D8s_v3' 'Standard_DS1' 'Standard_DS11' 'Standard_DS11_v2' 'Standard_DS12' 'Standard_DS12_v2' 'Standard_DS13' 'Standard_DS13-2_v2' 'Standard_DS13-4_v2' 'Standard_DS13_v2' 'Standard_DS14' 'Standard_DS14-4_v2' 'Standard_DS14-8_v2' 'Standard_DS14_v2' 'Standard_DS15_v2' 'Standard_DS1_v2' 'Standard_DS2' 'Standard_DS2_v2' 'Standard_DS3' 'Standard_DS3_v2' 'Standard_DS4' 'Standard_DS4_v2' 'Standard_DS5_v2' 'Standard_E16_v3' 'Standard_E16s_v3' 'Standard_E2_v3' 'Standard_E2s_v3' 'Standard_E32-16_v3' 'Standard_E32-8s_v3' 'Standard_E32_v3' 'Standard_E32s_v3' 'Standard_E4_v3' 'Standard_E4s_v3' 'Standard_E64-16s_v3' 'Standard_E64-32s_v3' 'Standard_E64_v3' 'Standard_E64s_v3' 'Standard_E8_v3' 'Standard_E8s_v3' 'Standard_F1' 'Standard_F16' 'Standard_F16s' 'Standard_F16s_v2' 'Standard_F1s' 'Standard_F2' 'Standard_F2s' 'Standard_F2s_v2' 'Standard_F32s_v2' 'Standard_F4' 'Standard_F4s' 'Standard_F4s_v2' 'Standard_F64s_v2' 'Standard_F72s_v2' 'Standard_F8' 'Standard_F8s' 'Standard_F8s_v2' 'Standard_G1' 'Standard_G2' 'Standard_G3' 'Standard_G4' 'Standard_G5' 'Standard_GS1' 'Standard_GS2' 'Standard_GS3' 'Standard_GS4' 'Standard_GS4-4' 'Standard_GS4-8' 'Standard_GS5' 'Standard_GS5-16' 'Standard_GS5-8' 'Standard_H16' 'Standard_H16m' 'Standard_H16mr' 'Standard_H16r' 'Standard_H8' 'Standard_H8m' 'Standard_L16s' 'Standard_L32s' 'Standard_L4s' 'Standard_L8s' 'Standard_M128-32ms' 'Standard_M128-64ms' 'Standard_M128ms' 'Standard_M128s' 'Standard_M64-16ms' 'Standard_M64-32ms' 'Standard_M64ms' 'Standard_M64s' 'Standard_NC12' 'Standard_NC12s_v2' 'Standard_NC12s_v3' 'Standard_NC24' 'Standard_NC24r' 'Standard_NC24rs_v2' 'Standard_NC24rs_v3' 'Standard_NC24s_v2' 'Standard_NC24s_v3' 'Standard_NC6' 'Standard_NC6s_v2' 'Standard_NC6s_v3' 'Standard_ND12s' 'Standard_ND24rs' 'Standard_ND24s' 'Standard_ND6s' 'Standard_NV12' 'Standard_NV24' 'Standard_NV6' |
vmSizeProperties | Specifies the properties for customizing the size of the virtual machine. Minimum api-version: 2021-07-01. This feature is still in preview mode and is not supported for VirtualMachineScaleSet. Please follow the instructions in VM Customization for more details. | VMSizeProperties |
VMSizeProperties
Name | Description | Value |
---|---|---|
vCPUsAvailable | Specifies the number of vCPUs available for the VM. When this property is not specified in the request body the default behavior is to set it to the value of vCPUs available for that VM size exposed in api response of List all available virtual machine sizes in a region. | int |
vCPUsPerCore | Specifies the vCPU to physical core ratio. When this property is not specified in the request body the default behavior is set to the value of vCPUsPerCore for the VM Size exposed in api response of List all available virtual machine sizes in a region. Setting this property to 1 also means that hyper-threading is disabled. | int |
NetworkProfile
Name | Description | Value |
---|---|---|
networkApiVersion | specifies the Microsoft.Network API version used when creating networking resources in the Network Interface Configurations | '2020-11-01' |
networkInterfaceConfigurations | Specifies the networking configurations that will be used to create the virtual machine networking resources. | VirtualMachineNetworkInterfaceConfiguration[] |
networkInterfaces | Specifies the list of resource Ids for the network interfaces associated with the virtual machine. | NetworkInterfaceReference[] |
VirtualMachineNetworkInterfaceConfiguration
Name | Description | Value |
---|---|---|
name | The network interface configuration name. | string (required) |
properties | Describes a virtual machine network profile's IP configuration. | VirtualMachineNetworkInterfaceConfigurationPropertie... |
VirtualMachineNetworkInterfaceConfigurationPropertie...
Name | Description | Value |
---|---|---|
auxiliaryMode | Specifies whether the Auxiliary mode is enabled for the Network Interface resource. | 'AcceleratedConnections' 'Floating' 'None' |
auxiliarySku | Specifies whether the Auxiliary sku is enabled for the Network Interface resource. | 'A1' 'A2' 'A4' 'A8' 'None' |
deleteOption | Specify what happens to the network interface when the VM is deleted | 'Delete' 'Detach' |
disableTcpStateTracking | Specifies whether the network interface is disabled for tcp state tracking. | bool |
dnsSettings | The dns settings to be applied on the network interfaces. | VirtualMachineNetworkInterfaceDnsSettingsConfigurati... |
dscpConfiguration | SubResource | |
enableAcceleratedNetworking | Specifies whether the network interface is accelerated networking-enabled. | bool |
enableFpga | Specifies whether the network interface is FPGA networking-enabled. | bool |
enableIPForwarding | Whether IP forwarding enabled on this NIC. | bool |
ipConfigurations | Specifies the IP configurations of the network interface. | VirtualMachineNetworkInterfaceIPConfiguration[] (required) |
networkSecurityGroup | The network security group. | SubResource |
primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
VirtualMachineNetworkInterfaceDnsSettingsConfigurati...
Name | Description | Value |
---|---|---|
dnsServers | List of DNS servers IP addresses | string[] |
VirtualMachineNetworkInterfaceIPConfiguration
Name | Description | Value |
---|---|---|
name | The IP configuration name. | string (required) |
properties | Describes a virtual machine network interface IP configuration properties. | VirtualMachineNetworkInterfaceIPConfigurationPropert... |
VirtualMachineNetworkInterfaceIPConfigurationPropert...
Name | Description | Value |
---|---|---|
applicationGatewayBackendAddressPools | Specifies an array of references to backend address pools of application gateways. A virtual machine can reference backend address pools of multiple application gateways. Multiple virtual machines cannot use the same application gateway. | SubResource[] |
applicationSecurityGroups | Specifies an array of references to application security group. | SubResource[] |
loadBalancerBackendAddressPools | Specifies an array of references to backend address pools of load balancers. A virtual machine can reference backend address pools of one public and one internal load balancer. [Multiple virtual machines cannot use the same basic sku load balancer]. | SubResource[] |
primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
privateIPAddressVersion | Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | 'IPv4' 'IPv6' |
publicIPAddressConfiguration | The publicIPAddressConfiguration. | VirtualMachinePublicIPAddressConfiguration |
subnet | Specifies the identifier of the subnet. | SubResource |
VirtualMachinePublicIPAddressConfiguration
Name | Description | Value |
---|---|---|
name | The publicIP address configuration name. | string (required) |
properties | Describes a virtual machines IP Configuration's PublicIPAddress configuration | VirtualMachinePublicIPAddressConfigurationProperties |
sku | Describes the public IP Sku. It can only be set with OrchestrationMode as Flexible. | PublicIPAddressSku |
VirtualMachinePublicIPAddressConfigurationProperties
Name | Description | Value |
---|---|---|
deleteOption | Specify what happens to the public IP address when the VM is deleted | 'Delete' 'Detach' |
dnsSettings | The dns settings to be applied on the publicIP addresses . | VirtualMachinePublicIPAddressDnsSettingsConfiguratio... |
idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
ipTags | The list of IP tags associated with the public IP address. | VirtualMachineIpTag[] |
publicIPAddressVersion | Available from Api-Version 2019-07-01 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | 'IPv4' 'IPv6' |
publicIPAllocationMethod | Specify the public IP allocation type | 'Dynamic' 'Static' |
publicIPPrefix | The PublicIPPrefix from which to allocate publicIP addresses. | SubResource |
VirtualMachinePublicIPAddressDnsSettingsConfiguratio...
Name | Description | Value |
---|---|---|
domainNameLabel | The Domain name label prefix of the PublicIPAddress resources that will be created. The generated name label is the concatenation of the domain name label and vm network profile unique ID. | string (required) |
domainNameLabelScope | The Domain name label scope of the PublicIPAddress resources that will be created. The generated name label is the concatenation of the hashed domain name label with policy according to the domain name label scope and vm network profile unique ID. | 'NoReuse' 'ResourceGroupReuse' 'SubscriptionReuse' 'TenantReuse' |
VirtualMachineIpTag
Name | Description | Value |
---|---|---|
ipTagType | IP tag type. Example: FirstPartyUsage. | string |
tag | IP tag associated with the public IP. Example: SQL, Storage etc. | string |
PublicIPAddressSku
Name | Description | Value |
---|---|---|
name | Specify public IP sku name | 'Basic' 'Standard' |
tier | Specify public IP sku tier | 'Global' 'Regional' |
NetworkInterfaceReference
Name | Description | Value |
---|---|---|
id | Resource Id | string |
properties | Describes a network interface reference properties. | NetworkInterfaceReferenceProperties |
NetworkInterfaceReferenceProperties
Name | Description | Value |
---|---|---|
deleteOption | Specify what happens to the network interface when the VM is deleted | 'Delete' 'Detach' |
primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
OSProfile
Name | Description | Value |
---|---|---|
adminPassword | Specifies the password of the administrator account. Minimum-length (Windows): 8 characters Minimum-length (Linux): 6 characters Max-length (Windows): 123 characters Max-length (Linux): 72 characters Complexity requirements: 3 out of 4 conditions below need to be fulfilled Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_]) Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!" For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension |
string Constraints: Sensitive value. Pass in as a secure parameter. |
adminUsername | Specifies the name of the administrator account. This property cannot be updated after the VM is created. Windows-only restriction: Cannot end in "." Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". Minimum-length (Linux): 1 character Max-length (Linux): 64 characters Max-length (Windows): 20 characters. |
string |
allowExtensionOperations | Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine. | bool |
computerName | Specifies the host OS name of the virtual machine. This name cannot be updated after the VM is created. Max-length (Windows): 15 characters. Max-length (Linux): 64 characters. For naming conventions and restrictions see Azure infrastructure services implementation guidelines. | string |
customData | Specifies a base-64 encoded string of custom data. The base-64 encoded string is decoded to a binary array that is saved as a file on the Virtual Machine. The maximum length of the binary array is 65535 bytes. Note: Do not pass any secrets or passwords in customData property. This property cannot be updated after the VM is created. The property 'customData' is passed to the VM to be saved as a file, for more information see Custom Data on Azure VMs. For using cloud-init for your Linux VM, see Using cloud-init to customize a Linux VM during creation. | string |
linuxConfiguration | Specifies the Linux operating system settings on the virtual machine. For a list of supported Linux distributions, see Linux on Azure-Endorsed Distributions. | LinuxConfiguration |
requireGuestProvisionSignal | Optional property which must either be set to True or omitted. | bool |
secrets | Specifies set of certificates that should be installed onto the virtual machine. To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. | VaultSecretGroup[] |
windowsConfiguration | Specifies Windows operating system settings on the virtual machine. | WindowsConfiguration |
LinuxConfiguration
Name | Description | Value |
---|---|---|
disablePasswordAuthentication | Specifies whether password authentication should be disabled. | bool |
enableVMAgentPlatformUpdates | Indicates whether VMAgent Platform Updates is enabled for the Linux virtual machine. Default value is false. | bool |
patchSettings | [Preview Feature] Specifies settings related to VM Guest Patching on Linux. | LinuxPatchSettings |
provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. | bool |
ssh | Specifies the ssh key configuration for a Linux OS. | SshConfiguration |
LinuxPatchSettings
Name | Description | Value |
---|---|---|
assessmentMode | Specifies the mode of VM Guest Patch Assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. |
'AutomaticByPlatform' 'ImageDefault' |
automaticByPlatformSettings | Specifies additional settings for patch mode AutomaticByPlatform in VM Guest Patching on Linux. | LinuxVMGuestPatchAutomaticByPlatformSettings |
patchMode | Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: ImageDefault - The virtual machine's default patching configuration is used. AutomaticByPlatform - The virtual machine will be automatically updated by the platform. The property provisionVMAgent must be true |
'AutomaticByPlatform' 'ImageDefault' |
LinuxVMGuestPatchAutomaticByPlatformSettings
Name | Description | Value |
---|---|---|
bypassPlatformSafetyChecksOnUserSchedule | Enables customer to schedule patching without accidental upgrades | bool |
rebootSetting | Specifies the reboot setting for all AutomaticByPlatform patch installation operations. | 'Always' 'IfRequired' 'Never' 'Unknown' |
SshConfiguration
Name | Description | Value |
---|---|---|
publicKeys | The list of SSH public keys used to authenticate with linux based VMs. | SshPublicKey[] |
SshPublicKey
Name | Description | Value |
---|---|---|
keyData | SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format. For creating ssh keys, see [Create SSH keys on Linux and Mac for Linux VMs in Azure]/azure/virtual-machines/linux/create-ssh-keys-detailed). | string |
path | Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys | string |
VaultSecretGroup
Name | Description | Value |
---|---|---|
sourceVault | The relative URL of the Key Vault containing all of the certificates in VaultCertificates. | SubResource |
vaultCertificates | The list of key vault references in SourceVault which contain certificates. | VaultCertificate[] |
VaultCertificate
Name | Description | Value |
---|---|---|
certificateStore | For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account. For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted. | string |
certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"{Base64-encoded-certificate}", "dataType":"pfx", "password":"{pfx-file-password}" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
string |
WindowsConfiguration
Name | Description | Value |
---|---|---|
additionalUnattendContent | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. | AdditionalUnattendContent[] |
enableAutomaticUpdates | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. | bool |
enableVMAgentPlatformUpdates | Indicates whether VMAgent Platform Updates is enabled for the Windows virtual machine. Default value is false. | bool |
patchSettings | [Preview Feature] Specifies settings related to VM Guest Patching on Windows. | PatchSettings |
provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, it is set to true by default. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. | bool |
timeZone | Specifies the time zone of the virtual machine. e.g. "Pacific Standard Time". Possible values can be TimeZoneInfo.Id value from time zones returned by TimeZoneInfo.GetSystemTimeZones. | string |
winRM | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. | WinRMConfiguration |
AdditionalUnattendContent
Name | Description | Value |
---|---|---|
componentName | The component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup. | 'Microsoft-Windows-Shell-Setup' |
content | Specifies the XML formatted content that is added to the unattend.xml file for the specified path and component. The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted. | string |
passName | The pass name. Currently, the only allowable value is OobeSystem. | 'OobeSystem' |
settingName | Specifies the name of the setting to which the content applies. Possible values are: FirstLogonCommands and AutoLogon. | 'AutoLogon' 'FirstLogonCommands' |
PatchSettings
Name | Description | Value |
---|---|---|
assessmentMode | Specifies the mode of VM Guest patch assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. |
'AutomaticByPlatform' 'ImageDefault' |
automaticByPlatformSettings | Specifies additional settings for patch mode AutomaticByPlatform in VM Guest Patching on Windows. | WindowsVMGuestPatchAutomaticByPlatformSettings |
enableHotpatching | Enables customers to patch their Azure VMs without requiring a reboot. For enableHotpatching, the 'provisionVMAgent' must be set to true and 'patchMode' must be set to 'AutomaticByPlatform'. | bool |
patchMode | Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: Manual - You control the application of patches to a virtual machine. You do this by applying patches manually inside the VM. In this mode, automatic updates are disabled; the property WindowsConfiguration.enableAutomaticUpdates must be false AutomaticByOS - The virtual machine will automatically be updated by the OS. The property WindowsConfiguration.enableAutomaticUpdates must be true. AutomaticByPlatform - the virtual machine will automatically updated by the platform. The properties provisionVMAgent and WindowsConfiguration.enableAutomaticUpdates must be true |
'AutomaticByOS' 'AutomaticByPlatform' 'Manual' |
WindowsVMGuestPatchAutomaticByPlatformSettings
Name | Description | Value |
---|---|---|
bypassPlatformSafetyChecksOnUserSchedule | Enables customer to schedule patching without accidental upgrades | bool |
rebootSetting | Specifies the reboot setting for all AutomaticByPlatform patch installation operations. | 'Always' 'IfRequired' 'Never' 'Unknown' |
WinRMConfiguration
Name | Description | Value |
---|---|---|
listeners | The list of Windows Remote Management listeners | WinRMListener[] |
WinRMListener
Name | Description | Value |
---|---|---|
certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"{Base64-encoded-certificate}", "dataType":"pfx", "password":"{pfx-file-password}" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
string |
protocol | Specifies the protocol of WinRM listener. Possible values are: http, https. | 'Http' 'Https' |
ScheduledEventsPolicy
Name | Description | Value |
---|---|---|
scheduledEventsAdditionalPublishingTargets | The configuration parameters used while publishing scheduledEventsAdditionalPublishingTargets. | ScheduledEventsAdditionalPublishingTargets |
userInitiatedReboot | The configuration parameters used while creating userInitiatedReboot scheduled event setting creation. | UserInitiatedReboot |
userInitiatedRedeploy | The configuration parameters used while creating userInitiatedRedeploy scheduled event setting creation. | UserInitiatedRedeploy |
ScheduledEventsAdditionalPublishingTargets
Name | Description | Value |
---|---|---|
eventGridAndResourceGraph | The configuration parameters used while creating eventGridAndResourceGraph Scheduled Event setting. | EventGridAndResourceGraph |
EventGridAndResourceGraph
Name | Description | Value |
---|---|---|
enable | Specifies if event grid and resource graph is enabled for Scheduled event related configurations. | bool |
UserInitiatedReboot
Name | Description | Value |
---|---|---|
automaticallyApprove | Specifies Reboot Scheduled Event related configurations. | bool |
UserInitiatedRedeploy
Name | Description | Value |
---|---|---|
automaticallyApprove | Specifies Redeploy Scheduled Event related configurations. | bool |
ScheduledEventsProfile
Name | Description | Value |
---|---|---|
osImageNotificationProfile | Specifies OS Image Scheduled Event related configurations. | OSImageNotificationProfile |
terminateNotificationProfile | Specifies Terminate Scheduled Event related configurations. | TerminateNotificationProfile |
OSImageNotificationProfile
Name | Description | Value |
---|---|---|
enable | Specifies whether the OS Image Scheduled event is enabled or disabled. | bool |
notBeforeTimeout | Length of time a Virtual Machine being reimaged or having its OS upgraded will have to potentially approve the OS Image Scheduled Event before the event is auto approved (timed out). The configuration is specified in ISO 8601 format, and the value must be 15 minutes (PT15M) | string |
TerminateNotificationProfile
Name | Description | Value |
---|---|---|
enable | Specifies whether the Terminate Scheduled event is enabled or disabled. | bool |
notBeforeTimeout | Configurable length of time a Virtual Machine being deleted will have to potentially approve the Terminate Scheduled Event before the event is auto approved (timed out). The configuration must be specified in ISO 8601 format, the default value is 5 minutes (PT5M) | string |
SecurityProfile
Name | Description | Value |
---|---|---|
encryptionAtHost | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. The default behavior is: The Encryption at host will be disabled unless this property is set to true for the resource. | bool |
encryptionIdentity | Specifies the Managed Identity used by ADE to get access token for keyvault operations. | EncryptionIdentity |
proxyAgentSettings | Specifies ProxyAgent settings while creating the virtual machine. Minimum api-version: 2024-03-01. | ProxyAgentSettings |
securityType | Specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UefiSettings. The default behavior is: UefiSettings will not be enabled unless this property is set. | 'ConfidentialVM' 'TrustedLaunch' |
uefiSettings | Specifies the security settings like secure boot and vTPM used while creating the virtual machine. Minimum api-version: 2020-12-01. | UefiSettings |
EncryptionIdentity
Name | Description | Value |
---|---|---|
userAssignedIdentityResourceId | Specifies ARM Resource ID of one of the user identities associated with the VM. | string |
ProxyAgentSettings
Name | Description | Value |
---|---|---|
enabled | Specifies whether ProxyAgent feature should be enabled on the virtual machine or virtual machine scale set. | bool |
keyIncarnationId | Increase the value of this property allows user to reset the key used for securing communication channel between guest and host. | int |
mode | Specifies the mode that ProxyAgent will execute on if the feature is enabled. ProxyAgent will start to audit or monitor but not enforce access control over requests to host endpoints in Audit mode, while in Enforce mode it will enforce access control. The default value is Enforce mode. | 'Audit' 'Enforce' |
UefiSettings
Name | Description | Value |
---|---|---|
secureBootEnabled | Specifies whether secure boot should be enabled on the virtual machine. Minimum api-version: 2020-12-01. | bool |
vTpmEnabled | Specifies whether vTPM should be enabled on the virtual machine. Minimum api-version: 2020-12-01. | bool |
StorageProfile
Name | Description | Value |
---|---|---|
dataDisks | Specifies the parameters that are used to add a data disk to a virtual machine. For more information about disks, see About disks and VHDs for Azure virtual machines. | DataDisk[] |
diskControllerType | Specifies the disk controller type configured for the VM. Note: This property will be set to the default disk controller type if not specified provided virtual machine is being created with 'hyperVGeneration' set to V2 based on the capabilities of the operating system disk and VM size from the the specified minimum api version. You need to deallocate the VM before updating its disk controller type unless you are updating the VM size in the VM configuration which implicitly deallocates and reallocates the VM. Minimum api-version: 2022-08-01. | 'NVMe' 'SCSI' |
imageReference | Specifies information about the image to use. You can specify information about platform images, marketplace images, or virtual machine images. This element is required when you want to use a platform image, marketplace image, or virtual machine image, but is not used in other creation operations. | ImageReference |
osDisk | Specifies information about the operating system disk used by the virtual machine. For more information about disks, see About disks and VHDs for Azure virtual machines. | OSDisk |
DataDisk
Name | Description | Value |
---|---|---|
caching | Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The defaulting behavior is: None for Standard storage. ReadOnly for Premium storage. | 'None' 'ReadOnly' 'ReadWrite' |
createOption | Specifies how the virtual machine disk should be created. Possible values are Attach: This value is used when you are using a specialized disk to create the virtual machine. FromImage: This value is used when you are using an image to create the virtual machine data disk. If you are using a platform image, you should also use the imageReference element described above. If you are using a marketplace image, you should also use the plan element previously described. Empty: This value is used when creating an empty data disk. Copy: This value is used to create a data disk from a snapshot or another disk. Restore: This value is used to create a data disk from a disk restore point. | 'Attach' 'Copy' 'Empty' 'FromImage' 'Restore' (required) |
deleteOption | Specifies whether data disk should be deleted or detached upon VM deletion. Possible values are: Delete. If this value is used, the data disk is deleted when VM is deleted. Detach. If this value is used, the data disk is retained after VM is deleted. The default value is set to Detach. | 'Delete' 'Detach' |
detachOption | Specifies the detach behavior to be used while detaching a disk or which is already in the process of detachment from the virtual machine. Supported values: ForceDetach. detachOption: ForceDetach is applicable only for managed data disks. If a previous detachment attempt of the data disk did not complete due to an unexpected failure from the virtual machine and the disk is still not released then use force-detach as a last resort option to detach the disk forcibly from the VM. All writes might not have been flushed when using this detach behavior. This feature is still in preview mode and is not supported for VirtualMachineScaleSet. To force-detach a data disk update toBeDetached to 'true' along with setting detachOption: 'ForceDetach'. | 'ForceDetach' |
diskSizeGB | Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property 'diskSizeGB' is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023. | int |
image | The source user image virtual hard disk. The virtual hard disk will be copied before being attached to the virtual machine. If SourceImage is provided, the destination virtual hard drive must not exist. | VirtualHardDisk |
lun | Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. | int (required) |
managedDisk | The managed disk parameters. | ManagedDiskParameters |
name | The disk name. | string |
sourceResource | The source resource identifier. It can be a snapshot, or disk restore point from which to create a disk. | ApiEntityReference |
toBeDetached | Specifies whether the data disk is in process of detachment from the VirtualMachine/VirtualMachineScaleset | bool |
vhd | The virtual hard disk. | VirtualHardDisk |
writeAcceleratorEnabled | Specifies whether writeAccelerator should be enabled or disabled on the disk. | bool |
VirtualHardDisk
Name | Description | Value |
---|---|---|
uri | Specifies the virtual hard disk's uri. | string |
ManagedDiskParameters
Name | Description | Value |
---|---|---|
diskEncryptionSet | Specifies the customer managed disk encryption set resource id for the managed disk. | DiskEncryptionSetParameters |
id | Resource Id | string |
securityProfile | Specifies the security profile for the managed disk. | VMDiskSecurityProfile |
storageAccountType | Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. | 'PremiumV2_LRS' 'Premium_LRS' 'Premium_ZRS' 'StandardSSD_LRS' 'StandardSSD_ZRS' 'Standard_LRS' 'UltraSSD_LRS' |
DiskEncryptionSetParameters
Name | Description | Value |
---|---|---|
id | Resource Id | string |
VMDiskSecurityProfile
Name | Description | Value |
---|---|---|
diskEncryptionSet | Specifies the customer managed disk encryption set resource id for the managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and VMGuest blob. | DiskEncryptionSetParameters |
securityEncryptionType | Specifies the EncryptionType of the managed disk. It is set to DiskWithVMGuestState for encryption of the managed disk along with VMGuestState blob, VMGuestStateOnly for encryption of just the VMGuestState blob, and NonPersistedTPM for not persisting firmware state in the VMGuestState blob.. Note: It can be set for only Confidential VMs. | 'DiskWithVMGuestState' 'NonPersistedTPM' 'VMGuestStateOnly' |
ApiEntityReference
Name | Description | Value |
---|---|---|
id | The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/... | string |
ImageReference
Name | Description | Value |
---|---|---|
communityGalleryImageId | Specified the community gallery image unique id for vm deployment. This can be fetched from community gallery image GET call. | string |
id | Resource Id | string |
offer | Specifies the offer of the platform image or marketplace image used to create the virtual machine. | string |
publisher | The image publisher. | string |
sharedGalleryImageId | Specified the shared gallery image unique id for vm deployment. This can be fetched from shared gallery image GET call. | string |
sku | The image SKU. | string |
version | Specifies the version of the platform image or marketplace image used to create the virtual machine. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available. Please do not use field 'version' for gallery image deployment, gallery image should always use 'id' field for deployment, to use 'latest' version of gallery image, just set '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/images/{imageName}' in the 'id' field without version input. | string |
OSDisk
Name | Description | Value |
---|---|---|
caching | Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The defaulting behavior is: None for Standard storage. ReadOnly for Premium storage. | 'None' 'ReadOnly' 'ReadWrite' |
createOption | Specifies how the virtual machine disk should be created. Possible values are Attach: This value is used when you are using a specialized disk to create the virtual machine. FromImage: This value is used when you are using an image to create the virtual machine. If you are using a platform image, you should also use the imageReference element described above. If you are using a marketplace image, you should also use the plan element previously described. | 'Attach' 'Copy' 'Empty' 'FromImage' 'Restore' (required) |
deleteOption | Specifies whether OS Disk should be deleted or detached upon VM deletion. Possible values are: Delete. If this value is used, the OS disk is deleted when VM is deleted. Detach. If this value is used, the os disk is retained after VM is deleted. The default value is set to Detach. For an ephemeral OS Disk, the default value is set to Delete. The user cannot change the delete option for an ephemeral OS Disk. | 'Delete' 'Detach' |
diffDiskSettings | Specifies the ephemeral Disk Settings for the operating system disk used by the virtual machine. | DiffDiskSettings |
diskSizeGB | Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property 'diskSizeGB' is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023. | int |
encryptionSettings | Specifies the encryption settings for the OS Disk. Minimum api-version: 2015-06-15. | DiskEncryptionSettings |
image | The source user image virtual hard disk. The virtual hard disk will be copied before being attached to the virtual machine. If SourceImage is provided, the destination virtual hard drive must not exist. | VirtualHardDisk |
managedDisk | The managed disk parameters. | ManagedDiskParameters |
name | The disk name. | string |
osType | This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD. Possible values are: Windows, Linux. | 'Linux' 'Windows' |
vhd | The virtual hard disk. | VirtualHardDisk |
writeAcceleratorEnabled | Specifies whether writeAccelerator should be enabled or disabled on the disk. | bool |
DiffDiskSettings
Name | Description | Value |
---|---|---|
option | Specifies the ephemeral disk settings for operating system disk. | 'Local' |
placement | Specifies the ephemeral disk placement for operating system disk. Possible values are: CacheDisk, ResourceDisk, NvmeDisk. The defaulting behavior is: CacheDisk if one is configured for the VM size otherwise ResourceDisk or NvmeDisk is used. Refer to the VM size documentation for Windows VM at /azure/virtual-machines/windows/sizes and Linux VM at /azure/virtual-machines/linux/sizes to check which VM sizes exposes a cache disk. Minimum api-version for NvmeDisk: 2024-03-01. | 'CacheDisk' 'NvmeDisk' 'ResourceDisk' |
DiskEncryptionSettings
Name | Description | Value |
---|---|---|
diskEncryptionKey | Specifies the location of the disk encryption key, which is a Key Vault Secret. | KeyVaultSecretReference |
enabled | Specifies whether disk encryption should be enabled on the virtual machine. | bool |
keyEncryptionKey | Specifies the location of the key encryption key in Key Vault. | KeyVaultKeyReference |
KeyVaultSecretReference
Name | Description | Value |
---|---|---|
secretUrl | The URL referencing a secret in a Key Vault. | string (required) |
sourceVault | The relative URL of the Key Vault containing the secret. | SubResource (required) |
KeyVaultKeyReference
Name | Description | Value |
---|---|---|
keyUrl | The URL referencing a key encryption key in Key Vault. | string (required) |
sourceVault | The relative URL of the Key Vault containing the key. | SubResource (required) |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Deploy a simple Linux VM and update private IP to static |
This template allows you to deploy a simple Linux VM using Ubuntu from the marketplace. This will deploy a VNET, Subnet, and an A1 size VM in the resource group location with a dynamically assigned IP address and then convert it to static IP. |
Create VMs in Availability Sets using Resource Loops |
Create 2-5 VMs in Availability Sets using Resource Loops. The VMs can be Unbuntu or Windows with a maximum of 5 VMs since this sample uses a single storageAccount |
Multi VM Template with Managed Disk |
This template will create N number of VM's with managed disks, public IPs and network interfaces. It will create the VMs in a single Availability Set. They will be provisioned in a Virtual Network which will also be created as part of the deployment |
Install a file on a Windows VM |
This template allows you to deploy a Windows VM and run a custom PowerShell script to install a file on that VM. |
Deploy a Virtual Machine with Custom Data |
This template allows you to create a Virtual Machine with Custom Data passed down to the VM. This template also deploys a Storage Account, Virtual Network, Public IP addresses and a Network Interface. |
Deploy a Premium Windows VM with diagnostics |
This template allows you to deploy a Premium Windows VM using a few different options for the Windows version, using the latest patched version. |
Create a VM in a VNET in different Resource Group |
This template creates a VM in a VNET which is in a different Resource Group |
Join a VM to an existing domain |
This template demonstrates domain join to a private AD domain up in cloud. |
Create a VM with a dynamic selection of data disks |
This template allows the user to select the number of data disks they'd like to add to the VM. |
Create a VM from a EfficientIP VHD |
This template creates a VM from a EfficientIP VHD and let you connect it to an existing VNET that can reside in another Resource Group then the virtual machine |
Create a VM from User Image |
This template allows you to create a Virtual Machines from a User image. This template also deploys a Virtual Network, Public IP addresses and a Network Interface. |
Create a VM in a new or existing vnet from a generalized VHD |
This template creates a VM from a generalized VHD and let you connect it to a new or existing VNET that can reside in another Resource Group than the virtual machine |
CentOS/UbuntuServer Auto Dynamic Disks & Docker 1.12(cs) |
This is a common template for creating single instance CentOS 7.2/7.1/6.5 or Ubuntu Server 16.04.0-LTS with configurable number of data disks (configurable sizes). Maximum 16 disks can be mentioned in the portal parameters and maximum size of each disk should be less than 1023 GB. The MDADM RAID0 Array is automounted and survives restarts. Latest Docker 1.12(cs3) (Swarm), docker-compose 1.9.0 & docker-machine 0.8.2 is available for usage from user azure-cli is auto running as a docker container. This single instance template is an offshoot of the HPC/GPU Clusters Template @ https://github.com/azurebigcompute/BigComputeBench |
GitLab Omnibus |
This template simplifies the deployment of GitLab Omnibus on a Virtual Machine with a public DNS, leveraging the public IP's DNS. It utilizes the Standard_F8s_v2 instance size, which aligns with reference architecture and supports up to 1000 users (20 RPS). The instance is pre-configured to use HTTPS with a Let's Encrypt certificate for secure connections. |
Linux VM with Serial Output |
This template creates a simple Linux VM with minimal parameters and serial/console configured to output to storage |
Deploy a simple Windows VM with monitoring and diagnostics |
This template allows you to deploy a simple Windows VM along with the diagnostics extension which enables monitoring and diagnostics for the VM |
Deploy a Linux or Windows VM with MSI |
This template allows you to deploy a Linux or Windows VM with a Managed Service Identity. |
Terraform on Azure |
This template allows you to deploy a Terraform workstation as a Linux VM with MSI. |
Linux VM with MSI Accessing Storage |
This template deploys a linux VM with a system assigned managed identity that has access to a storage account in a different resource group. |
Create a VM from a Windows Image with 4 Empty Data Disks |
This template allows you to create a Windows Virtual Machine from a specified image. It also attaches 4 empty data disks. Note that you can specify the size of the empty data disks. |
Deploy a VM with multiple IPs |
This template allows you to deploy a VM with 3 IP configurations. This template will deploy a Linux/Windows VM called myVM1 with 3 IP configurations: IPConfig-1, IPConfig-2 and IPConfig-3, respectively. |
Deploy a Linux VM (Ubuntu) with multiple NICs |
This template creates a VNet with multiple subnets and deploys a Ubuntu VM with multiple NICs |
Virtual Machine with Conditional Resources |
This template allows deploying a linux VM using new or existing resources for the Virtual Network, Storage and Public IP Address. It also allows for choosing between SSH and Password authenticate. The templates uses conditions and logic functions to remove the need for nested deployments. |
Create VM from existing VHDs and connect it to existingVNET |
This template creates a VM from VHDs (OS + data disk) and let you connect it to an existing VNET that can reside in another Resource Group then the virtual machine |
Push a certificate onto a Windows VM |
Push a certificate onto a Windows VM. Create the Key Vault using the template at https://azure.microsoft.com/documentation/templates/101-create-key-vault |
Secure VM password with Key Vault |
This template allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore the password is never put in plain text in the template parameter file |
Deploy a simple FreeBSD VM in resource group location |
This template allows you to deploy a simple FreeBSD VM using a few different options for the FreeBSD version, using the latest patched version. This will deploy in resource group location on a D1 VM Size. |
Deploy a simple Ubuntu Linux VM 20.04-LTS |
This template deploys an Ubuntu Server with a few options for the VM. You can provide the VM Name, OS Version, VM size, and admin username and password. As default the VM size is Standard_D2s_v3 and OS version is 20.04-LTS. |
Deploy a simple Linux VM with Accelerated Networking |
This template allows you to deploy a simple Linux VM with Accelerated Networking using Ubuntu version 18.04-LTS with the latest patched version. This will deploy a D3_v2 size VM in the resource group location and return the FQDN of the VM. |
Red Hat Enterprise Linux VM (RHEL 7.8) |
This template will deploy a Red Hat Enterprise Linux VM (RHEL 7.8), using the Pay-As-You-Go RHEL VM image for the selected version on Standard D1 VM in the location of your chosen resource group with an additional 100 GiB data disk attached to the VM. Additional charges apply to this image - consult Azure VM Pricing page for details. |
Red Hat Enterprise Linux VM (RHEL 7.8 unmanaged) |
This template will deploy a Red Hat Enterprise Linux VM (RHEL 7.8), using the Pay-As-You-Go RHEL VM image for the selected version on Standard A1_v2 VM in the location of your chosen resource group with an additional 100 GiB data disk attached to the VM. Additional charges apply to this image - consult Azure VM Pricing page for details. |
SUSE Linux Enterprise Server VM (SLES 12) |
This template will allow you to deploy a SUSE Linux Enterprise Server VM (SLES 12), using the Pay-As-You-Go SLES VM image for the selected version on Standard D1 VM in the location of your chosen resource group with an additional 100 GiB data disk attached to the VM. Additional charges apply to this image - consult Azure VM Pricing page for details. |
Deploy a simple Windows VM |
This template allows you to deploy a simple Windows VM using a few different options for the Windows version, using the latest patched version. This will deploy an A2 size VM in the resource group location and return the FQDN of the VM. |
Deploy a Windows Server VM with Visual Studio |
This template deploys a Windows Server VM with Visual Code Studio Community 2019, with a few options for the VM. You can provide the name of VM, the admin username and admin password. |
Deploy a VM into an Availability Zone |
This template allows you to deploy a simple VM (Windows or Ubuntu), using the latest patched version. This will deploy a A2_v2 size VM in the location specified and return the FQDN of the VM. |
Create a VM in a new or existing vnet from a custom VHD |
This template creates a VM from a specialized VHD and let you connect it to a new or existing VNET that can reside in another Resource Group than the virtual machine |
SQL Server 2014 SP2 Enterprise with Auto Backup |
This template will create a SQL Server 2014 SP2 Enterprise edition with Auto Backup feature enabled |
SQL Server 2014 SP1 Enterprise with Auto Patching |
This template will create a SQL Server 2014 SP1 Enterprise edition with Auto Patching feature enabled. |
SQL Server 2014 SP1 Enterprise with Azure Key Vault |
This template will create a SQL Server 2014 SP1 Enterprise edition with Azure Key Vault Integration feature enabled. |
Deploy a Virtual Machine with SSH rsa public key |
This template allows you to create a Virtual Machine with SSH rsa public key |
Deploy a simple Windows VM with tags |
This template will deploy a D2_v3 Windows VM, NIC, Storage Account, Virtual Network, Public IP Address, and Network Security Group. The tag object is created in the variables and will be applied on all resources, where applicable. |
Deploy a trusted launch capable Linux virtual machine |
This template allows you to deploy a trusted launch capable Linux virtual machine using a few different options for the Linux version, using the latest patched version. If you enable Secureboot and vTPM, the Guest Attestation extension will be installed on your VM. This extension will perform remote attestation by the cloud. By default, this will deploy an Standard_D2_v3 size virtual machine in the resource group location and return the FQDN of the virtual machine. |
Deploy a trusted launch capable Windows virtual machine |
This template allows you to deploy a trusted launch capable Windows virtual machine using a few different options for the Windows version, using the latest patched version. If you enable Secureboot and vTPM, the Guest Attestation extension will be installed on your VM. This extension will perform remote attestation by the cloud. By default, this will deploy an Standard_D2_v3 size virtual machine in the resource group location and return the FQDN of the virtual machine. |
Deploy a Virtual Machine with User Data |
This template allows you to create a Virtual Machine with User Data passed down to the VM. This template also deploys a Virtual Network, Public IP addresses, and a Network Interface. |
Deploy a Windows VM with Windows Admin Center extension |
This template allows you to deploy a Windows VM with Windows Admin Center extension to manage the VM directly from Azure Portal. |
Windows VM with Azure secure baseline |
The template creates a virtual machine running Windows Server in a new virtual network, with a public IP address. Once the machine has deployed, the guest configuration extension is installed and the Azure secure baseline for Windows Server is applied. If the configuration of the machines drifts, you can re-apply the settings by deploying the template again. |
Deploy a Windows VM with a variable number of data disks |
This template allows you to deploy a simple VM and specify the number of data disks at deploy time using a parameter. Note that the number and size of data disks is bound by the VM size. The VM size for this sample is Standard_DS4_v2 with a default of 16 data disks. |
Windows Server VM with SSH |
Deploy a single Windows VM with Open SSH enabled so that you can connect through SSH using key-based authentication. |
Create a data management gateway and install on an Azure VM |
This template deploys a virtual machine and creates a workable data management gateway |
Virtual machine with an RDP port |
Creates a virtual machine and creates a NAT rule for RDP to the VM in load balancer |
Create a VM with multiple empty StandardSSD_LRS Data Disks |
This template allows you to create a Windows Virtual Machine from a specified image. It also attaches multiple empty StandardSSD data disks by default. Note that you can specify the size and the Storage type (Standard_LRS, StandardSSD_LRS and Premium_LRS) of the empty data disks. |
Self-host Integration Runtime on Azure VMs |
This template creates a selfhost integration runtime and registers it on Azure virtual machines |
Add multiple VMs into a Virtual Machine Scale Set |
This template will create N number of VM's with managed disks, public IPs and network interfaces. It will create the VMs in a Virtual Machine Scale Set in Flexible Orchestration mode. They will be provisioned in a Virtual Network which will also be created as part of the deployment |
Deploy a VM Scale Set with Linux VMs behind ILB |
This template allows you to deploy a VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 15.10 or 14.04.4-LTS. These VMs are behind an internal load balancer with NAT rules for ssh connections. |
ARM template resource definition
The virtualMachines resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Compute/virtualMachines resource, add the following JSON to your template.
{
"type": "Microsoft.Compute/virtualMachines",
"apiVersion": "2024-03-01",
"name": "string",
"location": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"extendedLocation": {
"name": "string",
"type": "EdgeZone"
},
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {}
}
},
"plan": {
"name": "string",
"product": "string",
"promotionCode": "string",
"publisher": "string"
},
"properties": {
"additionalCapabilities": {
"hibernationEnabled": "bool",
"ultraSSDEnabled": "bool"
},
"applicationProfile": {
"galleryApplications": [
{
"configurationReference": "string",
"enableAutomaticUpgrade": "bool",
"order": "int",
"packageReferenceId": "string",
"tags": "string",
"treatFailureAsDeploymentFailure": "bool"
}
]
},
"availabilitySet": {
"id": "string"
},
"billingProfile": {
"maxPrice": "[json('decimal-as-string')]"
},
"capacityReservation": {
"capacityReservationGroup": {
"id": "string"
}
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": "bool",
"storageUri": "string"
}
},
"evictionPolicy": "string",
"extensionsTimeBudget": "string",
"hardwareProfile": {
"vmSize": "string",
"vmSizeProperties": {
"vCPUsAvailable": "int",
"vCPUsPerCore": "int"
}
},
"host": {
"id": "string"
},
"hostGroup": {
"id": "string"
},
"licenseType": "string",
"networkProfile": {
"networkApiVersion": "2020-11-01",
"networkInterfaceConfigurations": [
{
"name": "string",
"properties": {
"auxiliaryMode": "string",
"auxiliarySku": "string",
"deleteOption": "string",
"disableTcpStateTracking": "bool",
"dnsSettings": {
"dnsServers": [ "string" ]
},
"dscpConfiguration": {
"id": "string"
},
"enableAcceleratedNetworking": "bool",
"enableFpga": "bool",
"enableIPForwarding": "bool",
"ipConfigurations": [
{
"name": "string",
"properties": {
"applicationGatewayBackendAddressPools": [
{
"id": "string"
}
],
"applicationSecurityGroups": [
{
"id": "string"
}
],
"loadBalancerBackendAddressPools": [
{
"id": "string"
}
],
"primary": "bool",
"privateIPAddressVersion": "string",
"publicIPAddressConfiguration": {
"name": "string",
"properties": {
"deleteOption": "string",
"dnsSettings": {
"domainNameLabel": "string",
"domainNameLabelScope": "string"
},
"idleTimeoutInMinutes": "int",
"ipTags": [
{
"ipTagType": "string",
"tag": "string"
}
],
"publicIPAddressVersion": "string",
"publicIPAllocationMethod": "string",
"publicIPPrefix": {
"id": "string"
}
},
"sku": {
"name": "string",
"tier": "string"
}
},
"subnet": {
"id": "string"
}
}
}
],
"networkSecurityGroup": {
"id": "string"
},
"primary": "bool"
}
}
],
"networkInterfaces": [
{
"id": "string",
"properties": {
"deleteOption": "string",
"primary": "bool"
}
}
]
},
"osProfile": {
"adminPassword": "string",
"adminUsername": "string",
"allowExtensionOperations": "bool",
"computerName": "string",
"customData": "string",
"linuxConfiguration": {
"disablePasswordAuthentication": "bool",
"enableVMAgentPlatformUpdates": "bool",
"patchSettings": {
"assessmentMode": "string",
"automaticByPlatformSettings": {
"bypassPlatformSafetyChecksOnUserSchedule": "bool",
"rebootSetting": "string"
},
"patchMode": "string"
},
"provisionVMAgent": "bool",
"ssh": {
"publicKeys": [
{
"keyData": "string",
"path": "string"
}
]
}
},
"requireGuestProvisionSignal": "bool",
"secrets": [
{
"sourceVault": {
"id": "string"
},
"vaultCertificates": [
{
"certificateStore": "string",
"certificateUrl": "string"
}
]
}
],
"windowsConfiguration": {
"additionalUnattendContent": [
{
"componentName": "Microsoft-Windows-Shell-Setup",
"content": "string",
"passName": "OobeSystem",
"settingName": "string"
}
],
"enableAutomaticUpdates": "bool",
"enableVMAgentPlatformUpdates": "bool",
"patchSettings": {
"assessmentMode": "string",
"automaticByPlatformSettings": {
"bypassPlatformSafetyChecksOnUserSchedule": "bool",
"rebootSetting": "string"
},
"enableHotpatching": "bool",
"patchMode": "string"
},
"provisionVMAgent": "bool",
"timeZone": "string",
"winRM": {
"listeners": [
{
"certificateUrl": "string",
"protocol": "string"
}
]
}
}
},
"platformFaultDomain": "int",
"priority": "string",
"proximityPlacementGroup": {
"id": "string"
},
"scheduledEventsPolicy": {
"scheduledEventsAdditionalPublishingTargets": {
"eventGridAndResourceGraph": {
"enable": "bool"
}
},
"userInitiatedReboot": {
"automaticallyApprove": "bool"
},
"userInitiatedRedeploy": {
"automaticallyApprove": "bool"
}
},
"scheduledEventsProfile": {
"osImageNotificationProfile": {
"enable": "bool",
"notBeforeTimeout": "string"
},
"terminateNotificationProfile": {
"enable": "bool",
"notBeforeTimeout": "string"
}
},
"securityProfile": {
"encryptionAtHost": "bool",
"encryptionIdentity": {
"userAssignedIdentityResourceId": "string"
},
"proxyAgentSettings": {
"enabled": "bool",
"keyIncarnationId": "int",
"mode": "string"
},
"securityType": "string",
"uefiSettings": {
"secureBootEnabled": "bool",
"vTpmEnabled": "bool"
}
},
"storageProfile": {
"dataDisks": [
{
"caching": "string",
"createOption": "string",
"deleteOption": "string",
"detachOption": "ForceDetach",
"diskSizeGB": "int",
"image": {
"uri": "string"
},
"lun": "int",
"managedDisk": {
"diskEncryptionSet": {
"id": "string"
},
"id": "string",
"securityProfile": {
"diskEncryptionSet": {
"id": "string"
},
"securityEncryptionType": "string"
},
"storageAccountType": "string"
},
"name": "string",
"sourceResource": {
"id": "string"
},
"toBeDetached": "bool",
"vhd": {
"uri": "string"
},
"writeAcceleratorEnabled": "bool"
}
],
"diskControllerType": "string",
"imageReference": {
"communityGalleryImageId": "string",
"id": "string",
"offer": "string",
"publisher": "string",
"sharedGalleryImageId": "string",
"sku": "string",
"version": "string"
},
"osDisk": {
"caching": "string",
"createOption": "string",
"deleteOption": "string",
"diffDiskSettings": {
"option": "Local",
"placement": "string"
},
"diskSizeGB": "int",
"encryptionSettings": {
"diskEncryptionKey": {
"secretUrl": "string",
"sourceVault": {
"id": "string"
}
},
"enabled": "bool",
"keyEncryptionKey": {
"keyUrl": "string",
"sourceVault": {
"id": "string"
}
}
},
"image": {
"uri": "string"
},
"managedDisk": {
"diskEncryptionSet": {
"id": "string"
},
"id": "string",
"securityProfile": {
"diskEncryptionSet": {
"id": "string"
},
"securityEncryptionType": "string"
},
"storageAccountType": "string"
},
"name": "string",
"osType": "string",
"vhd": {
"uri": "string"
},
"writeAcceleratorEnabled": "bool"
}
},
"userData": "string",
"virtualMachineScaleSet": {
"id": "string"
}
},
"zones": [ "string" or int ]
}
Property values
virtualMachines
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.Compute/virtualMachines' |
apiVersion | The resource api version | '2024-03-01' |
name | The resource name | string (required) Character limit: 1-15 (Windows) 1-64 (Linux) Valid characters: Can't use spaces, control characters, or these characters: ~ ! @ # $ % ^ & * ( ) = + _ [ ] { } \ | ; : . ' " , < > / ? Windows VMs can't include period or end with hyphen. Linux VMs can't end with period or hyphen. |
location | Resource location | string (required) |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
extendedLocation | The extended location of the Virtual Machine. | ExtendedLocation |
identity | The identity of the virtual machine, if configured. | VirtualMachineIdentity |
plan | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. In the Azure portal, find the marketplace image that you want to use and then click Want to deploy programmatically, Get Started ->. Enter any required information and then click Save. | Plan |
properties | Describes the properties of a Virtual Machine. | VirtualMachineProperties |
zones | The virtual machine zones. | Array of availability zones as string or int. |
ExtendedLocation
Name | Description | Value |
---|---|---|
name | The name of the extended location. | string |
type | The type of the extended location. | 'EdgeZone' |
VirtualMachineIdentity
Name | Description | Value |
---|---|---|
type | The type of identity used for the virtual machine. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
userAssignedIdentities | The list of user identities associated with the Virtual Machine. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | UserAssignedIdentities |
UserAssignedIdentities
Name | Description | Value |
---|---|---|
{customized property} | UserAssignedIdentitiesValue |
UserAssignedIdentitiesValue
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
Plan
Name | Description | Value |
---|---|---|
name | The plan ID. | string |
product | Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. | string |
promotionCode | The promotion code. | string |
publisher | The publisher ID. | string |
VirtualMachineProperties
Name | Description | Value |
---|---|---|
additionalCapabilities | Specifies additional capabilities enabled or disabled on the virtual machine. | AdditionalCapabilities |
applicationProfile | Specifies the gallery applications that should be made available to the VM/VMSS. | ApplicationProfile |
availabilitySet | Specifies information about the availability set that the virtual machine should be assigned to. Virtual machines specified in the same availability set are allocated to different nodes to maximize availability. For more information about availability sets, see Availability sets overview. For more information on Azure planned maintenance, see Maintenance and updates for Virtual Machines in Azure. Currently, a VM can only be added to availability set at creation time. The availability set to which the VM is being added should be under the same resource group as the availability set resource. An existing VM cannot be added to an availability set. This property cannot exist along with a non-null properties.virtualMachineScaleSet reference. | SubResource |
billingProfile | Specifies the billing related details of a Azure Spot virtual machine. Minimum api-version: 2019-03-01. | BillingProfile |
capacityReservation | Specifies information about the capacity reservation that is used to allocate virtual machine. Minimum api-version: 2021-04-01. | CapacityReservationProfile |
diagnosticsProfile | Specifies the boot diagnostic settings state. Minimum api-version: 2015-06-15. | DiagnosticsProfile |
evictionPolicy | Specifies the eviction policy for the Azure Spot virtual machine and Azure Spot scale set. For Azure Spot virtual machines, both 'Deallocate' and 'Delete' are supported and the minimum api-version is 2019-03-01. For Azure Spot scale sets, both 'Deallocate' and 'Delete' are supported and the minimum api-version is 2017-10-30-preview. | 'Deallocate' 'Delete' |
extensionsTimeBudget | Specifies the time alloted for all extensions to start. The time duration should be between 15 minutes and 120 minutes (inclusive) and should be specified in ISO 8601 format. The default value is 90 minutes (PT1H30M). Minimum api-version: 2020-06-01. | string |
hardwareProfile | Specifies the hardware settings for the virtual machine. | HardwareProfile |
host | Specifies information about the dedicated host that the virtual machine resides in. Minimum api-version: 2018-10-01. | SubResource |
hostGroup | Specifies information about the dedicated host group that the virtual machine resides in. Note: User cannot specify both host and hostGroup properties. Minimum api-version: 2020-06-01. | SubResource |
licenseType | Specifies that the image or disk that is being used was licensed on-premises. Possible values for Windows Server operating system are: Windows_Client Windows_Server Possible values for Linux Server operating system are: RHEL_BYOS (for RHEL) SLES_BYOS (for SUSE) For more information, see Azure Hybrid Use Benefit for Windows Server Azure Hybrid Use Benefit for Linux Server Minimum api-version: 2015-06-15 |
string |
networkProfile | Specifies the network interfaces of the virtual machine. | NetworkProfile |
osProfile | Specifies the operating system settings used while creating the virtual machine. Some of the settings cannot be changed once VM is provisioned. | OSProfile |
platformFaultDomain | Specifies the scale set logical fault domain into which the Virtual Machine will be created. By default, the Virtual Machine will by automatically assigned to a fault domain that best maintains balance across available fault domains. This is applicable only if the 'virtualMachineScaleSet' property of this Virtual Machine is set. The Virtual Machine Scale Set that is referenced, must have 'platformFaultDomainCount' greater than 1. This property cannot be updated once the Virtual Machine is created. Fault domain assignment can be viewed in the Virtual Machine Instance View. Minimum api‐version: 2020‐12‐01. | int |
priority | Specifies the priority for the virtual machine. Minimum api-version: 2019-03-01 | 'Low' 'Regular' 'Spot' |
proximityPlacementGroup | Specifies information about the proximity placement group that the virtual machine should be assigned to. Minimum api-version: 2018-04-01. | SubResource |
scheduledEventsPolicy | Specifies Redeploy, Reboot and ScheduledEventsAdditionalPublishingTargets Scheduled Event related configurations for the virtual machine. | ScheduledEventsPolicy |
scheduledEventsProfile | Specifies Scheduled Event related configurations. | ScheduledEventsProfile |
securityProfile | Specifies the Security related profile settings for the virtual machine. | SecurityProfile |
storageProfile | Specifies the storage settings for the virtual machine disks. | StorageProfile |
userData | UserData for the VM, which must be base-64 encoded. Customer should not pass any secrets in here. Minimum api-version: 2021-03-01. | string |
virtualMachineScaleSet | Specifies information about the virtual machine scale set that the virtual machine should be assigned to. Virtual machines specified in the same virtual machine scale set are allocated to different nodes to maximize availability. Currently, a VM can only be added to virtual machine scale set at creation time. An existing VM cannot be added to a virtual machine scale set. This property cannot exist along with a non-null properties.availabilitySet reference. Minimum api‐version: 2019‐03‐01. | SubResource |
AdditionalCapabilities
Name | Description | Value |
---|---|---|
hibernationEnabled | The flag that enables or disables hibernation capability on the VM. | bool |
ultraSSDEnabled | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. | bool |
ApplicationProfile
Name | Description | Value |
---|---|---|
galleryApplications | Specifies the gallery applications that should be made available to the VM/VMSS | VMGalleryApplication[] |
VMGalleryApplication
Name | Description | Value |
---|---|---|
configurationReference | Optional, Specifies the uri to an azure blob that will replace the default configuration for the package if provided | string |
enableAutomaticUpgrade | If set to true, when a new Gallery Application version is available in PIR/SIG, it will be automatically updated for the VM/VMSS | bool |
order | Optional, Specifies the order in which the packages have to be installed | int |
packageReferenceId | Specifies the GalleryApplicationVersion resource id on the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/applications/{application}/versions/{version} | string (required) |
tags | Optional, Specifies a passthrough value for more generic context. | string |
treatFailureAsDeploymentFailure | Optional, If true, any failure for any operation in the VmApplication will fail the deployment | bool |
SubResource
Name | Description | Value |
---|---|---|
id | Resource Id | string |
BillingProfile
Name | Description | Value |
---|---|---|
maxPrice | Specifies the maximum price you are willing to pay for a Azure Spot VM/VMSS. This price is in US Dollars. This price will be compared with the current Azure Spot price for the VM size. Also, the prices are compared at the time of create/update of Azure Spot VM/VMSS and the operation will only succeed if the maxPrice is greater than the current Azure Spot price. The maxPrice will also be used for evicting a Azure Spot VM/VMSS if the current Azure Spot price goes beyond the maxPrice after creation of VM/VMSS. Possible values are: - Any decimal value greater than zero. Example: 0.01538 -1 – indicates default price to be up-to on-demand. You can set the maxPrice to -1 to indicate that the Azure Spot VM/VMSS should not be evicted for price reasons. Also, the default max price is -1 if it is not provided by you. Minimum api-version: 2019-03-01. To specify a decimal value, use the json() function. |
int or json decimal |
CapacityReservationProfile
Name | Description | Value |
---|---|---|
capacityReservationGroup | Specifies the capacity reservation group resource id that should be used for allocating the virtual machine or scaleset vm instances provided enough capacity has been reserved. Please refer to https://aka.ms/CapacityReservation for more details. |
SubResource |
DiagnosticsProfile
Name | Description | Value |
---|---|---|
bootDiagnostics | Boot Diagnostics is a debugging feature which allows you to view Console Output and Screenshot to diagnose VM status. NOTE: If storageUri is being specified then ensure that the storage account is in the same region and subscription as the VM. You can easily view the output of your console log. Azure also enables you to see a screenshot of the VM from the hypervisor. | BootDiagnostics |
BootDiagnostics
Name | Description | Value |
---|---|---|
enabled | Whether boot diagnostics should be enabled on the Virtual Machine. | bool |
storageUri | Uri of the storage account to use for placing the console output and screenshot. If storageUri is not specified while enabling boot diagnostics, managed storage will be used. | string |
HardwareProfile
Name | Description | Value |
---|---|---|
vmSize | Specifies the size of the virtual machine. The enum data type is currently deprecated and will be removed by December 23rd 2023. The recommended way to get the list of available sizes is using these APIs: List all available virtual machine sizes in an availability set, List all available virtual machine sizes in a region, List all available virtual machine sizes for resizing. For more information about virtual machine sizes, see Sizes for virtual machines. The available VM sizes depend on region and availability set. | 'Basic_A0' 'Basic_A1' 'Basic_A2' 'Basic_A3' 'Basic_A4' 'Standard_A0' 'Standard_A1' 'Standard_A10' 'Standard_A11' 'Standard_A1_v2' 'Standard_A2' 'Standard_A2_v2' 'Standard_A2m_v2' 'Standard_A3' 'Standard_A4' 'Standard_A4_v2' 'Standard_A4m_v2' 'Standard_A5' 'Standard_A6' 'Standard_A7' 'Standard_A8' 'Standard_A8_v2' 'Standard_A8m_v2' 'Standard_A9' 'Standard_B1ms' 'Standard_B1s' 'Standard_B2ms' 'Standard_B2s' 'Standard_B4ms' 'Standard_B8ms' 'Standard_D1' 'Standard_D11' 'Standard_D11_v2' 'Standard_D12' 'Standard_D12_v2' 'Standard_D13' 'Standard_D13_v2' 'Standard_D14' 'Standard_D14_v2' 'Standard_D15_v2' 'Standard_D16_v3' 'Standard_D16s_v3' 'Standard_D1_v2' 'Standard_D2' 'Standard_D2_v2' 'Standard_D2_v3' 'Standard_D2s_v3' 'Standard_D3' 'Standard_D32_v3' 'Standard_D32s_v3' 'Standard_D3_v2' 'Standard_D4' 'Standard_D4_v2' 'Standard_D4_v3' 'Standard_D4s_v3' 'Standard_D5_v2' 'Standard_D64_v3' 'Standard_D64s_v3' 'Standard_D8_v3' 'Standard_D8s_v3' 'Standard_DS1' 'Standard_DS11' 'Standard_DS11_v2' 'Standard_DS12' 'Standard_DS12_v2' 'Standard_DS13' 'Standard_DS13-2_v2' 'Standard_DS13-4_v2' 'Standard_DS13_v2' 'Standard_DS14' 'Standard_DS14-4_v2' 'Standard_DS14-8_v2' 'Standard_DS14_v2' 'Standard_DS15_v2' 'Standard_DS1_v2' 'Standard_DS2' 'Standard_DS2_v2' 'Standard_DS3' 'Standard_DS3_v2' 'Standard_DS4' 'Standard_DS4_v2' 'Standard_DS5_v2' 'Standard_E16_v3' 'Standard_E16s_v3' 'Standard_E2_v3' 'Standard_E2s_v3' 'Standard_E32-16_v3' 'Standard_E32-8s_v3' 'Standard_E32_v3' 'Standard_E32s_v3' 'Standard_E4_v3' 'Standard_E4s_v3' 'Standard_E64-16s_v3' 'Standard_E64-32s_v3' 'Standard_E64_v3' 'Standard_E64s_v3' 'Standard_E8_v3' 'Standard_E8s_v3' 'Standard_F1' 'Standard_F16' 'Standard_F16s' 'Standard_F16s_v2' 'Standard_F1s' 'Standard_F2' 'Standard_F2s' 'Standard_F2s_v2' 'Standard_F32s_v2' 'Standard_F4' 'Standard_F4s' 'Standard_F4s_v2' 'Standard_F64s_v2' 'Standard_F72s_v2' 'Standard_F8' 'Standard_F8s' 'Standard_F8s_v2' 'Standard_G1' 'Standard_G2' 'Standard_G3' 'Standard_G4' 'Standard_G5' 'Standard_GS1' 'Standard_GS2' 'Standard_GS3' 'Standard_GS4' 'Standard_GS4-4' 'Standard_GS4-8' 'Standard_GS5' 'Standard_GS5-16' 'Standard_GS5-8' 'Standard_H16' 'Standard_H16m' 'Standard_H16mr' 'Standard_H16r' 'Standard_H8' 'Standard_H8m' 'Standard_L16s' 'Standard_L32s' 'Standard_L4s' 'Standard_L8s' 'Standard_M128-32ms' 'Standard_M128-64ms' 'Standard_M128ms' 'Standard_M128s' 'Standard_M64-16ms' 'Standard_M64-32ms' 'Standard_M64ms' 'Standard_M64s' 'Standard_NC12' 'Standard_NC12s_v2' 'Standard_NC12s_v3' 'Standard_NC24' 'Standard_NC24r' 'Standard_NC24rs_v2' 'Standard_NC24rs_v3' 'Standard_NC24s_v2' 'Standard_NC24s_v3' 'Standard_NC6' 'Standard_NC6s_v2' 'Standard_NC6s_v3' 'Standard_ND12s' 'Standard_ND24rs' 'Standard_ND24s' 'Standard_ND6s' 'Standard_NV12' 'Standard_NV24' 'Standard_NV6' |
vmSizeProperties | Specifies the properties for customizing the size of the virtual machine. Minimum api-version: 2021-07-01. This feature is still in preview mode and is not supported for VirtualMachineScaleSet. Please follow the instructions in VM Customization for more details. | VMSizeProperties |
VMSizeProperties
Name | Description | Value |
---|---|---|
vCPUsAvailable | Specifies the number of vCPUs available for the VM. When this property is not specified in the request body the default behavior is to set it to the value of vCPUs available for that VM size exposed in api response of List all available virtual machine sizes in a region. | int |
vCPUsPerCore | Specifies the vCPU to physical core ratio. When this property is not specified in the request body the default behavior is set to the value of vCPUsPerCore for the VM Size exposed in api response of List all available virtual machine sizes in a region. Setting this property to 1 also means that hyper-threading is disabled. | int |
NetworkProfile
Name | Description | Value |
---|---|---|
networkApiVersion | specifies the Microsoft.Network API version used when creating networking resources in the Network Interface Configurations | '2020-11-01' |
networkInterfaceConfigurations | Specifies the networking configurations that will be used to create the virtual machine networking resources. | VirtualMachineNetworkInterfaceConfiguration[] |
networkInterfaces | Specifies the list of resource Ids for the network interfaces associated with the virtual machine. | NetworkInterfaceReference[] |
VirtualMachineNetworkInterfaceConfiguration
Name | Description | Value |
---|---|---|
name | The network interface configuration name. | string (required) |
properties | Describes a virtual machine network profile's IP configuration. | VirtualMachineNetworkInterfaceConfigurationPropertie... |
VirtualMachineNetworkInterfaceConfigurationPropertie...
Name | Description | Value |
---|---|---|
auxiliaryMode | Specifies whether the Auxiliary mode is enabled for the Network Interface resource. | 'AcceleratedConnections' 'Floating' 'None' |
auxiliarySku | Specifies whether the Auxiliary sku is enabled for the Network Interface resource. | 'A1' 'A2' 'A4' 'A8' 'None' |
deleteOption | Specify what happens to the network interface when the VM is deleted | 'Delete' 'Detach' |
disableTcpStateTracking | Specifies whether the network interface is disabled for tcp state tracking. | bool |
dnsSettings | The dns settings to be applied on the network interfaces. | VirtualMachineNetworkInterfaceDnsSettingsConfigurati... |
dscpConfiguration | SubResource | |
enableAcceleratedNetworking | Specifies whether the network interface is accelerated networking-enabled. | bool |
enableFpga | Specifies whether the network interface is FPGA networking-enabled. | bool |
enableIPForwarding | Whether IP forwarding enabled on this NIC. | bool |
ipConfigurations | Specifies the IP configurations of the network interface. | VirtualMachineNetworkInterfaceIPConfiguration[] (required) |
networkSecurityGroup | The network security group. | SubResource |
primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
VirtualMachineNetworkInterfaceDnsSettingsConfigurati...
Name | Description | Value |
---|---|---|
dnsServers | List of DNS servers IP addresses | string[] |
VirtualMachineNetworkInterfaceIPConfiguration
Name | Description | Value |
---|---|---|
name | The IP configuration name. | string (required) |
properties | Describes a virtual machine network interface IP configuration properties. | VirtualMachineNetworkInterfaceIPConfigurationPropert... |
VirtualMachineNetworkInterfaceIPConfigurationPropert...
Name | Description | Value |
---|---|---|
applicationGatewayBackendAddressPools | Specifies an array of references to backend address pools of application gateways. A virtual machine can reference backend address pools of multiple application gateways. Multiple virtual machines cannot use the same application gateway. | SubResource[] |
applicationSecurityGroups | Specifies an array of references to application security group. | SubResource[] |
loadBalancerBackendAddressPools | Specifies an array of references to backend address pools of load balancers. A virtual machine can reference backend address pools of one public and one internal load balancer. [Multiple virtual machines cannot use the same basic sku load balancer]. | SubResource[] |
primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
privateIPAddressVersion | Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | 'IPv4' 'IPv6' |
publicIPAddressConfiguration | The publicIPAddressConfiguration. | VirtualMachinePublicIPAddressConfiguration |
subnet | Specifies the identifier of the subnet. | SubResource |
VirtualMachinePublicIPAddressConfiguration
Name | Description | Value |
---|---|---|
name | The publicIP address configuration name. | string (required) |
properties | Describes a virtual machines IP Configuration's PublicIPAddress configuration | VirtualMachinePublicIPAddressConfigurationProperties |
sku | Describes the public IP Sku. It can only be set with OrchestrationMode as Flexible. | PublicIPAddressSku |
VirtualMachinePublicIPAddressConfigurationProperties
Name | Description | Value |
---|---|---|
deleteOption | Specify what happens to the public IP address when the VM is deleted | 'Delete' 'Detach' |
dnsSettings | The dns settings to be applied on the publicIP addresses . | VirtualMachinePublicIPAddressDnsSettingsConfiguratio... |
idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
ipTags | The list of IP tags associated with the public IP address. | VirtualMachineIpTag[] |
publicIPAddressVersion | Available from Api-Version 2019-07-01 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | 'IPv4' 'IPv6' |
publicIPAllocationMethod | Specify the public IP allocation type | 'Dynamic' 'Static' |
publicIPPrefix | The PublicIPPrefix from which to allocate publicIP addresses. | SubResource |
VirtualMachinePublicIPAddressDnsSettingsConfiguratio...
Name | Description | Value |
---|---|---|
domainNameLabel | The Domain name label prefix of the PublicIPAddress resources that will be created. The generated name label is the concatenation of the domain name label and vm network profile unique ID. | string (required) |
domainNameLabelScope | The Domain name label scope of the PublicIPAddress resources that will be created. The generated name label is the concatenation of the hashed domain name label with policy according to the domain name label scope and vm network profile unique ID. | 'NoReuse' 'ResourceGroupReuse' 'SubscriptionReuse' 'TenantReuse' |
VirtualMachineIpTag
Name | Description | Value |
---|---|---|
ipTagType | IP tag type. Example: FirstPartyUsage. | string |
tag | IP tag associated with the public IP. Example: SQL, Storage etc. | string |
PublicIPAddressSku
Name | Description | Value |
---|---|---|
name | Specify public IP sku name | 'Basic' 'Standard' |
tier | Specify public IP sku tier | 'Global' 'Regional' |
NetworkInterfaceReference
Name | Description | Value |
---|---|---|
id | Resource Id | string |
properties | Describes a network interface reference properties. | NetworkInterfaceReferenceProperties |
NetworkInterfaceReferenceProperties
Name | Description | Value |
---|---|---|
deleteOption | Specify what happens to the network interface when the VM is deleted | 'Delete' 'Detach' |
primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
OSProfile
Name | Description | Value |
---|---|---|
adminPassword | Specifies the password of the administrator account. Minimum-length (Windows): 8 characters Minimum-length (Linux): 6 characters Max-length (Windows): 123 characters Max-length (Linux): 72 characters Complexity requirements: 3 out of 4 conditions below need to be fulfilled Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_]) Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!" For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension |
string Constraints: Sensitive value. Pass in as a secure parameter. |
adminUsername | Specifies the name of the administrator account. This property cannot be updated after the VM is created. Windows-only restriction: Cannot end in "." Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". Minimum-length (Linux): 1 character Max-length (Linux): 64 characters Max-length (Windows): 20 characters. |
string |
allowExtensionOperations | Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine. | bool |
computerName | Specifies the host OS name of the virtual machine. This name cannot be updated after the VM is created. Max-length (Windows): 15 characters. Max-length (Linux): 64 characters. For naming conventions and restrictions see Azure infrastructure services implementation guidelines. | string |
customData | Specifies a base-64 encoded string of custom data. The base-64 encoded string is decoded to a binary array that is saved as a file on the Virtual Machine. The maximum length of the binary array is 65535 bytes. Note: Do not pass any secrets or passwords in customData property. This property cannot be updated after the VM is created. The property 'customData' is passed to the VM to be saved as a file, for more information see Custom Data on Azure VMs. For using cloud-init for your Linux VM, see Using cloud-init to customize a Linux VM during creation. | string |
linuxConfiguration | Specifies the Linux operating system settings on the virtual machine. For a list of supported Linux distributions, see Linux on Azure-Endorsed Distributions. | LinuxConfiguration |
requireGuestProvisionSignal | Optional property which must either be set to True or omitted. | bool |
secrets | Specifies set of certificates that should be installed onto the virtual machine. To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. | VaultSecretGroup[] |
windowsConfiguration | Specifies Windows operating system settings on the virtual machine. | WindowsConfiguration |
LinuxConfiguration
Name | Description | Value |
---|---|---|
disablePasswordAuthentication | Specifies whether password authentication should be disabled. | bool |
enableVMAgentPlatformUpdates | Indicates whether VMAgent Platform Updates is enabled for the Linux virtual machine. Default value is false. | bool |
patchSettings | [Preview Feature] Specifies settings related to VM Guest Patching on Linux. | LinuxPatchSettings |
provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. | bool |
ssh | Specifies the ssh key configuration for a Linux OS. | SshConfiguration |
LinuxPatchSettings
Name | Description | Value |
---|---|---|
assessmentMode | Specifies the mode of VM Guest Patch Assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. |
'AutomaticByPlatform' 'ImageDefault' |
automaticByPlatformSettings | Specifies additional settings for patch mode AutomaticByPlatform in VM Guest Patching on Linux. | LinuxVMGuestPatchAutomaticByPlatformSettings |
patchMode | Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: ImageDefault - The virtual machine's default patching configuration is used. AutomaticByPlatform - The virtual machine will be automatically updated by the platform. The property provisionVMAgent must be true |
'AutomaticByPlatform' 'ImageDefault' |
LinuxVMGuestPatchAutomaticByPlatformSettings
Name | Description | Value |
---|---|---|
bypassPlatformSafetyChecksOnUserSchedule | Enables customer to schedule patching without accidental upgrades | bool |
rebootSetting | Specifies the reboot setting for all AutomaticByPlatform patch installation operations. | 'Always' 'IfRequired' 'Never' 'Unknown' |
SshConfiguration
Name | Description | Value |
---|---|---|
publicKeys | The list of SSH public keys used to authenticate with linux based VMs. | SshPublicKey[] |
SshPublicKey
Name | Description | Value |
---|---|---|
keyData | SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format. For creating ssh keys, see [Create SSH keys on Linux and Mac for Linux VMs in Azure]/azure/virtual-machines/linux/create-ssh-keys-detailed). | string |
path | Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys | string |
VaultSecretGroup
Name | Description | Value |
---|---|---|
sourceVault | The relative URL of the Key Vault containing all of the certificates in VaultCertificates. | SubResource |
vaultCertificates | The list of key vault references in SourceVault which contain certificates. | VaultCertificate[] |
VaultCertificate
Name | Description | Value |
---|---|---|
certificateStore | For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account. For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted. | string |
certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"{Base64-encoded-certificate}", "dataType":"pfx", "password":"{pfx-file-password}" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
string |
WindowsConfiguration
Name | Description | Value |
---|---|---|
additionalUnattendContent | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. | AdditionalUnattendContent[] |
enableAutomaticUpdates | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. | bool |
enableVMAgentPlatformUpdates | Indicates whether VMAgent Platform Updates is enabled for the Windows virtual machine. Default value is false. | bool |
patchSettings | [Preview Feature] Specifies settings related to VM Guest Patching on Windows. | PatchSettings |
provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, it is set to true by default. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. | bool |
timeZone | Specifies the time zone of the virtual machine. e.g. "Pacific Standard Time". Possible values can be TimeZoneInfo.Id value from time zones returned by TimeZoneInfo.GetSystemTimeZones. | string |
winRM | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. | WinRMConfiguration |
AdditionalUnattendContent
Name | Description | Value |
---|---|---|
componentName | The component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup. | 'Microsoft-Windows-Shell-Setup' |
content | Specifies the XML formatted content that is added to the unattend.xml file for the specified path and component. The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted. | string |
passName | The pass name. Currently, the only allowable value is OobeSystem. | 'OobeSystem' |
settingName | Specifies the name of the setting to which the content applies. Possible values are: FirstLogonCommands and AutoLogon. | 'AutoLogon' 'FirstLogonCommands' |
PatchSettings
Name | Description | Value |
---|---|---|
assessmentMode | Specifies the mode of VM Guest patch assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. |
'AutomaticByPlatform' 'ImageDefault' |
automaticByPlatformSettings | Specifies additional settings for patch mode AutomaticByPlatform in VM Guest Patching on Windows. | WindowsVMGuestPatchAutomaticByPlatformSettings |
enableHotpatching | Enables customers to patch their Azure VMs without requiring a reboot. For enableHotpatching, the 'provisionVMAgent' must be set to true and 'patchMode' must be set to 'AutomaticByPlatform'. | bool |
patchMode | Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: Manual - You control the application of patches to a virtual machine. You do this by applying patches manually inside the VM. In this mode, automatic updates are disabled; the property WindowsConfiguration.enableAutomaticUpdates must be false AutomaticByOS - The virtual machine will automatically be updated by the OS. The property WindowsConfiguration.enableAutomaticUpdates must be true. AutomaticByPlatform - the virtual machine will automatically updated by the platform. The properties provisionVMAgent and WindowsConfiguration.enableAutomaticUpdates must be true |
'AutomaticByOS' 'AutomaticByPlatform' 'Manual' |
WindowsVMGuestPatchAutomaticByPlatformSettings
Name | Description | Value |
---|---|---|
bypassPlatformSafetyChecksOnUserSchedule | Enables customer to schedule patching without accidental upgrades | bool |
rebootSetting | Specifies the reboot setting for all AutomaticByPlatform patch installation operations. | 'Always' 'IfRequired' 'Never' 'Unknown' |
WinRMConfiguration
Name | Description | Value |
---|---|---|
listeners | The list of Windows Remote Management listeners | WinRMListener[] |
WinRMListener
Name | Description | Value |
---|---|---|
certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"{Base64-encoded-certificate}", "dataType":"pfx", "password":"{pfx-file-password}" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
string |
protocol | Specifies the protocol of WinRM listener. Possible values are: http, https. | 'Http' 'Https' |
ScheduledEventsPolicy
Name | Description | Value |
---|---|---|
scheduledEventsAdditionalPublishingTargets | The configuration parameters used while publishing scheduledEventsAdditionalPublishingTargets. | ScheduledEventsAdditionalPublishingTargets |
userInitiatedReboot | The configuration parameters used while creating userInitiatedReboot scheduled event setting creation. | UserInitiatedReboot |
userInitiatedRedeploy | The configuration parameters used while creating userInitiatedRedeploy scheduled event setting creation. | UserInitiatedRedeploy |
ScheduledEventsAdditionalPublishingTargets
Name | Description | Value |
---|---|---|
eventGridAndResourceGraph | The configuration parameters used while creating eventGridAndResourceGraph Scheduled Event setting. | EventGridAndResourceGraph |
EventGridAndResourceGraph
Name | Description | Value |
---|---|---|
enable | Specifies if event grid and resource graph is enabled for Scheduled event related configurations. | bool |
UserInitiatedReboot
Name | Description | Value |
---|---|---|
automaticallyApprove | Specifies Reboot Scheduled Event related configurations. | bool |
UserInitiatedRedeploy
Name | Description | Value |
---|---|---|
automaticallyApprove | Specifies Redeploy Scheduled Event related configurations. | bool |
ScheduledEventsProfile
Name | Description | Value |
---|---|---|
osImageNotificationProfile | Specifies OS Image Scheduled Event related configurations. | OSImageNotificationProfile |
terminateNotificationProfile | Specifies Terminate Scheduled Event related configurations. | TerminateNotificationProfile |
OSImageNotificationProfile
Name | Description | Value |
---|---|---|
enable | Specifies whether the OS Image Scheduled event is enabled or disabled. | bool |
notBeforeTimeout | Length of time a Virtual Machine being reimaged or having its OS upgraded will have to potentially approve the OS Image Scheduled Event before the event is auto approved (timed out). The configuration is specified in ISO 8601 format, and the value must be 15 minutes (PT15M) | string |
TerminateNotificationProfile
Name | Description | Value |
---|---|---|
enable | Specifies whether the Terminate Scheduled event is enabled or disabled. | bool |
notBeforeTimeout | Configurable length of time a Virtual Machine being deleted will have to potentially approve the Terminate Scheduled Event before the event is auto approved (timed out). The configuration must be specified in ISO 8601 format, the default value is 5 minutes (PT5M) | string |
SecurityProfile
Name | Description | Value |
---|---|---|
encryptionAtHost | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. The default behavior is: The Encryption at host will be disabled unless this property is set to true for the resource. | bool |
encryptionIdentity | Specifies the Managed Identity used by ADE to get access token for keyvault operations. | EncryptionIdentity |
proxyAgentSettings | Specifies ProxyAgent settings while creating the virtual machine. Minimum api-version: 2024-03-01. | ProxyAgentSettings |
securityType | Specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UefiSettings. The default behavior is: UefiSettings will not be enabled unless this property is set. | 'ConfidentialVM' 'TrustedLaunch' |
uefiSettings | Specifies the security settings like secure boot and vTPM used while creating the virtual machine. Minimum api-version: 2020-12-01. | UefiSettings |
EncryptionIdentity
Name | Description | Value |
---|---|---|
userAssignedIdentityResourceId | Specifies ARM Resource ID of one of the user identities associated with the VM. | string |
ProxyAgentSettings
Name | Description | Value |
---|---|---|
enabled | Specifies whether ProxyAgent feature should be enabled on the virtual machine or virtual machine scale set. | bool |
keyIncarnationId | Increase the value of this property allows user to reset the key used for securing communication channel between guest and host. | int |
mode | Specifies the mode that ProxyAgent will execute on if the feature is enabled. ProxyAgent will start to audit or monitor but not enforce access control over requests to host endpoints in Audit mode, while in Enforce mode it will enforce access control. The default value is Enforce mode. | 'Audit' 'Enforce' |
UefiSettings
Name | Description | Value |
---|---|---|
secureBootEnabled | Specifies whether secure boot should be enabled on the virtual machine. Minimum api-version: 2020-12-01. | bool |
vTpmEnabled | Specifies whether vTPM should be enabled on the virtual machine. Minimum api-version: 2020-12-01. | bool |
StorageProfile
Name | Description | Value |
---|---|---|
dataDisks | Specifies the parameters that are used to add a data disk to a virtual machine. For more information about disks, see About disks and VHDs for Azure virtual machines. | DataDisk[] |
diskControllerType | Specifies the disk controller type configured for the VM. Note: This property will be set to the default disk controller type if not specified provided virtual machine is being created with 'hyperVGeneration' set to V2 based on the capabilities of the operating system disk and VM size from the the specified minimum api version. You need to deallocate the VM before updating its disk controller type unless you are updating the VM size in the VM configuration which implicitly deallocates and reallocates the VM. Minimum api-version: 2022-08-01. | 'NVMe' 'SCSI' |
imageReference | Specifies information about the image to use. You can specify information about platform images, marketplace images, or virtual machine images. This element is required when you want to use a platform image, marketplace image, or virtual machine image, but is not used in other creation operations. | ImageReference |
osDisk | Specifies information about the operating system disk used by the virtual machine. For more information about disks, see About disks and VHDs for Azure virtual machines. | OSDisk |
DataDisk
Name | Description | Value |
---|---|---|
caching | Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The defaulting behavior is: None for Standard storage. ReadOnly for Premium storage. | 'None' 'ReadOnly' 'ReadWrite' |
createOption | Specifies how the virtual machine disk should be created. Possible values are Attach: This value is used when you are using a specialized disk to create the virtual machine. FromImage: This value is used when you are using an image to create the virtual machine data disk. If you are using a platform image, you should also use the imageReference element described above. If you are using a marketplace image, you should also use the plan element previously described. Empty: This value is used when creating an empty data disk. Copy: This value is used to create a data disk from a snapshot or another disk. Restore: This value is used to create a data disk from a disk restore point. | 'Attach' 'Copy' 'Empty' 'FromImage' 'Restore' (required) |
deleteOption | Specifies whether data disk should be deleted or detached upon VM deletion. Possible values are: Delete. If this value is used, the data disk is deleted when VM is deleted. Detach. If this value is used, the data disk is retained after VM is deleted. The default value is set to Detach. | 'Delete' 'Detach' |
detachOption | Specifies the detach behavior to be used while detaching a disk or which is already in the process of detachment from the virtual machine. Supported values: ForceDetach. detachOption: ForceDetach is applicable only for managed data disks. If a previous detachment attempt of the data disk did not complete due to an unexpected failure from the virtual machine and the disk is still not released then use force-detach as a last resort option to detach the disk forcibly from the VM. All writes might not have been flushed when using this detach behavior. This feature is still in preview mode and is not supported for VirtualMachineScaleSet. To force-detach a data disk update toBeDetached to 'true' along with setting detachOption: 'ForceDetach'. | 'ForceDetach' |
diskSizeGB | Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property 'diskSizeGB' is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023. | int |
image | The source user image virtual hard disk. The virtual hard disk will be copied before being attached to the virtual machine. If SourceImage is provided, the destination virtual hard drive must not exist. | VirtualHardDisk |
lun | Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. | int (required) |
managedDisk | The managed disk parameters. | ManagedDiskParameters |
name | The disk name. | string |
sourceResource | The source resource identifier. It can be a snapshot, or disk restore point from which to create a disk. | ApiEntityReference |
toBeDetached | Specifies whether the data disk is in process of detachment from the VirtualMachine/VirtualMachineScaleset | bool |
vhd | The virtual hard disk. | VirtualHardDisk |
writeAcceleratorEnabled | Specifies whether writeAccelerator should be enabled or disabled on the disk. | bool |
VirtualHardDisk
Name | Description | Value |
---|---|---|
uri | Specifies the virtual hard disk's uri. | string |
ManagedDiskParameters
Name | Description | Value |
---|---|---|
diskEncryptionSet | Specifies the customer managed disk encryption set resource id for the managed disk. | DiskEncryptionSetParameters |
id | Resource Id | string |
securityProfile | Specifies the security profile for the managed disk. | VMDiskSecurityProfile |
storageAccountType | Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. | 'PremiumV2_LRS' 'Premium_LRS' 'Premium_ZRS' 'StandardSSD_LRS' 'StandardSSD_ZRS' 'Standard_LRS' 'UltraSSD_LRS' |
DiskEncryptionSetParameters
Name | Description | Value |
---|---|---|
id | Resource Id | string |
VMDiskSecurityProfile
Name | Description | Value |
---|---|---|
diskEncryptionSet | Specifies the customer managed disk encryption set resource id for the managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and VMGuest blob. | DiskEncryptionSetParameters |
securityEncryptionType | Specifies the EncryptionType of the managed disk. It is set to DiskWithVMGuestState for encryption of the managed disk along with VMGuestState blob, VMGuestStateOnly for encryption of just the VMGuestState blob, and NonPersistedTPM for not persisting firmware state in the VMGuestState blob.. Note: It can be set for only Confidential VMs. | 'DiskWithVMGuestState' 'NonPersistedTPM' 'VMGuestStateOnly' |
ApiEntityReference
Name | Description | Value |
---|---|---|
id | The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/... | string |
ImageReference
Name | Description | Value |
---|---|---|
communityGalleryImageId | Specified the community gallery image unique id for vm deployment. This can be fetched from community gallery image GET call. | string |
id | Resource Id | string |
offer | Specifies the offer of the platform image or marketplace image used to create the virtual machine. | string |
publisher | The image publisher. | string |
sharedGalleryImageId | Specified the shared gallery image unique id for vm deployment. This can be fetched from shared gallery image GET call. | string |
sku | The image SKU. | string |
version | Specifies the version of the platform image or marketplace image used to create the virtual machine. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available. Please do not use field 'version' for gallery image deployment, gallery image should always use 'id' field for deployment, to use 'latest' version of gallery image, just set '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/images/{imageName}' in the 'id' field without version input. | string |
OSDisk
Name | Description | Value |
---|---|---|
caching | Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The defaulting behavior is: None for Standard storage. ReadOnly for Premium storage. | 'None' 'ReadOnly' 'ReadWrite' |
createOption | Specifies how the virtual machine disk should be created. Possible values are Attach: This value is used when you are using a specialized disk to create the virtual machine. FromImage: This value is used when you are using an image to create the virtual machine. If you are using a platform image, you should also use the imageReference element described above. If you are using a marketplace image, you should also use the plan element previously described. | 'Attach' 'Copy' 'Empty' 'FromImage' 'Restore' (required) |
deleteOption | Specifies whether OS Disk should be deleted or detached upon VM deletion. Possible values are: Delete. If this value is used, the OS disk is deleted when VM is deleted. Detach. If this value is used, the os disk is retained after VM is deleted. The default value is set to Detach. For an ephemeral OS Disk, the default value is set to Delete. The user cannot change the delete option for an ephemeral OS Disk. | 'Delete' 'Detach' |
diffDiskSettings | Specifies the ephemeral Disk Settings for the operating system disk used by the virtual machine. | DiffDiskSettings |
diskSizeGB | Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property 'diskSizeGB' is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023. | int |
encryptionSettings | Specifies the encryption settings for the OS Disk. Minimum api-version: 2015-06-15. | DiskEncryptionSettings |
image | The source user image virtual hard disk. The virtual hard disk will be copied before being attached to the virtual machine. If SourceImage is provided, the destination virtual hard drive must not exist. | VirtualHardDisk |
managedDisk | The managed disk parameters. | ManagedDiskParameters |
name | The disk name. | string |
osType | This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD. Possible values are: Windows, Linux. | 'Linux' 'Windows' |
vhd | The virtual hard disk. | VirtualHardDisk |
writeAcceleratorEnabled | Specifies whether writeAccelerator should be enabled or disabled on the disk. | bool |
DiffDiskSettings
Name | Description | Value |
---|---|---|
option | Specifies the ephemeral disk settings for operating system disk. | 'Local' |
placement | Specifies the ephemeral disk placement for operating system disk. Possible values are: CacheDisk, ResourceDisk, NvmeDisk. The defaulting behavior is: CacheDisk if one is configured for the VM size otherwise ResourceDisk or NvmeDisk is used. Refer to the VM size documentation for Windows VM at /azure/virtual-machines/windows/sizes and Linux VM at /azure/virtual-machines/linux/sizes to check which VM sizes exposes a cache disk. Minimum api-version for NvmeDisk: 2024-03-01. | 'CacheDisk' 'NvmeDisk' 'ResourceDisk' |
DiskEncryptionSettings
Name | Description | Value |
---|---|---|
diskEncryptionKey | Specifies the location of the disk encryption key, which is a Key Vault Secret. | KeyVaultSecretReference |
enabled | Specifies whether disk encryption should be enabled on the virtual machine. | bool |
keyEncryptionKey | Specifies the location of the key encryption key in Key Vault. | KeyVaultKeyReference |
KeyVaultSecretReference
Name | Description | Value |
---|---|---|
secretUrl | The URL referencing a secret in a Key Vault. | string (required) |
sourceVault | The relative URL of the Key Vault containing the secret. | SubResource (required) |
KeyVaultKeyReference
Name | Description | Value |
---|---|---|
keyUrl | The URL referencing a key encryption key in Key Vault. | string (required) |
sourceVault | The relative URL of the Key Vault containing the key. | SubResource (required) |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Deploy a simple Linux VM and update private IP to static |
This template allows you to deploy a simple Linux VM using Ubuntu from the marketplace. This will deploy a VNET, Subnet, and an A1 size VM in the resource group location with a dynamically assigned IP address and then convert it to static IP. |
Create VMs in Availability Sets using Resource Loops |
Create 2-5 VMs in Availability Sets using Resource Loops. The VMs can be Unbuntu or Windows with a maximum of 5 VMs since this sample uses a single storageAccount |
Multi VM Template with Managed Disk |
This template will create N number of VM's with managed disks, public IPs and network interfaces. It will create the VMs in a single Availability Set. They will be provisioned in a Virtual Network which will also be created as part of the deployment |
Install a file on a Windows VM |
This template allows you to deploy a Windows VM and run a custom PowerShell script to install a file on that VM. |
Deploy a Virtual Machine with Custom Data |
This template allows you to create a Virtual Machine with Custom Data passed down to the VM. This template also deploys a Storage Account, Virtual Network, Public IP addresses and a Network Interface. |
Deploy a Premium Windows VM with diagnostics |
This template allows you to deploy a Premium Windows VM using a few different options for the Windows version, using the latest patched version. |
Create a VM in a VNET in different Resource Group |
This template creates a VM in a VNET which is in a different Resource Group |
Join a VM to an existing domain |
This template demonstrates domain join to a private AD domain up in cloud. |
Create a VM with a dynamic selection of data disks |
This template allows the user to select the number of data disks they'd like to add to the VM. |
Create a VM from a EfficientIP VHD |
This template creates a VM from a EfficientIP VHD and let you connect it to an existing VNET that can reside in another Resource Group then the virtual machine |
Create a VM from User Image |
This template allows you to create a Virtual Machines from a User image. This template also deploys a Virtual Network, Public IP addresses and a Network Interface. |
Create a VM in a new or existing vnet from a generalized VHD |
This template creates a VM from a generalized VHD and let you connect it to a new or existing VNET that can reside in another Resource Group than the virtual machine |
CentOS/UbuntuServer Auto Dynamic Disks & Docker 1.12(cs) |
This is a common template for creating single instance CentOS 7.2/7.1/6.5 or Ubuntu Server 16.04.0-LTS with configurable number of data disks (configurable sizes). Maximum 16 disks can be mentioned in the portal parameters and maximum size of each disk should be less than 1023 GB. The MDADM RAID0 Array is automounted and survives restarts. Latest Docker 1.12(cs3) (Swarm), docker-compose 1.9.0 & docker-machine 0.8.2 is available for usage from user azure-cli is auto running as a docker container. This single instance template is an offshoot of the HPC/GPU Clusters Template @ https://github.com/azurebigcompute/BigComputeBench |
GitLab Omnibus |
This template simplifies the deployment of GitLab Omnibus on a Virtual Machine with a public DNS, leveraging the public IP's DNS. It utilizes the Standard_F8s_v2 instance size, which aligns with reference architecture and supports up to 1000 users (20 RPS). The instance is pre-configured to use HTTPS with a Let's Encrypt certificate for secure connections. |
Linux VM with Serial Output |
This template creates a simple Linux VM with minimal parameters and serial/console configured to output to storage |
Deploy a simple Windows VM with monitoring and diagnostics |
This template allows you to deploy a simple Windows VM along with the diagnostics extension which enables monitoring and diagnostics for the VM |
Deploy a Linux or Windows VM with MSI |
This template allows you to deploy a Linux or Windows VM with a Managed Service Identity. |
Terraform on Azure |
This template allows you to deploy a Terraform workstation as a Linux VM with MSI. |
Linux VM with MSI Accessing Storage |
This template deploys a linux VM with a system assigned managed identity that has access to a storage account in a different resource group. |
Create a VM from a Windows Image with 4 Empty Data Disks |
This template allows you to create a Windows Virtual Machine from a specified image. It also attaches 4 empty data disks. Note that you can specify the size of the empty data disks. |
Deploy a VM with multiple IPs |
This template allows you to deploy a VM with 3 IP configurations. This template will deploy a Linux/Windows VM called myVM1 with 3 IP configurations: IPConfig-1, IPConfig-2 and IPConfig-3, respectively. |
Deploy a Linux VM (Ubuntu) with multiple NICs |
This template creates a VNet with multiple subnets and deploys a Ubuntu VM with multiple NICs |
Virtual Machine with Conditional Resources |
This template allows deploying a linux VM using new or existing resources for the Virtual Network, Storage and Public IP Address. It also allows for choosing between SSH and Password authenticate. The templates uses conditions and logic functions to remove the need for nested deployments. |
Create VM from existing VHDs and connect it to existingVNET |
This template creates a VM from VHDs (OS + data disk) and let you connect it to an existing VNET that can reside in another Resource Group then the virtual machine |
Push a certificate onto a Windows VM |
Push a certificate onto a Windows VM. Create the Key Vault using the template at https://azure.microsoft.com/documentation/templates/101-create-key-vault |
Secure VM password with Key Vault |
This template allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore the password is never put in plain text in the template parameter file |
Deploy a simple FreeBSD VM in resource group location |
This template allows you to deploy a simple FreeBSD VM using a few different options for the FreeBSD version, using the latest patched version. This will deploy in resource group location on a D1 VM Size. |
Deploy a simple Ubuntu Linux VM 20.04-LTS |
This template deploys an Ubuntu Server with a few options for the VM. You can provide the VM Name, OS Version, VM size, and admin username and password. As default the VM size is Standard_D2s_v3 and OS version is 20.04-LTS. |
Deploy a simple Linux VM with Accelerated Networking |
This template allows you to deploy a simple Linux VM with Accelerated Networking using Ubuntu version 18.04-LTS with the latest patched version. This will deploy a D3_v2 size VM in the resource group location and return the FQDN of the VM. |
Red Hat Enterprise Linux VM (RHEL 7.8) |
This template will deploy a Red Hat Enterprise Linux VM (RHEL 7.8), using the Pay-As-You-Go RHEL VM image for the selected version on Standard D1 VM in the location of your chosen resource group with an additional 100 GiB data disk attached to the VM. Additional charges apply to this image - consult Azure VM Pricing page for details. |
Red Hat Enterprise Linux VM (RHEL 7.8 unmanaged) |
This template will deploy a Red Hat Enterprise Linux VM (RHEL 7.8), using the Pay-As-You-Go RHEL VM image for the selected version on Standard A1_v2 VM in the location of your chosen resource group with an additional 100 GiB data disk attached to the VM. Additional charges apply to this image - consult Azure VM Pricing page for details. |
SUSE Linux Enterprise Server VM (SLES 12) |
This template will allow you to deploy a SUSE Linux Enterprise Server VM (SLES 12), using the Pay-As-You-Go SLES VM image for the selected version on Standard D1 VM in the location of your chosen resource group with an additional 100 GiB data disk attached to the VM. Additional charges apply to this image - consult Azure VM Pricing page for details. |
Deploy a simple Windows VM |
This template allows you to deploy a simple Windows VM using a few different options for the Windows version, using the latest patched version. This will deploy an A2 size VM in the resource group location and return the FQDN of the VM. |
Deploy a Windows Server VM with Visual Studio |
This template deploys a Windows Server VM with Visual Code Studio Community 2019, with a few options for the VM. You can provide the name of VM, the admin username and admin password. |
Deploy a VM into an Availability Zone |
This template allows you to deploy a simple VM (Windows or Ubuntu), using the latest patched version. This will deploy a A2_v2 size VM in the location specified and return the FQDN of the VM. |
Create a VM in a new or existing vnet from a custom VHD |
This template creates a VM from a specialized VHD and let you connect it to a new or existing VNET that can reside in another Resource Group than the virtual machine |
SQL Server 2014 SP2 Enterprise with Auto Backup |
This template will create a SQL Server 2014 SP2 Enterprise edition with Auto Backup feature enabled |
SQL Server 2014 SP1 Enterprise with Auto Patching |
This template will create a SQL Server 2014 SP1 Enterprise edition with Auto Patching feature enabled. |
SQL Server 2014 SP1 Enterprise with Azure Key Vault |
This template will create a SQL Server 2014 SP1 Enterprise edition with Azure Key Vault Integration feature enabled. |
Deploy a Virtual Machine with SSH rsa public key |
This template allows you to create a Virtual Machine with SSH rsa public key |
Deploy a simple Windows VM with tags |
This template will deploy a D2_v3 Windows VM, NIC, Storage Account, Virtual Network, Public IP Address, and Network Security Group. The tag object is created in the variables and will be applied on all resources, where applicable. |
Deploy a trusted launch capable Linux virtual machine |
This template allows you to deploy a trusted launch capable Linux virtual machine using a few different options for the Linux version, using the latest patched version. If you enable Secureboot and vTPM, the Guest Attestation extension will be installed on your VM. This extension will perform remote attestation by the cloud. By default, this will deploy an Standard_D2_v3 size virtual machine in the resource group location and return the FQDN of the virtual machine. |
Deploy a trusted launch capable Windows virtual machine |
This template allows you to deploy a trusted launch capable Windows virtual machine using a few different options for the Windows version, using the latest patched version. If you enable Secureboot and vTPM, the Guest Attestation extension will be installed on your VM. This extension will perform remote attestation by the cloud. By default, this will deploy an Standard_D2_v3 size virtual machine in the resource group location and return the FQDN of the virtual machine. |
Deploy a Virtual Machine with User Data |
This template allows you to create a Virtual Machine with User Data passed down to the VM. This template also deploys a Virtual Network, Public IP addresses, and a Network Interface. |
Deploy a Windows VM with Windows Admin Center extension |
This template allows you to deploy a Windows VM with Windows Admin Center extension to manage the VM directly from Azure Portal. |
Windows VM with Azure secure baseline |
The template creates a virtual machine running Windows Server in a new virtual network, with a public IP address. Once the machine has deployed, the guest configuration extension is installed and the Azure secure baseline for Windows Server is applied. If the configuration of the machines drifts, you can re-apply the settings by deploying the template again. |
Deploy a Windows VM with a variable number of data disks |
This template allows you to deploy a simple VM and specify the number of data disks at deploy time using a parameter. Note that the number and size of data disks is bound by the VM size. The VM size for this sample is Standard_DS4_v2 with a default of 16 data disks. |
Windows Server VM with SSH |
Deploy a single Windows VM with Open SSH enabled so that you can connect through SSH using key-based authentication. |
Create a data management gateway and install on an Azure VM |
This template deploys a virtual machine and creates a workable data management gateway |
Virtual machine with an RDP port |
Creates a virtual machine and creates a NAT rule for RDP to the VM in load balancer |
Create a VM with multiple empty StandardSSD_LRS Data Disks |
This template allows you to create a Windows Virtual Machine from a specified image. It also attaches multiple empty StandardSSD data disks by default. Note that you can specify the size and the Storage type (Standard_LRS, StandardSSD_LRS and Premium_LRS) of the empty data disks. |
Self-host Integration Runtime on Azure VMs |
This template creates a selfhost integration runtime and registers it on Azure virtual machines |
Add multiple VMs into a Virtual Machine Scale Set |
This template will create N number of VM's with managed disks, public IPs and network interfaces. It will create the VMs in a Virtual Machine Scale Set in Flexible Orchestration mode. They will be provisioned in a Virtual Network which will also be created as part of the deployment |
Deploy a VM Scale Set with Linux VMs behind ILB |
This template allows you to deploy a VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 15.10 or 14.04.4-LTS. These VMs are behind an internal load balancer with NAT rules for ssh connections. |
Terraform (AzAPI provider) resource definition
The virtualMachines resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Compute/virtualMachines resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Compute/virtualMachines@2024-03-01"
name = "string"
location = "string"
parent_id = "string"
tags = {
tagName1 = "tagValue1"
tagName2 = "tagValue2"
}
identity {
type = "string"
identity_ids = []
}
body = jsonencode({
properties = {
additionalCapabilities = {
hibernationEnabled = bool
ultraSSDEnabled = bool
}
applicationProfile = {
galleryApplications = [
{
configurationReference = "string"
enableAutomaticUpgrade = bool
order = int
packageReferenceId = "string"
tags = "string"
treatFailureAsDeploymentFailure = bool
}
]
}
availabilitySet = {
id = "string"
}
billingProfile = {
maxPrice = "decimal-as-string"
}
capacityReservation = {
capacityReservationGroup = {
id = "string"
}
}
diagnosticsProfile = {
bootDiagnostics = {
enabled = bool
storageUri = "string"
}
}
evictionPolicy = "string"
extensionsTimeBudget = "string"
hardwareProfile = {
vmSize = "string"
vmSizeProperties = {
vCPUsAvailable = int
vCPUsPerCore = int
}
}
host = {
id = "string"
}
hostGroup = {
id = "string"
}
licenseType = "string"
networkProfile = {
networkApiVersion = "2020-11-01"
networkInterfaceConfigurations = [
{
name = "string"
properties = {
auxiliaryMode = "string"
auxiliarySku = "string"
deleteOption = "string"
disableTcpStateTracking = bool
dnsSettings = {
dnsServers = [
"string"
]
}
dscpConfiguration = {
id = "string"
}
enableAcceleratedNetworking = bool
enableFpga = bool
enableIPForwarding = bool
ipConfigurations = [
{
name = "string"
properties = {
applicationGatewayBackendAddressPools = [
{
id = "string"
}
]
applicationSecurityGroups = [
{
id = "string"
}
]
loadBalancerBackendAddressPools = [
{
id = "string"
}
]
primary = bool
privateIPAddressVersion = "string"
publicIPAddressConfiguration = {
name = "string"
properties = {
deleteOption = "string"
dnsSettings = {
domainNameLabel = "string"
domainNameLabelScope = "string"
}
idleTimeoutInMinutes = int
ipTags = [
{
ipTagType = "string"
tag = "string"
}
]
publicIPAddressVersion = "string"
publicIPAllocationMethod = "string"
publicIPPrefix = {
id = "string"
}
}
sku = {
name = "string"
tier = "string"
}
}
subnet = {
id = "string"
}
}
}
]
networkSecurityGroup = {
id = "string"
}
primary = bool
}
}
]
networkInterfaces = [
{
id = "string"
properties = {
deleteOption = "string"
primary = bool
}
}
]
}
osProfile = {
adminPassword = "string"
adminUsername = "string"
allowExtensionOperations = bool
computerName = "string"
customData = "string"
linuxConfiguration = {
disablePasswordAuthentication = bool
enableVMAgentPlatformUpdates = bool
patchSettings = {
assessmentMode = "string"
automaticByPlatformSettings = {
bypassPlatformSafetyChecksOnUserSchedule = bool
rebootSetting = "string"
}
patchMode = "string"
}
provisionVMAgent = bool
ssh = {
publicKeys = [
{
keyData = "string"
path = "string"
}
]
}
}
requireGuestProvisionSignal = bool
secrets = [
{
sourceVault = {
id = "string"
}
vaultCertificates = [
{
certificateStore = "string"
certificateUrl = "string"
}
]
}
]
windowsConfiguration = {
additionalUnattendContent = [
{
componentName = "Microsoft-Windows-Shell-Setup"
content = "string"
passName = "OobeSystem"
settingName = "string"
}
]
enableAutomaticUpdates = bool
enableVMAgentPlatformUpdates = bool
patchSettings = {
assessmentMode = "string"
automaticByPlatformSettings = {
bypassPlatformSafetyChecksOnUserSchedule = bool
rebootSetting = "string"
}
enableHotpatching = bool
patchMode = "string"
}
provisionVMAgent = bool
timeZone = "string"
winRM = {
listeners = [
{
certificateUrl = "string"
protocol = "string"
}
]
}
}
}
platformFaultDomain = int
priority = "string"
proximityPlacementGroup = {
id = "string"
}
scheduledEventsPolicy = {
scheduledEventsAdditionalPublishingTargets = {
eventGridAndResourceGraph = {
enable = bool
}
}
userInitiatedReboot = {
automaticallyApprove = bool
}
userInitiatedRedeploy = {
automaticallyApprove = bool
}
}
scheduledEventsProfile = {
osImageNotificationProfile = {
enable = bool
notBeforeTimeout = "string"
}
terminateNotificationProfile = {
enable = bool
notBeforeTimeout = "string"
}
}
securityProfile = {
encryptionAtHost = bool
encryptionIdentity = {
userAssignedIdentityResourceId = "string"
}
proxyAgentSettings = {
enabled = bool
keyIncarnationId = int
mode = "string"
}
securityType = "string"
uefiSettings = {
secureBootEnabled = bool
vTpmEnabled = bool
}
}
storageProfile = {
dataDisks = [
{
caching = "string"
createOption = "string"
deleteOption = "string"
detachOption = "ForceDetach"
diskSizeGB = int
image = {
uri = "string"
}
lun = int
managedDisk = {
diskEncryptionSet = {
id = "string"
}
id = "string"
securityProfile = {
diskEncryptionSet = {
id = "string"
}
securityEncryptionType = "string"
}
storageAccountType = "string"
}
name = "string"
sourceResource = {
id = "string"
}
toBeDetached = bool
vhd = {
uri = "string"
}
writeAcceleratorEnabled = bool
}
]
diskControllerType = "string"
imageReference = {
communityGalleryImageId = "string"
id = "string"
offer = "string"
publisher = "string"
sharedGalleryImageId = "string"
sku = "string"
version = "string"
}
osDisk = {
caching = "string"
createOption = "string"
deleteOption = "string"
diffDiskSettings = {
option = "Local"
placement = "string"
}
diskSizeGB = int
encryptionSettings = {
diskEncryptionKey = {
secretUrl = "string"
sourceVault = {
id = "string"
}
}
enabled = bool
keyEncryptionKey = {
keyUrl = "string"
sourceVault = {
id = "string"
}
}
}
image = {
uri = "string"
}
managedDisk = {
diskEncryptionSet = {
id = "string"
}
id = "string"
securityProfile = {
diskEncryptionSet = {
id = "string"
}
securityEncryptionType = "string"
}
storageAccountType = "string"
}
name = "string"
osType = "string"
vhd = {
uri = "string"
}
writeAcceleratorEnabled = bool
}
}
userData = "string"
virtualMachineScaleSet = {
id = "string"
}
}
zones = [
"string" or int
]
extendedLocation = {
name = "string"
type = "EdgeZone"
}
plan = {
name = "string"
product = "string"
promotionCode = "string"
publisher = "string"
}
})
}
Property values
virtualMachines
Name | Description | Value |
---|---|---|
type | The resource type | "Microsoft.Compute/virtualMachines@2024-03-01" |
name | The resource name | string (required) Character limit: 1-15 (Windows) 1-64 (Linux) Valid characters: Can't use spaces, control characters, or these characters: ~ ! @ # $ % ^ & * ( ) = + _ [ ] { } \ | ; : . ' " , < > / ? Windows VMs can't include period or end with hyphen. Linux VMs can't end with period or hyphen. |
location | Resource location | string (required) |
parent_id | To deploy to a resource group, use the ID of that resource group. | string (required) |
tags | Resource tags | Dictionary of tag names and values. |
extendedLocation | The extended location of the Virtual Machine. | ExtendedLocation |
identity | The identity of the virtual machine, if configured. | VirtualMachineIdentity |
plan | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. In the Azure portal, find the marketplace image that you want to use and then click Want to deploy programmatically, Get Started ->. Enter any required information and then click Save. | Plan |
properties | Describes the properties of a Virtual Machine. | VirtualMachineProperties |
zones | The virtual machine zones. | Array of availability zones as string or int. |
ExtendedLocation
Name | Description | Value |
---|---|---|
name | The name of the extended location. | string |
type | The type of the extended location. | "EdgeZone" |
VirtualMachineIdentity
Name | Description | Value |
---|---|---|
type | The type of identity used for the virtual machine. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. | "SystemAssigned" "SystemAssigned, UserAssigned" "UserAssigned" |
identity_ids | The list of user identities associated with the Virtual Machine. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | Array of user identity IDs. |
UserAssignedIdentities
Name | Description | Value |
---|---|---|
{customized property} | UserAssignedIdentitiesValue |
UserAssignedIdentitiesValue
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
Plan
Name | Description | Value |
---|---|---|
name | The plan ID. | string |
product | Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. | string |
promotionCode | The promotion code. | string |
publisher | The publisher ID. | string |
VirtualMachineProperties
Name | Description | Value |
---|---|---|
additionalCapabilities | Specifies additional capabilities enabled or disabled on the virtual machine. | AdditionalCapabilities |
applicationProfile | Specifies the gallery applications that should be made available to the VM/VMSS. | ApplicationProfile |
availabilitySet | Specifies information about the availability set that the virtual machine should be assigned to. Virtual machines specified in the same availability set are allocated to different nodes to maximize availability. For more information about availability sets, see Availability sets overview. For more information on Azure planned maintenance, see Maintenance and updates for Virtual Machines in Azure. Currently, a VM can only be added to availability set at creation time. The availability set to which the VM is being added should be under the same resource group as the availability set resource. An existing VM cannot be added to an availability set. This property cannot exist along with a non-null properties.virtualMachineScaleSet reference. | SubResource |
billingProfile | Specifies the billing related details of a Azure Spot virtual machine. Minimum api-version: 2019-03-01. | BillingProfile |
capacityReservation | Specifies information about the capacity reservation that is used to allocate virtual machine. Minimum api-version: 2021-04-01. | CapacityReservationProfile |
diagnosticsProfile | Specifies the boot diagnostic settings state. Minimum api-version: 2015-06-15. | DiagnosticsProfile |
evictionPolicy | Specifies the eviction policy for the Azure Spot virtual machine and Azure Spot scale set. For Azure Spot virtual machines, both 'Deallocate' and 'Delete' are supported and the minimum api-version is 2019-03-01. For Azure Spot scale sets, both 'Deallocate' and 'Delete' are supported and the minimum api-version is 2017-10-30-preview. | "Deallocate" "Delete" |
extensionsTimeBudget | Specifies the time alloted for all extensions to start. The time duration should be between 15 minutes and 120 minutes (inclusive) and should be specified in ISO 8601 format. The default value is 90 minutes (PT1H30M). Minimum api-version: 2020-06-01. | string |
hardwareProfile | Specifies the hardware settings for the virtual machine. | HardwareProfile |
host | Specifies information about the dedicated host that the virtual machine resides in. Minimum api-version: 2018-10-01. | SubResource |
hostGroup | Specifies information about the dedicated host group that the virtual machine resides in. Note: User cannot specify both host and hostGroup properties. Minimum api-version: 2020-06-01. | SubResource |
licenseType | Specifies that the image or disk that is being used was licensed on-premises. Possible values for Windows Server operating system are: Windows_Client Windows_Server Possible values for Linux Server operating system are: RHEL_BYOS (for RHEL) SLES_BYOS (for SUSE) For more information, see Azure Hybrid Use Benefit for Windows Server Azure Hybrid Use Benefit for Linux Server Minimum api-version: 2015-06-15 |
string |
networkProfile | Specifies the network interfaces of the virtual machine. | NetworkProfile |
osProfile | Specifies the operating system settings used while creating the virtual machine. Some of the settings cannot be changed once VM is provisioned. | OSProfile |
platformFaultDomain | Specifies the scale set logical fault domain into which the Virtual Machine will be created. By default, the Virtual Machine will by automatically assigned to a fault domain that best maintains balance across available fault domains. This is applicable only if the 'virtualMachineScaleSet' property of this Virtual Machine is set. The Virtual Machine Scale Set that is referenced, must have 'platformFaultDomainCount' greater than 1. This property cannot be updated once the Virtual Machine is created. Fault domain assignment can be viewed in the Virtual Machine Instance View. Minimum api‐version: 2020‐12‐01. | int |
priority | Specifies the priority for the virtual machine. Minimum api-version: 2019-03-01 | "Low" "Regular" "Spot" |
proximityPlacementGroup | Specifies information about the proximity placement group that the virtual machine should be assigned to. Minimum api-version: 2018-04-01. | SubResource |
scheduledEventsPolicy | Specifies Redeploy, Reboot and ScheduledEventsAdditionalPublishingTargets Scheduled Event related configurations for the virtual machine. | ScheduledEventsPolicy |
scheduledEventsProfile | Specifies Scheduled Event related configurations. | ScheduledEventsProfile |
securityProfile | Specifies the Security related profile settings for the virtual machine. | SecurityProfile |
storageProfile | Specifies the storage settings for the virtual machine disks. | StorageProfile |
userData | UserData for the VM, which must be base-64 encoded. Customer should not pass any secrets in here. Minimum api-version: 2021-03-01. | string |
virtualMachineScaleSet | Specifies information about the virtual machine scale set that the virtual machine should be assigned to. Virtual machines specified in the same virtual machine scale set are allocated to different nodes to maximize availability. Currently, a VM can only be added to virtual machine scale set at creation time. An existing VM cannot be added to a virtual machine scale set. This property cannot exist along with a non-null properties.availabilitySet reference. Minimum api‐version: 2019‐03‐01. | SubResource |
AdditionalCapabilities
Name | Description | Value |
---|---|---|
hibernationEnabled | The flag that enables or disables hibernation capability on the VM. | bool |
ultraSSDEnabled | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. | bool |
ApplicationProfile
Name | Description | Value |
---|---|---|
galleryApplications | Specifies the gallery applications that should be made available to the VM/VMSS | VMGalleryApplication[] |
VMGalleryApplication
Name | Description | Value |
---|---|---|
configurationReference | Optional, Specifies the uri to an azure blob that will replace the default configuration for the package if provided | string |
enableAutomaticUpgrade | If set to true, when a new Gallery Application version is available in PIR/SIG, it will be automatically updated for the VM/VMSS | bool |
order | Optional, Specifies the order in which the packages have to be installed | int |
packageReferenceId | Specifies the GalleryApplicationVersion resource id on the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/applications/{application}/versions/{version} | string (required) |
tags | Optional, Specifies a passthrough value for more generic context. | string |
treatFailureAsDeploymentFailure | Optional, If true, any failure for any operation in the VmApplication will fail the deployment | bool |
SubResource
Name | Description | Value |
---|---|---|
id | Resource Id | string |
BillingProfile
Name | Description | Value |
---|---|---|
maxPrice | Specifies the maximum price you are willing to pay for a Azure Spot VM/VMSS. This price is in US Dollars. This price will be compared with the current Azure Spot price for the VM size. Also, the prices are compared at the time of create/update of Azure Spot VM/VMSS and the operation will only succeed if the maxPrice is greater than the current Azure Spot price. The maxPrice will also be used for evicting a Azure Spot VM/VMSS if the current Azure Spot price goes beyond the maxPrice after creation of VM/VMSS. Possible values are: - Any decimal value greater than zero. Example: 0.01538 -1 – indicates default price to be up-to on-demand. You can set the maxPrice to -1 to indicate that the Azure Spot VM/VMSS should not be evicted for price reasons. Also, the default max price is -1 if it is not provided by you. Minimum api-version: 2019-03-01. Specify a decimal value as a string. |
int or json decimal |
CapacityReservationProfile
Name | Description | Value |
---|---|---|
capacityReservationGroup | Specifies the capacity reservation group resource id that should be used for allocating the virtual machine or scaleset vm instances provided enough capacity has been reserved. Please refer to https://aka.ms/CapacityReservation for more details. |
SubResource |
DiagnosticsProfile
Name | Description | Value |
---|---|---|
bootDiagnostics | Boot Diagnostics is a debugging feature which allows you to view Console Output and Screenshot to diagnose VM status. NOTE: If storageUri is being specified then ensure that the storage account is in the same region and subscription as the VM. You can easily view the output of your console log. Azure also enables you to see a screenshot of the VM from the hypervisor. | BootDiagnostics |
BootDiagnostics
Name | Description | Value |
---|---|---|
enabled | Whether boot diagnostics should be enabled on the Virtual Machine. | bool |
storageUri | Uri of the storage account to use for placing the console output and screenshot. If storageUri is not specified while enabling boot diagnostics, managed storage will be used. | string |
HardwareProfile
Name | Description | Value |
---|---|---|
vmSize | Specifies the size of the virtual machine. The enum data type is currently deprecated and will be removed by December 23rd 2023. The recommended way to get the list of available sizes is using these APIs: List all available virtual machine sizes in an availability set, List all available virtual machine sizes in a region, List all available virtual machine sizes for resizing. For more information about virtual machine sizes, see Sizes for virtual machines. The available VM sizes depend on region and availability set. | "Basic_A0" "Basic_A1" "Basic_A2" "Basic_A3" "Basic_A4" "Standard_A0" "Standard_A1" "Standard_A10" "Standard_A11" "Standard_A1_v2" "Standard_A2" "Standard_A2_v2" "Standard_A2m_v2" "Standard_A3" "Standard_A4" "Standard_A4_v2" "Standard_A4m_v2" "Standard_A5" "Standard_A6" "Standard_A7" "Standard_A8" "Standard_A8_v2" "Standard_A8m_v2" "Standard_A9" "Standard_B1ms" "Standard_B1s" "Standard_B2ms" "Standard_B2s" "Standard_B4ms" "Standard_B8ms" "Standard_D1" "Standard_D11" "Standard_D11_v2" "Standard_D12" "Standard_D12_v2" "Standard_D13" "Standard_D13_v2" "Standard_D14" "Standard_D14_v2" "Standard_D15_v2" "Standard_D16_v3" "Standard_D16s_v3" "Standard_D1_v2" "Standard_D2" "Standard_D2_v2" "Standard_D2_v3" "Standard_D2s_v3" "Standard_D3" "Standard_D32_v3" "Standard_D32s_v3" "Standard_D3_v2" "Standard_D4" "Standard_D4_v2" "Standard_D4_v3" "Standard_D4s_v3" "Standard_D5_v2" "Standard_D64_v3" "Standard_D64s_v3" "Standard_D8_v3" "Standard_D8s_v3" "Standard_DS1" "Standard_DS11" "Standard_DS11_v2" "Standard_DS12" "Standard_DS12_v2" "Standard_DS13" "Standard_DS13-2_v2" "Standard_DS13-4_v2" "Standard_DS13_v2" "Standard_DS14" "Standard_DS14-4_v2" "Standard_DS14-8_v2" "Standard_DS14_v2" "Standard_DS15_v2" "Standard_DS1_v2" "Standard_DS2" "Standard_DS2_v2" "Standard_DS3" "Standard_DS3_v2" "Standard_DS4" "Standard_DS4_v2" "Standard_DS5_v2" "Standard_E16_v3" "Standard_E16s_v3" "Standard_E2_v3" "Standard_E2s_v3" "Standard_E32-16_v3" "Standard_E32-8s_v3" "Standard_E32_v3" "Standard_E32s_v3" "Standard_E4_v3" "Standard_E4s_v3" "Standard_E64-16s_v3" "Standard_E64-32s_v3" "Standard_E64_v3" "Standard_E64s_v3" "Standard_E8_v3" "Standard_E8s_v3" "Standard_F1" "Standard_F16" "Standard_F16s" "Standard_F16s_v2" "Standard_F1s" "Standard_F2" "Standard_F2s" "Standard_F2s_v2" "Standard_F32s_v2" "Standard_F4" "Standard_F4s" "Standard_F4s_v2" "Standard_F64s_v2" "Standard_F72s_v2" "Standard_F8" "Standard_F8s" "Standard_F8s_v2" "Standard_G1" "Standard_G2" "Standard_G3" "Standard_G4" "Standard_G5" "Standard_GS1" "Standard_GS2" "Standard_GS3" "Standard_GS4" "Standard_GS4-4" "Standard_GS4-8" "Standard_GS5" "Standard_GS5-16" "Standard_GS5-8" "Standard_H16" "Standard_H16m" "Standard_H16mr" "Standard_H16r" "Standard_H8" "Standard_H8m" "Standard_L16s" "Standard_L32s" "Standard_L4s" "Standard_L8s" "Standard_M128-32ms" "Standard_M128-64ms" "Standard_M128ms" "Standard_M128s" "Standard_M64-16ms" "Standard_M64-32ms" "Standard_M64ms" "Standard_M64s" "Standard_NC12" "Standard_NC12s_v2" "Standard_NC12s_v3" "Standard_NC24" "Standard_NC24r" "Standard_NC24rs_v2" "Standard_NC24rs_v3" "Standard_NC24s_v2" "Standard_NC24s_v3" "Standard_NC6" "Standard_NC6s_v2" "Standard_NC6s_v3" "Standard_ND12s" "Standard_ND24rs" "Standard_ND24s" "Standard_ND6s" "Standard_NV12" "Standard_NV24" "Standard_NV6" |
vmSizeProperties | Specifies the properties for customizing the size of the virtual machine. Minimum api-version: 2021-07-01. This feature is still in preview mode and is not supported for VirtualMachineScaleSet. Please follow the instructions in VM Customization for more details. | VMSizeProperties |
VMSizeProperties
Name | Description | Value |
---|---|---|
vCPUsAvailable | Specifies the number of vCPUs available for the VM. When this property is not specified in the request body the default behavior is to set it to the value of vCPUs available for that VM size exposed in api response of List all available virtual machine sizes in a region. | int |
vCPUsPerCore | Specifies the vCPU to physical core ratio. When this property is not specified in the request body the default behavior is set to the value of vCPUsPerCore for the VM Size exposed in api response of List all available virtual machine sizes in a region. Setting this property to 1 also means that hyper-threading is disabled. | int |
NetworkProfile
Name | Description | Value |
---|---|---|
networkApiVersion | specifies the Microsoft.Network API version used when creating networking resources in the Network Interface Configurations | "2020-11-01" |
networkInterfaceConfigurations | Specifies the networking configurations that will be used to create the virtual machine networking resources. | VirtualMachineNetworkInterfaceConfiguration[] |
networkInterfaces | Specifies the list of resource Ids for the network interfaces associated with the virtual machine. | NetworkInterfaceReference[] |
VirtualMachineNetworkInterfaceConfiguration
Name | Description | Value |
---|---|---|
name | The network interface configuration name. | string (required) |
properties | Describes a virtual machine network profile's IP configuration. | VirtualMachineNetworkInterfaceConfigurationPropertie... |
VirtualMachineNetworkInterfaceConfigurationPropertie...
Name | Description | Value |
---|---|---|
auxiliaryMode | Specifies whether the Auxiliary mode is enabled for the Network Interface resource. | "AcceleratedConnections" "Floating" "None" |
auxiliarySku | Specifies whether the Auxiliary sku is enabled for the Network Interface resource. | "A1" "A2" "A4" "A8" "None" |
deleteOption | Specify what happens to the network interface when the VM is deleted | "Delete" "Detach" |
disableTcpStateTracking | Specifies whether the network interface is disabled for tcp state tracking. | bool |
dnsSettings | The dns settings to be applied on the network interfaces. | VirtualMachineNetworkInterfaceDnsSettingsConfigurati... |
dscpConfiguration | SubResource | |
enableAcceleratedNetworking | Specifies whether the network interface is accelerated networking-enabled. | bool |
enableFpga | Specifies whether the network interface is FPGA networking-enabled. | bool |
enableIPForwarding | Whether IP forwarding enabled on this NIC. | bool |
ipConfigurations | Specifies the IP configurations of the network interface. | VirtualMachineNetworkInterfaceIPConfiguration[] (required) |
networkSecurityGroup | The network security group. | SubResource |
primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
VirtualMachineNetworkInterfaceDnsSettingsConfigurati...
Name | Description | Value |
---|---|---|
dnsServers | List of DNS servers IP addresses | string[] |
VirtualMachineNetworkInterfaceIPConfiguration
Name | Description | Value |
---|---|---|
name | The IP configuration name. | string (required) |
properties | Describes a virtual machine network interface IP configuration properties. | VirtualMachineNetworkInterfaceIPConfigurationPropert... |
VirtualMachineNetworkInterfaceIPConfigurationPropert...
Name | Description | Value |
---|---|---|
applicationGatewayBackendAddressPools | Specifies an array of references to backend address pools of application gateways. A virtual machine can reference backend address pools of multiple application gateways. Multiple virtual machines cannot use the same application gateway. | SubResource[] |
applicationSecurityGroups | Specifies an array of references to application security group. | SubResource[] |
loadBalancerBackendAddressPools | Specifies an array of references to backend address pools of load balancers. A virtual machine can reference backend address pools of one public and one internal load balancer. [Multiple virtual machines cannot use the same basic sku load balancer]. | SubResource[] |
primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
privateIPAddressVersion | Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | "IPv4" "IPv6" |
publicIPAddressConfiguration | The publicIPAddressConfiguration. | VirtualMachinePublicIPAddressConfiguration |
subnet | Specifies the identifier of the subnet. | SubResource |
VirtualMachinePublicIPAddressConfiguration
Name | Description | Value |
---|---|---|
name | The publicIP address configuration name. | string (required) |
properties | Describes a virtual machines IP Configuration's PublicIPAddress configuration | VirtualMachinePublicIPAddressConfigurationProperties |
sku | Describes the public IP Sku. It can only be set with OrchestrationMode as Flexible. | PublicIPAddressSku |
VirtualMachinePublicIPAddressConfigurationProperties
Name | Description | Value |
---|---|---|
deleteOption | Specify what happens to the public IP address when the VM is deleted | "Delete" "Detach" |
dnsSettings | The dns settings to be applied on the publicIP addresses . | VirtualMachinePublicIPAddressDnsSettingsConfiguratio... |
idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
ipTags | The list of IP tags associated with the public IP address. | VirtualMachineIpTag[] |
publicIPAddressVersion | Available from Api-Version 2019-07-01 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | "IPv4" "IPv6" |
publicIPAllocationMethod | Specify the public IP allocation type | "Dynamic" "Static" |
publicIPPrefix | The PublicIPPrefix from which to allocate publicIP addresses. | SubResource |
VirtualMachinePublicIPAddressDnsSettingsConfiguratio...
Name | Description | Value |
---|---|---|
domainNameLabel | The Domain name label prefix of the PublicIPAddress resources that will be created. The generated name label is the concatenation of the domain name label and vm network profile unique ID. | string (required) |
domainNameLabelScope | The Domain name label scope of the PublicIPAddress resources that will be created. The generated name label is the concatenation of the hashed domain name label with policy according to the domain name label scope and vm network profile unique ID. | "NoReuse" "ResourceGroupReuse" "SubscriptionReuse" "TenantReuse" |
VirtualMachineIpTag
Name | Description | Value |
---|---|---|
ipTagType | IP tag type. Example: FirstPartyUsage. | string |
tag | IP tag associated with the public IP. Example: SQL, Storage etc. | string |
PublicIPAddressSku
Name | Description | Value |
---|---|---|
name | Specify public IP sku name | "Basic" "Standard" |
tier | Specify public IP sku tier | "Global" "Regional" |
NetworkInterfaceReference
Name | Description | Value |
---|---|---|
id | Resource Id | string |
properties | Describes a network interface reference properties. | NetworkInterfaceReferenceProperties |
NetworkInterfaceReferenceProperties
Name | Description | Value |
---|---|---|
deleteOption | Specify what happens to the network interface when the VM is deleted | "Delete" "Detach" |
primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
OSProfile
Name | Description | Value |
---|---|---|
adminPassword | Specifies the password of the administrator account. Minimum-length (Windows): 8 characters Minimum-length (Linux): 6 characters Max-length (Windows): 123 characters Max-length (Linux): 72 characters Complexity requirements: 3 out of 4 conditions below need to be fulfilled Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_]) Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!" For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension |
string Constraints: Sensitive value. Pass in as a secure parameter. |
adminUsername | Specifies the name of the administrator account. This property cannot be updated after the VM is created. Windows-only restriction: Cannot end in "." Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". Minimum-length (Linux): 1 character Max-length (Linux): 64 characters Max-length (Windows): 20 characters. |
string |
allowExtensionOperations | Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine. | bool |
computerName | Specifies the host OS name of the virtual machine. This name cannot be updated after the VM is created. Max-length (Windows): 15 characters. Max-length (Linux): 64 characters. For naming conventions and restrictions see Azure infrastructure services implementation guidelines. | string |
customData | Specifies a base-64 encoded string of custom data. The base-64 encoded string is decoded to a binary array that is saved as a file on the Virtual Machine. The maximum length of the binary array is 65535 bytes. Note: Do not pass any secrets or passwords in customData property. This property cannot be updated after the VM is created. The property 'customData' is passed to the VM to be saved as a file, for more information see Custom Data on Azure VMs. For using cloud-init for your Linux VM, see Using cloud-init to customize a Linux VM during creation. | string |
linuxConfiguration | Specifies the Linux operating system settings on the virtual machine. For a list of supported Linux distributions, see Linux on Azure-Endorsed Distributions. | LinuxConfiguration |
requireGuestProvisionSignal | Optional property which must either be set to True or omitted. | bool |
secrets | Specifies set of certificates that should be installed onto the virtual machine. To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. | VaultSecretGroup[] |
windowsConfiguration | Specifies Windows operating system settings on the virtual machine. | WindowsConfiguration |
LinuxConfiguration
Name | Description | Value |
---|---|---|
disablePasswordAuthentication | Specifies whether password authentication should be disabled. | bool |
enableVMAgentPlatformUpdates | Indicates whether VMAgent Platform Updates is enabled for the Linux virtual machine. Default value is false. | bool |
patchSettings | [Preview Feature] Specifies settings related to VM Guest Patching on Linux. | LinuxPatchSettings |
provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. | bool |
ssh | Specifies the ssh key configuration for a Linux OS. | SshConfiguration |
LinuxPatchSettings
Name | Description | Value |
---|---|---|
assessmentMode | Specifies the mode of VM Guest Patch Assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. |
"AutomaticByPlatform" "ImageDefault" |
automaticByPlatformSettings | Specifies additional settings for patch mode AutomaticByPlatform in VM Guest Patching on Linux. | LinuxVMGuestPatchAutomaticByPlatformSettings |
patchMode | Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: ImageDefault - The virtual machine's default patching configuration is used. AutomaticByPlatform - The virtual machine will be automatically updated by the platform. The property provisionVMAgent must be true |
"AutomaticByPlatform" "ImageDefault" |
LinuxVMGuestPatchAutomaticByPlatformSettings
Name | Description | Value |
---|---|---|
bypassPlatformSafetyChecksOnUserSchedule | Enables customer to schedule patching without accidental upgrades | bool |
rebootSetting | Specifies the reboot setting for all AutomaticByPlatform patch installation operations. | "Always" "IfRequired" "Never" "Unknown" |
SshConfiguration
Name | Description | Value |
---|---|---|
publicKeys | The list of SSH public keys used to authenticate with linux based VMs. | SshPublicKey[] |
SshPublicKey
Name | Description | Value |
---|---|---|
keyData | SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format. For creating ssh keys, see [Create SSH keys on Linux and Mac for Linux VMs in Azure]/azure/virtual-machines/linux/create-ssh-keys-detailed). | string |
path | Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys | string |
VaultSecretGroup
Name | Description | Value |
---|---|---|
sourceVault | The relative URL of the Key Vault containing all of the certificates in VaultCertificates. | SubResource |
vaultCertificates | The list of key vault references in SourceVault which contain certificates. | VaultCertificate[] |
VaultCertificate
Name | Description | Value |
---|---|---|
certificateStore | For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account. For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted. | string |
certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"{Base64-encoded-certificate}", "dataType":"pfx", "password":"{pfx-file-password}" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
string |
WindowsConfiguration
Name | Description | Value |
---|---|---|
additionalUnattendContent | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. | AdditionalUnattendContent[] |
enableAutomaticUpdates | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. | bool |
enableVMAgentPlatformUpdates | Indicates whether VMAgent Platform Updates is enabled for the Windows virtual machine. Default value is false. | bool |
patchSettings | [Preview Feature] Specifies settings related to VM Guest Patching on Windows. | PatchSettings |
provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, it is set to true by default. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. | bool |
timeZone | Specifies the time zone of the virtual machine. e.g. "Pacific Standard Time". Possible values can be TimeZoneInfo.Id value from time zones returned by TimeZoneInfo.GetSystemTimeZones. | string |
winRM | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. | WinRMConfiguration |
AdditionalUnattendContent
Name | Description | Value |
---|---|---|
componentName | The component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup. | "Microsoft-Windows-Shell-Setup" |
content | Specifies the XML formatted content that is added to the unattend.xml file for the specified path and component. The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted. | string |
passName | The pass name. Currently, the only allowable value is OobeSystem. | "OobeSystem" |
settingName | Specifies the name of the setting to which the content applies. Possible values are: FirstLogonCommands and AutoLogon. | "AutoLogon" "FirstLogonCommands" |
PatchSettings
Name | Description | Value |
---|---|---|
assessmentMode | Specifies the mode of VM Guest patch assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. |
"AutomaticByPlatform" "ImageDefault" |
automaticByPlatformSettings | Specifies additional settings for patch mode AutomaticByPlatform in VM Guest Patching on Windows. | WindowsVMGuestPatchAutomaticByPlatformSettings |
enableHotpatching | Enables customers to patch their Azure VMs without requiring a reboot. For enableHotpatching, the 'provisionVMAgent' must be set to true and 'patchMode' must be set to 'AutomaticByPlatform'. | bool |
patchMode | Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: Manual - You control the application of patches to a virtual machine. You do this by applying patches manually inside the VM. In this mode, automatic updates are disabled; the property WindowsConfiguration.enableAutomaticUpdates must be false AutomaticByOS - The virtual machine will automatically be updated by the OS. The property WindowsConfiguration.enableAutomaticUpdates must be true. AutomaticByPlatform - the virtual machine will automatically updated by the platform. The properties provisionVMAgent and WindowsConfiguration.enableAutomaticUpdates must be true |
"AutomaticByOS" "AutomaticByPlatform" "Manual" |
WindowsVMGuestPatchAutomaticByPlatformSettings
Name | Description | Value |
---|---|---|
bypassPlatformSafetyChecksOnUserSchedule | Enables customer to schedule patching without accidental upgrades | bool |
rebootSetting | Specifies the reboot setting for all AutomaticByPlatform patch installation operations. | "Always" "IfRequired" "Never" "Unknown" |
WinRMConfiguration
Name | Description | Value |
---|---|---|
listeners | The list of Windows Remote Management listeners | WinRMListener[] |
WinRMListener
Name | Description | Value |
---|---|---|
certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"{Base64-encoded-certificate}", "dataType":"pfx", "password":"{pfx-file-password}" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
string |
protocol | Specifies the protocol of WinRM listener. Possible values are: http, https. | "Http" "Https" |
ScheduledEventsPolicy
Name | Description | Value |
---|---|---|
scheduledEventsAdditionalPublishingTargets | The configuration parameters used while publishing scheduledEventsAdditionalPublishingTargets. | ScheduledEventsAdditionalPublishingTargets |
userInitiatedReboot | The configuration parameters used while creating userInitiatedReboot scheduled event setting creation. | UserInitiatedReboot |
userInitiatedRedeploy | The configuration parameters used while creating userInitiatedRedeploy scheduled event setting creation. | UserInitiatedRedeploy |
ScheduledEventsAdditionalPublishingTargets
Name | Description | Value |
---|---|---|
eventGridAndResourceGraph | The configuration parameters used while creating eventGridAndResourceGraph Scheduled Event setting. | EventGridAndResourceGraph |
EventGridAndResourceGraph
Name | Description | Value |
---|---|---|
enable | Specifies if event grid and resource graph is enabled for Scheduled event related configurations. | bool |
UserInitiatedReboot
Name | Description | Value |
---|---|---|
automaticallyApprove | Specifies Reboot Scheduled Event related configurations. | bool |
UserInitiatedRedeploy
Name | Description | Value |
---|---|---|
automaticallyApprove | Specifies Redeploy Scheduled Event related configurations. | bool |
ScheduledEventsProfile
Name | Description | Value |
---|---|---|
osImageNotificationProfile | Specifies OS Image Scheduled Event related configurations. | OSImageNotificationProfile |
terminateNotificationProfile | Specifies Terminate Scheduled Event related configurations. | TerminateNotificationProfile |
OSImageNotificationProfile
Name | Description | Value |
---|---|---|
enable | Specifies whether the OS Image Scheduled event is enabled or disabled. | bool |
notBeforeTimeout | Length of time a Virtual Machine being reimaged or having its OS upgraded will have to potentially approve the OS Image Scheduled Event before the event is auto approved (timed out). The configuration is specified in ISO 8601 format, and the value must be 15 minutes (PT15M) | string |
TerminateNotificationProfile
Name | Description | Value |
---|---|---|
enable | Specifies whether the Terminate Scheduled event is enabled or disabled. | bool |
notBeforeTimeout | Configurable length of time a Virtual Machine being deleted will have to potentially approve the Terminate Scheduled Event before the event is auto approved (timed out). The configuration must be specified in ISO 8601 format, the default value is 5 minutes (PT5M) | string |
SecurityProfile
Name | Description | Value |
---|---|---|
encryptionAtHost | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. The default behavior is: The Encryption at host will be disabled unless this property is set to true for the resource. | bool |
encryptionIdentity | Specifies the Managed Identity used by ADE to get access token for keyvault operations. | EncryptionIdentity |
proxyAgentSettings | Specifies ProxyAgent settings while creating the virtual machine. Minimum api-version: 2024-03-01. | ProxyAgentSettings |
securityType | Specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UefiSettings. The default behavior is: UefiSettings will not be enabled unless this property is set. | "ConfidentialVM" "TrustedLaunch" |
uefiSettings | Specifies the security settings like secure boot and vTPM used while creating the virtual machine. Minimum api-version: 2020-12-01. | UefiSettings |
EncryptionIdentity
Name | Description | Value |
---|---|---|
userAssignedIdentityResourceId | Specifies ARM Resource ID of one of the user identities associated with the VM. | string |
ProxyAgentSettings
Name | Description | Value |
---|---|---|
enabled | Specifies whether ProxyAgent feature should be enabled on the virtual machine or virtual machine scale set. | bool |
keyIncarnationId | Increase the value of this property allows user to reset the key used for securing communication channel between guest and host. | int |
mode | Specifies the mode that ProxyAgent will execute on if the feature is enabled. ProxyAgent will start to audit or monitor but not enforce access control over requests to host endpoints in Audit mode, while in Enforce mode it will enforce access control. The default value is Enforce mode. | "Audit" "Enforce" |
UefiSettings
Name | Description | Value |
---|---|---|
secureBootEnabled | Specifies whether secure boot should be enabled on the virtual machine. Minimum api-version: 2020-12-01. | bool |
vTpmEnabled | Specifies whether vTPM should be enabled on the virtual machine. Minimum api-version: 2020-12-01. | bool |
StorageProfile
Name | Description | Value |
---|---|---|
dataDisks | Specifies the parameters that are used to add a data disk to a virtual machine. For more information about disks, see About disks and VHDs for Azure virtual machines. | DataDisk[] |
diskControllerType | Specifies the disk controller type configured for the VM. Note: This property will be set to the default disk controller type if not specified provided virtual machine is being created with 'hyperVGeneration' set to V2 based on the capabilities of the operating system disk and VM size from the the specified minimum api version. You need to deallocate the VM before updating its disk controller type unless you are updating the VM size in the VM configuration which implicitly deallocates and reallocates the VM. Minimum api-version: 2022-08-01. | "NVMe" "SCSI" |
imageReference | Specifies information about the image to use. You can specify information about platform images, marketplace images, or virtual machine images. This element is required when you want to use a platform image, marketplace image, or virtual machine image, but is not used in other creation operations. | ImageReference |
osDisk | Specifies information about the operating system disk used by the virtual machine. For more information about disks, see About disks and VHDs for Azure virtual machines. | OSDisk |
DataDisk
Name | Description | Value |
---|---|---|
caching | Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The defaulting behavior is: None for Standard storage. ReadOnly for Premium storage. | "None" "ReadOnly" "ReadWrite" |
createOption | Specifies how the virtual machine disk should be created. Possible values are Attach: This value is used when you are using a specialized disk to create the virtual machine. FromImage: This value is used when you are using an image to create the virtual machine data disk. If you are using a platform image, you should also use the imageReference element described above. If you are using a marketplace image, you should also use the plan element previously described. Empty: This value is used when creating an empty data disk. Copy: This value is used to create a data disk from a snapshot or another disk. Restore: This value is used to create a data disk from a disk restore point. | "Attach" "Copy" "Empty" "FromImage" "Restore" (required) |
deleteOption | Specifies whether data disk should be deleted or detached upon VM deletion. Possible values are: Delete. If this value is used, the data disk is deleted when VM is deleted. Detach. If this value is used, the data disk is retained after VM is deleted. The default value is set to Detach. | "Delete" "Detach" |
detachOption | Specifies the detach behavior to be used while detaching a disk or which is already in the process of detachment from the virtual machine. Supported values: ForceDetach. detachOption: ForceDetach is applicable only for managed data disks. If a previous detachment attempt of the data disk did not complete due to an unexpected failure from the virtual machine and the disk is still not released then use force-detach as a last resort option to detach the disk forcibly from the VM. All writes might not have been flushed when using this detach behavior. This feature is still in preview mode and is not supported for VirtualMachineScaleSet. To force-detach a data disk update toBeDetached to 'true' along with setting detachOption: 'ForceDetach'. | "ForceDetach" |
diskSizeGB | Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property 'diskSizeGB' is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023. | int |
image | The source user image virtual hard disk. The virtual hard disk will be copied before being attached to the virtual machine. If SourceImage is provided, the destination virtual hard drive must not exist. | VirtualHardDisk |
lun | Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. | int (required) |
managedDisk | The managed disk parameters. | ManagedDiskParameters |
name | The disk name. | string |
sourceResource | The source resource identifier. It can be a snapshot, or disk restore point from which to create a disk. | ApiEntityReference |
toBeDetached | Specifies whether the data disk is in process of detachment from the VirtualMachine/VirtualMachineScaleset | bool |
vhd | The virtual hard disk. | VirtualHardDisk |
writeAcceleratorEnabled | Specifies whether writeAccelerator should be enabled or disabled on the disk. | bool |
VirtualHardDisk
Name | Description | Value |
---|---|---|
uri | Specifies the virtual hard disk's uri. | string |
ManagedDiskParameters
Name | Description | Value |
---|---|---|
diskEncryptionSet | Specifies the customer managed disk encryption set resource id for the managed disk. | DiskEncryptionSetParameters |
id | Resource Id | string |
securityProfile | Specifies the security profile for the managed disk. | VMDiskSecurityProfile |
storageAccountType | Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. | "PremiumV2_LRS" "Premium_LRS" "Premium_ZRS" "StandardSSD_LRS" "StandardSSD_ZRS" "Standard_LRS" "UltraSSD_LRS" |
DiskEncryptionSetParameters
Name | Description | Value |
---|---|---|
id | Resource Id | string |
VMDiskSecurityProfile
Name | Description | Value |
---|---|---|
diskEncryptionSet | Specifies the customer managed disk encryption set resource id for the managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and VMGuest blob. | DiskEncryptionSetParameters |
securityEncryptionType | Specifies the EncryptionType of the managed disk. It is set to DiskWithVMGuestState for encryption of the managed disk along with VMGuestState blob, VMGuestStateOnly for encryption of just the VMGuestState blob, and NonPersistedTPM for not persisting firmware state in the VMGuestState blob.. Note: It can be set for only Confidential VMs. | "DiskWithVMGuestState" "NonPersistedTPM" "VMGuestStateOnly" |
ApiEntityReference
Name | Description | Value |
---|---|---|
id | The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/... | string |
ImageReference
Name | Description | Value |
---|---|---|
communityGalleryImageId | Specified the community gallery image unique id for vm deployment. This can be fetched from community gallery image GET call. | string |
id | Resource Id | string |
offer | Specifies the offer of the platform image or marketplace image used to create the virtual machine. | string |
publisher | The image publisher. | string |
sharedGalleryImageId | Specified the shared gallery image unique id for vm deployment. This can be fetched from shared gallery image GET call. | string |
sku | The image SKU. | string |
version | Specifies the version of the platform image or marketplace image used to create the virtual machine. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available. Please do not use field 'version' for gallery image deployment, gallery image should always use 'id' field for deployment, to use 'latest' version of gallery image, just set '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/images/{imageName}' in the 'id' field without version input. | string |
OSDisk
Name | Description | Value |
---|---|---|
caching | Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The defaulting behavior is: None for Standard storage. ReadOnly for Premium storage. | "None" "ReadOnly" "ReadWrite" |
createOption | Specifies how the virtual machine disk should be created. Possible values are Attach: This value is used when you are using a specialized disk to create the virtual machine. FromImage: This value is used when you are using an image to create the virtual machine. If you are using a platform image, you should also use the imageReference element described above. If you are using a marketplace image, you should also use the plan element previously described. | "Attach" "Copy" "Empty" "FromImage" "Restore" (required) |
deleteOption | Specifies whether OS Disk should be deleted or detached upon VM deletion. Possible values are: Delete. If this value is used, the OS disk is deleted when VM is deleted. Detach. If this value is used, the os disk is retained after VM is deleted. The default value is set to Detach. For an ephemeral OS Disk, the default value is set to Delete. The user cannot change the delete option for an ephemeral OS Disk. | "Delete" "Detach" |
diffDiskSettings | Specifies the ephemeral Disk Settings for the operating system disk used by the virtual machine. | DiffDiskSettings |
diskSizeGB | Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property 'diskSizeGB' is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023. | int |
encryptionSettings | Specifies the encryption settings for the OS Disk. Minimum api-version: 2015-06-15. | DiskEncryptionSettings |
image | The source user image virtual hard disk. The virtual hard disk will be copied before being attached to the virtual machine. If SourceImage is provided, the destination virtual hard drive must not exist. | VirtualHardDisk |
managedDisk | The managed disk parameters. | ManagedDiskParameters |
name | The disk name. | string |
osType | This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD. Possible values are: Windows, Linux. | "Linux" "Windows" |
vhd | The virtual hard disk. | VirtualHardDisk |
writeAcceleratorEnabled | Specifies whether writeAccelerator should be enabled or disabled on the disk. | bool |
DiffDiskSettings
Name | Description | Value |
---|---|---|
option | Specifies the ephemeral disk settings for operating system disk. | "Local" |
placement | Specifies the ephemeral disk placement for operating system disk. Possible values are: CacheDisk, ResourceDisk, NvmeDisk. The defaulting behavior is: CacheDisk if one is configured for the VM size otherwise ResourceDisk or NvmeDisk is used. Refer to the VM size documentation for Windows VM at /azure/virtual-machines/windows/sizes and Linux VM at /azure/virtual-machines/linux/sizes to check which VM sizes exposes a cache disk. Minimum api-version for NvmeDisk: 2024-03-01. | "CacheDisk" "NvmeDisk" "ResourceDisk" |
DiskEncryptionSettings
Name | Description | Value |
---|---|---|
diskEncryptionKey | Specifies the location of the disk encryption key, which is a Key Vault Secret. | KeyVaultSecretReference |
enabled | Specifies whether disk encryption should be enabled on the virtual machine. | bool |
keyEncryptionKey | Specifies the location of the key encryption key in Key Vault. | KeyVaultKeyReference |
KeyVaultSecretReference
Name | Description | Value |
---|---|---|
secretUrl | The URL referencing a secret in a Key Vault. | string (required) |
sourceVault | The relative URL of the Key Vault containing the secret. | SubResource (required) |
KeyVaultKeyReference
Name | Description | Value |
---|---|---|
keyUrl | The URL referencing a key encryption key in Key Vault. | string (required) |
sourceVault | The relative URL of the Key Vault containing the key. | SubResource (required) |