Creates a configurable virtual machine object.
[-VMName] <String>
[-VMSize] <String>
[[-AvailabilitySetId] <String>]
[[-LicenseType] <String>]
[-IdentityType] <ResourceIdentityType>
[-IdentityId <String[]>]
[-EncryptionIdentity <String>]
[-Zone <String[]>]
[-ProximityPlacementGroupId <String>]
[-HostId <String>]
[-VmssId <String>]
[-MaxPrice <Double>]
[-EvictionPolicy <String>]
[-Priority <String>]
[-Tags <Hashtable>]
[-CapacityReservationGroupId <String>]
[-ImageReferenceId <String>]
[-DiskControllerType <String>]
[-UserData <String>]
[-PlatformFaultDomain <Int32>]
[-vCPUCountAvailable <Int32>]
[-vCPUCountPerCore <Int32>]
[-SharedGalleryImageId <String>]
[-SecurityType <String>]
[-EnableVtpm <Boolean>]
[-EnableSecureBoot <Boolean>]
[-DefaultProfile <IAzureContextContainer>]
The New-AzVMConfig cmdlet creates a configurable local virtual machine object for Azure.
The following cmdlets are used to set different properties of the virtual machine object:
- Add-AzVMNetworkInterface to set the network profile.
- Set-AzVMOperatingSystem to set the OS profile.
- Set-AzVMSourceImage to set the source image.
- Set-AzVMOSDisk to set the OS disk (storage profile).
- Get-AzComputeResourceSku can also be used to find out available virtual machine sizes for your subscription and region.
See Quickstart: Create a Windows virtual machine in Azure with PowerShell for tutorial.
Example 1: Create a virtual machine resource
$rgname = "resourceGroupName";
$loc = "eastus";
New-AzResourceGroup -Name $rgname -Location $loc -Force;
# General Setup
$vmname = 'v' + $rgname;
$domainNameLabel = "d1" + $rgname;
$vmSize = 'Standard_DS3_v2';
$computerName = "c" + $rgname;
$securityTypeStnd = "Standard";
# Credential. Input Username and Password values
$user = "";
$securePassword = ConvertTo-SecureString -String "****" -AsPlainText -Force;
$cred = New-Object System.Management.Automation.PSCredential ($user, $securePassword);
# Creating a VMConfig
$vmconfig = New-AzVMConfig -VMName $vmname -vmsize $vmsize -SecurityType $securityTypeStnd;
# Set source image values
$publisherName = "MicrosoftWindowsServer";
$offer = "WindowsServer";
$sku = "2019-DataCenter";
$vmconfig = Set-AzVMSourceImage -VM $vmconfig -PublisherName $publisherName -Offer $offer -Skus $sku -Version 'latest';
# NRP Setup
$subnet = New-AzVirtualNetworkSubnetConfig -Name ('subnet' + $rgname) -AddressPrefix "";
$vnet = New-AzVirtualNetwork -Force -Name ('vnet' + $rgname) -ResourceGroupName $rgname -Location $loc -AddressPrefix "" -Subnet $subnet;
$vnet = Get-AzVirtualNetwork -Name ('vnet' + $rgname) -ResourceGroupName $rgname;
$subnetId = $vnet.Subnets[0].Id;
$pubip = New-AzPublicIpAddress -Force -Name ('pubip' + $rgname) -ResourceGroupName $rgname -Location $loc -AllocationMethod Static -DomainNameLabel $domainNameLabel;
$pubip = Get-AzPublicIpAddress -Name ('pubip' + $rgname) -ResourceGroupName $rgname;
$pubipId = $pubip.Id;
$nic = New-AzNetworkInterface -Force -Name ('nic' + $rgname) -ResourceGroupName $rgname -Location $loc -SubnetId $subnetId -PublicIpAddressId $pubip.Id;
$nic = Get-AzNetworkInterface -Name ('nic' + $rgname) -ResourceGroupName $rgname;
$nicId = $nic.Id;
$vmconfig = Add-AzVMNetworkInterface -VM $vmconfig -Id $nicId;
$vmconfig = Set-AzVMOperatingSystem -VM $vmconfig -Windows -ComputerName $computerName -Credential $cred;
# Create the VM
New-AzVM -ResourceGroupName $rgname -Location $loc -Vm $vmconfig;
$vm = Get-AzVM -ResourceGroupName $rgname -Name $vmname;
Example 2: Create a virtual machine object in a virtual machine scale set with fault domains setup
$rgname = "resourceGroupName";
$loc = "eastus";
$vmname = "vm" + $rgname;
New-AzResourceGroup -Name $rgname -Location $loc -Force;
$domainNameLabel = "d1" + $rgname;
$vmname = "v" + $rgname;
$vnetname = "myVnet";
$vnetAddress = "";
$subnetname = "slb" + $rgname;
$subnetAddress = "";
$vmssName = "vmss" + $rgname;
$faultDomainNumber = 2;
$vmssFaultDomain = 3;
$securityTypeStnd = "Standard";
$OSDiskName = $vmname + "-osdisk";
$NICName = $vmname+ "-nic";
$NSGName = $vmname + "-NSG";
$OSDiskSizeinGB = 128;
$VMSize = "Standard_DS2_v2";
$PublisherName = "MicrosoftWindowsServer";
$Offer = "WindowsServer";
$SKU = "2019-Datacenter";
# Credential. Input Username and Password values.
$user = "";
$securePassword = ConvertTo-SecureString -String "****" -AsPlainText -Force;
$cred = New-Object System.Management.Automation.PSCredential ($user, $securePassword);
$frontendSubnet = New-AzVirtualNetworkSubnetConfig -Name $subnetname -AddressPrefix $subnetAddress;
$vnet = New-AzVirtualNetwork -Name $vnetname -ResourceGroupName $rgname -Location $loc -AddressPrefix $vnetAddress -Subnet $frontendSubnet;
$vmssConfig = New-AzVmssConfig -Location $loc -PlatformFaultDomainCount $vmssFaultDomain -SecurityType $securityTypeStnd;
$vmss = New-AzVmss -ResourceGroupName $RGName -Name $VMSSName -VirtualMachineScaleSet $vmssConfig;
$nsgRuleRDP = New-AzNetworkSecurityRuleConfig -Name RDP -Protocol Tcp -Direction Inbound -Priority 1001 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389 -Access Allow;
$nsg = New-AzNetworkSecurityGroup -ResourceGroupName $RGName -Location $loc -Name $NSGName -SecurityRules $nsgRuleRDP;
$nic = New-AzNetworkInterface -Name $NICName -ResourceGroupName $RGName -Location $loc -SubnetId $vnet.Subnets[0].Id -NetworkSecurityGroupId $nsg.Id -EnableAcceleratedNetworking;
# VM
$vmConfig = New-AzVMConfig -VMName $vmName -VMSize $VMSize -VmssId $vmss.Id -PlatformFaultDomain $faultDomainNumber -SecurityType $securityTypeStnd;
Set-AzVMOperatingSystem -VM $vmConfig -Windows -ComputerName $vmName -Credential $cred ;
Set-AzVMOSDisk -VM $vmConfig -StorageAccountType "Premium_LRS" -Caching ReadWrite -Name $OSDiskName -DiskSizeInGB $OSDiskSizeinGB -CreateOption FromImage ;
Set-AzVMSourceImage -VM $vmConfig -PublisherName $PublisherName -Offer $Offer -Skus $SKU -Version latest ;
Add-AzVMNetworkInterface -VM $vmConfig -Id $nic.Id;
New-AzVM -ResourceGroupName $RGName -Location $loc -VM $vmConfig;
$vm = Get-AzVM -ResourceGroupName $rgname -Name $vmName;
Example 2: Create a VM using Virtual Machine Config object for TrustedLaunch Security Type, flags Vtpm and Secure Boot are set to True by default.
$rgname = "rgname";
$loc = "eastus";
New-AzResourceGroup -Name $rgname -Location $loc -Force;
# VM Profile & Hardware
$domainNameLabel = "d1" + $rgname;
$vmsize = 'Standard_D4s_v3';
$vmname = $rgname + 'Vm';
$securityType_TL = "TrustedLaunch";
$vnetname = "myVnet";
$vnetAddress = "";
$subnetname = "slb" + $rgname;
$subnetAddress = "";
$OSDiskName = $vmname + "-osdisk";
$NICName = $vmname+ "-nic";
$NSGName = $vmname + "-NSG";
$OSDiskSizeinGB = 128;
$PublisherName = "MicrosoftWindowsServer";
$Offer = "WindowsServer";
$SKU = "2016-datacenter-gensecond";
$disable = $false;
$enable = $true;
$extDefaultName = "GuestAttestation";
$vmGADefaultIDentity = "SystemAssigned";
# Credential
$securePassword = ConvertTo-SecureString -String "****" -AsPlainText -Force;
$user = <Username>;
$cred = New-Object System.Management.Automation.PSCredential ($user, $securePassword);
# Network resources
$frontendSubnet = New-AzVirtualNetworkSubnetConfig -Name $subnetname -AddressPrefix $subnetAddress;
$vnet = New-AzVirtualNetwork -Name $vnetname -ResourceGroupName $rgname -Location $loc -AddressPrefix $vnetAddress -Subnet $frontendSubnet;
$nsgRuleRDP = New-AzNetworkSecurityRuleConfig -Name RDP -Protocol Tcp -Direction Inbound -Priority 1001 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389 -Access Allow;
$nsg = New-AzNetworkSecurityGroup -ResourceGroupName $rgname -Location $loc -Name $NSGName -SecurityRules $nsgRuleRDP;
$nic = New-AzNetworkInterface -Name $NICName -ResourceGroupName $rgname -Location $loc -SubnetId $vnet.Subnets[0].Id -NetworkSecurityGroupId $nsg.Id -EnableAcceleratedNetworking;
# Configure Values using VMConfig Object
$vmConfig = New-AzVMConfig -VMName $vmname -VMSize $vmsize;
Set-AzVMOperatingSystem -VM $vmConfig -Windows -ComputerName $vmname -Credential $cred;
Set-AzVMSourceImage -VM $vmConfig -PublisherName $PublisherName -Offer $Offer -Skus $SKU -Version latest ;
Add-AzVMNetworkInterface -VM $vmConfig -Id $nic.Id;
# VM Creation using VMConfig for Trusted Launch SecurityType
$vmConfig = Set-AzVMSecurityProfile -VM $vmConfig -SecurityType $securityType_TL;
New-AzVM -ResourceGroupName $rgname -Location $loc -VM $vmConfig;
$vm = Get-AzVM -ResourceGroupName $rgname -Name $vmname;
# Validate that for -SecurityType "TrustedLaunch", "-Vtpm" and "-SecureBoot" are "Enabled/true"
#$vm.SecurityProfile.UefiSettings.VTpmEnabled $true;
#$vm.SecurityProfile.UefiSettings.SecureBootEnabled $true;
This example creates a VM using a VMConfig object for the TrustedLaunch Security Type and validates flags VtpmEnabled and SecureBootEnabled are true by default.
Specifies the ID of an availability set.
To obtain an availability set object, use the Get-AzAvailabilitySet cmdlet.
The availability set object contains an ID property.
Virtual machines specified in the same availability set are allocated to different nodes to maximize availability.
For more information about availability sets, see Manage the availability of virtual machines.
For more information on Azure planned maintenance, see Planned maintenance for virtual machines in Azure
Currently, a VM can only be added to availability set at creation time. The availability set to which the VM is being added should be under the same resource group as the availability set resource. An existing VM cannot be added to an availability set.
This property cannot exist along with a non-null properties.virtualMachineScaleSet reference.
Type: | String |
Position: | 2 |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Id of the capacity reservation Group that is used to allocate.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
The credentials, account, tenant, and subscription used for communication with azure.
Type: | IAzureContextContainer |
Aliases: | AzContext, AzureRmContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the disk controller type configured for the VM and VirtualMachineScaleSet. This property is only supported for virtual machines whose operating system disk and VM sku supports Generation 2 (, please check the HyperVGenerations capability returned as part of VM sku capabilities in the response of Microsoft.Compute SKUs api for the region contains V2 ( .
For more information about Disk Controller Types supported please refer to
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies whether secure boot should be enabled on the virtual machine.
Type: | Nullable<T>[Boolean] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Enables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine only if this property is enabled.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Specifies whether vTPM should be enabled on the virtual machine.
Type: | Nullable<T>[Boolean] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
EncryptionAtHost property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. Default: The Encryption at host will be disabled unless this property is set to true for the resource.
Type: | SwitchParameter |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the user identity associated with the virtual machine.That identity will be used for Azure Disk Encryption.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
The eviction policy for the Azure Spot virtual machine. Supported values are 'Deallocate' and 'Delete'.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
The flag that enables or disables hibernation capability on the VM.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
The Id of Host
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Specifies the list of user identities associated with the virtual machine scale set. The user identity references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/identities/{identityName}'
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
The identity of the virtual machine, if configured.
Type: | Nullable<T>[ResourceIdentityType] |
Accepted values: | SystemAssigned, UserAssigned, SystemAssignedUserAssigned, None |
Position: | 4 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specified the shared gallery image unique id for vm deployment. This can be fetched from shared gallery image GET call.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies a license type, which indicates that the image or disk for the virtual machine was licensed on-premises. Possible values for Windows Server are:
- Windows_Client
- Windows_Server
Possible values for Linux Server operating system are:
Type: | String |
Position: | 3 |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. This price will be compared with the current low priority price for the VM size. Also, the prices are compared at the time of create/update of low priority VM/VMSS and the operation will only succeed if the maxPrice is greater than the current low priority price. The maxPrice will also be used for evicting a low priority VM/VMSS if the current low priority price goes beyond the maxPrice after creation of VM/VMSS. Possible values are: any decimal value greater than zero. Example: 0.01538. -1 indicates that the low priority VM/VMSS should not be evicted for price reasons. Also, the default max price is -1 if it is not provided by you.
Type: | Double |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Specifies the fault domain of the virtual machine.
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
The priority for the virtual machine. Only supported values are 'Regular', 'Spot' and 'Low'. 'Regular' is for regular virtual machine. 'Spot' is for spot virtual machine. 'Low' is also for spot virtual machine but is replaced by 'Spot'. Please use 'Spot' instead of 'Low'.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
The resource id of the Proximity Placement Group to use with this virtual machine.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UefiSettings. By default, UefiSettings will not be enabled unless this property is set.
Type: | String |
Accepted values: | TrustedLaunch, ConfidentialVM, Standard |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Specified the shared gallery image unique id for vm deployment. This can be fetched from shared gallery image GET call.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
The tags attached to the resource.
Type: | Hashtable |
Aliases: | Tag |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
UserData for the VM, which will be base-64 encoded. Customer should not pass any secrets in here.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Specifies the number of vCPUs available for the VM. When this property is not specified in the request body the default behavior is to set it to the value of vCPUs available for that VM size exposed in api response of List all available virtual machine sizes in a region.
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Specifies the vCPU to physical core ratio. When this property is not specified in the request body the default behavior is set to the value of vCPUsPerCore for the VM Size exposed in api response of List all available virtual machine sizes in a region. Setting this property to 1 also means that hyper-threading is disabled.
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Specifies a name for the virtual machine.
Type: | String |
Aliases: | ResourceName, Name |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Specifies the size for the virtual machine. Get-AzComputeResourceSku can be used to find out available sizes for your subscription and region.
Type: | String |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
The Id of virtual machine scale set
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Specifies the availability zone for the virtual machine. Although it takes in an array of zones, virtual machines do not support multiple availability zones. The allowed value depends on the capabilities of the region. Allowed value will normally be 1, 2, or 3. More information on Azure availability zones.
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |