Share via


Microsoft.Compute virtualMachines

Bicep resource definition

The virtualMachines resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Compute/virtualMachines resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Compute/virtualMachines@2025-04-01' = {
  scope: resourceSymbolicName or scope
  extendedLocation: {
    name: 'string'
    type: 'string'
  }
  identity: {
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  location: 'string'
  name: 'string'
  placement: {
    excludeZones: [
      'string'
    ]
    includeZones: [
      'string'
    ]
    zonePlacementPolicy: 'string'
  }
  plan: {
    name: 'string'
    product: 'string'
    promotionCode: 'string'
    publisher: 'string'
  }
  properties: {
    additionalCapabilities: {
      enableFips1403Encryption: bool
      hibernationEnabled: bool
      ultraSSDEnabled: bool
    }
    applicationProfile: {
      galleryApplications: [
        {
          configurationReference: 'string'
          enableAutomaticUpgrade: bool
          order: int
          packageReferenceId: 'string'
          tags: 'string'
          treatFailureAsDeploymentFailure: bool
        }
      ]
    }
    availabilitySet: {
      id: 'string'
    }
    billingProfile: {
      maxPrice: int
    }
    capacityReservation: {
      capacityReservationGroup: {
        id: 'string'
      }
    }
    diagnosticsProfile: {
      bootDiagnostics: {
        enabled: bool
        storageUri: 'string'
      }
    }
    evictionPolicy: 'string'
    extensionsTimeBudget: 'string'
    hardwareProfile: {
      vmSize: 'string'
      vmSizeProperties: {
        vCPUsAvailable: int
        vCPUsPerCore: int
      }
    }
    host: {
      id: 'string'
    }
    hostGroup: {
      id: 'string'
    }
    licenseType: 'string'
    networkProfile: {
      networkApiVersion: 'string'
      networkInterfaceConfigurations: [
        {
          name: 'string'
          properties: {
            auxiliaryMode: 'string'
            auxiliarySku: 'string'
            deleteOption: 'string'
            disableTcpStateTracking: bool
            dnsSettings: {
              dnsServers: [
                'string'
              ]
            }
            dscpConfiguration: {
              id: 'string'
            }
            enableAcceleratedNetworking: bool
            enableFpga: bool
            enableIPForwarding: bool
            ipConfigurations: [
              {
                name: 'string'
                properties: {
                  applicationGatewayBackendAddressPools: [
                    {
                      id: 'string'
                    }
                  ]
                  applicationSecurityGroups: [
                    {
                      id: 'string'
                    }
                  ]
                  loadBalancerBackendAddressPools: [
                    {
                      id: 'string'
                    }
                  ]
                  primary: bool
                  privateIPAddressVersion: 'string'
                  publicIPAddressConfiguration: {
                    name: 'string'
                    properties: {
                      deleteOption: 'string'
                      dnsSettings: {
                        domainNameLabel: 'string'
                        domainNameLabelScope: 'string'
                      }
                      idleTimeoutInMinutes: int
                      ipTags: [
                        {
                          ipTagType: 'string'
                          tag: 'string'
                        }
                      ]
                      publicIPAddressVersion: 'string'
                      publicIPAllocationMethod: 'string'
                      publicIPPrefix: {
                        id: 'string'
                      }
                    }
                    sku: {
                      name: 'string'
                      tier: 'string'
                    }
                    tags: {
                      {customized property}: 'string'
                    }
                  }
                  subnet: {
                    id: 'string'
                  }
                }
              }
            ]
            networkSecurityGroup: {
              id: 'string'
            }
            primary: bool
          }
          tags: {
            {customized property}: 'string'
          }
        }
      ]
      networkInterfaces: [
        {
          id: 'string'
          properties: {
            deleteOption: 'string'
            primary: bool
          }
        }
      ]
    }
    osProfile: {
      adminPassword: 'string'
      adminUsername: 'string'
      allowExtensionOperations: bool
      computerName: 'string'
      customData: 'string'
      linuxConfiguration: {
        disablePasswordAuthentication: bool
        enableVMAgentPlatformUpdates: bool
        patchSettings: {
          assessmentMode: 'string'
          automaticByPlatformSettings: {
            bypassPlatformSafetyChecksOnUserSchedule: bool
            rebootSetting: 'string'
          }
          patchMode: 'string'
        }
        provisionVMAgent: bool
        ssh: {
          publicKeys: [
            {
              keyData: 'string'
              path: 'string'
            }
          ]
        }
      }
      requireGuestProvisionSignal: bool
      secrets: [
        {
          sourceVault: {
            id: 'string'
          }
          vaultCertificates: [
            {
              certificateStore: 'string'
              certificateUrl: 'string'
            }
          ]
        }
      ]
      windowsConfiguration: {
        additionalUnattendContent: [
          {
            componentName: 'Microsoft-Windows-Shell-Setup'
            content: 'string'
            passName: 'OobeSystem'
            settingName: 'string'
          }
        ]
        enableAutomaticUpdates: bool
        patchSettings: {
          assessmentMode: 'string'
          automaticByPlatformSettings: {
            bypassPlatformSafetyChecksOnUserSchedule: bool
            rebootSetting: 'string'
          }
          enableHotpatching: bool
          patchMode: 'string'
        }
        provisionVMAgent: bool
        timeZone: 'string'
        winRM: {
          listeners: [
            {
              certificateUrl: 'string'
              protocol: 'string'
            }
          ]
        }
      }
    }
    platformFaultDomain: int
    priority: 'string'
    proximityPlacementGroup: {
      id: 'string'
    }
    scheduledEventsPolicy: {
      allInstancesDown: {
        automaticallyApprove: bool
      }
      scheduledEventsAdditionalPublishingTargets: {
        eventGridAndResourceGraph: {
          enable: bool
          scheduledEventsApiVersion: 'string'
        }
      }
      userInitiatedReboot: {
        automaticallyApprove: bool
      }
      userInitiatedRedeploy: {
        automaticallyApprove: bool
      }
    }
    scheduledEventsProfile: {
      osImageNotificationProfile: {
        enable: bool
        notBeforeTimeout: 'string'
      }
      terminateNotificationProfile: {
        enable: bool
        notBeforeTimeout: 'string'
      }
    }
    securityProfile: {
      encryptionAtHost: bool
      encryptionIdentity: {
        userAssignedIdentityResourceId: 'string'
      }
      proxyAgentSettings: {
        addProxyAgentExtension: bool
        enabled: bool
        imds: {
          inVMAccessControlProfileReferenceId: 'string'
          mode: 'string'
        }
        keyIncarnationId: int
        mode: 'string'
        wireServer: {
          inVMAccessControlProfileReferenceId: 'string'
          mode: 'string'
        }
      }
      securityType: 'string'
      uefiSettings: {
        secureBootEnabled: bool
        vTpmEnabled: bool
      }
    }
    storageProfile: {
      alignRegionalDisksToVMZone: bool
      dataDisks: [
        {
          caching: 'string'
          createOption: 'string'
          deleteOption: 'string'
          detachOption: 'string'
          diskIOPSReadWrite: int
          diskMBpsReadWrite: int
          diskSizeGB: int
          image: {
            uri: 'string'
          }
          lun: int
          managedDisk: {
            diskEncryptionSet: {
              id: 'string'
            }
            id: 'string'
            securityProfile: {
              diskEncryptionSet: {
                id: 'string'
              }
              securityEncryptionType: 'string'
            }
            storageAccountType: 'string'
          }
          name: 'string'
          sourceResource: {
            id: 'string'
          }
          toBeDetached: bool
          vhd: {
            uri: 'string'
          }
          writeAcceleratorEnabled: bool
        }
      ]
      diskControllerType: 'string'
      imageReference: {
        communityGalleryImageId: 'string'
        id: 'string'
        offer: 'string'
        publisher: 'string'
        sharedGalleryImageId: 'string'
        sku: 'string'
        version: 'string'
      }
      osDisk: {
        caching: 'string'
        createOption: 'string'
        deleteOption: 'string'
        diffDiskSettings: {
          option: 'string'
          placement: 'string'
        }
        diskSizeGB: int
        encryptionSettings: {
          diskEncryptionKey: {
            secretUrl: 'string'
            sourceVault: {
              id: 'string'
            }
          }
          enabled: bool
          keyEncryptionKey: {
            keyUrl: 'string'
            sourceVault: {
              id: 'string'
            }
          }
        }
        image: {
          uri: 'string'
        }
        managedDisk: {
          diskEncryptionSet: {
            id: 'string'
          }
          id: 'string'
          securityProfile: {
            diskEncryptionSet: {
              id: 'string'
            }
            securityEncryptionType: 'string'
          }
          storageAccountType: 'string'
        }
        name: 'string'
        osType: 'string'
        vhd: {
          uri: 'string'
        }
        writeAcceleratorEnabled: bool
      }
    }
    userData: 'string'
    virtualMachineScaleSet: {
      id: 'string'
    }
  }
  tags: {
    {customized property}: 'string'
  }
  zones: [
    'string'
  ]
}

Property Values

Microsoft.Compute/virtualMachines

Name Description Value
extendedLocation The extended location of the Virtual Machine. ExtendedLocation
identity The identity of the virtual machine, if configured. VirtualMachineIdentity
location The geo-location where the resource lives string (required)
name The resource name string (required)
placement Placement section specifies the user-defined constraints for virtual machine hardware placement. This property cannot be changed once VM is provisioned. Minimum api-version: 2024-11-01. Placement
plan Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. In the Azure portal, find the marketplace image that you want to use and then click Want to deploy programmatically, Get Started ->. Enter any required information and then click Save. Plan
properties Describes the properties of a Virtual Machine. VirtualMachineProperties
scope Use when creating a resource at a scope that is different than the deployment scope. Set this property to the symbolic name of a resource to apply the extension resource.
tags Resource tags Dictionary of tag names and values. See Tags in templates
zones The availability zones. string[]

AdditionalCapabilities

Name Description Value
enableFips1403Encryption The flag enables the usage of FIPS 140-3 compliant cryptography on the protectedSettings of an extension. Learn more at: https://aka.ms/linuxagentfipssupport. bool
hibernationEnabled The flag that enables or disables hibernation capability on the VM. bool
ultraSSDEnabled The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. bool

AdditionalUnattendContent

Name Description Value
componentName The component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup. 'Microsoft-Windows-Shell-Setup'
content Specifies the XML formatted content that is added to the unattend.xml file for the specified path and component. The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted. string
passName The pass name. Currently, the only allowable value is OobeSystem. 'OobeSystem'
settingName Specifies the name of the setting to which the content applies. Possible values are: FirstLogonCommands and AutoLogon. 'AutoLogon'
'FirstLogonCommands'

AllInstancesDown

Name Description Value
automaticallyApprove Specifies if Scheduled Events should be auto-approved when all instances are down.
its default value is true
bool

ApiEntityReference

Name Description Value
id The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/... string

ApplicationProfile

Name Description Value
galleryApplications Specifies the gallery applications that should be made available to the VM/VMSS VMGalleryApplication[]

BillingProfile

Name Description Value
maxPrice Specifies the maximum price you are willing to pay for a Azure Spot VM/VMSS. This price is in US Dollars.

This price will be compared with the current Azure Spot price for the VM size. Also, the prices are compared at the time of create/update of Azure Spot VM/VMSS and the operation will only succeed if the maxPrice is greater than the current Azure Spot price.

The maxPrice will also be used for evicting a Azure Spot VM/VMSS if the current Azure Spot price goes beyond the maxPrice after creation of VM/VMSS.

Possible values are:

- Any decimal value greater than zero. Example: 0.01538

-1 – indicates default price to be up-to on-demand.

You can set the maxPrice to -1 to indicate that the Azure Spot VM/VMSS should not be evicted for price reasons. Also, the default max price is -1 if it is not provided by you.

Minimum api-version: 2019-03-01.
int

BootDiagnostics

Name Description Value
enabled Whether boot diagnostics should be enabled on the Virtual Machine. bool
storageUri Uri of the storage account to use for placing the console output and screenshot. If storageUri is not specified while enabling boot diagnostics, managed storage will be used. string

CapacityReservationProfile

Name Description Value
capacityReservationGroup Specifies the capacity reservation group resource id that should be used for allocating the virtual machine or scaleset vm instances provided enough capacity has been reserved. Please refer to https://aka.ms/CapacityReservation for more details. SubResource

DataDisk

Name Description Value
caching Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The defaulting behavior is: None for Standard storage. ReadOnly for Premium storage. 'None'
'ReadOnly'
'ReadWrite'
createOption Specifies how the virtual machine disk should be created. Possible values are Attach: This value is used when you are using a specialized disk to create the virtual machine. FromImage: This value is used when you are using an image to create the virtual machine data disk. If you are using a platform image, you should also use the imageReference element described above. If you are using a marketplace image, you should also use the plan element previously described. Empty: This value is used when creating an empty data disk. Copy: This value is used to create a data disk from a snapshot or another disk. Restore: This value is used to create a data disk from a disk restore point. 'Attach'
'Copy'
'Empty'
'FromImage'
'Restore' (required)
deleteOption Specifies whether data disk should be deleted or detached upon VM deletion. Possible values are: Delete. If this value is used, the data disk is deleted when VM is deleted. Detach. If this value is used, the data disk is retained after VM is deleted. The default value is set to Detach. 'Delete'
'Detach'
detachOption Specifies the detach behavior to be used while detaching a disk or which is already in the process of detachment from the virtual machine. Supported values: ForceDetach. detachOption: ForceDetach is applicable only for managed data disks. If a previous detachment attempt of the data disk did not complete due to an unexpected failure from the virtual machine and the disk is still not released then use force-detach as a last resort option to detach the disk forcibly from the VM. All writes might not have been flushed when using this detach behavior. This feature is still in preview. To force-detach a data disk update toBeDetached to 'true' along with setting detachOption: 'ForceDetach'. 'ForceDetach'
diskIOPSReadWrite Specifies the Read-Write IOPS for the managed disk when StorageAccountType is UltraSSD_LRS. int
diskMBpsReadWrite Specifies the bandwidth in MB per second for the managed disk when StorageAccountType is UltraSSD_LRS. int
diskSizeGB Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property 'diskSizeGB' is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023. int
image The source user image virtual hard disk. The virtual hard disk will be copied before being attached to the virtual machine. If SourceImage is provided, the destination virtual hard drive must not exist. VirtualHardDisk
lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. int (required)
managedDisk The managed disk parameters. ManagedDiskParameters
name The disk name. string
sourceResource The source resource identifier. It can be a snapshot, or disk restore point from which to create a disk. ApiEntityReference
toBeDetached Specifies whether the data disk is in process of detachment from the VirtualMachine/VirtualMachineScaleset bool
vhd The virtual hard disk. VirtualHardDisk
writeAcceleratorEnabled Specifies whether writeAccelerator should be enabled or disabled on the disk. bool

DiagnosticsProfile

Name Description Value
bootDiagnostics Boot Diagnostics is a debugging feature which allows you to view Console Output and Screenshot to diagnose VM status. NOTE: If storageUri is being specified then ensure that the storage account is in the same region and subscription as the VM. You can easily view the output of your console log. Azure also enables you to see a screenshot of the VM from the hypervisor. BootDiagnostics

DiffDiskSettings

Name Description Value
option Specifies the ephemeral disk settings for operating system disk. 'Local'
placement Specifies the ephemeral disk placement for operating system disk. Possible values are: CacheDisk, ResourceDisk, NvmeDisk. The defaulting behavior is: CacheDisk if one is configured for the VM size otherwise ResourceDisk or NvmeDisk is used. Refer to the VM size documentation for Windows VM at /azure/virtual-machines/windows/sizes and Linux VM at /azure/virtual-machines/linux/sizes to check which VM sizes exposes a cache disk. Minimum api-version for NvmeDisk: 2024-03-01. 'CacheDisk'
'NvmeDisk'
'ResourceDisk'

DiskEncryptionSetParameters

Name Description Value
id Resource Id string

DiskEncryptionSettings

Name Description Value
diskEncryptionKey Specifies the location of the disk encryption key, which is a Key Vault Secret. KeyVaultSecretReference
enabled Specifies whether disk encryption should be enabled on the virtual machine. bool
keyEncryptionKey Specifies the location of the key encryption key in Key Vault. KeyVaultKeyReference

EncryptionIdentity

Name Description Value
userAssignedIdentityResourceId Specifies ARM Resource ID of one of the user identities associated with the VM. string

EventGridAndResourceGraph

Name Description Value
enable Specifies if event grid and resource graph is enabled for Scheduled event related configurations. bool
scheduledEventsApiVersion Specifies the api-version to determine which Scheduled Events configuration schema version will be delivered. string

ExtendedLocation

Name Description Value
name The name of the extended location. string
type The type of the extended location. 'EdgeZone'

HardwareProfile

Name Description Value
vmSize Specifies the size of the virtual machine. The enum data type is currently deprecated and will be removed by December 23rd 2023. The recommended way to get the list of available sizes is using these APIs: List all available virtual machine sizes in an availability set, List all available virtual machine sizes in a region, List all available virtual machine sizes for resizing. For more information about virtual machine sizes, see Sizes for virtual machines. The available VM sizes depend on region and availability set. 'Basic_A0'
'Basic_A1'
'Basic_A2'
'Basic_A3'
'Basic_A4'
'Standard_A0'
'Standard_A1'
'Standard_A10'
'Standard_A11'
'Standard_A1_v2'
'Standard_A2'
'Standard_A2m_v2'
'Standard_A2_v2'
'Standard_A3'
'Standard_A4'
'Standard_A4m_v2'
'Standard_A4_v2'
'Standard_A5'
'Standard_A6'
'Standard_A7'
'Standard_A8'
'Standard_A8m_v2'
'Standard_A8_v2'
'Standard_A9'
'Standard_B1ms'
'Standard_B1s'
'Standard_B2ms'
'Standard_B2s'
'Standard_B4ms'
'Standard_B8ms'
'Standard_D1'
'Standard_D11'
'Standard_D11_v2'
'Standard_D12'
'Standard_D12_v2'
'Standard_D13'
'Standard_D13_v2'
'Standard_D14'
'Standard_D14_v2'
'Standard_D15_v2'
'Standard_D16s_v3'
'Standard_D16_v3'
'Standard_D1_v2'
'Standard_D2'
'Standard_D2s_v3'
'Standard_D2_v2'
'Standard_D2_v3'
'Standard_D3'
'Standard_D32s_v3'
'Standard_D32_v3'
'Standard_D3_v2'
'Standard_D4'
'Standard_D4s_v3'
'Standard_D4_v2'
'Standard_D4_v3'
'Standard_D5_v2'
'Standard_D64s_v3'
'Standard_D64_v3'
'Standard_D8s_v3'
'Standard_D8_v3'
'Standard_DS1'
'Standard_DS11'
'Standard_DS11_v2'
'Standard_DS12'
'Standard_DS12_v2'
'Standard_DS13'
'Standard_DS13-2_v2'
'Standard_DS13-4_v2'
'Standard_DS13_v2'
'Standard_DS14'
'Standard_DS14-4_v2'
'Standard_DS14-8_v2'
'Standard_DS14_v2'
'Standard_DS15_v2'
'Standard_DS1_v2'
'Standard_DS2'
'Standard_DS2_v2'
'Standard_DS3'
'Standard_DS3_v2'
'Standard_DS4'
'Standard_DS4_v2'
'Standard_DS5_v2'
'Standard_E16s_v3'
'Standard_E16_v3'
'Standard_E2s_v3'
'Standard_E2_v3'
'Standard_E32-16_v3'
'Standard_E32-8s_v3'
'Standard_E32s_v3'
'Standard_E32_v3'
'Standard_E4s_v3'
'Standard_E4_v3'
'Standard_E64-16s_v3'
'Standard_E64-32s_v3'
'Standard_E64s_v3'
'Standard_E64_v3'
'Standard_E8s_v3'
'Standard_E8_v3'
'Standard_F1'
'Standard_F16'
'Standard_F16s'
'Standard_F16s_v2'
'Standard_F1s'
'Standard_F2'
'Standard_F2s'
'Standard_F2s_v2'
'Standard_F32s_v2'
'Standard_F4'
'Standard_F4s'
'Standard_F4s_v2'
'Standard_F64s_v2'
'Standard_F72s_v2'
'Standard_F8'
'Standard_F8s'
'Standard_F8s_v2'
'Standard_G1'
'Standard_G2'
'Standard_G3'
'Standard_G4'
'Standard_G5'
'Standard_GS1'
'Standard_GS2'
'Standard_GS3'
'Standard_GS4'
'Standard_GS4-4'
'Standard_GS4-8'
'Standard_GS5'
'Standard_GS5-16'
'Standard_GS5-8'
'Standard_H16'
'Standard_H16m'
'Standard_H16mr'
'Standard_H16r'
'Standard_H8'
'Standard_H8m'
'Standard_L16s'
'Standard_L32s'
'Standard_L4s'
'Standard_L8s'
'Standard_M128-32ms'
'Standard_M128-64ms'
'Standard_M128ms'
'Standard_M128s'
'Standard_M64-16ms'
'Standard_M64-32ms'
'Standard_M64ms'
'Standard_M64s'
'Standard_NC12'
'Standard_NC12s_v2'
'Standard_NC12s_v3'
'Standard_NC24'
'Standard_NC24r'
'Standard_NC24rs_v2'
'Standard_NC24rs_v3'
'Standard_NC24s_v2'
'Standard_NC24s_v3'
'Standard_NC6'
'Standard_NC6s_v2'
'Standard_NC6s_v3'
'Standard_ND12s'
'Standard_ND24rs'
'Standard_ND24s'
'Standard_ND6s'
'Standard_NV12'
'Standard_NV24'
'Standard_NV6'
vmSizeProperties Specifies the properties for customizing the size of the virtual machine. Minimum api-version: 2021-07-01. This feature is still in preview mode and is not supported for VirtualMachineScaleSet. Please follow the instructions in VM Customization for more details. VMSizeProperties

HostEndpointSettings

Name Description Value
inVMAccessControlProfileReferenceId Specifies the InVMAccessControlProfileVersion resource id in the format of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/inVMAccessControlProfiles/{profile}/versions/{version} string
mode Specifies the execution mode. In Audit mode, the system acts as if it is enforcing the access control policy, including emitting access denial entries in the logs but it does not actually deny any requests to host endpoints. In Enforce mode, the system will enforce the access control and it is the recommended mode of operation. 'Audit'
'Disabled'
'Enforce'

ImageReference

Name Description Value
communityGalleryImageId Specified the community gallery image unique id for vm deployment. This can be fetched from community gallery image GET call. string
id Resource Id string
offer Specifies the offer of the platform image or marketplace image used to create the virtual machine. string
publisher The image publisher. string
sharedGalleryImageId Specified the shared gallery image unique id for vm deployment. This can be fetched from shared gallery image GET call. string
sku The image SKU. string
version Specifies the version of the platform image or marketplace image used to create the virtual machine. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available. Please do not use field 'version' for gallery image deployment, gallery image should always use 'id' field for deployment, to use 'latest' version of gallery image, just set '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/images/{imageName}' in the 'id' field without version input. string

KeyVaultKeyReference

Name Description Value
keyUrl The URL referencing a key encryption key in Key Vault. string (required)
sourceVault The relative URL of the Key Vault containing the key. SubResource (required)

KeyVaultSecretReference

Name Description Value
secretUrl The URL referencing a secret in a Key Vault. string (required)
sourceVault The relative URL of the Key Vault containing the secret. SubResource (required)

LinuxConfiguration

Name Description Value
disablePasswordAuthentication Specifies whether password authentication should be disabled. bool
enableVMAgentPlatformUpdates Indicates whether VMAgent Platform Updates is enabled for the Linux virtual machine. Default value is false. bool
patchSettings [Preview Feature] Specifies settings related to VM Guest Patching on Linux. LinuxPatchSettings
provisionVMAgent Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. bool
ssh Specifies the ssh key configuration for a Linux OS. SshConfiguration

LinuxPatchSettings

Name Description Value
assessmentMode Specifies the mode of VM Guest Patch Assessment for the IaaS virtual machine.

Possible values are:

ImageDefault - You control the timing of patch assessments on a virtual machine.

AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true.
'AutomaticByPlatform'
'ImageDefault'
automaticByPlatformSettings Specifies additional settings for patch mode AutomaticByPlatform in VM Guest Patching on Linux. LinuxVMGuestPatchAutomaticByPlatformSettings
patchMode Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible.

Possible values are:

ImageDefault - The virtual machine's default patching configuration is used.

AutomaticByPlatform - The virtual machine will be automatically updated by the platform. The property provisionVMAgent must be true
'AutomaticByPlatform'
'ImageDefault'

LinuxVMGuestPatchAutomaticByPlatformSettings

Name Description Value
bypassPlatformSafetyChecksOnUserSchedule Enables customer to schedule patching without accidental upgrades bool
rebootSetting Specifies the reboot setting for all AutomaticByPlatform patch installation operations. 'Always'
'IfRequired'
'Never'
'Unknown'

ManagedDiskParameters

Name Description Value
diskEncryptionSet Specifies the customer managed disk encryption set resource id for the managed disk. DiskEncryptionSetParameters
id Resource Id string
securityProfile Specifies the security profile for the managed disk. VMDiskSecurityProfile
storageAccountType Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. 'PremiumV2_LRS'
'Premium_LRS'
'Premium_ZRS'
'StandardSSD_LRS'
'StandardSSD_ZRS'
'Standard_LRS'
'UltraSSD_LRS'

NetworkInterfaceReference

Name Description Value
id Resource Id string
properties Describes a network interface reference properties. NetworkInterfaceReferenceProperties

NetworkInterfaceReferenceProperties

Name Description Value
deleteOption Specify what happens to the network interface when the VM is deleted 'Delete'
'Detach'
primary Specifies the primary network interface in case the virtual machine has more than 1 network interface. bool

NetworkProfile

Name Description Value
networkApiVersion specifies the Microsoft.Network API version used when creating networking resources in the Network Interface Configurations '2020-11-01'
'2022-11-01'
networkInterfaceConfigurations Specifies the networking configurations that will be used to create the virtual machine networking resources. VirtualMachineNetworkInterfaceConfiguration[]
networkInterfaces Specifies the list of resource Ids for the network interfaces associated with the virtual machine. NetworkInterfaceReference[]

OSDisk

Name Description Value
caching Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The defaulting behavior is: None for Standard storage. ReadOnly for Premium storage. 'None'
'ReadOnly'
'ReadWrite'
createOption Specifies how the virtual machine disk should be created. Possible values are Attach: This value is used when you are using a specialized disk to create the virtual machine. FromImage: This value is used when you are using an image to create the virtual machine. If you are using a platform image, you should also use the imageReference element described above. If you are using a marketplace image, you should also use the plan element previously described. 'Attach'
'Copy'
'Empty'
'FromImage'
'Restore' (required)
deleteOption Specifies whether OS Disk should be deleted or detached upon VM deletion. Possible values are: Delete. If this value is used, the OS disk is deleted when VM is deleted. Detach. If this value is used, the os disk is retained after VM is deleted. The default value is set to Detach. For an ephemeral OS Disk, the default value is set to Delete. The user cannot change the delete option for an ephemeral OS Disk. 'Delete'
'Detach'
diffDiskSettings Specifies the ephemeral Disk Settings for the operating system disk used by the virtual machine. DiffDiskSettings
diskSizeGB Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property 'diskSizeGB' is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023. int
encryptionSettings Specifies the encryption settings for the OS Disk. Minimum api-version: 2015-06-15. DiskEncryptionSettings
image The source user image virtual hard disk. The virtual hard disk will be copied before being attached to the virtual machine. If SourceImage is provided, the destination virtual hard drive must not exist. VirtualHardDisk
managedDisk The managed disk parameters. ManagedDiskParameters
name The disk name. string
osType This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD. Possible values are: Windows, Linux. 'Linux'
'Windows'
vhd The virtual hard disk. VirtualHardDisk
writeAcceleratorEnabled Specifies whether writeAccelerator should be enabled or disabled on the disk. bool

OSImageNotificationProfile

Name Description Value
enable Specifies whether the OS Image Scheduled event is enabled or disabled. bool
notBeforeTimeout Length of time a Virtual Machine being reimaged or having its OS upgraded will have to potentially approve the OS Image Scheduled Event before the event is auto approved (timed out). The configuration is specified in ISO 8601 format, and the value must be 15 minutes (PT15M) string

OSProfile

Name Description Value
adminPassword Specifies the password of the administrator account.

Minimum-length (Windows): 8 characters

Minimum-length (Linux): 6 characters

Max-length (Windows): 123 characters

Max-length (Linux): 72 characters

Complexity requirements: 3 out of 4 conditions below need to be fulfilled
Has lower characters
Has upper characters
Has a digit
Has a special character (Regex match [\W_])

Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!"

For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM

For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension
string

Constraints:
Sensitive value. Pass in as a secure parameter.
adminUsername Specifies the name of the administrator account.

This property cannot be updated after the VM is created.

Windows-only restriction: Cannot end in "."

Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5".

Minimum-length (Linux): 1 character

Max-length (Linux): 64 characters

Max-length (Windows): 20 characters.
string
allowExtensionOperations Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine. bool
computerName Specifies the host OS name of the virtual machine. This name cannot be updated after the VM is created. Max-length (Windows): 15 characters. Max-length (Linux): 64 characters. For naming conventions and restrictions see Azure infrastructure services implementation guidelines. string
customData Specifies a base-64 encoded string of custom data. The base-64 encoded string is decoded to a binary array that is saved as a file on the Virtual Machine. The maximum length of the binary array is 65535 bytes. Note: Do not pass any secrets or passwords in customData property. This property cannot be updated after the VM is created. The property 'customData' is passed to the VM to be saved as a file, for more information see Custom Data on Azure VMs. For using cloud-init for your Linux VM, see Using cloud-init to customize a Linux VM during creation. string
linuxConfiguration Specifies the Linux operating system settings on the virtual machine. For a list of supported Linux distributions, see Linux on Azure-Endorsed Distributions. LinuxConfiguration
requireGuestProvisionSignal Optional property which must either be set to True or omitted. bool
secrets Specifies set of certificates that should be installed onto the virtual machine. To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. VaultSecretGroup[]
windowsConfiguration Specifies Windows operating system settings on the virtual machine. WindowsConfiguration

PatchSettings

Name Description Value
assessmentMode Specifies the mode of VM Guest patch assessment for the IaaS virtual machine.

Possible values are:

ImageDefault - You control the timing of patch assessments on a virtual machine.

AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true.
'AutomaticByPlatform'
'ImageDefault'
automaticByPlatformSettings Specifies additional settings for patch mode AutomaticByPlatform in VM Guest Patching on Windows. WindowsVMGuestPatchAutomaticByPlatformSettings
enableHotpatching Enables customers to patch their Azure VMs without requiring a reboot. For enableHotpatching, the 'provisionVMAgent' must be set to true and 'patchMode' must be set to 'AutomaticByPlatform'. bool
patchMode Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible.

Possible values are:

Manual - You control the application of patches to a virtual machine. You do this by applying patches manually inside the VM. In this mode, automatic updates are disabled; the property WindowsConfiguration.enableAutomaticUpdates must be false

AutomaticByOS - The virtual machine will automatically be updated by the OS. The property WindowsConfiguration.enableAutomaticUpdates must be true.

AutomaticByPlatform - the virtual machine will automatically updated by the platform. The properties provisionVMAgent and WindowsConfiguration.enableAutomaticUpdates must be true
'AutomaticByOS'
'AutomaticByPlatform'
'Manual'

Placement

Name Description Value
excludeZones This property supplements the 'zonePlacementPolicy' property. If 'zonePlacementPolicy' is set to 'Any'/'Auto', availability zone selected by the system must not be present in the list of availability zones passed with 'excludeZones'. If 'excludeZones' is not provided, all availability zones in region will be considered for selection. string[]
includeZones This property supplements the 'zonePlacementPolicy' property. If 'zonePlacementPolicy' is set to 'Any'/'Auto', availability zone selected by the system must be present in the list of availability zones passed with 'includeZones'. If 'includeZones' is not provided, all availability zones in region will be considered for selection. string[]
zonePlacementPolicy Specifies the policy for resource's placement in availability zone. Possible values are: Any (used for Virtual Machines), Auto (used for Virtual Machine Scale Sets) - An availability zone will be automatically picked by system as part of resource creation. 'Any'
'Auto'

Plan

Name Description Value
name The plan ID. string
product Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. string
promotionCode The promotion code. string
publisher The publisher ID. string

ProxyAgentSettings

Name Description Value
addProxyAgentExtension Specify whether to implicitly install the ProxyAgent Extension. This option is currently applicable only for Linux Os. bool
enabled Specifies whether ProxyAgent feature should be enabled on the virtual machine or virtual machine scale set. bool
imds Specifies the IMDS endpoint settings while creating the virtual machine or virtual machine scale set. Minimum api-version: 2024-03-01. HostEndpointSettings
keyIncarnationId Increase the value of this property allows users to reset the key used for securing communication channel between guest and host. int
mode Specifies the mode that ProxyAgent will execute on. Warning: this property has been deprecated, please specify 'mode' under particular hostendpoint setting. 'Audit'
'Enforce'
wireServer Specifies the Wire Server endpoint settings while creating the virtual machine or virtual machine scale set. Minimum api-version: 2024-03-01. HostEndpointSettings

PublicIPAddressSku

Name Description Value
name Specify public IP sku name 'Basic'
'Standard'
tier Specify public IP sku tier 'Global'
'Regional'

ScheduledEventsAdditionalPublishingTargets

Name Description Value
eventGridAndResourceGraph The configuration parameters used while creating eventGridAndResourceGraph Scheduled Event setting. EventGridAndResourceGraph

ScheduledEventsPolicy

Name Description Value
allInstancesDown The configuration parameters used while creating AllInstancesDown scheduled event setting creation. AllInstancesDown
scheduledEventsAdditionalPublishingTargets The configuration parameters used while publishing scheduledEventsAdditionalPublishingTargets. ScheduledEventsAdditionalPublishingTargets
userInitiatedReboot The configuration parameters used while creating userInitiatedReboot scheduled event setting creation. UserInitiatedReboot
userInitiatedRedeploy The configuration parameters used while creating userInitiatedRedeploy scheduled event setting creation. UserInitiatedRedeploy

ScheduledEventsProfile

Name Description Value
osImageNotificationProfile Specifies OS Image Scheduled Event related configurations. OSImageNotificationProfile
terminateNotificationProfile Specifies Terminate Scheduled Event related configurations. TerminateNotificationProfile

SecurityProfile

Name Description Value
encryptionAtHost This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. The default behavior is: The Encryption at host will be disabled unless this property is set to true for the resource. bool
encryptionIdentity Specifies the Managed Identity used by ADE to get access token for keyvault operations. EncryptionIdentity
proxyAgentSettings Specifies ProxyAgent settings while creating the virtual machine. Minimum api-version: 2023-09-01. ProxyAgentSettings
securityType Specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UefiSettings. The default behavior is: UefiSettings will not be enabled unless this property is set. 'ConfidentialVM'
'TrustedLaunch'
uefiSettings Specifies the security settings like secure boot and vTPM used while creating the virtual machine. Minimum api-version: 2020-12-01. UefiSettings

SshConfiguration

Name Description Value
publicKeys The list of SSH public keys used to authenticate with linux based VMs. SshPublicKey[]

SshPublicKey

Name Description Value
keyData SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format. For creating ssh keys, see [Create SSH keys on Linux and Mac for Linux VMs in Azure]/azure/virtual-machines/linux/create-ssh-keys-detailed). string
path Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys string

StorageProfile

Name Description Value
alignRegionalDisksToVMZone Specifies whether the regional disks should be aligned/moved to the VM zone. This is applicable only for VMs with placement property set. Please note that this change is irreversible. Minimum api-version: 2024-11-01. bool
dataDisks Specifies the parameters that are used to add a data disk to a virtual machine. For more information about disks, see About disks and VHDs for Azure virtual machines. DataDisk[]
diskControllerType Specifies the disk controller type configured for the VM. Note: This property will be set to the default disk controller type if not specified provided virtual machine is being created with 'hyperVGeneration' set to V2 based on the capabilities of the operating system disk and VM size from the the specified minimum api version. You need to deallocate the VM before updating its disk controller type unless you are updating the VM size in the VM configuration which implicitly deallocates and reallocates the VM. Minimum api-version: 2022-08-01. 'NVMe'
'SCSI'
imageReference Specifies information about the image to use. You can specify information about platform images, marketplace images, or virtual machine images. This element is required when you want to use a platform image, marketplace image, or virtual machine image, but is not used in other creation operations. ImageReference
osDisk Specifies information about the operating system disk used by the virtual machine. For more information about disks, see About disks and VHDs for Azure virtual machines. OSDisk

SubResource

Name Description Value
id Resource Id string

TerminateNotificationProfile

Name Description Value
enable Specifies whether the Terminate Scheduled event is enabled or disabled. bool
notBeforeTimeout Configurable length of time a Virtual Machine being deleted will have to potentially approve the Terminate Scheduled Event before the event is auto approved (timed out). The configuration must be specified in ISO 8601 format, the default value is 5 minutes (PT5M) string

TrackedResourceTags

Name Description Value

UefiSettings

Name Description Value
secureBootEnabled Specifies whether secure boot should be enabled on the virtual machine. Minimum api-version: 2020-12-01. bool
vTpmEnabled Specifies whether vTPM should be enabled on the virtual machine. Minimum api-version: 2020-12-01. bool

UserAssignedIdentitiesValue

Name Description Value

UserInitiatedReboot

Name Description Value
automaticallyApprove Specifies Reboot Scheduled Event related configurations. bool

UserInitiatedRedeploy

Name Description Value
automaticallyApprove Specifies Redeploy Scheduled Event related configurations. bool

VaultCertificate

Name Description Value
certificateStore For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account. For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted. string
certificateUrl This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8:

{
"data":"<Base64-encoded-certificate>",
"dataType":"pfx",
"password":"<pfx-file-password>"
}
To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows.
string

VaultSecretGroup

Name Description Value
sourceVault The relative URL of the Key Vault containing all of the certificates in VaultCertificates. SubResource
vaultCertificates The list of key vault references in SourceVault which contain certificates. VaultCertificate[]

VirtualHardDisk

Name Description Value
uri Specifies the virtual hard disk's uri. string

VirtualMachineIdentity

Name Description Value
type The type of identity used for the virtual machine. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned'
userAssignedIdentities The list of user identities associated with the Virtual Machine. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. VirtualMachineIdentityUserAssignedIdentities

VirtualMachineIdentityUserAssignedIdentities

Name Description Value

VirtualMachineIpTag

Name Description Value
ipTagType IP tag type. Example: FirstPartyUsage. string
tag IP tag associated with the public IP. Example: SQL, Storage etc. string

VirtualMachineNetworkInterfaceConfiguration

Name Description Value
name The network interface configuration name. string (required)
properties Describes a virtual machine network profile's IP configuration. VirtualMachineNetworkInterfaceConfigurationProperties
tags Resource tags applied to the networkInterface address created by this NetworkInterfaceConfiguration VirtualMachineNetworkInterfaceConfigurationTags

VirtualMachineNetworkInterfaceConfigurationProperties

Name Description Value
auxiliaryMode Specifies whether the Auxiliary mode is enabled for the Network Interface resource. 'AcceleratedConnections'
'Floating'
'None'
auxiliarySku Specifies whether the Auxiliary sku is enabled for the Network Interface resource. 'A1'
'A2'
'A4'
'A8'
'None'
deleteOption Specify what happens to the network interface when the VM is deleted 'Delete'
'Detach'
disableTcpStateTracking Specifies whether the network interface is disabled for tcp state tracking. bool
dnsSettings The dns settings to be applied on the network interfaces. VirtualMachineNetworkInterfaceDnsSettingsConfiguration
dscpConfiguration SubResource
enableAcceleratedNetworking Specifies whether the network interface is accelerated networking-enabled. bool
enableFpga Specifies whether the network interface is FPGA networking-enabled. bool
enableIPForwarding Whether IP forwarding enabled on this NIC. bool
ipConfigurations Specifies the IP configurations of the network interface. VirtualMachineNetworkInterfaceIPConfiguration[] (required)
networkSecurityGroup The network security group. SubResource
primary Specifies the primary network interface in case the virtual machine has more than 1 network interface. bool

VirtualMachineNetworkInterfaceConfigurationTags

Name Description Value

VirtualMachineNetworkInterfaceDnsSettingsConfiguration

Name Description Value
dnsServers List of DNS servers IP addresses string[]

VirtualMachineNetworkInterfaceIPConfiguration

Name Description Value
name The IP configuration name. string (required)
properties Describes a virtual machine network interface IP configuration properties. VirtualMachineNetworkInterfaceIPConfigurationProperties

VirtualMachineNetworkInterfaceIPConfigurationProperties

Name Description Value
applicationGatewayBackendAddressPools Specifies an array of references to backend address pools of application gateways. A virtual machine can reference backend address pools of multiple application gateways. Multiple virtual machines cannot use the same application gateway. SubResource[]
applicationSecurityGroups Specifies an array of references to application security group. SubResource[]
loadBalancerBackendAddressPools Specifies an array of references to backend address pools of load balancers. A virtual machine can reference backend address pools of one public and one internal load balancer. [Multiple virtual machines cannot use the same basic sku load balancer]. SubResource[]
primary Specifies the primary network interface in case the virtual machine has more than 1 network interface. bool
privateIPAddressVersion Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. 'IPv4'
'IPv6'
publicIPAddressConfiguration The publicIPAddressConfiguration. VirtualMachinePublicIPAddressConfiguration
subnet Specifies the identifier of the subnet. SubResource

VirtualMachineProperties

Name Description Value
additionalCapabilities Specifies additional capabilities enabled or disabled on the virtual machine. AdditionalCapabilities
applicationProfile Specifies the gallery applications that should be made available to the VM/VMSS. ApplicationProfile
availabilitySet Specifies information about the availability set that the virtual machine should be assigned to. Virtual machines specified in the same availability set are allocated to different nodes to maximize availability. For more information about availability sets, see Availability sets overview. For more information on Azure planned maintenance, see Maintenance and updates for Virtual Machines in Azure. Currently, a VM can only be added to availability set at creation time. The availability set to which the VM is being added should be under the same resource group as the availability set resource. An existing VM cannot be added to an availability set. This property cannot exist along with a non-null properties.virtualMachineScaleSet reference. SubResource
billingProfile Specifies the billing related details of a Azure Spot virtual machine. Minimum api-version: 2019-03-01. BillingProfile
capacityReservation Specifies information about the capacity reservation that is used to allocate virtual machine. Minimum api-version: 2021-04-01. CapacityReservationProfile
diagnosticsProfile Specifies the boot diagnostic settings state. Minimum api-version: 2015-06-15. DiagnosticsProfile
evictionPolicy Specifies the eviction policy for the Azure Spot virtual machine and Azure Spot scale set. For Azure Spot virtual machines, both 'Deallocate' and 'Delete' are supported and the minimum api-version is 2019-03-01. For Azure Spot scale sets, both 'Deallocate' and 'Delete' are supported and the minimum api-version is 2017-10-30-preview. 'Deallocate'
'Delete'
extensionsTimeBudget Specifies the time alloted for all extensions to start. The time duration should be between 15 minutes and 120 minutes (inclusive) and should be specified in ISO 8601 format. The default value is 90 minutes (PT1H30M). Minimum api-version: 2020-06-01. string
hardwareProfile Specifies the hardware settings for the virtual machine. HardwareProfile
host Specifies information about the dedicated host that the virtual machine resides in. Minimum api-version: 2018-10-01. SubResource
hostGroup Specifies information about the dedicated host group that the virtual machine resides in. Note: User cannot specify both host and hostGroup properties. Minimum api-version: 2020-06-01. SubResource
licenseType Specifies that the image or disk that is being used was licensed on-premises.

Possible values for Windows Server operating system are:

Windows_Client

Windows_Server

Possible values for Linux Server operating system are:

RHEL_BYOS (for RHEL)

SLES_BYOS (for SUSE)

For more information, see Azure Hybrid Use Benefit for Windows Server

Azure Hybrid Use Benefit for Linux Server

Minimum api-version: 2015-06-15
string
networkProfile Specifies the network interfaces of the virtual machine. NetworkProfile
osProfile Specifies the operating system settings used while creating the virtual machine. Some of the settings cannot be changed once VM is provisioned. OSProfile
platformFaultDomain Specifies the scale set logical fault domain into which the Virtual Machine will be created. By default, the Virtual Machine will by automatically assigned to a fault domain that best maintains balance across available fault domains. This is applicable only if the 'virtualMachineScaleSet' property of this Virtual Machine is set. The Virtual Machine Scale Set that is referenced, must have 'platformFaultDomainCount' greater than 1. This property cannot be updated once the Virtual Machine is created. Fault domain assignment can be viewed in the Virtual Machine Instance View. Minimum api‐version: 2020‐12‐01. int
priority Specifies the priority for the virtual machine. Minimum api-version: 2019-03-01 'Low'
'Regular'
'Spot'
proximityPlacementGroup Specifies information about the proximity placement group that the virtual machine should be assigned to. Minimum api-version: 2018-04-01. SubResource
scheduledEventsPolicy Specifies Redeploy, Reboot and ScheduledEventsAdditionalPublishingTargets Scheduled Event related configurations for the virtual machine. ScheduledEventsPolicy
scheduledEventsProfile Specifies Scheduled Event related configurations. ScheduledEventsProfile
securityProfile Specifies the Security related profile settings for the virtual machine. SecurityProfile
storageProfile Specifies the storage settings for the virtual machine disks. StorageProfile
userData UserData for the VM, which must be base-64 encoded. Customer should not pass any secrets in here. Minimum api-version: 2021-03-01. string
virtualMachineScaleSet Specifies information about the virtual machine scale set that the virtual machine should be assigned to. Virtual machines specified in the same virtual machine scale set are allocated to different nodes to maximize availability. Currently, a VM can only be added to virtual machine scale set at creation time. An existing VM cannot be added to a virtual machine scale set. This property cannot exist along with a non-null properties.availabilitySet reference. Minimum api‐version: 2019‐03‐01. SubResource

VirtualMachinePublicIPAddressConfiguration

Name Description Value
name The publicIP address configuration name. string (required)
properties Describes a virtual machines IP Configuration's PublicIPAddress configuration VirtualMachinePublicIPAddressConfigurationProperties
sku Describes the public IP Sku. It can only be set with OrchestrationMode as Flexible. PublicIPAddressSku
tags Resource tags applied to the publicIP address created by this PublicIPAddressConfiguration VirtualMachinePublicIPAddressConfigurationTags

VirtualMachinePublicIPAddressConfigurationProperties

Name Description Value
deleteOption Specify what happens to the public IP address when the VM is deleted 'Delete'
'Detach'
dnsSettings The dns settings to be applied on the publicIP addresses . VirtualMachinePublicIPAddressDnsSettingsConfiguration
idleTimeoutInMinutes The idle timeout of the public IP address. int
ipTags The list of IP tags associated with the public IP address. VirtualMachineIpTag[]
publicIPAddressVersion Available from Api-Version 2019-07-01 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. 'IPv4'
'IPv6'
publicIPAllocationMethod Specify the public IP allocation type 'Dynamic'
'Static'
publicIPPrefix The PublicIPPrefix from which to allocate publicIP addresses. SubResource

VirtualMachinePublicIPAddressConfigurationTags

Name Description Value

VirtualMachinePublicIPAddressDnsSettingsConfiguration

Name Description Value
domainNameLabel The Domain name label prefix of the PublicIPAddress resources that will be created. The generated name label is the concatenation of the domain name label and vm network profile unique ID. string (required)
domainNameLabelScope The Domain name label scope of the PublicIPAddress resources that will be created. The generated name label is the concatenation of the hashed domain name label with policy according to the domain name label scope and vm network profile unique ID. 'NoReuse'
'ResourceGroupReuse'
'SubscriptionReuse'
'TenantReuse'

VMDiskSecurityProfile

Name Description Value
diskEncryptionSet Specifies the customer managed disk encryption set resource id for the managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and VMGuest blob. DiskEncryptionSetParameters
securityEncryptionType Specifies the EncryptionType of the managed disk. It is set to DiskWithVMGuestState for encryption of the managed disk along with VMGuestState blob, VMGuestStateOnly for encryption of just the VMGuestState blob, and NonPersistedTPM for not persisting firmware state in the VMGuestState blob.. Note: It can be set for only Confidential VMs. 'DiskWithVMGuestState'
'NonPersistedTPM'
'VMGuestStateOnly'

VMGalleryApplication

Name Description Value
configurationReference Optional, Specifies the uri to an azure blob that will replace the default configuration for the package if provided string
enableAutomaticUpgrade If set to true, when a new Gallery Application version is available in PIR/SIG, it will be automatically updated for the VM/VMSS bool
order Optional, Specifies the order in which the packages have to be installed int
packageReferenceId Specifies the GalleryApplicationVersion resource id on the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/applications/{application}/versions/{version} string (required)
tags Optional, Specifies a passthrough value for more generic context. string
treatFailureAsDeploymentFailure Optional, If true, any failure for any operation in the VmApplication will fail the deployment bool

VMSizeProperties

Name Description Value
vCPUsAvailable Specifies the number of vCPUs available for the VM. When this property is not specified in the request body the default behavior is to set it to the value of vCPUs available for that VM size exposed in api response of List all available virtual machine sizes in a region. int
vCPUsPerCore Specifies the vCPU to physical core ratio. When this property is not specified in the request body the default behavior is set to the value of vCPUsPerCore for the VM Size exposed in api response of List all available virtual machine sizes in a region. Setting this property to 1 also means that hyper-threading is disabled. int

WindowsConfiguration

Name Description Value
additionalUnattendContent Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. AdditionalUnattendContent[]
enableAutomaticUpdates Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. bool
patchSettings [Preview Feature] Specifies settings related to VM Guest Patching on Windows. PatchSettings
provisionVMAgent Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, it is set to true by default. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. bool
timeZone Specifies the time zone of the virtual machine. e.g. "Pacific Standard Time". Possible values can be TimeZoneInfo.Id value from time zones returned by TimeZoneInfo.GetSystemTimeZones. string
winRM Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. WinRMConfiguration

WindowsVMGuestPatchAutomaticByPlatformSettings

Name Description Value
bypassPlatformSafetyChecksOnUserSchedule Enables customer to schedule patching without accidental upgrades bool
rebootSetting Specifies the reboot setting for all AutomaticByPlatform patch installation operations. 'Always'
'IfRequired'
'Never'
'Unknown'

WinRMConfiguration

Name Description Value
listeners The list of Windows Remote Management listeners WinRMListener[]

WinRMListener

Name Description Value
certificateUrl This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be the Base64 encoding of the following JSON Object which is encoded in UTF-8:

{
"data":"<Base64-encoded-certificate>",
"dataType":"pfx",
"password":"<pfx-file-password>"
}
To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows.
string
protocol Specifies the protocol of WinRM listener. Possible values are: http, https. 'Http'
'Https'

Usage Examples

Azure Verified Modules

The following Azure Verified Modules can be used to deploy this resource type.

Module Description
Virtual Machine AVM Resource Module for Virtual Machine

Azure Quickstart Samples

The following Azure Quickstart templates contain Bicep samples for deploying this resource type.

Bicep File Description
101-1vm-2nics-2subnets-1vnet Creates a new VM with two NICs which connect to two different subnets within the same VNet.
2 VMs in a Load Balancer and configure NAT rules on the LB This template allows you to create 2 Virtual Machines in an Availability Set and configure NAT rules through the load balancer. This template also deploys a Storage Account, Virtual Network, Public IP address and Network Interfaces. In this template, we use the resource loops capability to create the network interfaces and virtual machines
2 VMs in a Load Balancer and load balancing rules This template allows you to create 2 Virtual Machines under a Load balancer and configure a load balancing rule on Port 80. This template also deploys a Storage Account, Virtual Network, Public IP address, Availability Set and Network Interfaces. In this template, we use the resource loops capability to create the network interfaces and virtual machines
2 VMs in VNET - Internal Load Balancer and LB rules This template allows you to create 2 Virtual Machines in a VNET and under an internal Load balancer and configure a load balancing rule on Port 80. This template also deploys a Storage Account, Virtual Network, Public IP address, Availability Set and Network Interfaces.
AKS Cluster with a NAT Gateway and an Application Gateway This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections.
AKS cluster with the Application Gateway Ingress Controller This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault
Azure Application Gateway Log Analyzer using GoAccess This template uses the Azure Linux CustomScript extension to deploy an Azure Application Gateway Log Analyzer using GoAccess. The deployment template creates an Ubuntu VM, installs Application Gateway Log Processor, GoAccess, Apache WebServer and configures it to analyze Azure Application Gateway access logs.
Azure Game Developer Virtual Machine Azure Game Developer Virtual Machine includes Licencsed Engines like Unreal.
Azure Machine Learning end-to-end secure setup This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Azure Machine Learning end-to-end secure setup (legacy) This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Azure Traffic Manager VM example This template shows how to create an Azure Traffic Manager profile load-balancing across multiple virtual machines.
CentOS/UbuntuServer Auto Dynamic Disks & Docker 1.12(cs) This is a common template for creating single instance CentOS 7.2/7.1/6.5 or Ubuntu Server 16.04.0-LTS with configurable number of data disks (configurable sizes). Maximum 16 disks can be mentioned in the portal parameters and maximum size of each disk should be less than 1023 GB. The MDADM RAID0 Array is automounted and survives restarts. Latest Docker 1.12(cs3) (Swarm), docker-compose 1.9.0 & docker-machine 0.8.2 is available for usage from user azure-cli is auto running as a docker container. This single instance template is an offshoot of the HPC/GPU Clusters Template @ https://github.com/azurebigcompute/BigComputeBench
Create a cross-region load balancer This template creates a cross-region load balancer with a backend pool containing two regional load balancers. Cross-region load balancer is currently available in limited regions. The regional load balancers behind the cross-region load balancer can be in any region.
Create a Private AKS Cluster This sample shows how to create a private AKS cluster in a virtual network along with a jumpbox virtual machine.
Create a sandbox setup of Azure Firewall with Linux VMs This template creates a virtual network with 3 subnets (server subnet, jumpbox subet and AzureFirewall subnet), a jumpbox VM with public IP, A server VM, UDR route to point to Azure Firewall for the Server Subnet and an Azure Firewall with 1 or more Public IP addresses, 1 sample application rule, 1 sample network rule and default private ranges
Create a sandbox setup of Azure Firewall with Zones This template creates a virtual network with three subnets (server subnet, jumpbox subnet, and Azure Firewall subnet), a jumpbox VM with public IP, A server VM, UDR route to point to Azure Firewall for the ServerSubnet,an Azure Firewall with one or more Public IP addresses, one sample application rule, and one sample network rule and Azure Firewall in Availability Zones 1, 2, and 3.
Create a standard internal load balancer This template creates a standard internal Azure Load Balancer with a rule load-balancing port 80
Create a standard load-balancer This template creates an Internet-facing load-balancer, load balancing rules, and three VMs for the backend pool with each VM in a redundant zone.
Create a VM with multiple empty StandardSSD_LRS Data Disks This template allows you to create a Windows Virtual Machine from a specified image. It also attaches multiple empty StandardSSD data disks by default. Note that you can specify the size and the Storage type (Standard_LRS, StandardSSD_LRS and Premium_LRS) of the empty data disks.
Create a VM with multiple NICs and RDP accessible This template allows you to create a Virtual Machines with multiple (2) network interfaces (NICs), and RDP connectable with a configured load balancer and an inbound NAT rule. More NICs can easily be added with this template. This template also deploys a Storage Account, Virtual Network, Public IP address, and 2 Network Interfaces (front-end and back-end).
Create an Azure Application Gateway v2 This template creates an Azure Application Gateway with two Windows Server 2016 servers in the backend pool
Create an Azure Firewall with IpGroups This template creates an Azure Firewall with Application and Network Rules referring to IP Groups. Also, includes a Linux Jumpbox vm setup
Create an Azure Firewall with multiple IP public addresses This template creates an Azure Firewall with two public IP addresses and two Windows Server 2019 servers to test.
Create an Azure VM with a new AD Forest This template creates a new Azure VM, it configures the VM to be an AD DC for a new Forest
Create an Azure WAF v2 on Azure Application Gateway This template creates an Azure Web Application Firewall v2 on Azure Application Gateway with two Windows Server 2016 servers in the backend pool
Create an Ubuntu GNOME desktop This template creates an ubuntu desktop machine. This works great for use as a jumpbox behind a NAT.
Create new Ubuntu VM pre-populated with Puppet Agent This template creates a Ubuntu VM and installs the Puppet Agent into it using the CustomScript extension.
Create sandbox of Azure Firewall, client VM, and server VM This template creates a virtual network with 2 subnets (server subnet and AzureFirewall subnet), A server VM, a client VM, a public IP address for each VM, and a route table to send traffic between VMs through the firewall.
Creates AVD with Microsoft Entra ID Join This template allows you to create Azure Virtual Desktop resources such as host pool, application group, workspace, a test session host and its extensions with Microsoft Entra ID join
Custom Script extension on a Ubuntu VM This template creates a Ubuntu VM and installs the CustomScript extension
Deploy a Bastion host in a hub Virtual Network This template creates two vNets with peerings, a Bastion host in the Hub vNet and a Linux VM in the spoke vNet
Deploy a Linux or Windows VM with MSI This template allows you to deploy a Linux or Windows VM with a Managed Service Identity.
Deploy a Nextflow genomics cluster This template deploys a scalable Nextflow cluster with a Jumpbox, n cluster nodes, docker support and shared storage.
Deploy a simple Ubuntu Linux VM 20.04-LTS This template deploys an Ubuntu Server with a few options for the VM. You can provide the VM Name, OS Version, VM size, and admin username and password. As default the VM size is Standard_D2s_v3 and OS version is 20.04-LTS.
Deploy a simple Windows VM This template allows you to deploy a simple Windows VM using a few different options for the Windows version, using the latest patched version. This will deploy an A2 size VM in the resource group location and return the FQDN of the VM.
Deploy a simple Windows VM with tags This template will deploy a D2_v3 Windows VM, NIC, Storage Account, Virtual Network, Public IP Address, and Network Security Group. The tag object is created in the variables and will be applied on all resources, where applicable.
Deploy a trusted launch capable Linux virtual machine This template allows you to deploy a trusted launch capable Linux virtual machine using a few different options for the Linux version, using the latest patched version. If you enable Secureboot and vTPM, the Guest Attestation extension will be installed on your VM. This extension will perform remote attestation by the cloud. By default, this will deploy an Standard_D2_v3 size virtual machine in the resource group location and return the FQDN of the virtual machine.
Deploy a trusted launch capable Windows virtual machine This template allows you to deploy a trusted launch capable Windows virtual machine using a few different options for the Windows version, using the latest patched version. If you enable Secureboot and vTPM, the Guest Attestation extension will be installed on your VM. This extension will perform remote attestation by the cloud. By default, this will deploy an Standard_D2_v3 size virtual machine in the resource group location and return the FQDN of the virtual machine.
Deploy a Ubuntu Linux DataScience VM 18.04 This template deploy a Ubuntu Server with some tools for Data Science. You can provide the username, password, virtual machine name and select between CPU or GPU computing.
Deploy a Virtual Machine with Custom Data This template allows you to create a Virtual Machine with Custom Data passed down to the VM. This template also deploys a Storage Account, Virtual Network, Public IP addresses and a Network Interface.
Deploy a Windows VM and enable backup using Azure Backup This template allows you to deploy a Windows VM and Recovery Services Vault configured with the DefaultPolicy for Protection.
Deploy a Windows VM with Windows Admin Center extension This template allows you to deploy a Windows VM with Windows Admin Center extension to manage the VM directly from Azure Portal.
Deploy Anbox Cloud This template deploys Anbox Cloud on an Ubuntu VM. Completing the installation of Anbox Cloud requires user interaction following the deployment; please consult the README for instructions. The template supports both launching of a VM from an Ubuntu Pro image and association of an Ubuntu Pro token with a VM launched from a non-Pro image. The former is the default behaviour; users seeking to attach a token to a VM launched from a non-Pro image must override the default arguments for the ubuntuImageOffer, ubuntuImageSKU, and ubuntuProToken parameters. The template is also parametric in the VM size and disk sizes. Non-default argument values for these parameters must comply with https://anbox-cloud.io/docs/reference/requirements#anbox-cloud-appliance-4.
Deploy Darktrace vSensors This template allows you to deploy one or more stand-alone Darktrace vSensors
Deploy MySQL Flexible Server with Private Endpoint This template provides a way to deploy a Azure Database for MySQL Flexible Server with Private Endpoint.
Deploy Secure AI Foundry with a managed virtual network This template creates a secure Azure AI Foundry environment with robust network and identity security restrictions.
Deploy Shibboleth Identity Provider cluster on Windows This template deploys Shibboleth Identity Provider on Windows in a clustered configuration. After the deployment is successful, you can go to https://your-domain:8443/idp/profile/status (note port number) to check success.
Deploy Ubuntu VM with Open JDK and Tomcat This template allows you to create a Ubuntu VM with OpenJDK and Tomcat. Currently custom script file is pulled temporarily from https link on raw.githubusercontent.com/snallami/templates/master/ubuntu/java-tomcat-install.sh. Once the VM is successfully provisioned, tomcat installation can be verified by accessing the http link [FQDN name or public IP]:8080/
Deploys SQL Server 2014 AG on existing VNET & AD This template creates three new Azure VMs on an existing VNET: Two VMs are configured as SQL Server 2014 availability group replica nodes and one VM is configured as a File Share Witness for automated cluster failover. In addition to these VMs, the following additional Azure resources are also configured: Internal load balancer, Storage accounts. To configure clustering, SQL Server, and an availability group within each VM, PowerShell DSC is leveraged. For Active Directory support, existing Active Directory domain controllers should already be deployed on the existing VNET.
Dokku Instance Dokku is a mini-heroku-style PaaS on a single VM.
Front Door Premium with VM and Private Link service This template creates a Front Door Premium and a virtual machine configured as a web server. Front Door uses a private endpoint with Private Link service to send traffic to the VM.
GitLab Omnibus This template simplifies the deployment of GitLab Omnibus on a Virtual Machine with a public DNS, leveraging the public IP's DNS. It utilizes the Standard_F8s_v2 instance size, which aligns with reference architecture and supports up to 1000 users (20 RPS). The instance is pre-configured to use HTTPS with a Let's Encrypt certificate for secure connections.
Hazelcast Cluster Hazelcast is an in-memory data platform that can be used for a variety of data applications. This template will deploy any number of Hazelcast nodes and they will automatically discover each other.
Hyper-V Host Virtual Machine with nested VMs Deploys a Virtual Machine to by a Hyper-V Host and all dependent resources including virtual network, public IP address and route tables.
IIS Server using DSC extension on a Windows VM This template creates a Windows VM and sets up an IIS server using the DSC extension. Note, the DSC configuration module needs a SAS token to be passed in if you are using Azure Storage. For DSC module link from GitHub (default in this template), this is not needed.
IIS VMs & SQL Server 2014 VM Create 1 or 2 IIS Windows 2012 R2 Web Servers and one back end SQL Server 2014 in VNET.
JBoss EAP on RHEL (clustered, multi-VM) This template allows you to create multiple RHEL 8.6 VMs running JBoss EAP 7.4 cluster and also deploys a web application called eap-session-replication, you can log into the admin console using the JBoss EAP username and password configured at the time of the deployment.
Join a VM to an existing domain This template demonstrates domain join to a private AD domain up in cloud.
Linux VM with Gnome Desktop RDP VS Code and Azure CLI This template deploys an Ubuntu Server VM, then uses the Linux CustomScript extension to install the Ubuntu Gnome Desktop and Remote Desktop support (via xrdp). The final provisioned Ubuntu VM support remote connections over RDP.
Linux VM with MSI Accessing Storage This template deploys a linux VM with a system assigned managed identity that has access to a storage account in a different resource group.
Multi VM Template with Managed Disk This template will create N number of VM's with managed disks, public IPs and network interfaces. It will create the VMs in a single Availability Set. They will be provisioned in a Virtual Network which will also be created as part of the deployment
OpenScholar This template deploys a OpenScholar to the ubuntu VM 16.04
Private Endpoint example This template shows how to create a private endpoint pointing to Azure SQL Server
Private Link service example This template shows how to create a private link service
Public Load Balancer chained to a Gateway Load Balancer This template allows you to deploy a Public Standard Load Balancer chained to a Gateway Load Balancer. The traffic incoming from internet is routed to the Gateway Load Balancer with linux VMs (NVAs) in the backend pool.
Push a certificate onto a Windows VM Push a certificate onto a Windows VM. Create the Key Vault using the template at http://azure.microsoft.com/en-us/documentation/templates/101-create-key-vault
SAP 2-tier S/4HANA Fully Activated Appliance This template deploys an SAP S/4HANA Fully Activated Appliance system.
Secured virtual hubs This template creates a secured virtual hub using Azure Firewall to secure your cloud network traffic destined to the Internet.
Self-host Integration Runtime on Azure VMs This template creates a selfhost integration runtime and registers it on Azure virtual machines
Site-to-Site VPN with active-active VPN Gateways with BGP This template allows you to deploy a site-to-site VPN between two VNets with VPN Gateways in configuration active-active with BGP. Each Azure VPN Gateway resolves the FQDN of the remote peers to determine the public IP of the remote VPN Gateway. Template runs as expected in Azure regions with availability zones.
SQL Server VM with performance optimized storage settings Create a SQL Server Virtual Machine with performance optimized storage settings on PremiumSSD
Testing environment for Azure Firewall Premium This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering
Ubuntu Mate Desktop VM with VS Code This template allows you to deploy a simple Linux VM using a few different options for the Ubuntu version, using the latest patched version. This will deploy a A1 size VM in the resource group location and return the FQDN of the VM.
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering.
Virtual machine with an RDP port Creates a virtual machine and creates a NAT rule for RDP to the VM in load balancer
Virtual Machine with Conditional Resources This template allows deploying a linux VM using new or existing resources for the Virtual Network, Storage and Public IP Address. It also allows for choosing between SSH and Password authenticate. The templates uses conditions and logic functions to remove the need for nested deployments.
Virtual Network NAT with VM Deploy a NAT gateway and virtual machine
VM Using Managed Identity for Artifact Download This template shows how to use a managed identity to download artifacts for the virtual machine's custom script extension.
VMs in Availability Zones with a Load Balancer and NAT This template allows you to create Virtual Machines distributed across Availability Zones with a Load Balancer and configure NAT rules through the load balancer. This template also deploys a Virtual Network, Public IP address and Network Interfaces. In this template, we use the resource loops capability to create the network interfaces and virtual machines
Windows Docker Host with Portainer and Traefik pre-installed Windows Docker Host with Portainer and Traefik pre-installed
Windows Server VM with SSH Deploy a single Windows VM with Open SSH enabled so that you can connect through SSH using key-based authentication.
Windows VM with Azure secure baseline The template creates a virtual machine running Windows Server in a new virtual network, with a public IP address. Once the machine has deployed, the guest configuration extension is installed and the Azure secure baseline for Windows Server is applied. If the configuration of the machines drifts, you can re-apply the settings by deploying the template again.
Windows VM with O365 Pre-installed This template creates a Windows based VM. It creates the VM in a new vnet, storage account, nic, and public ip with the new compute stack.

ARM template resource definition

The virtualMachines resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Compute/virtualMachines resource, add the following JSON to your template.

{
  "type": "Microsoft.Compute/virtualMachines",
  "apiVersion": "2025-04-01",
  "name": "string",
  "extendedLocation": {
    "name": "string",
    "type": "string"
  },
  "identity": {
    "type": "string",
    "userAssignedIdentities": {
      "{customized property}": {
      }
    }
  },
  "location": "string",
  "placement": {
    "excludeZones": [ "string" ],
    "includeZones": [ "string" ],
    "zonePlacementPolicy": "string"
  },
  "plan": {
    "name": "string",
    "product": "string",
    "promotionCode": "string",
    "publisher": "string"
  },
  "properties": {
    "additionalCapabilities": {
      "enableFips1403Encryption": "bool",
      "hibernationEnabled": "bool",
      "ultraSSDEnabled": "bool"
    },
    "applicationProfile": {
      "galleryApplications": [
        {
          "configurationReference": "string",
          "enableAutomaticUpgrade": "bool",
          "order": "int",
          "packageReferenceId": "string",
          "tags": "string",
          "treatFailureAsDeploymentFailure": "bool"
        }
      ]
    },
    "availabilitySet": {
      "id": "string"
    },
    "billingProfile": {
      "maxPrice": "int"
    },
    "capacityReservation": {
      "capacityReservationGroup": {
        "id": "string"
      }
    },
    "diagnosticsProfile": {
      "bootDiagnostics": {
        "enabled": "bool",
        "storageUri": "string"
      }
    },
    "evictionPolicy": "string",
    "extensionsTimeBudget": "string",
    "hardwareProfile": {
      "vmSize": "string",
      "vmSizeProperties": {
        "vCPUsAvailable": "int",
        "vCPUsPerCore": "int"
      }
    },
    "host": {
      "id": "string"
    },
    "hostGroup": {
      "id": "string"
    },
    "licenseType": "string",
    "networkProfile": {
      "networkApiVersion": "string",
      "networkInterfaceConfigurations": [
        {
          "name": "string",
          "properties": {
            "auxiliaryMode": "string",
            "auxiliarySku": "string",
            "deleteOption": "string",
            "disableTcpStateTracking": "bool",
            "dnsSettings": {
              "dnsServers": [ "string" ]
            },
            "dscpConfiguration": {
              "id": "string"
            },
            "enableAcceleratedNetworking": "bool",
            "enableFpga": "bool",
            "enableIPForwarding": "bool",
            "ipConfigurations": [
              {
                "name": "string",
                "properties": {
                  "applicationGatewayBackendAddressPools": [
                    {
                      "id": "string"
                    }
                  ],
                  "applicationSecurityGroups": [
                    {
                      "id": "string"
                    }
                  ],
                  "loadBalancerBackendAddressPools": [
                    {
                      "id": "string"
                    }
                  ],
                  "primary": "bool",
                  "privateIPAddressVersion": "string",
                  "publicIPAddressConfiguration": {
                    "name": "string",
                    "properties": {
                      "deleteOption": "string",
                      "dnsSettings": {
                        "domainNameLabel": "string",
                        "domainNameLabelScope": "string"
                      },
                      "idleTimeoutInMinutes": "int",
                      "ipTags": [
                        {
                          "ipTagType": "string",
                          "tag": "string"
                        }
                      ],
                      "publicIPAddressVersion": "string",
                      "publicIPAllocationMethod": "string",
                      "publicIPPrefix": {
                        "id": "string"
                      }
                    },
                    "sku": {
                      "name": "string",
                      "tier": "string"
                    },
                    "tags": {
                      "{customized property}": "string"
                    }
                  },
                  "subnet": {
                    "id": "string"
                  }
                }
              }
            ],
            "networkSecurityGroup": {
              "id": "string"
            },
            "primary": "bool"
          },
          "tags": {
            "{customized property}": "string"
          }
        }
      ],
      "networkInterfaces": [
        {
          "id": "string",
          "properties": {
            "deleteOption": "string",
            "primary": "bool"
          }
        }
      ]
    },
    "osProfile": {
      "adminPassword": "string",
      "adminUsername": "string",
      "allowExtensionOperations": "bool",
      "computerName": "string",
      "customData": "string",
      "linuxConfiguration": {
        "disablePasswordAuthentication": "bool",
        "enableVMAgentPlatformUpdates": "bool",
        "patchSettings": {
          "assessmentMode": "string",
          "automaticByPlatformSettings": {
            "bypassPlatformSafetyChecksOnUserSchedule": "bool",
            "rebootSetting": "string"
          },
          "patchMode": "string"
        },
        "provisionVMAgent": "bool",
        "ssh": {
          "publicKeys": [
            {
              "keyData": "string",
              "path": "string"
            }
          ]
        }
      },
      "requireGuestProvisionSignal": "bool",
      "secrets": [
        {
          "sourceVault": {
            "id": "string"
          },
          "vaultCertificates": [
            {
              "certificateStore": "string",
              "certificateUrl": "string"
            }
          ]
        }
      ],
      "windowsConfiguration": {
        "additionalUnattendContent": [
          {
            "componentName": "Microsoft-Windows-Shell-Setup",
            "content": "string",
            "passName": "OobeSystem",
            "settingName": "string"
          }
        ],
        "enableAutomaticUpdates": "bool",
        "patchSettings": {
          "assessmentMode": "string",
          "automaticByPlatformSettings": {
            "bypassPlatformSafetyChecksOnUserSchedule": "bool",
            "rebootSetting": "string"
          },
          "enableHotpatching": "bool",
          "patchMode": "string"
        },
        "provisionVMAgent": "bool",
        "timeZone": "string",
        "winRM": {
          "listeners": [
            {
              "certificateUrl": "string",
              "protocol": "string"
            }
          ]
        }
      }
    },
    "platformFaultDomain": "int",
    "priority": "string",
    "proximityPlacementGroup": {
      "id": "string"
    },
    "scheduledEventsPolicy": {
      "allInstancesDown": {
        "automaticallyApprove": "bool"
      },
      "scheduledEventsAdditionalPublishingTargets": {
        "eventGridAndResourceGraph": {
          "enable": "bool",
          "scheduledEventsApiVersion": "string"
        }
      },
      "userInitiatedReboot": {
        "automaticallyApprove": "bool"
      },
      "userInitiatedRedeploy": {
        "automaticallyApprove": "bool"
      }
    },
    "scheduledEventsProfile": {
      "osImageNotificationProfile": {
        "enable": "bool",
        "notBeforeTimeout": "string"
      },
      "terminateNotificationProfile": {
        "enable": "bool",
        "notBeforeTimeout": "string"
      }
    },
    "securityProfile": {
      "encryptionAtHost": "bool",
      "encryptionIdentity": {
        "userAssignedIdentityResourceId": "string"
      },
      "proxyAgentSettings": {
        "addProxyAgentExtension": "bool",
        "enabled": "bool",
        "imds": {
          "inVMAccessControlProfileReferenceId": "string",
          "mode": "string"
        },
        "keyIncarnationId": "int",
        "mode": "string",
        "wireServer": {
          "inVMAccessControlProfileReferenceId": "string",
          "mode": "string"
        }
      },
      "securityType": "string",
      "uefiSettings": {
        "secureBootEnabled": "bool",
        "vTpmEnabled": "bool"
      }
    },
    "storageProfile": {
      "alignRegionalDisksToVMZone": "bool",
      "dataDisks": [
        {
          "caching": "string",
          "createOption": "string",
          "deleteOption": "string",
          "detachOption": "string",
          "diskIOPSReadWrite": "int",
          "diskMBpsReadWrite": "int",
          "diskSizeGB": "int",
          "image": {
            "uri": "string"
          },
          "lun": "int",
          "managedDisk": {
            "diskEncryptionSet": {
              "id": "string"
            },
            "id": "string",
            "securityProfile": {
              "diskEncryptionSet": {
                "id": "string"
              },
              "securityEncryptionType": "string"
            },
            "storageAccountType": "string"
          },
          "name": "string",
          "sourceResource": {
            "id": "string"
          },
          "toBeDetached": "bool",
          "vhd": {
            "uri": "string"
          },
          "writeAcceleratorEnabled": "bool"
        }
      ],
      "diskControllerType": "string",
      "imageReference": {
        "communityGalleryImageId": "string",
        "id": "string",
        "offer": "string",
        "publisher": "string",
        "sharedGalleryImageId": "string",
        "sku": "string",
        "version": "string"
      },
      "osDisk": {
        "caching": "string",
        "createOption": "string",
        "deleteOption": "string",
        "diffDiskSettings": {
          "option": "string",
          "placement": "string"
        },
        "diskSizeGB": "int",
        "encryptionSettings": {
          "diskEncryptionKey": {
            "secretUrl": "string",
            "sourceVault": {
              "id": "string"
            }
          },
          "enabled": "bool",
          "keyEncryptionKey": {
            "keyUrl": "string",
            "sourceVault": {
              "id": "string"
            }
          }
        },
        "image": {
          "uri": "string"
        },
        "managedDisk": {
          "diskEncryptionSet": {
            "id": "string"
          },
          "id": "string",
          "securityProfile": {
            "diskEncryptionSet": {
              "id": "string"
            },
            "securityEncryptionType": "string"
          },
          "storageAccountType": "string"
        },
        "name": "string",
        "osType": "string",
        "vhd": {
          "uri": "string"
        },
        "writeAcceleratorEnabled": "bool"
      }
    },
    "userData": "string",
    "virtualMachineScaleSet": {
      "id": "string"
    }
  },
  "tags": {
    "{customized property}": "string"
  },
  "zones": [ "string" ]
}

Property Values

Microsoft.Compute/virtualMachines

Name Description Value
apiVersion The api version '2025-04-01'
extendedLocation The extended location of the Virtual Machine. ExtendedLocation
identity The identity of the virtual machine, if configured. VirtualMachineIdentity
location The geo-location where the resource lives string (required)
name The resource name string (required)
placement Placement section specifies the user-defined constraints for virtual machine hardware placement. This property cannot be changed once VM is provisioned. Minimum api-version: 2024-11-01. Placement
plan Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. In the Azure portal, find the marketplace image that you want to use and then click Want to deploy programmatically, Get Started ->. Enter any required information and then click Save. Plan
properties Describes the properties of a Virtual Machine. VirtualMachineProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.Compute/virtualMachines'
zones The availability zones. string[]

AdditionalCapabilities

Name Description Value
enableFips1403Encryption The flag enables the usage of FIPS 140-3 compliant cryptography on the protectedSettings of an extension. Learn more at: https://aka.ms/linuxagentfipssupport. bool
hibernationEnabled The flag that enables or disables hibernation capability on the VM. bool
ultraSSDEnabled The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. bool

AdditionalUnattendContent

Name Description Value
componentName The component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup. 'Microsoft-Windows-Shell-Setup'
content Specifies the XML formatted content that is added to the unattend.xml file for the specified path and component. The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted. string
passName The pass name. Currently, the only allowable value is OobeSystem. 'OobeSystem'
settingName Specifies the name of the setting to which the content applies. Possible values are: FirstLogonCommands and AutoLogon. 'AutoLogon'
'FirstLogonCommands'

AllInstancesDown

Name Description Value
automaticallyApprove Specifies if Scheduled Events should be auto-approved when all instances are down.
its default value is true
bool

ApiEntityReference

Name Description Value
id The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/... string

ApplicationProfile

Name Description Value
galleryApplications Specifies the gallery applications that should be made available to the VM/VMSS VMGalleryApplication[]

BillingProfile

Name Description Value
maxPrice Specifies the maximum price you are willing to pay for a Azure Spot VM/VMSS. This price is in US Dollars.

This price will be compared with the current Azure Spot price for the VM size. Also, the prices are compared at the time of create/update of Azure Spot VM/VMSS and the operation will only succeed if the maxPrice is greater than the current Azure Spot price.

The maxPrice will also be used for evicting a Azure Spot VM/VMSS if the current Azure Spot price goes beyond the maxPrice after creation of VM/VMSS.

Possible values are:

- Any decimal value greater than zero. Example: 0.01538

-1 – indicates default price to be up-to on-demand.

You can set the maxPrice to -1 to indicate that the Azure Spot VM/VMSS should not be evicted for price reasons. Also, the default max price is -1 if it is not provided by you.

Minimum api-version: 2019-03-01.
int

BootDiagnostics

Name Description Value
enabled Whether boot diagnostics should be enabled on the Virtual Machine. bool
storageUri Uri of the storage account to use for placing the console output and screenshot. If storageUri is not specified while enabling boot diagnostics, managed storage will be used. string

CapacityReservationProfile

Name Description Value
capacityReservationGroup Specifies the capacity reservation group resource id that should be used for allocating the virtual machine or scaleset vm instances provided enough capacity has been reserved. Please refer to https://aka.ms/CapacityReservation for more details. SubResource

DataDisk

Name Description Value
caching Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The defaulting behavior is: None for Standard storage. ReadOnly for Premium storage. 'None'
'ReadOnly'
'ReadWrite'
createOption Specifies how the virtual machine disk should be created. Possible values are Attach: This value is used when you are using a specialized disk to create the virtual machine. FromImage: This value is used when you are using an image to create the virtual machine data disk. If you are using a platform image, you should also use the imageReference element described above. If you are using a marketplace image, you should also use the plan element previously described. Empty: This value is used when creating an empty data disk. Copy: This value is used to create a data disk from a snapshot or another disk. Restore: This value is used to create a data disk from a disk restore point. 'Attach'
'Copy'
'Empty'
'FromImage'
'Restore' (required)
deleteOption Specifies whether data disk should be deleted or detached upon VM deletion. Possible values are: Delete. If this value is used, the data disk is deleted when VM is deleted. Detach. If this value is used, the data disk is retained after VM is deleted. The default value is set to Detach. 'Delete'
'Detach'
detachOption Specifies the detach behavior to be used while detaching a disk or which is already in the process of detachment from the virtual machine. Supported values: ForceDetach. detachOption: ForceDetach is applicable only for managed data disks. If a previous detachment attempt of the data disk did not complete due to an unexpected failure from the virtual machine and the disk is still not released then use force-detach as a last resort option to detach the disk forcibly from the VM. All writes might not have been flushed when using this detach behavior. This feature is still in preview. To force-detach a data disk update toBeDetached to 'true' along with setting detachOption: 'ForceDetach'. 'ForceDetach'
diskIOPSReadWrite Specifies the Read-Write IOPS for the managed disk when StorageAccountType is UltraSSD_LRS. int
diskMBpsReadWrite Specifies the bandwidth in MB per second for the managed disk when StorageAccountType is UltraSSD_LRS. int
diskSizeGB Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property 'diskSizeGB' is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023. int
image The source user image virtual hard disk. The virtual hard disk will be copied before being attached to the virtual machine. If SourceImage is provided, the destination virtual hard drive must not exist. VirtualHardDisk
lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. int (required)
managedDisk The managed disk parameters. ManagedDiskParameters
name The disk name. string
sourceResource The source resource identifier. It can be a snapshot, or disk restore point from which to create a disk. ApiEntityReference
toBeDetached Specifies whether the data disk is in process of detachment from the VirtualMachine/VirtualMachineScaleset bool
vhd The virtual hard disk. VirtualHardDisk
writeAcceleratorEnabled Specifies whether writeAccelerator should be enabled or disabled on the disk. bool

DiagnosticsProfile

Name Description Value
bootDiagnostics Boot Diagnostics is a debugging feature which allows you to view Console Output and Screenshot to diagnose VM status. NOTE: If storageUri is being specified then ensure that the storage account is in the same region and subscription as the VM. You can easily view the output of your console log. Azure also enables you to see a screenshot of the VM from the hypervisor. BootDiagnostics

DiffDiskSettings

Name Description Value
option Specifies the ephemeral disk settings for operating system disk. 'Local'
placement Specifies the ephemeral disk placement for operating system disk. Possible values are: CacheDisk, ResourceDisk, NvmeDisk. The defaulting behavior is: CacheDisk if one is configured for the VM size otherwise ResourceDisk or NvmeDisk is used. Refer to the VM size documentation for Windows VM at /azure/virtual-machines/windows/sizes and Linux VM at /azure/virtual-machines/linux/sizes to check which VM sizes exposes a cache disk. Minimum api-version for NvmeDisk: 2024-03-01. 'CacheDisk'
'NvmeDisk'
'ResourceDisk'

DiskEncryptionSetParameters

Name Description Value
id Resource Id string

DiskEncryptionSettings

Name Description Value
diskEncryptionKey Specifies the location of the disk encryption key, which is a Key Vault Secret. KeyVaultSecretReference
enabled Specifies whether disk encryption should be enabled on the virtual machine. bool
keyEncryptionKey Specifies the location of the key encryption key in Key Vault. KeyVaultKeyReference

EncryptionIdentity

Name Description Value
userAssignedIdentityResourceId Specifies ARM Resource ID of one of the user identities associated with the VM. string

EventGridAndResourceGraph

Name Description Value
enable Specifies if event grid and resource graph is enabled for Scheduled event related configurations. bool
scheduledEventsApiVersion Specifies the api-version to determine which Scheduled Events configuration schema version will be delivered. string

ExtendedLocation

Name Description Value
name The name of the extended location. string
type The type of the extended location. 'EdgeZone'

HardwareProfile

Name Description Value
vmSize Specifies the size of the virtual machine. The enum data type is currently deprecated and will be removed by December 23rd 2023. The recommended way to get the list of available sizes is using these APIs: List all available virtual machine sizes in an availability set, List all available virtual machine sizes in a region, List all available virtual machine sizes for resizing. For more information about virtual machine sizes, see Sizes for virtual machines. The available VM sizes depend on region and availability set. 'Basic_A0'
'Basic_A1'
'Basic_A2'
'Basic_A3'
'Basic_A4'
'Standard_A0'
'Standard_A1'
'Standard_A10'
'Standard_A11'
'Standard_A1_v2'
'Standard_A2'
'Standard_A2m_v2'
'Standard_A2_v2'
'Standard_A3'
'Standard_A4'
'Standard_A4m_v2'
'Standard_A4_v2'
'Standard_A5'
'Standard_A6'
'Standard_A7'
'Standard_A8'
'Standard_A8m_v2'
'Standard_A8_v2'
'Standard_A9'
'Standard_B1ms'
'Standard_B1s'
'Standard_B2ms'
'Standard_B2s'
'Standard_B4ms'
'Standard_B8ms'
'Standard_D1'
'Standard_D11'
'Standard_D11_v2'
'Standard_D12'
'Standard_D12_v2'
'Standard_D13'
'Standard_D13_v2'
'Standard_D14'
'Standard_D14_v2'
'Standard_D15_v2'
'Standard_D16s_v3'
'Standard_D16_v3'
'Standard_D1_v2'
'Standard_D2'
'Standard_D2s_v3'
'Standard_D2_v2'
'Standard_D2_v3'
'Standard_D3'
'Standard_D32s_v3'
'Standard_D32_v3'
'Standard_D3_v2'
'Standard_D4'
'Standard_D4s_v3'
'Standard_D4_v2'
'Standard_D4_v3'
'Standard_D5_v2'
'Standard_D64s_v3'
'Standard_D64_v3'
'Standard_D8s_v3'
'Standard_D8_v3'
'Standard_DS1'
'Standard_DS11'
'Standard_DS11_v2'
'Standard_DS12'
'Standard_DS12_v2'
'Standard_DS13'
'Standard_DS13-2_v2'
'Standard_DS13-4_v2'
'Standard_DS13_v2'
'Standard_DS14'
'Standard_DS14-4_v2'
'Standard_DS14-8_v2'
'Standard_DS14_v2'
'Standard_DS15_v2'
'Standard_DS1_v2'
'Standard_DS2'
'Standard_DS2_v2'
'Standard_DS3'
'Standard_DS3_v2'
'Standard_DS4'
'Standard_DS4_v2'
'Standard_DS5_v2'
'Standard_E16s_v3'
'Standard_E16_v3'
'Standard_E2s_v3'
'Standard_E2_v3'
'Standard_E32-16_v3'
'Standard_E32-8s_v3'
'Standard_E32s_v3'
'Standard_E32_v3'
'Standard_E4s_v3'
'Standard_E4_v3'
'Standard_E64-16s_v3'
'Standard_E64-32s_v3'
'Standard_E64s_v3'
'Standard_E64_v3'
'Standard_E8s_v3'
'Standard_E8_v3'
'Standard_F1'
'Standard_F16'
'Standard_F16s'
'Standard_F16s_v2'
'Standard_F1s'
'Standard_F2'
'Standard_F2s'
'Standard_F2s_v2'
'Standard_F32s_v2'
'Standard_F4'
'Standard_F4s'
'Standard_F4s_v2'
'Standard_F64s_v2'
'Standard_F72s_v2'
'Standard_F8'
'Standard_F8s'
'Standard_F8s_v2'
'Standard_G1'
'Standard_G2'
'Standard_G3'
'Standard_G4'
'Standard_G5'
'Standard_GS1'
'Standard_GS2'
'Standard_GS3'
'Standard_GS4'
'Standard_GS4-4'
'Standard_GS4-8'
'Standard_GS5'
'Standard_GS5-16'
'Standard_GS5-8'
'Standard_H16'
'Standard_H16m'
'Standard_H16mr'
'Standard_H16r'
'Standard_H8'
'Standard_H8m'
'Standard_L16s'
'Standard_L32s'
'Standard_L4s'
'Standard_L8s'
'Standard_M128-32ms'
'Standard_M128-64ms'
'Standard_M128ms'
'Standard_M128s'
'Standard_M64-16ms'
'Standard_M64-32ms'
'Standard_M64ms'
'Standard_M64s'
'Standard_NC12'
'Standard_NC12s_v2'
'Standard_NC12s_v3'
'Standard_NC24'
'Standard_NC24r'
'Standard_NC24rs_v2'
'Standard_NC24rs_v3'
'Standard_NC24s_v2'
'Standard_NC24s_v3'
'Standard_NC6'
'Standard_NC6s_v2'
'Standard_NC6s_v3'
'Standard_ND12s'
'Standard_ND24rs'
'Standard_ND24s'
'Standard_ND6s'
'Standard_NV12'
'Standard_NV24'
'Standard_NV6'
vmSizeProperties Specifies the properties for customizing the size of the virtual machine. Minimum api-version: 2021-07-01. This feature is still in preview mode and is not supported for VirtualMachineScaleSet. Please follow the instructions in VM Customization for more details. VMSizeProperties

HostEndpointSettings

Name Description Value
inVMAccessControlProfileReferenceId Specifies the InVMAccessControlProfileVersion resource id in the format of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/inVMAccessControlProfiles/{profile}/versions/{version} string
mode Specifies the execution mode. In Audit mode, the system acts as if it is enforcing the access control policy, including emitting access denial entries in the logs but it does not actually deny any requests to host endpoints. In Enforce mode, the system will enforce the access control and it is the recommended mode of operation. 'Audit'
'Disabled'
'Enforce'

ImageReference

Name Description Value
communityGalleryImageId Specified the community gallery image unique id for vm deployment. This can be fetched from community gallery image GET call. string
id Resource Id string
offer Specifies the offer of the platform image or marketplace image used to create the virtual machine. string
publisher The image publisher. string
sharedGalleryImageId Specified the shared gallery image unique id for vm deployment. This can be fetched from shared gallery image GET call. string
sku The image SKU. string
version Specifies the version of the platform image or marketplace image used to create the virtual machine. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available. Please do not use field 'version' for gallery image deployment, gallery image should always use 'id' field for deployment, to use 'latest' version of gallery image, just set '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/images/{imageName}' in the 'id' field without version input. string

KeyVaultKeyReference

Name Description Value
keyUrl The URL referencing a key encryption key in Key Vault. string (required)
sourceVault The relative URL of the Key Vault containing the key. SubResource (required)

KeyVaultSecretReference

Name Description Value
secretUrl The URL referencing a secret in a Key Vault. string (required)
sourceVault The relative URL of the Key Vault containing the secret. SubResource (required)

LinuxConfiguration

Name Description Value
disablePasswordAuthentication Specifies whether password authentication should be disabled. bool
enableVMAgentPlatformUpdates Indicates whether VMAgent Platform Updates is enabled for the Linux virtual machine. Default value is false. bool
patchSettings [Preview Feature] Specifies settings related to VM Guest Patching on Linux. LinuxPatchSettings
provisionVMAgent Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. bool
ssh Specifies the ssh key configuration for a Linux OS. SshConfiguration

LinuxPatchSettings

Name Description Value
assessmentMode Specifies the mode of VM Guest Patch Assessment for the IaaS virtual machine.

Possible values are:

ImageDefault - You control the timing of patch assessments on a virtual machine.

AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true.
'AutomaticByPlatform'
'ImageDefault'
automaticByPlatformSettings Specifies additional settings for patch mode AutomaticByPlatform in VM Guest Patching on Linux. LinuxVMGuestPatchAutomaticByPlatformSettings
patchMode Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible.

Possible values are:

ImageDefault - The virtual machine's default patching configuration is used.

AutomaticByPlatform - The virtual machine will be automatically updated by the platform. The property provisionVMAgent must be true
'AutomaticByPlatform'
'ImageDefault'

LinuxVMGuestPatchAutomaticByPlatformSettings

Name Description Value
bypassPlatformSafetyChecksOnUserSchedule Enables customer to schedule patching without accidental upgrades bool
rebootSetting Specifies the reboot setting for all AutomaticByPlatform patch installation operations. 'Always'
'IfRequired'
'Never'
'Unknown'

ManagedDiskParameters

Name Description Value
diskEncryptionSet Specifies the customer managed disk encryption set resource id for the managed disk. DiskEncryptionSetParameters
id Resource Id string
securityProfile Specifies the security profile for the managed disk. VMDiskSecurityProfile
storageAccountType Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. 'PremiumV2_LRS'
'Premium_LRS'
'Premium_ZRS'
'StandardSSD_LRS'
'StandardSSD_ZRS'
'Standard_LRS'
'UltraSSD_LRS'

NetworkInterfaceReference

Name Description Value
id Resource Id string
properties Describes a network interface reference properties. NetworkInterfaceReferenceProperties

NetworkInterfaceReferenceProperties

Name Description Value
deleteOption Specify what happens to the network interface when the VM is deleted 'Delete'
'Detach'
primary Specifies the primary network interface in case the virtual machine has more than 1 network interface. bool

NetworkProfile

Name Description Value
networkApiVersion specifies the Microsoft.Network API version used when creating networking resources in the Network Interface Configurations '2020-11-01'
'2022-11-01'
networkInterfaceConfigurations Specifies the networking configurations that will be used to create the virtual machine networking resources. VirtualMachineNetworkInterfaceConfiguration[]
networkInterfaces Specifies the list of resource Ids for the network interfaces associated with the virtual machine. NetworkInterfaceReference[]

OSDisk

Name Description Value
caching Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The defaulting behavior is: None for Standard storage. ReadOnly for Premium storage. 'None'
'ReadOnly'
'ReadWrite'
createOption Specifies how the virtual machine disk should be created. Possible values are Attach: This value is used when you are using a specialized disk to create the virtual machine. FromImage: This value is used when you are using an image to create the virtual machine. If you are using a platform image, you should also use the imageReference element described above. If you are using a marketplace image, you should also use the plan element previously described. 'Attach'
'Copy'
'Empty'
'FromImage'
'Restore' (required)
deleteOption Specifies whether OS Disk should be deleted or detached upon VM deletion. Possible values are: Delete. If this value is used, the OS disk is deleted when VM is deleted. Detach. If this value is used, the os disk is retained after VM is deleted. The default value is set to Detach. For an ephemeral OS Disk, the default value is set to Delete. The user cannot change the delete option for an ephemeral OS Disk. 'Delete'
'Detach'
diffDiskSettings Specifies the ephemeral Disk Settings for the operating system disk used by the virtual machine. DiffDiskSettings
diskSizeGB Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property 'diskSizeGB' is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023. int
encryptionSettings Specifies the encryption settings for the OS Disk. Minimum api-version: 2015-06-15. DiskEncryptionSettings
image The source user image virtual hard disk. The virtual hard disk will be copied before being attached to the virtual machine. If SourceImage is provided, the destination virtual hard drive must not exist. VirtualHardDisk
managedDisk The managed disk parameters. ManagedDiskParameters
name The disk name. string
osType This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD. Possible values are: Windows, Linux. 'Linux'
'Windows'
vhd The virtual hard disk. VirtualHardDisk
writeAcceleratorEnabled Specifies whether writeAccelerator should be enabled or disabled on the disk. bool

OSImageNotificationProfile

Name Description Value
enable Specifies whether the OS Image Scheduled event is enabled or disabled. bool
notBeforeTimeout Length of time a Virtual Machine being reimaged or having its OS upgraded will have to potentially approve the OS Image Scheduled Event before the event is auto approved (timed out). The configuration is specified in ISO 8601 format, and the value must be 15 minutes (PT15M) string

OSProfile

Name Description Value
adminPassword Specifies the password of the administrator account.

Minimum-length (Windows): 8 characters

Minimum-length (Linux): 6 characters

Max-length (Windows): 123 characters

Max-length (Linux): 72 characters

Complexity requirements: 3 out of 4 conditions below need to be fulfilled
Has lower characters
Has upper characters
Has a digit
Has a special character (Regex match [\W_])

Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!"

For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM

For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension
string

Constraints:
Sensitive value. Pass in as a secure parameter.
adminUsername Specifies the name of the administrator account.

This property cannot be updated after the VM is created.

Windows-only restriction: Cannot end in "."

Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5".

Minimum-length (Linux): 1 character

Max-length (Linux): 64 characters

Max-length (Windows): 20 characters.
string
allowExtensionOperations Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine. bool
computerName Specifies the host OS name of the virtual machine. This name cannot be updated after the VM is created. Max-length (Windows): 15 characters. Max-length (Linux): 64 characters. For naming conventions and restrictions see Azure infrastructure services implementation guidelines. string
customData Specifies a base-64 encoded string of custom data. The base-64 encoded string is decoded to a binary array that is saved as a file on the Virtual Machine. The maximum length of the binary array is 65535 bytes. Note: Do not pass any secrets or passwords in customData property. This property cannot be updated after the VM is created. The property 'customData' is passed to the VM to be saved as a file, for more information see Custom Data on Azure VMs. For using cloud-init for your Linux VM, see Using cloud-init to customize a Linux VM during creation. string
linuxConfiguration Specifies the Linux operating system settings on the virtual machine. For a list of supported Linux distributions, see Linux on Azure-Endorsed Distributions. LinuxConfiguration
requireGuestProvisionSignal Optional property which must either be set to True or omitted. bool
secrets Specifies set of certificates that should be installed onto the virtual machine. To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. VaultSecretGroup[]
windowsConfiguration Specifies Windows operating system settings on the virtual machine. WindowsConfiguration

PatchSettings

Name Description Value
assessmentMode Specifies the mode of VM Guest patch assessment for the IaaS virtual machine.

Possible values are:

ImageDefault - You control the timing of patch assessments on a virtual machine.

AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true.
'AutomaticByPlatform'
'ImageDefault'
automaticByPlatformSettings Specifies additional settings for patch mode AutomaticByPlatform in VM Guest Patching on Windows. WindowsVMGuestPatchAutomaticByPlatformSettings
enableHotpatching Enables customers to patch their Azure VMs without requiring a reboot. For enableHotpatching, the 'provisionVMAgent' must be set to true and 'patchMode' must be set to 'AutomaticByPlatform'. bool
patchMode Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible.

Possible values are:

Manual - You control the application of patches to a virtual machine. You do this by applying patches manually inside the VM. In this mode, automatic updates are disabled; the property WindowsConfiguration.enableAutomaticUpdates must be false

AutomaticByOS - The virtual machine will automatically be updated by the OS. The property WindowsConfiguration.enableAutomaticUpdates must be true.

AutomaticByPlatform - the virtual machine will automatically updated by the platform. The properties provisionVMAgent and WindowsConfiguration.enableAutomaticUpdates must be true
'AutomaticByOS'
'AutomaticByPlatform'
'Manual'

Placement

Name Description Value
excludeZones This property supplements the 'zonePlacementPolicy' property. If 'zonePlacementPolicy' is set to 'Any'/'Auto', availability zone selected by the system must not be present in the list of availability zones passed with 'excludeZones'. If 'excludeZones' is not provided, all availability zones in region will be considered for selection. string[]
includeZones This property supplements the 'zonePlacementPolicy' property. If 'zonePlacementPolicy' is set to 'Any'/'Auto', availability zone selected by the system must be present in the list of availability zones passed with 'includeZones'. If 'includeZones' is not provided, all availability zones in region will be considered for selection. string[]
zonePlacementPolicy Specifies the policy for resource's placement in availability zone. Possible values are: Any (used for Virtual Machines), Auto (used for Virtual Machine Scale Sets) - An availability zone will be automatically picked by system as part of resource creation. 'Any'
'Auto'

Plan

Name Description Value
name The plan ID. string
product Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. string
promotionCode The promotion code. string
publisher The publisher ID. string

ProxyAgentSettings

Name Description Value
addProxyAgentExtension Specify whether to implicitly install the ProxyAgent Extension. This option is currently applicable only for Linux Os. bool
enabled Specifies whether ProxyAgent feature should be enabled on the virtual machine or virtual machine scale set. bool
imds Specifies the IMDS endpoint settings while creating the virtual machine or virtual machine scale set. Minimum api-version: 2024-03-01. HostEndpointSettings
keyIncarnationId Increase the value of this property allows users to reset the key used for securing communication channel between guest and host. int
mode Specifies the mode that ProxyAgent will execute on. Warning: this property has been deprecated, please specify 'mode' under particular hostendpoint setting. 'Audit'
'Enforce'
wireServer Specifies the Wire Server endpoint settings while creating the virtual machine or virtual machine scale set. Minimum api-version: 2024-03-01. HostEndpointSettings

PublicIPAddressSku

Name Description Value
name Specify public IP sku name 'Basic'
'Standard'
tier Specify public IP sku tier 'Global'
'Regional'

ScheduledEventsAdditionalPublishingTargets

Name Description Value
eventGridAndResourceGraph The configuration parameters used while creating eventGridAndResourceGraph Scheduled Event setting. EventGridAndResourceGraph

ScheduledEventsPolicy

Name Description Value
allInstancesDown The configuration parameters used while creating AllInstancesDown scheduled event setting creation. AllInstancesDown
scheduledEventsAdditionalPublishingTargets The configuration parameters used while publishing scheduledEventsAdditionalPublishingTargets. ScheduledEventsAdditionalPublishingTargets
userInitiatedReboot The configuration parameters used while creating userInitiatedReboot scheduled event setting creation. UserInitiatedReboot
userInitiatedRedeploy The configuration parameters used while creating userInitiatedRedeploy scheduled event setting creation. UserInitiatedRedeploy

ScheduledEventsProfile

Name Description Value
osImageNotificationProfile Specifies OS Image Scheduled Event related configurations. OSImageNotificationProfile
terminateNotificationProfile Specifies Terminate Scheduled Event related configurations. TerminateNotificationProfile

SecurityProfile

Name Description Value
encryptionAtHost This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. The default behavior is: The Encryption at host will be disabled unless this property is set to true for the resource. bool
encryptionIdentity Specifies the Managed Identity used by ADE to get access token for keyvault operations. EncryptionIdentity
proxyAgentSettings Specifies ProxyAgent settings while creating the virtual machine. Minimum api-version: 2023-09-01. ProxyAgentSettings
securityType Specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UefiSettings. The default behavior is: UefiSettings will not be enabled unless this property is set. 'ConfidentialVM'
'TrustedLaunch'
uefiSettings Specifies the security settings like secure boot and vTPM used while creating the virtual machine. Minimum api-version: 2020-12-01. UefiSettings

SshConfiguration

Name Description Value
publicKeys The list of SSH public keys used to authenticate with linux based VMs. SshPublicKey[]

SshPublicKey

Name Description Value
keyData SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format. For creating ssh keys, see [Create SSH keys on Linux and Mac for Linux VMs in Azure]/azure/virtual-machines/linux/create-ssh-keys-detailed). string
path Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys string

StorageProfile

Name Description Value
alignRegionalDisksToVMZone Specifies whether the regional disks should be aligned/moved to the VM zone. This is applicable only for VMs with placement property set. Please note that this change is irreversible. Minimum api-version: 2024-11-01. bool
dataDisks Specifies the parameters that are used to add a data disk to a virtual machine. For more information about disks, see About disks and VHDs for Azure virtual machines. DataDisk[]
diskControllerType Specifies the disk controller type configured for the VM. Note: This property will be set to the default disk controller type if not specified provided virtual machine is being created with 'hyperVGeneration' set to V2 based on the capabilities of the operating system disk and VM size from the the specified minimum api version. You need to deallocate the VM before updating its disk controller type unless you are updating the VM size in the VM configuration which implicitly deallocates and reallocates the VM. Minimum api-version: 2022-08-01. 'NVMe'
'SCSI'
imageReference Specifies information about the image to use. You can specify information about platform images, marketplace images, or virtual machine images. This element is required when you want to use a platform image, marketplace image, or virtual machine image, but is not used in other creation operations. ImageReference
osDisk Specifies information about the operating system disk used by the virtual machine. For more information about disks, see About disks and VHDs for Azure virtual machines. OSDisk

SubResource

Name Description Value
id Resource Id string

TerminateNotificationProfile

Name Description Value
enable Specifies whether the Terminate Scheduled event is enabled or disabled. bool
notBeforeTimeout Configurable length of time a Virtual Machine being deleted will have to potentially approve the Terminate Scheduled Event before the event is auto approved (timed out). The configuration must be specified in ISO 8601 format, the default value is 5 minutes (PT5M) string

TrackedResourceTags

Name Description Value

UefiSettings

Name Description Value
secureBootEnabled Specifies whether secure boot should be enabled on the virtual machine. Minimum api-version: 2020-12-01. bool
vTpmEnabled Specifies whether vTPM should be enabled on the virtual machine. Minimum api-version: 2020-12-01. bool

UserAssignedIdentitiesValue

Name Description Value

UserInitiatedReboot

Name Description Value
automaticallyApprove Specifies Reboot Scheduled Event related configurations. bool

UserInitiatedRedeploy

Name Description Value
automaticallyApprove Specifies Redeploy Scheduled Event related configurations. bool

VaultCertificate

Name Description Value
certificateStore For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account. For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted. string
certificateUrl This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8:

{
"data":"<Base64-encoded-certificate>",
"dataType":"pfx",
"password":"<pfx-file-password>"
}
To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows.
string

VaultSecretGroup

Name Description Value
sourceVault The relative URL of the Key Vault containing all of the certificates in VaultCertificates. SubResource
vaultCertificates The list of key vault references in SourceVault which contain certificates. VaultCertificate[]

VirtualHardDisk

Name Description Value
uri Specifies the virtual hard disk's uri. string

VirtualMachineIdentity

Name Description Value
type The type of identity used for the virtual machine. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned'
userAssignedIdentities The list of user identities associated with the Virtual Machine. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. VirtualMachineIdentityUserAssignedIdentities

VirtualMachineIdentityUserAssignedIdentities

Name Description Value

VirtualMachineIpTag

Name Description Value
ipTagType IP tag type. Example: FirstPartyUsage. string
tag IP tag associated with the public IP. Example: SQL, Storage etc. string

VirtualMachineNetworkInterfaceConfiguration

Name Description Value
name The network interface configuration name. string (required)
properties Describes a virtual machine network profile's IP configuration. VirtualMachineNetworkInterfaceConfigurationProperties
tags Resource tags applied to the networkInterface address created by this NetworkInterfaceConfiguration VirtualMachineNetworkInterfaceConfigurationTags

VirtualMachineNetworkInterfaceConfigurationProperties

Name Description Value
auxiliaryMode Specifies whether the Auxiliary mode is enabled for the Network Interface resource. 'AcceleratedConnections'
'Floating'
'None'
auxiliarySku Specifies whether the Auxiliary sku is enabled for the Network Interface resource. 'A1'
'A2'
'A4'
'A8'
'None'
deleteOption Specify what happens to the network interface when the VM is deleted 'Delete'
'Detach'
disableTcpStateTracking Specifies whether the network interface is disabled for tcp state tracking. bool
dnsSettings The dns settings to be applied on the network interfaces. VirtualMachineNetworkInterfaceDnsSettingsConfiguration
dscpConfiguration SubResource
enableAcceleratedNetworking Specifies whether the network interface is accelerated networking-enabled. bool
enableFpga Specifies whether the network interface is FPGA networking-enabled. bool
enableIPForwarding Whether IP forwarding enabled on this NIC. bool
ipConfigurations Specifies the IP configurations of the network interface. VirtualMachineNetworkInterfaceIPConfiguration[] (required)
networkSecurityGroup The network security group. SubResource
primary Specifies the primary network interface in case the virtual machine has more than 1 network interface. bool

VirtualMachineNetworkInterfaceConfigurationTags

Name Description Value

VirtualMachineNetworkInterfaceDnsSettingsConfiguration

Name Description Value
dnsServers List of DNS servers IP addresses string[]

VirtualMachineNetworkInterfaceIPConfiguration

Name Description Value
name The IP configuration name. string (required)
properties Describes a virtual machine network interface IP configuration properties. VirtualMachineNetworkInterfaceIPConfigurationProperties

VirtualMachineNetworkInterfaceIPConfigurationProperties

Name Description Value
applicationGatewayBackendAddressPools Specifies an array of references to backend address pools of application gateways. A virtual machine can reference backend address pools of multiple application gateways. Multiple virtual machines cannot use the same application gateway. SubResource[]
applicationSecurityGroups Specifies an array of references to application security group. SubResource[]
loadBalancerBackendAddressPools Specifies an array of references to backend address pools of load balancers. A virtual machine can reference backend address pools of one public and one internal load balancer. [Multiple virtual machines cannot use the same basic sku load balancer]. SubResource[]
primary Specifies the primary network interface in case the virtual machine has more than 1 network interface. bool
privateIPAddressVersion Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. 'IPv4'
'IPv6'
publicIPAddressConfiguration The publicIPAddressConfiguration. VirtualMachinePublicIPAddressConfiguration
subnet Specifies the identifier of the subnet. SubResource

VirtualMachineProperties

Name Description Value
additionalCapabilities Specifies additional capabilities enabled or disabled on the virtual machine. AdditionalCapabilities
applicationProfile Specifies the gallery applications that should be made available to the VM/VMSS. ApplicationProfile
availabilitySet Specifies information about the availability set that the virtual machine should be assigned to. Virtual machines specified in the same availability set are allocated to different nodes to maximize availability. For more information about availability sets, see Availability sets overview. For more information on Azure planned maintenance, see Maintenance and updates for Virtual Machines in Azure. Currently, a VM can only be added to availability set at creation time. The availability set to which the VM is being added should be under the same resource group as the availability set resource. An existing VM cannot be added to an availability set. This property cannot exist along with a non-null properties.virtualMachineScaleSet reference. SubResource
billingProfile Specifies the billing related details of a Azure Spot virtual machine. Minimum api-version: 2019-03-01. BillingProfile
capacityReservation Specifies information about the capacity reservation that is used to allocate virtual machine. Minimum api-version: 2021-04-01. CapacityReservationProfile
diagnosticsProfile Specifies the boot diagnostic settings state. Minimum api-version: 2015-06-15. DiagnosticsProfile
evictionPolicy Specifies the eviction policy for the Azure Spot virtual machine and Azure Spot scale set. For Azure Spot virtual machines, both 'Deallocate' and 'Delete' are supported and the minimum api-version is 2019-03-01. For Azure Spot scale sets, both 'Deallocate' and 'Delete' are supported and the minimum api-version is 2017-10-30-preview. 'Deallocate'
'Delete'
extensionsTimeBudget Specifies the time alloted for all extensions to start. The time duration should be between 15 minutes and 120 minutes (inclusive) and should be specified in ISO 8601 format. The default value is 90 minutes (PT1H30M). Minimum api-version: 2020-06-01. string
hardwareProfile Specifies the hardware settings for the virtual machine. HardwareProfile
host Specifies information about the dedicated host that the virtual machine resides in. Minimum api-version: 2018-10-01. SubResource
hostGroup Specifies information about the dedicated host group that the virtual machine resides in. Note: User cannot specify both host and hostGroup properties. Minimum api-version: 2020-06-01. SubResource
licenseType Specifies that the image or disk that is being used was licensed on-premises.

Possible values for Windows Server operating system are:

Windows_Client

Windows_Server

Possible values for Linux Server operating system are:

RHEL_BYOS (for RHEL)

SLES_BYOS (for SUSE)

For more information, see Azure Hybrid Use Benefit for Windows Server

Azure Hybrid Use Benefit for Linux Server

Minimum api-version: 2015-06-15
string
networkProfile Specifies the network interfaces of the virtual machine. NetworkProfile
osProfile Specifies the operating system settings used while creating the virtual machine. Some of the settings cannot be changed once VM is provisioned. OSProfile
platformFaultDomain Specifies the scale set logical fault domain into which the Virtual Machine will be created. By default, the Virtual Machine will by automatically assigned to a fault domain that best maintains balance across available fault domains. This is applicable only if the 'virtualMachineScaleSet' property of this Virtual Machine is set. The Virtual Machine Scale Set that is referenced, must have 'platformFaultDomainCount' greater than 1. This property cannot be updated once the Virtual Machine is created. Fault domain assignment can be viewed in the Virtual Machine Instance View. Minimum api‐version: 2020‐12‐01. int
priority Specifies the priority for the virtual machine. Minimum api-version: 2019-03-01 'Low'
'Regular'
'Spot'
proximityPlacementGroup Specifies information about the proximity placement group that the virtual machine should be assigned to. Minimum api-version: 2018-04-01. SubResource
scheduledEventsPolicy Specifies Redeploy, Reboot and ScheduledEventsAdditionalPublishingTargets Scheduled Event related configurations for the virtual machine. ScheduledEventsPolicy
scheduledEventsProfile Specifies Scheduled Event related configurations. ScheduledEventsProfile
securityProfile Specifies the Security related profile settings for the virtual machine. SecurityProfile
storageProfile Specifies the storage settings for the virtual machine disks. StorageProfile
userData UserData for the VM, which must be base-64 encoded. Customer should not pass any secrets in here. Minimum api-version: 2021-03-01. string
virtualMachineScaleSet Specifies information about the virtual machine scale set that the virtual machine should be assigned to. Virtual machines specified in the same virtual machine scale set are allocated to different nodes to maximize availability. Currently, a VM can only be added to virtual machine scale set at creation time. An existing VM cannot be added to a virtual machine scale set. This property cannot exist along with a non-null properties.availabilitySet reference. Minimum api‐version: 2019‐03‐01. SubResource

VirtualMachinePublicIPAddressConfiguration

Name Description Value
name The publicIP address configuration name. string (required)
properties Describes a virtual machines IP Configuration's PublicIPAddress configuration VirtualMachinePublicIPAddressConfigurationProperties
sku Describes the public IP Sku. It can only be set with OrchestrationMode as Flexible. PublicIPAddressSku
tags Resource tags applied to the publicIP address created by this PublicIPAddressConfiguration VirtualMachinePublicIPAddressConfigurationTags

VirtualMachinePublicIPAddressConfigurationProperties

Name Description Value
deleteOption Specify what happens to the public IP address when the VM is deleted 'Delete'
'Detach'
dnsSettings The dns settings to be applied on the publicIP addresses . VirtualMachinePublicIPAddressDnsSettingsConfiguration
idleTimeoutInMinutes The idle timeout of the public IP address. int
ipTags The list of IP tags associated with the public IP address. VirtualMachineIpTag[]
publicIPAddressVersion Available from Api-Version 2019-07-01 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. 'IPv4'
'IPv6'
publicIPAllocationMethod Specify the public IP allocation type 'Dynamic'
'Static'
publicIPPrefix The PublicIPPrefix from which to allocate publicIP addresses. SubResource

VirtualMachinePublicIPAddressConfigurationTags

Name Description Value

VirtualMachinePublicIPAddressDnsSettingsConfiguration

Name Description Value
domainNameLabel The Domain name label prefix of the PublicIPAddress resources that will be created. The generated name label is the concatenation of the domain name label and vm network profile unique ID. string (required)
domainNameLabelScope The Domain name label scope of the PublicIPAddress resources that will be created. The generated name label is the concatenation of the hashed domain name label with policy according to the domain name label scope and vm network profile unique ID. 'NoReuse'
'ResourceGroupReuse'
'SubscriptionReuse'
'TenantReuse'

VMDiskSecurityProfile

Name Description Value
diskEncryptionSet Specifies the customer managed disk encryption set resource id for the managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and VMGuest blob. DiskEncryptionSetParameters
securityEncryptionType Specifies the EncryptionType of the managed disk. It is set to DiskWithVMGuestState for encryption of the managed disk along with VMGuestState blob, VMGuestStateOnly for encryption of just the VMGuestState blob, and NonPersistedTPM for not persisting firmware state in the VMGuestState blob.. Note: It can be set for only Confidential VMs. 'DiskWithVMGuestState'
'NonPersistedTPM'
'VMGuestStateOnly'

VMGalleryApplication

Name Description Value
configurationReference Optional, Specifies the uri to an azure blob that will replace the default configuration for the package if provided string
enableAutomaticUpgrade If set to true, when a new Gallery Application version is available in PIR/SIG, it will be automatically updated for the VM/VMSS bool
order Optional, Specifies the order in which the packages have to be installed int
packageReferenceId Specifies the GalleryApplicationVersion resource id on the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/applications/{application}/versions/{version} string (required)
tags Optional, Specifies a passthrough value for more generic context. string
treatFailureAsDeploymentFailure Optional, If true, any failure for any operation in the VmApplication will fail the deployment bool

VMSizeProperties

Name Description Value
vCPUsAvailable Specifies the number of vCPUs available for the VM. When this property is not specified in the request body the default behavior is to set it to the value of vCPUs available for that VM size exposed in api response of List all available virtual machine sizes in a region. int
vCPUsPerCore Specifies the vCPU to physical core ratio. When this property is not specified in the request body the default behavior is set to the value of vCPUsPerCore for the VM Size exposed in api response of List all available virtual machine sizes in a region. Setting this property to 1 also means that hyper-threading is disabled. int

WindowsConfiguration

Name Description Value
additionalUnattendContent Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. AdditionalUnattendContent[]
enableAutomaticUpdates Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. bool
patchSettings [Preview Feature] Specifies settings related to VM Guest Patching on Windows. PatchSettings
provisionVMAgent Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, it is set to true by default. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. bool
timeZone Specifies the time zone of the virtual machine. e.g. "Pacific Standard Time". Possible values can be TimeZoneInfo.Id value from time zones returned by TimeZoneInfo.GetSystemTimeZones. string
winRM Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. WinRMConfiguration

WindowsVMGuestPatchAutomaticByPlatformSettings

Name Description Value
bypassPlatformSafetyChecksOnUserSchedule Enables customer to schedule patching without accidental upgrades bool
rebootSetting Specifies the reboot setting for all AutomaticByPlatform patch installation operations. 'Always'
'IfRequired'
'Never'
'Unknown'

WinRMConfiguration

Name Description Value
listeners The list of Windows Remote Management listeners WinRMListener[]

WinRMListener

Name Description Value
certificateUrl This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be the Base64 encoding of the following JSON Object which is encoded in UTF-8:

{
"data":"<Base64-encoded-certificate>",
"dataType":"pfx",
"password":"<pfx-file-password>"
}
To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows.
string
protocol Specifies the protocol of WinRM listener. Possible values are: http, https. 'Http'
'Https'

Usage Examples

Azure Quickstart Templates

The following Azure Quickstart templates deploy this resource type.

Template Description
(++)Ethereum on Ubuntu

Deploy to Azure
This template deploys a (++)Ethereum client on a Ubuntu virtual machines
1 VM in vNet - Multiple data disks

Deploy to Azure
This template creates a single VM running Windows Server 2016 with multiple data disks attached.
101-1vm-2nics-2subnets-1vnet

Deploy to Azure
Creates a new VM with two NICs which connect to two different subnets within the same VNet.
2 VMs in a Load Balancer and configure NAT rules on the LB

Deploy to Azure
This template allows you to create 2 Virtual Machines in an Availability Set and configure NAT rules through the load balancer. This template also deploys a Storage Account, Virtual Network, Public IP address and Network Interfaces. In this template, we use the resource loops capability to create the network interfaces and virtual machines
2 VMs in a Load Balancer and load balancing rules

Deploy to Azure
This template allows you to create 2 Virtual Machines under a Load balancer and configure a load balancing rule on Port 80. This template also deploys a Storage Account, Virtual Network, Public IP address, Availability Set and Network Interfaces. In this template, we use the resource loops capability to create the network interfaces and virtual machines
2 VMs in VNET - Internal Load Balancer and LB rules

Deploy to Azure
This template allows you to create 2 Virtual Machines in a VNET and under an internal Load balancer and configure a load balancing rule on Port 80. This template also deploys a Storage Account, Virtual Network, Public IP address, Availability Set and Network Interfaces.
201-vnet-2subnets-service-endpoints-storage-integration

Deploy to Azure
Creates 2 new VMs with a NIC each, in two different subnets within the same VNet. Sets service endpoint on one of the subnets and secures storage account to that subnet.
Add multiple VMs into a Virtual Machine Scale Set

Deploy to Azure
This template will create N number of VM's with managed disks, public IPs and network interfaces. It will create the VMs in a Virtual Machine Scale Set in Flexible Orchestration mode. They will be provisioned in a Virtual Network which will also be created as part of the deployment
AKS Cluster with a NAT Gateway and an Application Gateway

Deploy to Azure
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections.
AKS cluster with the Application Gateway Ingress Controller

Deploy to Azure
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault
Alsid Syslog/Sentinel proxy

Deploy to Azure
This template creates and configures a Syslog server with an onboarded Azure Sentinel Agent for a specified workspace.
Apache Webserver on Ubuntu VM

Deploy to Azure
This template uses the Azure Linux CustomScript extension to deploy an Apache web server. The deployment template creates an Ubuntu VM, installs Apache2 and creates a simple HTML file. Go to ../demo.html to see the deployed page.
App Configuration with VM

Deploy to Azure
This template references existing key-value configurations from an existing config store and uses retrieved values to set properties of the resources the template creates.
App Gateway with WAF, SSL, IIS and HTTPS redirection

Deploy to Azure
This template deploys an Application Gateway with WAF, end to end SSL and HTTP to HTTPS redirect on the IIS servers.
App Service Environment with Azure SQL backend

Deploy to Azure
This template creates an App Service Environment with an Azure SQL backend along with private endpoints along with associated resources typically used in an private/isolated environment.
Application Security Groups

Deploy to Azure
This template shows how to put together the pieces to secure workloads using NSGs with Application Security Groups. It will deploy a Linux VM running NGINX and through the usage of Applicaton Security Groups on Network Security Groups we will allow access to ports 22 and 80 to a VM assigned to Application Security Group called webServersAsg.
Azure Application Gateway Log Analyzer using GoAccess

Deploy to Azure
This template uses the Azure Linux CustomScript extension to deploy an Azure Application Gateway Log Analyzer using GoAccess. The deployment template creates an Ubuntu VM, installs Application Gateway Log Processor, GoAccess, Apache WebServer and configures it to analyze Azure Application Gateway access logs.
Azure Container Service Engine (acs-engine) - Swarm Mode

Deploy to Azure
The Azure Container Service Engine (acs-engine) generates ARM (Azure Resource Manager) templates for Docker enabled clusters on Microsoft Azure with your choice of DC/OS, Kubernetes, Swarm Mode, or Swarm orchestrators. The input to the tool is a cluster definition. The cluster definition is very similar to (in many cases the same as) the ARM template syntax used to deploy a Microsoft Azure Container Service cluster.
Azure data disk performance meter

Deploy to Azure
This template allows you to run a data disk performance test for different workload types using fio utility.
Azure Game Developer Virtual Machine

Deploy to Azure
Azure Game Developer Virtual Machine includes Licencsed Engines like Unreal.
Azure Machine Learning end-to-end secure setup

Deploy to Azure
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Azure Machine Learning end-to-end secure setup (legacy)

Deploy to Azure
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Azure managed disk performance meter

Deploy to Azure
This template allows you to run a managed disk performance test for different workload types using fio utility.
Azure managed disk RAID performance meter

Deploy to Azure
This template allows you to run a managed disk RAID performance test for different workload types using fio utility.
Azure Route Server in BGP peering with Quagga

Deploy to Azure
This template deploys a Router Server and Ubuntu VM with Quagga. Two external BGP sessions are established between the Router Server and Quagga. Installation and configuration of Quagga is executed by Azure custom script extension for linux
Azure sysbench CPU performance meter

Deploy to Azure
This template allows you to run a CPU performance test using sysbench utility.
Azure Traffic Manager VM example

Deploy to Azure
This template shows how to create an Azure Traffic Manager profile load-balancing across multiple virtual machines.
Azure Traffic Manager VM example with Availability Zones

Deploy to Azure
This template shows how to create an Azure Traffic Manager profile load-balancing across multiple virtual machines placed in Availability Zones.
Azure VM-to-VM bandwidth meter

Deploy to Azure
This template allows you to run VM-to-VM bandwidth test with PsPing utility.
Azure VM-to-VM multithreaded throughput meter

Deploy to Azure
This template allows you to run VM-to-VM throughput test with NTttcp utility.
Barracuda Web Application Firewall with Backend IIS Servers

Deploy to Azure
This Azure quickstart template deploys a Barracuda Web Application Firewall Solution on Azure with required number of backend Windows 2012 based IIS Web Servers.Templates includes latest Barracuda WAF with Pay as you go license and latest Windows 2012 R2 Azure Image for IIS.The Barracuda Web Application Firewall inspects inbound web traffic and blocks SQL injections, Cross-Site Scripting, malware uploads & application DDoS and other attacks targeted at your web applications. One External LB is deployed with NAT rules to enable Remote desktop access to backend web servers. Please follow post deployment configuration guide available in GitHub template directory to learn more about post deployment steps related to Barracuda web application firewall and web applications publishing.
Basic RDS farm deployment

Deploy to Azure
This template creates a basic RDS farm deployment
Bitcore Node and Utilities for Bitcoin on CentOS VM

Deploy to Azure
This template uses the Azure Linux CustomScript extension to deploy a Bitcore Node instance with the complete set of Bitcoin utilities. The deployment template creates a CentOS VM, installs Bitcore and provides a simple bitcored executable. With this template, you will be running a full node on the Bitcoin network as well as a block explorer called Insight.
Blockchain Template

Deploy to Azure
Deploy a VM with Groestlcoin Core installed.
BrowserBox Azure Edition

Deploy to Azure
This template deploys BrowserBox on an Azure Ubuntu Server 22.04 LTS, Debian 11, or RHEL 8.7 LVM VM.
CentOS/UbuntuServer Auto Dynamic Disks & Docker 1.12(cs)

Deploy to Azure
This is a common template for creating single instance CentOS 7.2/7.1/6.5 or Ubuntu Server 16.04.0-LTS with configurable number of data disks (configurable sizes). Maximum 16 disks can be mentioned in the portal parameters and maximum size of each disk should be less than 1023 GB. The MDADM RAID0 Array is automounted and survives restarts. Latest Docker 1.12(cs3) (Swarm), docker-compose 1.9.0 & docker-machine 0.8.2 is available for usage from user azure-cli is auto running as a docker container. This single instance template is an offshoot of the HPC/GPU Clusters Template @ https://github.com/azurebigcompute/BigComputeBench
Chef Backend High-Availability Cluster

Deploy to Azure
This template creates a chef-backend cluster with front-end nodes attached
Chef with JSON parameters on Ubuntu/CentOS

Deploy to Azure
Deploy an Ubuntu/CentOS VM With Chef with JSON parameters
Classroom Linux JupyterHub

Deploy to Azure
This template deploy a Jupyter Server for a classroom of up to 100 users. You can provide the username, password, virtual machine name and select between CPU or GPU computing.
CloudLens with Moloch example

Deploy to Azure
This template shows how to setup network visibility in the Azure public cloud using the CloudLens agent to tap traffic on one vm and forward it to a network packet storing & indexing tool, in this case Moloch.
Concourse CI

Deploy to Azure
Concourse is a CI system composed of simple tools and ideas. It can express entire pipelines, integrating with arbitrary resources, or it can be used to execute one-off tasks, either locally or in another CI system. This template can help to prepare neccessary Azure resources to setup such a CI system, and make the setup more simple.
Connect to a Event Hubs namespace via private endpoint

Deploy to Azure
This sample shows how to use configure a virtual network and private DNS zone to access a Event Hubs namespace via a private endpoint.
Connect to a Key Vault via private endpoint

Deploy to Azure
This sample shows how to use configure a virtual network and private DNS zone to access Key Vault via private endpoint.
Connect to a Service Bus namespace via private endpoint

Deploy to Azure
This sample shows how to use configure a virtual network and private DNS zone to access a Service Bus namespace via private endpoint.
Connect to a storage account from a VM via private endpoint

Deploy to Azure
This sample shows how to use connect a virtual network to access a blob storage account via private endpoint.
Connect to an Azure File Share via a Private Endpoint

Deploy to Azure
This sample shows how to use configure a virtual network and private DNS zone to access an Azure File Share via a private endpoint.
Create 2 VMs in LB and a SQL Server VM with NSG

Deploy to Azure
This template creates 2 Windows VMs (that can be used as web FE) with in an Availability Set and a Load Balancer with port 80 open. The two VMs can be reached using RDP on port 6001 and 6002. This template also create a SQL Server 2014 VM that can be reached via RDP connection defined in a Network Security Group.
Create 2 VMs Linux with LB and SQL Server VM with SSD

Deploy to Azure
This template creates 2 Linux VMs (that can be used as web FE) with in an Availability Set and a Load Balancer with port 80 open. The two VMs can be reached using SSH on port 6001 and 6002. This template also create a SQL Server 2014 VM that can be reached via RDP connection defined in a Network Security Group. All VMs storage can use Premium Storage (SSD) and you can choose to creare VMs with all DS sizes
Create a cross-region load balancer

Deploy to Azure
This template creates a cross-region load balancer with a backend pool containing two regional load balancers. Cross-region load balancer is currently available in limited regions. The regional load balancers behind the cross-region load balancer can be in any region.
Create a data management gateway and install on an Azure VM

Deploy to Azure
This template deploys a virtual machine and creates a workable data management gateway
Create a DevTest environment with P2S VPN and IIS

Deploy to Azure
This template creates a simple DevTest environment with a Point-to-Site VPN and IIS on a Windows server which is a great way to get started.
Create a Firewall with FirewallPolicy and IpGroups

Deploy to Azure
This template creates an Azure Firewall with FirewalllPolicy referencing Network Rules with IpGroups. Also, includes a Linux Jumpbox vm setup
Create a Firewall, FirewallPolicy with Explicit Proxy

Deploy to Azure
This template creates an Azure Firewall, FirewalllPolicy with Explicit Proxy and Network Rules with IpGroups. Also, includes a Linux Jumpbox vm setup
Create a load-balancer with a Public IPv6 address

Deploy to Azure
This template creates an Internet-facing load-balancer with a Public IPv6 address, load balancing rules, and two VMs for the backend pool.
Create a new AD Domain with 2 DCs using Availability Zones

Deploy to Azure
This template creates 2 VMs in separate Availability Zones to be AD DCs (primary and backup) for a new Forest and Domain
Create a new encrypted windows vm from gallery image

Deploy to Azure
This template creates a new encrypted windows vm using the server 2k12 gallery image.
Create a Private AKS Cluster

Deploy to Azure
This sample shows how to create a private AKS cluster in a virtual network along with a jumpbox virtual machine.
Create a Private AKS Cluster with a Public DNS Zone

Deploy to Azure
This sample shows how to a deploy a private AKS cluster with a Public DNS Zone.
Create a sandbox setup of Azure Firewall with Linux VMs

Deploy to Azure
This template creates a virtual network with 3 subnets (server subnet, jumpbox subet and AzureFirewall subnet), a jumpbox VM with public IP, A server VM, UDR route to point to Azure Firewall for the Server Subnet and an Azure Firewall with 1 or more Public IP addresses, 1 sample application rule, 1 sample network rule and default private ranges
Create a sandbox setup of Azure Firewall with Zones

Deploy to Azure
This template creates a virtual network with three subnets (server subnet, jumpbox subnet, and Azure Firewall subnet), a jumpbox VM with public IP, A server VM, UDR route to point to Azure Firewall for the ServerSubnet,an Azure Firewall with one or more Public IP addresses, one sample application rule, and one sample network rule and Azure Firewall in Availability Zones 1, 2, and 3.
Create a sandbox setup with Firewall Policy

Deploy to Azure
This template creates a virtual network with 3 subnets (server subnet, jumpbox subet and AzureFirewall subnet), a jumpbox VM with public IP, A server VM, UDR route to point to Azure Firewall for the Server Subnet and an Azure Firewall with 1 or more Public IP addresses. Also creates a Firewall policy with 1 sample application rule, 1 sample network rule and default private ranges
Create a Site-to-Site VPN Connection with VM

Deploy to Azure
This template allows you to create a Site-to-Site VPN Connection using Virtual Network Gateways
Create a standard internal load balancer

Deploy to Azure
This template creates a standard internal Azure Load Balancer with a rule load-balancing port 80
Create a standard load-balancer

Deploy to Azure
This template creates an Internet-facing load-balancer, load balancing rules, and three VMs for the backend pool with each VM in a redundant zone.
Create a two VM SQL Server Reporting Services Deployment

Deploy to Azure
This template creates two new Azure VMs, each with a public IP address, it configures one VM to be an SSRS Server, one with SQL Server mixed auth for the SSRS Catalog with the SQL Agent Started. All VMs have public facing RDP and diagnostics enabled , the diagnostics is stored in a consolidated diagnostics storage account different than the vm disk
Create a virtual machine in an Extended Zone

Deploy to Azure
This template create a virtual machine in an Extended Zone
Create a VM from a EfficientIP VHD

Deploy to Azure
This template creates a VM from a EfficientIP VHD and let you connect it to an existing VNET that can reside in another Resource Group then the virtual machine
Create a VM from a Windows Image with 4 Empty Data Disks

Deploy to Azure
This template allows you to create a Windows Virtual Machine from a specified image. It also attaches 4 empty data disks. Note that you can specify the size of the empty data disks.
Create a VM from User Image

Deploy to Azure
This template allows you to create a Virtual Machines from a User image. This template also deploys a Virtual Network, Public IP addresses and a Network Interface.
Create a VM in a new or existing vnet from a custom VHD

Deploy to Azure
This template creates a VM from a specialized VHD and let you connect it to a new or existing VNET that can reside in another Resource Group than the virtual machine
Create a VM in a new or existing vnet from a generalized VHD

Deploy to Azure
This template creates a VM from a generalized VHD and let you connect it to a new or existing VNET that can reside in another Resource Group than the virtual machine
Create a VM in a VNET in different Resource Group

Deploy to Azure
This template creates a VM in a VNET which is in a different Resource Group
Create a VM with a dynamic selection of data disks

Deploy to Azure
This template allows the user to select the number of data disks they'd like to add to the VM.
Create a VM with multiple empty StandardSSD_LRS Data Disks

Deploy to Azure
This template allows you to create a Windows Virtual Machine from a specified image. It also attaches multiple empty StandardSSD data disks by default. Note that you can specify the size and the Storage type (Standard_LRS, StandardSSD_LRS and Premium_LRS) of the empty data disks.
Create a VM with multiple NICs and RDP accessible

Deploy to Azure
This template allows you to create a Virtual Machines with multiple (2) network interfaces (NICs), and RDP connectable with a configured load balancer and an inbound NAT rule. More NICs can easily be added with this template. This template also deploys a Storage Account, Virtual Network, Public IP address, and 2 Network Interfaces (front-end and back-end).
Create a Windows VM with Anti-Malware extension enabled

Deploy to Azure
This template creates a Windows VM and sets up the Anti-Malware protection
Create an Azure Application Gateway v2

Deploy to Azure
This template creates an Azure Application Gateway with two Windows Server 2016 servers in the backend pool
Create an Azure Firewall sandbox with forced tunneling

Deploy to Azure
This template creates an Azure Firewall sandbox (Linux) with one firewall force tunneled through another firewall in a peered VNET
Create an Azure Firewall with IpGroups

Deploy to Azure
This template creates an Azure Firewall with Application and Network Rules referring to IP Groups. Also, includes a Linux Jumpbox vm setup
Create an Azure Firewall with multiple IP public addresses

Deploy to Azure
This template creates an Azure Firewall with two public IP addresses and two Windows Server 2019 servers to test.
Create an Azure VM with a new Active Directory Forest

Deploy to Azure
This template creates a new Azure VM, it configures the VM to be an Active Directory Domain Controller for a new forest
Create an Azure VM with a new AD Forest

Deploy to Azure
This template creates a new Azure VM, it configures the VM to be an AD DC for a new Forest
Create an Azure WAF v2 on Azure Application Gateway

Deploy to Azure
This template creates an Azure Web Application Firewall v2 on Azure Application Gateway with two Windows Server 2016 servers in the backend pool
Create an IOT Hub and Ubuntu edge simulator

Deploy to Azure
This template creates an IOT Hub and Virtual Machine Ubuntu edge simulator.
Create an IPv6 Application Gateway

Deploy to Azure
This template creates an application gateway with an IPv6 frontend in a dual-stack virtual network.
Create an new AD Domain with 2 Domain Controllers

Deploy to Azure
This template creates 2 new VMs to be AD DCs (primary and backup) for a new Forest and Domain
Create an Ubuntu GNOME desktop

Deploy to Azure
This template creates an ubuntu desktop machine. This works great for use as a jumpbox behind a NAT.
Create and encrypt a new Linux VMSS with jumpbox

Deploy to Azure
This template deploys a Linux VMSS using the latest Linux image, adds data volumes, and then encrypts the data volumes of each Linux VMSS instance. It also deploys a jumpbox with a public IP address in the same virtual network as the Linux VMSS instances with private IP addresses. This allows connecting to the jumpbox via its public IP address, and then connecting to the Linux VMSS instances via private IP addresses.
Create and encrypt a new Windows VMSS with jumpbox

Deploy to Azure
This template allows you to deploy a simple VM Scale Set of Windows VMs using the lastest patched version of serveral Windows versions. This template also deploys a jumpbox with a public IP address in the same virtual network. You can connect to the jumpbox via this public IP address, then connect from there to VMs in the scale set via private IP addresses.This template enables encryption on the VM Scale Set of Windows VMs.
Create new encrypted managed disks win-vm from gallery image

Deploy to Azure
This template creates a new encrypted managed disks windows vm using the server 2k12 gallery image.
Create new Ubuntu VM pre-populated with Puppet Agent

Deploy to Azure
This template creates a Ubuntu VM and installs the Puppet Agent into it using the CustomScript extension.
Create sandbox of Azure Firewall, client VM, and server VM

Deploy to Azure
This template creates a virtual network with 2 subnets (server subnet and AzureFirewall subnet), A server VM, a client VM, a public IP address for each VM, and a route table to send traffic between VMs through the firewall.
Create SQL MI with jumpbox inside new virtual network

Deploy to Azure
Deploy Azure Sql Database Managed Instance (SQL MI) and JumpBox with SSMS inside new Virtual Network.
Create Ubuntu vm data disk raid0

Deploy to Azure
This template creates a virtual machine with multiple disks attached. A script partitions and formats the disks in raid0 array.
Create VM from existing VHDs and connect it to existingVNET

Deploy to Azure
This template creates a VM from VHDs (OS + data disk) and let you connect it to an existing VNET that can reside in another Resource Group then the virtual machine
Create VMs in Availability Sets using Resource Loops

Deploy to Azure
Create 2-5 VMs in Availability Sets using Resource Loops. The VMs can be Unbuntu or Windows with a maximum of 5 VMs since this sample uses a single storageAccount
Create, configure and deploy Web Application to an Azure VM

Deploy to Azure
Create and configure a Windows VM with SQL Azure database, and deploy web application to the environment using PowerShell DSC
Creates AVD with Microsoft Entra ID Join

Deploy to Azure
This template allows you to create Azure Virtual Desktop resources such as host pool, application group, workspace, a test session host and its extensions with Microsoft Entra ID join
Custom Script extension on a Ubuntu VM

Deploy to Azure
This template creates a Ubuntu VM and installs the CustomScript extension
Deploy a 3 node Percona XtraDB Cluster in Availability Zones

Deploy to Azure
This template deploys a 3 node MySQL high availability cluster on CentOS 6.5 or Ubuntu 12.04
Deploy a Bastion host in a hub Virtual Network

Deploy to Azure
This template creates two vNets with peerings, a Bastion host in the Hub vNet and a Linux VM in the spoke vNet
Deploy a Django app

Deploy to Azure
This template uses the Azure Linux CustomScript extension to deploy an application. This example creates an Ubuntu VM, does a silent install of Python, Django and Apache, then creates a simple Django app
Deploy a Hub and Spoke topology sandbox

Deploy to Azure
This template creates a basic hub-and-spoke topology setup. It creates a Hub VNet with subnets DMZ, Management, Shared and Gateway (optionally), with two Spoke VNets (development and production) containing a workload subnet each. It also deploys a Windows Jump-Host on the Management subnet of the HUB, and establishes VNet peerings between the Hub and the two spokes.
Deploy a Kibana dashboard with Docker

Deploy to Azure
This template allows you to deploy an Ubuntu VM with Docker installed (using the Docker Extension) and Kibana/Elasticsearch containers created and configured to serve an analytic dashboard.
Deploy a LAMP app

Deploy to Azure
This template uses the Azure Linux CustomScript extension to deploy an application. It creates an Ubuntu VM, does a silent install of MySQL, Apache and PHP, then creates a simple PHP script.
Deploy a Linux or Windows VM with MSI

Deploy to Azure
This template allows you to deploy a Linux or Windows VM with a Managed Service Identity.
Deploy a Linux VM (Ubuntu) with multiple NICs

Deploy to Azure
This template creates a VNet with multiple subnets and deploys a Ubuntu VM with multiple NICs
Deploy a Linux VM with the Azul Zulu OpenJDK JVM

Deploy to Azure
This template allows you to create a Linux VM with the Azul Zulu OpenJDK JVM.
Deploy a MySQL Server

Deploy to Azure
This template uses the Azure Linux CustomScript extension to deploy a MySQL server. It creates an Ubuntu VM, does a silent install of MySQL server, version:5.6
Deploy a Nextflow genomics cluster

Deploy to Azure
This template deploys a scalable Nextflow cluster with a Jumpbox, n cluster nodes, docker support and shared storage.
Deploy a PostgreSQL Server on Ubuntu Virtual Machine

Deploy to Azure
This template uses the Azure Linux CustomScript extension to deploy a postgresql server. It creates an Ubuntu VM, does a silent install of MySQL server, version:9.3.5
Deploy a Premium Windows VM

Deploy to Azure
This template allows you to deploy a Premium Windows VM using a few different options for the Windows version, using the latest patched version.
Deploy a Premium Windows VM with diagnostics

Deploy to Azure
This template allows you to deploy a Premium Windows VM using a few different options for the Windows version, using the latest patched version.
Deploy a simple FreeBSD VM in resource group location

Deploy to Azure
This template allows you to deploy a simple FreeBSD VM using a few different options for the FreeBSD version, using the latest patched version. This will deploy in resource group location on a D1 VM Size.
Deploy a simple Linux VM and update private IP to static

Deploy to Azure
This template allows you to deploy a simple Linux VM using Ubuntu from the marketplace. This will deploy a VNET, Subnet, and an A1 size VM in the resource group location with a dynamically assigned IP address and then convert it to static IP.
Deploy a simple Linux VM with Accelerated Networking

Deploy to Azure
This template allows you to deploy a simple Linux VM with Accelerated Networking using Ubuntu version 18.04-LTS with the latest patched version. This will deploy a D3_v2 size VM in the resource group location and return the FQDN of the VM.
Deploy a simple Ubuntu Linux VM 20.04-LTS

Deploy to Azure
This template deploys an Ubuntu Server with a few options for the VM. You can provide the VM Name, OS Version, VM size, and admin username and password. As default the VM size is Standard_D2s_v3 and OS version is 20.04-LTS.
Deploy a simple VM Scale Set with Linux VMs and a Jumpbox

Deploy to Azure
This template allows you to deploy a simple VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 15.10 or 14.04.4-LTS. There is also a jumpbox to enable connections from outside of the VNet the VMs are in.
Deploy a simple VM Scale Set with Windows VMs and a Jumpbox

Deploy to Azure
This template allows you to deploy a simple VM Scale Set of Windows VMs using the lastest patched version of serveral Windows versions. This template also deploys a jumpbox with a public IP address in the same virtual network. You can connect to the jumpbox via this public IP address, then connect from there to VMs in the scale set via private IP addresses.
Deploy a simple Windows VM

Deploy to Azure
This template allows you to deploy a simple Windows VM using a few different options for the Windows version, using the latest patched version. This will deploy an A2 size VM in the resource group location and return the FQDN of the VM.
Deploy a simple Windows VM with monitoring and diagnostics

Deploy to Azure
This template allows you to deploy a simple Windows VM along with the diagnostics extension which enables monitoring and diagnostics for the VM
Deploy a simple Windows VM with tags

Deploy to Azure
This template will deploy a D2_v3 Windows VM, NIC, Storage Account, Virtual Network, Public IP Address, and Network Security Group. The tag object is created in the variables and will be applied on all resources, where applicable.
Deploy a single-VM WordPress to Azure

Deploy to Azure
This template deploys a complete LAMP stack, then installs and initializes WordPress. Once the deployment is finished, you need to go to http://fqdn.of.your.vm/wordpress/ to finish the configuration, create an account, and get started with WordPress.
Deploy a trusted launch capable Linux virtual machine

Deploy to Azure
This template allows you to deploy a trusted launch capable Linux virtual machine using a few different options for the Linux version, using the latest patched version. If you enable Secureboot and vTPM, the Guest Attestation extension will be installed on your VM. This extension will perform remote attestation by the cloud. By default, this will deploy an Standard_D2_v3 size virtual machine in the resource group location and return the FQDN of the virtual machine.
Deploy a trusted launch capable Windows virtual machine

Deploy to Azure
This template allows you to deploy a trusted launch capable Windows virtual machine using a few different options for the Windows version, using the latest patched version. If you enable Secureboot and vTPM, the Guest Attestation extension will be installed on your VM. This extension will perform remote attestation by the cloud. By default, this will deploy an Standard_D2_v3 size virtual machine in the resource group location and return the FQDN of the virtual machine.
Deploy a Ubuntu Linux DataScience VM 18.04

Deploy to Azure
This template deploy a Ubuntu Server with some tools for Data Science. You can provide the username, password, virtual machine name and select between CPU or GPU computing.
Deploy a Ubuntu VM with the OMS extension

Deploy to Azure
This template allows you to deploy a Ubuntu VM with the OMS extension installed and onboarded to a specified workspace
Deploy a Virtual Machine with Custom Data

Deploy to Azure
This template allows you to create a Virtual Machine with Custom Data passed down to the VM. This template also deploys a Storage Account, Virtual Network, Public IP addresses and a Network Interface.
Deploy a Virtual Machine with SSH rsa public key

Deploy to Azure
This template allows you to create a Virtual Machine with SSH rsa public key
Deploy a Virtual Machine with User Data

Deploy to Azure
This template allows you to create a Virtual Machine with User Data passed down to the VM. This template also deploys a Virtual Network, Public IP addresses, and a Network Interface.
Deploy a VM into an Availability Zone

Deploy to Azure
This template allows you to deploy a simple VM (Windows or Ubuntu), using the latest patched version. This will deploy a A2_v2 size VM in the location specified and return the FQDN of the VM.
Deploy a VM Scale Set with Linux VMs behind ILB

Deploy to Azure
This template allows you to deploy a VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 15.10 or 14.04.4-LTS. These VMs are behind an internal load balancer with NAT rules for ssh connections.
Deploy a VM with multiple IPs

Deploy to Azure
This template allows you to deploy a VM with 3 IP configurations. This template will deploy a Linux/Windows VM called myVM1 with 3 IP configurations: IPConfig-1, IPConfig-2 and IPConfig-3, respectively.
Deploy a Windows Server VM with Visual Studio

Deploy to Azure
This template deploys a Windows Server VM with Visual Code Studio Community 2019, with a few options for the VM. You can provide the name of VM, the admin username and admin password.
Deploy a Windows VM and configures WinRM https listener

Deploy to Azure
This template allows you to deploy a simple Windows VM using a few different options for the Windows version. This will then configure a WinRM https listener. User need to provide the value of parameter 'hostNameScriptArgument' which is the fqdn of the VM. Example: testvm.westus.cloupdapp.azure.com or *.westus.cloupdapp.azure.com
Deploy a Windows VM and enable backup using Azure Backup

Deploy to Azure
This template allows you to deploy a Windows VM and Recovery Services Vault configured with the DefaultPolicy for Protection.
Deploy a Windows VM with a variable number of data disks

Deploy to Azure
This template allows you to deploy a simple VM and specify the number of data disks at deploy time using a parameter. Note that the number and size of data disks is bound by the VM size. The VM size for this sample is Standard_DS4_v2 with a default of 16 data disks.
Deploy a Windows VM with the Azul Zulu OpenJDK JVM

Deploy to Azure
This template allows you to create a Windows VM with the Azul Zulu OpenJDK JVM
Deploy a Windows VM with the OMS extension

Deploy to Azure
This template allows you to deploy a Windows VM with the OMS extension installed and onboarded to a specified workspace
Deploy a Windows VM with Windows Admin Center extension

Deploy to Azure
This template allows you to deploy a Windows VM with Windows Admin Center extension to manage the VM directly from Azure Portal.
Deploy a WordPress blog with Docker

Deploy to Azure
This template allows you to deploy an Ubuntu VM with Docker installed (using the Docker Extension) and WordPress/MySQL containers created and configured to serve a blog server.
Deploy an Open-Source Parse Server with Docker

Deploy to Azure
This template allows you to deploy an Ubuntu VM with Docker installed (using the Docker Extension) and an Open Source Parse Server container created and configured to replace the (now sunset) Parse service.
Deploy an Openvpn Access Server

Deploy to Azure
This template uses the Azure Linux CustomScript extension to deploy an openvpn access server. It creates an Ubuntu VM, does a silent install of openvpn access server, then make the basic server network settings: define the VPN Server Hostname to be the VM's public ip's DNS name
Deploy an Ubuntu VM with Docker Engine

Deploy to Azure
This template allows you to deploy an Ubuntu VM with Docker (using the Docker Extension). You can later SSH into the VM and run Docker containers.
Deploy Anbox Cloud

Deploy to Azure
This template deploys Anbox Cloud on an Ubuntu VM. Completing the installation of Anbox Cloud requires user interaction following the deployment; please consult the README for instructions. The template supports both launching of a VM from an Ubuntu Pro image and association of an Ubuntu Pro token with a VM launched from a non-Pro image. The former is the default behaviour; users seeking to attach a token to a VM launched from a non-Pro image must override the default arguments for the ubuntuImageOffer, ubuntuImageSKU, and ubuntuProToken parameters. The template is also parametric in the VM size and disk sizes. Non-default argument values for these parameters must comply with https://anbox-cloud.io/docs/reference/requirements#anbox-cloud-appliance-4.
Deploy CKAN

Deploy to Azure
This template deploys CKAN using Apache Solr (for search) and PostgreSQL (database) on an Ubuntu VM. CKAN, Solr and PostgreSQL are deployed as individual Docker containers on the VM.
Deploy Darktrace vSensors

Deploy to Azure
This template allows you to deploy one or more stand-alone Darktrace vSensors
Deploy HBase geo replication

Deploy to Azure
This template allows you to configure an Azure environment for HBase replication across two different regions with VPN vnet-to-vnet connection.
Deploy IOMAD cluster on Ubuntu

Deploy to Azure
This template deploys IOMAD as a LAMP application on Ubuntu. It creates a one or more Ubuntu VM for the front end and a single VM for the backend. It does a silent install of Apache and PHP on the front end VM's and MySQL on the backend VM. Then it deploys IOMAD on the cluster. It configures a load balancer for directing requests to the front end VM's. It also configures NAT rules to allow admin access to each of the VM's. It also sets up a moodledata data directory using file storage shared among the VM's. After the deployment is successful, you can go to /iomad on each frontend VM (using web admin access) to start configuring IOMAD.
Deploy IOMAD on Ubuntu on a single VM

Deploy to Azure
This template deploys IOMAD as a LAMP application on Ubuntu. It creates a single Ubuntu VM, does a silent install of MySQL, Apache and PHP on it, and then deploys IOMAD on it. After the deployment is successful, you can go to /iomad to start congfiguring IOMAD.
Deploy MySQL Flexible Server with Private Endpoint

Deploy to Azure
This template provides a way to deploy a Azure Database for MySQL Flexible Server with Private Endpoint.
Deploy Neo4J in Docker and data on external disk

Deploy to Azure
This template allows you to deploy an Ubuntu VM with Docker installed (using the Docker Extension) and a Neo4J container which uses an external disk to store it's data.
Deploy Neo4J in Ubuntu VM

Deploy to Azure
This template allows you to deploy an Ubuntu VM with Neo4J binaries and runs Neo4J on its designated ports.
Deploy Net Disk against Ubuntu

Deploy to Azure
This template allows deploying seafile server 6.1.1 on Azure Ubuntu VM
Deploy Octopus Deploy 3.0 with a trial license

Deploy to Azure
This template allows you to deploy a single Octopus Deploy 3.0 server with a trial license. This will deploy on a single Windows Server 2012R2 VM (Standard D2) and SQL DB (S1 tier) into the location specified for the Resource Group.
Deploy Open edX (lilac version) through tutor

Deploy to Azure
This template creates a single Ubuntu VM, and deploys Open edX through tutor on them.
Deploy Open edX devstack on a single Ubuntu VM

Deploy to Azure
This template creates a single Ubuntu VM and deploys Open edX devstack on it.
Deploy Open edX Dogwood (Multi-VM)

Deploy to Azure
This template creates a network of Ubuntu VMs, and deploys Open edX Dogwood on them. Deployment supports 1-9 application VMs and backend Mongo and MySQL VMs.
Deploy Open edX fullstack (Ficus) on a single Ubuntu VM

Deploy to Azure
This template creates a single Ubuntu VM and deploys Open edX fullstack (Ficus) on it.
Deploy OpenLDAP cluster on Ubuntu

Deploy to Azure
This template deploys an OpenLDAP cluster on Ubuntu. It creates multiple Ubuntu VMs (up to 5, but can be easily increased) and does a silent install of OpenLDAP on them. Then it sets up N-way multi-master replication on them. After the deployment is successful, you can go to /phpldapadmin to start congfiguring OpenLDAP.
Deploy OpenLDAP on Ubuntu on a single VM

Deploy to Azure
This template deploys OpenLDAP on Ubuntu. It creates a single Ubuntu VM and does a silent install of OpenLDAP on it. After the deployment is successful, you can go to /phpldapadmin to start congfiguring OpenLDAP.
Deploy OpenSIS Community Edition cluster on Ubuntu

Deploy to Azure
This template deploys OpenSIS Community Edition as a LAMP application on Ubuntu. It creates a one or more Ubuntu VM for the front end and a single VM for the backend. It does a silent install of Apache and PHP on the front end VM's and MySQL on the backend VM. Then it deploys OpenSIS Community Edition on the cluster. After the deployment is successful, you can go to /opensis-ce on each of the front end VM's (using web admin access) to start congfiguring OpenSIS.
Deploy OpenSIS Community Edition on Ubuntu on a single VM

Deploy to Azure
This template deploys OpenSIS Community Edition as a LAMP application on Ubuntu. It creates a single Ubuntu VM, does a silent install of MySQL, Apache and PHP on it, and then deploys OpenSIS Community Edition. After the deployment is successful, you can go to /opensis-ce to start congfiguting OpenSIS.
Deploy Secure AI Foundry with a managed virtual network

Deploy to Azure
This template creates a secure Azure AI Foundry environment with robust network and identity security restrictions.
Deploy Shibboleth Identity Provider cluster on Ubuntu

Deploy to Azure
This template deploys Shibboleth Identity Provider on Ubuntu in a clustered configuration. After the deployment is successful, you can go to https://your-domain:8443/idp/profile/Status (note port number) to check success.
Deploy Shibboleth Identity Provider cluster on Windows

Deploy to Azure
This template deploys Shibboleth Identity Provider on Windows in a clustered configuration. After the deployment is successful, you can go to https://your-domain:8443/idp/profile/status (note port number) to check success.
Deploy Shibboleth Identity Provider on Ubuntu on a single VM

Deploy to Azure
This template deploys Shibboleth Identity Provider on Ubuntu. After the deployment is successful, you can go to https://your-domain:8443/idp/profile/status (note port number) to check success.
Deploy Shibboleth Identity Provider on Windows (single VM)

Deploy to Azure
This template deploys Shibboleth Identity Provider on Windows. It creates a single Windows VM, installs JDK and Apache Tomcat, deploys Shibboleth Identity Provider, and then configures everything for SSL access to the Shibboleth IDP. After the deployment is successful, you can go to https://your-server:8443/idp/profile/status to check success.
Deploy Solace PubSub+ message broker onto Azure Linux VM(s)

Deploy to Azure
This template allows you to deploy either a standalone Solace PubSub+ message broker or a three node High Availability cluster of Solace PubSub+ message brokers onto Azure Linux VM(s).
Deploy the CoScale platform on a single VM

Deploy to Azure
CoScale is a full-stack monitoring solution tailored towards production environments running microservices, see https://www.coscale.com/ for more information. This template install the CoScale platform on a single VM and should only be used for Proof-Of-Concept environments.
Deploy Ubuntu VM with Open JDK and Tomcat

Deploy to Azure
This template allows you to create a Ubuntu VM with OpenJDK and Tomcat. Currently custom script file is pulled temporarily from https link on raw.githubusercontent.com/snallami/templates/master/ubuntu/java-tomcat-install.sh. Once the VM is successfully provisioned, tomcat installation can be verified by accessing the http link [FQDN name or public IP]:8080/
Deploy Windows VM configure windows featurtes SSL DSC

Deploy to Azure
This template allows you to deploy a Windows VM, configure windows features like IIS/Web Role, .Net, Custom loggin, windows auth, application initialization, download application deployment packages, URL Rewrite & SSL configuration using DSC and Azure Key Vault
Deploy Xfce Desktop

Deploy to Azure
This template uses the Azure Linux CustomScript extension to deploy Xfce Desktop on the VM. It creates an Ubuntu VM, does a silent install of Xfce desktop and xrdp
Deploys a 2 node master/slave MySQL replication cluster

Deploy to Azure
This template deploys a 2 node master/slave MySQL replication cluster on CentOS 6.5 or 6.6
Deploys a 3 node Consul Cluster

Deploy to Azure
This template deploys a 3 node Consul cluster and auto-joins the nodes via Atlas. Consul is a tool for service discovery, distributed key/value store and a bunch of other cool things. Atlas is provided by Hashicorp (makers of Consul) as a way to quickly create Consul clusters without having to manually join each node
Deploys a 3 node Percona XtraDB Cluster

Deploy to Azure
This template deploys a 3 node MySQL high availability cluster on CentOS 6.5 or Ubuntu 12.04
Deploys a N node Gluster File System

Deploy to Azure
This template deploys a 2, 4, 6, or 8 node Gluster File System with 2 replicas on Ubuntu
Deploys a N-node CentOS Cluster

Deploy to Azure
This template deploys a 2-10 node CentOS cluster with 2 networks.
Deploys SQL Server 2014 AG on existing VNET & AD

Deploy to Azure
This template creates three new Azure VMs on an existing VNET: Two VMs are configured as SQL Server 2014 availability group replica nodes and one VM is configured as a File Share Witness for automated cluster failover. In addition to these VMs, the following additional Azure resources are also configured: Internal load balancer, Storage accounts. To configure clustering, SQL Server, and an availability group within each VM, PowerShell DSC is leveraged. For Active Directory support, existing Active Directory domain controllers should already be deployed on the existing VNET.
Deploys Windows VMs under LB,configures WinRM Https

Deploy to Azure
This template allows you to deploys Windows VMs using few different options for the Windows version. This template also configures a WinRM https listener on VMs
Dev Environment for AZ-400 Labs

Deploy to Azure
VM with VS2017 Community, Docker-desktop, Git and VS Code for AZ-400 (Azure DevOps) Labs
Diagnostics with Event Hub and ELK

Deploy to Azure
This template deploys an Elasticsearch cluster and Kibana and Logstash VMs. Logstash is configured with an input plugin to pull diagnostics data from Event Hub.
Discover Private IP dynamically

Deploy to Azure
This template allows you to discover a private IP for a NIC dynamically. It passes the private IP of NIC0 to VM1 using custom script extensions which writes it to a file on VM1.
Django App with SQL Databases

Deploy to Azure
This template uses the Azure Linux CustomScript extension to deploy an application. This example creates an Ubuntu VM, does a silent install of Python, Django and Apache, then creates a simple Django app. The template also creates a SQL Database, with a sample table with some sample data which displayed in the web browser using a query
DLWorkspace Deployment

Deploy to Azure
Deploy DLWorkspace cluster on Azure
DMZ with NSG

Deploy to Azure
This example will create a simple DMZ with four windows servers, a VNet with two subnets, and a Network Security Group.
DNS Forwarder VM

Deploy to Azure
This template shows how to create a DNS server that forwards queries to Azure's internal DNS servers. This is useful for setting up DNS resultion between virtual networks (as described in https://azure.microsoft.com/documentation/articles/virtual-networks-name-resolution-for-vms-and-role-instances/).
DNX on Ubuntu

Deploy to Azure
Spins up an Ubuntu 14.04 server and installs the .NET Execution context (DNX) plus a sample application
Docker Swarm Cluster

Deploy to Azure
This template creates a high-availability Docker Swarm cluster
Dokku Instance

Deploy to Azure
Dokku is a mini-heroku-style PaaS on a single VM.
Drone on Ubuntu VM

Deploy to Azure
This template provisions an instance of Ubuntu 14.04 LTS with the Docker Extension and Drone CI package.
Elasticsearch cluster, Kibana and Logstash for Diagnostics

Deploy to Azure
This template deploys an Elasticsearch cluster and Kibana and Logstash VMs. Logstash is configured with an input plugin to pull diagnostics data from existing Azure Storage Tables.
ESET VM Extension

Deploy to Azure
Creates a VM with ESET extension
FreeBSD PHP based web site

Deploy to Azure
This template will deploy four FreeBSD VMs for PHP based web site
Front Door Premium with VM and Private Link service

Deploy to Azure
This template creates a Front Door Premium and a virtual machine configured as a web server. Front Door uses a private endpoint with Private Link service to send traffic to the VM.
GitHub Enterprise Server

Deploy to Azure
GitHub Enterprise Server is the private version of GitHub.com that will run on a VM in your Azure subscription. It makes collaborative coding possible and enjoyable for enterprise software development teams.
GitLab Omnibus

Deploy to Azure
This template simplifies the deployment of GitLab Omnibus on a Virtual Machine with a public DNS, leveraging the public IP's DNS. It utilizes the Standard_F8s_v2 instance size, which aligns with reference architecture and supports up to 1000 users (20 RPS). The instance is pre-configured to use HTTPS with a Let's Encrypt certificate for secure connections.
GlassFish on SUSE

Deploy to Azure
This template deploys a load balanced GlassFish (v3 or v4) cluster, consisting of a user defined number of SUSE (OpenSUSE or SLES) VMs.
Go Ethereum on Ubuntu

Deploy to Azure
This template deploys a Go Ethereum client along with a genesis block on Ubuntu virtual machines
Go Expanse on Ubuntu

Deploy to Azure
This template deploys a Go Expanse client on Ubuntu virtual machines
GPU Vm with OBS-Studio, Skype, MS-Teams for event streaming

Deploy to Azure
This template creates a GPU Vm with OBS-Studio, Skype, MS-Teams for event streaming. It creates the VM in a new vnet, storage account, nic, and public ip with the new compute stack. All installation process based on Chocolately package manager
Guacamole VM in existing VNet

Deploy to Azure
This template deploys a VM with Guacamole, the free, open source HTML5 RDP/VNC proxy. An existing Virtual Network and a subnet are required for using this template. The base image is CoreOS Stable, and the deployment uses Docker containers.
Hazelcast Cluster

Deploy to Azure
Hazelcast is an in-memory data platform that can be used for a variety of data applications. This template will deploy any number of Hazelcast nodes and they will automatically discover each other.
High IOPS 32 Data Disk storage pool Standard D14 VM

Deploy to Azure
This template creates a Standard D14 VM with 32 data disks attached. Using DSC they are automatically striped per best practices to get maximum IOPS and formatted into a single volume.
Hyper-V Host Virtual Machine with nested VMs

Deploy to Azure
Deploys a Virtual Machine to by a Hyper-V Host and all dependent resources including virtual network, public IP address and route tables.
IIS Server using DSC extension on a Windows VM

Deploy to Azure
This template creates a Windows VM and sets up an IIS server using the DSC extension. Note, the DSC configuration module needs a SAS token to be passed in if you are using Azure Storage. For DSC module link from GitHub (default in this template), this is not needed.
IIS VMs & SQL Server 2014 VM

Deploy to Azure
Create 1 or 2 IIS Windows 2012 R2 Web Servers and one back end SQL Server 2014 in VNET.
Install a file on a Windows VM

Deploy to Azure
This template allows you to deploy a Windows VM and run a custom PowerShell script to install a file on that VM.
Install a Minecraft Server on an Ubuntu VM

Deploy to Azure
This template deploys and sets up a customized Minecraft server on an Ubuntu Virtual Machine.
Install Configuration Manager Current Branch in Azure

Deploy to Azure
This template creates new Azure VMs based on which configuration you choose. It configures a new AD domain controler, a new hierarchy/standalone bench with SQL Server, a remote site system server with Management Point and Distribution Point and clients.
Install Configuration Manager Tech Preview Lab in Azure

Deploy to Azure
This template creates new Azure VMs. It configures a new AD domain controler , a new standalone primary site with SQL Server, a remote site system server with Management Point and Distribution Point and client(options).
Install Elasticsearch cluster on a Virtual Machine Scale Set

Deploy to Azure
This template deploys an Elasticsearch cluster on a Virtual Machine scale set. The template provisions 3 dedicated master nodes, with an optional number of data nodes, which run on managed disks.
Install MongoDB on an Ubuntu VM using Custom Script LinuxExt

Deploy to Azure
This template deploys Mongo DB on an Ubuntu Virtual Machine. This template also deploys a Storage Account, Virtual Network, Public IP addresses and a Network Interface.
Install MongoDB on CentOS with Custom Script Linux Extension

Deploy to Azure
This template deploys Mongo DB on a CentOS Virtual Machine. This template also deploys a Storage Account, Virtual Network, Public IP addresses and a Network Interface.
Install Multiple Visual Studio Team Services (VSTS) Agents

Deploy to Azure
This template builds a Virtual Machine and supporting Resources with Visual Studio 2017 installed. It also installs and configures upto 4 VSTS build agents and links them to a VSTS Pool
Install Phabricator on an Ubuntu VM

Deploy to Azure
This template deploys Phabricator on an Ubuntu Virtual Machine. This template also deploys a Storage Account, Virtual Network, Public IP addresses and a Network Interface.
Install Scrapy on Ubuntu using Custom Script Linux Extension

Deploy to Azure
This template deploys Scrapy on an Ubuntu Virtual Machine. The user can upload a spider to start to crawl. This template also deploys a Storage Account, Virtual Network, Public IP addresses and a Network Interface.
Intel Lustre clients using CentOS gallery image

Deploy to Azure
This template creates multiple Intel Lustre 2.7 client virtual machines using Azure gallery OpenLogic CentOS 6.6 or 7.0 images and mounts an existing Intel Lustre filesystem
IPv6 in Azure Virtual Network (VNET)

Deploy to Azure
Create a dual stack IPv4/IPv6 VNET with 2 VMs.
IPv6 in Azure Virtual Network (VNET) with Std LB

Deploy to Azure
Create a dual stack IPv4/IPv6 VNET with 2 VMs and an Internet-facing Standard Load Balancer.
JBoss EAP on RHEL (clustered, multi-VM)

Deploy to Azure
This template allows you to create multiple RHEL 8.6 VMs running JBoss EAP 7.4 cluster and also deploys a web application called eap-session-replication, you can log into the admin console using the JBoss EAP username and password configured at the time of the deployment.
JBoss EAP on RHEL (stand-alone VM)

Deploy to Azure
This template allows you to create a RHEL 8.6 VM running JBoss EAP 7.4 and also deploys a web application called JBoss-EAP on Azure, you can log into the admin console using the JBoss EAP username and password configured at the time of the deployment.
JBoss EAP server running a test application called dukes

Deploy to Azure
This template allows you to create an Red Hat VM running JBoss EAP 7 and and also deploy a web application called dukes, you can login into the admin console using the user and password configured at the time of the deployment.
Jenkins Cluster with Windows & Linux Worker

Deploy to Azure
1 Jenkins master with 1 Linux node and 1 windows node
JMeter environment for Elasticsearch

Deploy to Azure
This template will deploy a JMeter environment into an existing virtual network. One master node and multiple subordinate nodes are deployed into a new jmeter subnet. This template works in conjunction with the Elasticsearch quickstart template.
Join a VM to an existing domain

Deploy to Azure
This template demonstrates domain join to a private AD domain up in cloud.
KEMP LoadMaster (MultiNIC)

Deploy to Azure
This template creates a KEMP LoadMaster with two interfaces into existing Subnets.
KEMP LoadMaster HA Pair

Deploy to Azure
This template deploys a KEMP LoadMaster HA Pair
Kubernetes cluster with VMSS Cluster Autoscaler

Deploy to Azure
This template deploys a vanilla kubernetes cluster initialized using kubeadm. It deploys a configured master node with a cluster autoscaler. A pre-configured Virtual Machine Scale Set (VMSS) is also deployed and automatically attached to the cluster. The cluster autoscaler can then automatically scale up/down the cluster depending on the workload of the cluster.
Linux VM with Gnome Desktop RDP VS Code and Azure CLI

Deploy to Azure
This template deploys an Ubuntu Server VM, then uses the Linux CustomScript extension to install the Ubuntu Gnome Desktop and Remote Desktop support (via xrdp). The final provisioned Ubuntu VM support remote connections over RDP.
Linux VM with MSI Accessing Storage

Deploy to Azure
This template deploys a linux VM with a system assigned managed identity that has access to a storage account in a different resource group.
Linux VM with Serial Output

Deploy to Azure
This template creates a simple Linux VM with minimal parameters and serial/console configured to output to storage
List Storage Account keys-Windows Custom Script extension

Deploy to Azure
This template creates a Windows Server 2012 R2 VM and runs a PowerShell script using the custom script extension. It also uses the listKeys function to get the Azure Storage Account keys. The PowerShell script for this sample must be hosted in an Azure Storage account. (Note: For other samples custom script can also be hosted in GitHub)
Lustre HPC client and server nodes

Deploy to Azure
This template creates Lustre client and server node VMs and related infrastructure such as VNETs
Marketplace Sample VM with Conditional Resources

Deploy to Azure
This template allows deploying a linux VM using new or existing resources for the Virtual Network, Storage and Public IP Address. It also allows for choosing between SSH and Password authenticate. The templates uses conditions and logic functions to remove the need for nested deployments.
McAfee Endpoint Security (trial license) on Windows VM

Deploy to Azure
This template creates a Windows VM and sets up a trial version of McAfee Endpoint Security
Memcached service cluster using multiple Ubuntu VMs

Deploy to Azure
This template creates one or more memcached services on Ubuntu 14.04 VMs in a private subnet. It also creates one publicly accessible Apache VM with a PHP test page to confirm that memcached is installed and accessible.
Migrate to Azure SQL database using Azure DMS

Deploy to Azure
The Azure Database Migration Service (DMS) is designed to streamline the process of migrating on-premises databases to Azure. DMS will simplify the migration of existing on-premises SQL Server and Oracle databases to Azure SQL Database, Azure SQL Managed Instance or Microsoft SQL Server in an Azure Virtual Machine. This template would deploy an instance of Azure Database Migration service, an Azure VM with SQL server installed on it which will act as a Source server with pre created database on it and a Target Azure SQL DB server which will have a pre-created schema of the database to be migrated from Source to Target server. The template will also deploy the required resources like NIC, vnet etc for supporting the Source VM, DMS service and Target server.
Multi tier App with NSG, ILB, AppGateway

Deploy to Azure
This template deploys a Virtual Network, segregates the network through subnets, deploys VMs and configures load balancing
Multi tier traffic manager, L4 ILB, L7 AppGateway

Deploy to Azure
This template deploys a Virtual Network, segregates the network through subnets, deploys VMs and configures load balancing
Multi VM Template with Managed Disk

Deploy to Azure
This template will create N number of VM's with managed disks, public IPs and network interfaces. It will create the VMs in a single Availability Set. They will be provisioned in a Virtual Network which will also be created as part of the deployment
Multi-client VNS3 network appliance

Deploy to Azure
VNS3 is a software only virtual appliance that provides the combined features and functions of a Security Appliance, Application Delivery Controller and Unified Threat Management device at the cloud application edge. Key benefits, On top of cloud networking, Always on end to end encryption, Federate data centres, cloud regions, cloud providers, and/or containers, creating one unified address space, Attestable control over encryption keys, Meshed network manageable at scale, Reliable HA in the Cloud, Isolate sensitive applications (fast low cost Network Segmentation), Segmentation within applications, Analysis of all data in motion in the cloud. Key network functions; virtual router, switch, firewall, vpn concentrator, multicast distributor, with plugins for WAF, NIDS, Caching, Proxy Load Balancers and other Layer 4 thru 7 network functions, VNS3 doesn't require new knowledge or training to implement, so you can integrate with existing network equipment.
Multiple VM Template with Chef Extension

Deploy to Azure
Deploys a specified number of Ubuntu VMs configured with Chef Client
Multiple Windows-VM with custom-script

Deploy to Azure
Multiple Windows VMs with custom-script of choice.
Nagios Core on Ubuntu VMs

Deploy to Azure
This template installs and configures Nagios Core, the industry standard, Open Source IT monitoring system that enables organizations to identify and resolve IT infrastructure problems before they affect critical business processes
Nylas N1 email sync engine on Debian

Deploy to Azure
This template installs and configures Nylas N1 open source sync engine on a Debian VM.
OpenCanvas-LMS

Deploy to Azure
This template deploys OpenCanvas on Ubuntu 16.04
OpenScholar

Deploy to Azure
This template deploys a OpenScholar to the ubuntu VM 16.04
OS Patching extension on a Ubuntu VM

Deploy to Azure
This template creates a Ubuntu VM and installs the OSPatching extension
Perforce Helix Core Linux Single Instance

Deploy to Azure
This template deploys a new instance of Perforce Helix Core Server on a CentOS, RHEL or Ubuntu server in Azure along with all required infrastructure elements. The installation is done with SDP (Server Deployment Package). Perforce Helix Core is an industry leading version control system widely used in game development and many other industries.
Private Endpoint example

Deploy to Azure
This template shows how to create a private endpoint pointing to Azure SQL Server
Private Link service example

Deploy to Azure
This template shows how to create a private link service
Provisions a Kafka Cluster on Ubuntu Virtual Machines

Deploy to Azure
This template creates a Kafka cluster on Ubuntu virtual machine image, enables persistence (by default) and applies all well-known optimizations and best practices
Provisions a Spark Cluster on Ubuntu Virtual Machines

Deploy to Azure
This template creates a Spark cluster on Ubuntu virtual machine image, enables persistence (by default) and applies all well-known optimizations and best practices
Public Load Balancer chained to a Gateway Load Balancer

Deploy to Azure
This template allows you to deploy a Public Standard Load Balancer chained to a Gateway Load Balancer. The traffic incoming from internet is routed to the Gateway Load Balancer with linux VMs (NVAs) in the backend pool.
Puppet agent on Windows VM

Deploy to Azure
Deploy a windows VM with Puppet Agent
Push a certificate onto a Windows VM

Deploy to Azure
Push a certificate onto a Windows VM. Create the Key Vault using the template at http://azure.microsoft.com/en-us/documentation/templates/101-create-key-vault
Python Proxy on Ubuntu using Custom Script Linux Extension

Deploy to Azure
This template deploys Python Proxy on an Ubuntu Virtual Machine. This template also deploys a Storage Account, Virtual Network, Public IP addresses and a Network Interface.
Qlik Sense Enterprise single node

Deploy to Azure
This template provisions a single node Qlik Sense Enterprise site. Bring your own license.
RDS farm deployment using existing active directory

Deploy to Azure
This template creates a RDS farm deployment using existing active directory in same resource group
RDS Gateway High Availability deployment

Deploy to Azure
This template provides high availability to RD Gateway and RD Web Access servers in an existing RDS deployment
Red Hat Enterprise Linux VM (RHEL 7.8 unmanaged)

Deploy to Azure
This template will deploy a Red Hat Enterprise Linux VM (RHEL 7.8), using the Pay-As-You-Go RHEL VM image for the selected version on Standard A1_v2 VM in the location of your chosen resource group with an additional 100 GiB data disk attached to the VM. Additional charges apply to this image - consult Azure VM Pricing page for details.
Red Hat Enterprise Linux VM (RHEL 7.8)

Deploy to Azure
This template will deploy a Red Hat Enterprise Linux VM (RHEL 7.8), using the Pay-As-You-Go RHEL VM image for the selected version on Standard D1 VM in the location of your chosen resource group with an additional 100 GiB data disk attached to the VM. Additional charges apply to this image - consult Azure VM Pricing page for details.
Red Hat full cross-platform dev box with Team Services agent

Deploy to Azure
This template allows you to create an Red Hat VM with a full set of cross-platform SDKs and Visual Studio Team Services Linux build agent. Once the VM is successfully provisioned, Team Services build agent installation can be verified by looking under your Team Services account settings under Agent pools. Languages/Tools supported: OpenJDK Java 6, 7 and 8; Ant, Maven and Gradle; npm and nodeJS; groovy and gulp; Gnu C and C++ along with make; Perl, Python, Ruby and Ruby on Rails; .NET Core; Docker Engine and Compose; and go
Red Hat Linux 3-Tier Solution on Azure

Deploy to Azure
This template allows you to deploy a 3 Tier architecture using 'Red Hat Enterprise Linux 7.3' virtual machines. Architecture includes Virtual Network, external and internal load balancers, Jump VM, NSGs etc along with multiple RHEL Virtual machines in each tier
Red Hat Tomcat server for use with Team Services deployments

Deploy to Azure
This template allows you to create an Red Hat VM running Apache2 and Tomcat7 and enabled to support Visual Studio Team Services Apache Tomcat Deployment task, the Copy Files over SSH task, and the FTP Upload task (using ftps) to enable deployment of web applications.
Redundant haproxy with Azure load-balancer and floating IP

Deploy to Azure
This template creates a redundant haproxy setup with 2 Ubuntu VMs configured behind Azure load balancer with floating IP enabled. Each of the Ubuntu VMs run haproxy to load balance requests to other application VMs (running Apache in this case). Keepalived enables redundancy for the haproxy VMs by assigning the floating IP to the MASTER and blocking the load-balancer probe on the BACKUP. This template also deploys a Storage Account, Virtual Network, Public IP address, Network Interfaces.
Remote Desktop Services with High Availability

Deploy to Azure
This ARM Template sample code will deploy a Remote Desktop Services 2019 Session Collection lab with high availability. The goal is to deploy a fully redundant, highly available solution for Remote Desktop Services, using Windows Server 2019.
ROS on Azure with Linux VM

Deploy to Azure
This template creates a Linux VM and installs the ROS into it using the CustomScript extension.
ROS on Azure with Windows VM

Deploy to Azure
This template creates a Windows VM and installs the ROS into it using the CustomScript extension.
SAP 2-tier S/4HANA Fully Activated Appliance

Deploy to Azure
This template deploys an SAP S/4HANA Fully Activated Appliance system.
SAP LaMa template for SAP NetWeaver application server

Deploy to Azure
This template deploys a virtual machine and installs the required applications to use this virtual machine for SAP LaMa. The template also creates the required disk layout. For more information about managing Azure virtual machines with SAP LaMa, see /azure/virtual-machines/workloads/sap/lama-installation.
SAP LaMa template for SAP NetWeaver ASCS

Deploy to Azure
This template deploys a virtual machine and installs the required applications to use this virtual machine for SAP LaMa. The template also creates the required disk layout. For more information about managing Azure virtual machines with SAP LaMa, see /azure/virtual-machines/workloads/sap/lama-installation.
SAP LaMa template for SAP NetWeaver database server

Deploy to Azure
This template deploys a virtual machine and installs the required applications to use this virtual machine for SAP LaMa. The template also creates the required disk layout. For more information about managing Azure virtual machines with SAP LaMa, see /azure/virtual-machines/workloads/sap/lama-installation.
SAP NetWeaver 2-tier (managed disk)

Deploy to Azure
This template allows you to deploy a VM using a operating system that is supported by SAP and Managed Disks.
SAP NetWeaver 3-tier (managed disk)

Deploy to Azure
This template allows you to deploy a VM using a operating system that is supported by SAP and Managed Disks.
SAP NetWeaver 3-tier multi SID (A)SCS (managed disks)

Deploy to Azure
This template allows you to deploy a VM using a operating system that is supported by SAP.
SAP NetWeaver 3-tier multi SID AS (managed disks)

Deploy to Azure
This template allows you to deploy a VM using a operating system that is supported by SAP.
SAP NetWeaver 3-tier multi SID DB (managed disks)

Deploy to Azure
This template allows you to deploy a VM using a operating system that is supported by SAP.
SAP NetWeaver file server (managed disk)

Deploy to Azure
This template allows you to deploy a file server that can be used as shared storage for SAP NetWeaver.
Secure Ubuntu by Trailbot

Deploy to Azure
This template provides a Ubuntu VM which comes with a special demon called Trailbot Watcher that monitors system files and logs, triggers Smart Policies upon modification and generates a blockchain-anchored, immutable audit trail of everything happening to them.
Secure VM password with Key Vault

Deploy to Azure
This template allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore the password is never put in plain text in the template parameter file
Secured virtual hubs

Deploy to Azure
This template creates a secured virtual hub using Azure Firewall to secure your cloud network traffic destined to the Internet.
Self-host Integration Runtime on Azure VMs

Deploy to Azure
This template creates a selfhost integration runtime and registers it on Azure virtual machines
Simple DSC Pull Server

Deploy to Azure
This example allows to you deploy a powershell desired state configuration pull server.
Site-to-Site VPN with active-active VPN Gateways with BGP

Deploy to Azure
This template allows you to deploy a site-to-site VPN between two VNets with VPN Gateways in configuration active-active with BGP. Each Azure VPN Gateway resolves the FQDN of the remote peers to determine the public IP of the remote VPN Gateway. Template runs as expected in Azure regions with availability zones.
SonarQube on Windows with Azure SQL Database

Deploy to Azure
Deploy a Windows VM with SonarQube installed and configured against an Azure SQL Database.
Spin up a Torque cluster

Deploy to Azure
Template spins up a Torque cluster.
SQL Provisioning CSP

Deploy to Azure
Microsoft Azure has a new subscription offering, CSP Subscriptions. Some aspects of SQL VM deployment are not yet supported in CSP subscriptions. This includes the SQL IaaS Agent Extension, which is required for features such as SQL Automated Backup and SQL Automated Patching.
SQL Server 2014 SP1 Enterprise all SQL VM features enabled

Deploy to Azure
This template will create a SQL Server 2014 SP1 Enterprise edition with Auto Patching, Auto Backup and Azure Key Vault Integration features enabled.
SQL Server 2014 SP1 Enterprise with Auto Patching

Deploy to Azure
This template will create a SQL Server 2014 SP1 Enterprise edition with Auto Patching feature enabled.
SQL Server 2014 SP1 Enterprise with Azure Key Vault

Deploy to Azure
This template will create a SQL Server 2014 SP1 Enterprise edition with Azure Key Vault Integration feature enabled.
SQL Server 2014 SP2 Enterprise with Auto Backup

Deploy to Azure
This template will create a SQL Server 2014 SP2 Enterprise edition with Auto Backup feature enabled
SQL Server VM with performance optimized storage settings

Deploy to Azure
Create a SQL Server Virtual Machine with performance optimized storage settings on PremiumSSD
SQL VM Performance Optimized Storage Settings on UltraSSD

Deploy to Azure
Create a SQL Server Virtual Machine with performance optimized storage settings, using UltraSSD for SQL Log files
Standalone Ethereum Studio

Deploy to Azure
This template deploys a docker with standalone version of Ethereum Studio on Ubuntu.
Standard Load Balancer with Backend Pool by IP Addresses

Deploy to Azure
This template is used to demonstrate how ARM Templates can be used to configure the Backend Pool of a Load Balancer by IP Address as outlined in the Backend Pool management document.
SUSE Linux Enterprise Server VM (SLES 12)

Deploy to Azure
This template will allow you to deploy a SUSE Linux Enterprise Server VM (SLES 12), using the Pay-As-You-Go SLES VM image for the selected version on Standard D1 VM in the location of your chosen resource group with an additional 100 GiB data disk attached to the VM. Additional charges apply to this image - consult Azure VM Pricing page for details.
Symantec Endpoint Protection extension trial on Windows VM

Deploy to Azure
This template creates a Windows VM and sets up a trial version of Symantec Endpoint Protection
Telegraf-InfluxDB-Grafana

Deploy to Azure
This template allows you to deploy an instance of Telegraf-InfluxDB-Grafana on a Linux Ubuntu 14.04 LTS VM. This will deploy a VM in the resource group location and return the FQDN of the VM and installs the components of Telegraf, InfluxDB and Grafana. The template provides configuration for telegraf with plugins enabled for Docker,container host metrics.
Terraform on Azure

Deploy to Azure
This template allows you to deploy a Terraform workstation as a Linux VM with MSI.
Testing environment for Azure Firewall Premium

Deploy to Azure
This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering
TFS Basic Domain Deployment

Deploy to Azure
This template creates a self-contained single VM TFS deployment, including TFS, SQL Express, and a Domain Controller. It is meant to be used to evaluate TFS in Azure, not as a production deployment.
TFS Workgroup Deployment

Deploy to Azure
This template creates a self-contained single VM TFS workgroup deployment, including TFS and SQL Express. It is meant to be used to evaluate TFS in Azure, not as a production deployment.
Two-Tier-nodejsapp-migration-to-containers-on-Azure

Deploy to Azure
Two-tier app migration to azure containers and PaaS database.
Ubuntu Apache2 Web server with requested test page

Deploy to Azure
This template allows you to quickly create an Ubuntu VM running Apache2 with the test page content you define as a parameter. This can be useful for quick validation/demo/prototyping.
Ubuntu full cross-platform dev box with Team Services agent

Deploy to Azure
This template allows you to create an Ubuntu VM with a full set of cross-platform SDKs and Visual Studio Team Services Linux build agent. Once the VM is successfully provisioned, Team Services build agent installation can be verified by looking under your Team Services account settings under Agent pools. Languages/Tools supported: OpenJDK Java 7 and 8; Ant, Maven and Gradle; npm and nodeJS; groovy and gulp; Gnu C and C++ along with make; Perl, Python, Ruby and Ruby on Rails; .NET; and go
Ubuntu Mate Desktop VM with VS Code

Deploy to Azure
This template allows you to deploy a simple Linux VM using a few different options for the Ubuntu version, using the latest patched version. This will deploy a A1 size VM in the resource group location and return the FQDN of the VM.
Ubuntu Tomcat server for use with Team Services deployments

Deploy to Azure
This template allows you to create an Ubuntu VM running Apache2 and Tomcat7 and enabled to support Visual Studio Team Services Apache Tomcat Deployment task, the Copy Files over SSH task, and the FTP Upload task (using ftps) to enable deployment of web applications.
Ubuntu VM with OpenJDK 7/8, Maven and Team Services agent

Deploy to Azure
This template allows you to create an Ubuntu VM software build machine with OpenJDK 7 and 8, Maven (and thus Ant) and Visual Studio Team Services Linux build agent. Once the VM is successfully provisioned, Team Services build agent installation can be verified by looking under your Team Services account settings under Agent pools
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology

Deploy to Azure
This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering.
Use script extensions to install Mongo DB on Ubuntu VM

Deploy to Azure
This template deploys Configures and Installs Mongo DB on a Ubuntu Virtual Machine in two separate scripts. This template is a good example that showcases how to express dependencies between two scripts running on the same virtual machine. This template also deploys a Storage Account, Virtual Network, Public IP addresses and a Network Interface.
User defined routes and Appliance

Deploy to Azure
This template deploys a Virtual Network, VMs in respective subnets and routes to direct traffic to the appliance
Vert.x, OpenJDK, Apache, and MySQL Server on Ubuntu VM

Deploy to Azure
This template uses the Azure Linux CustomScript extension to deploy Vert.x, OpenJDK, Apache, and MySQL Server on Ubuntu 14.04 LTS.
Virtual machine with an RDP port

Deploy to Azure
Creates a virtual machine and creates a NAT rule for RDP to the VM in load balancer
Virtual Machine with Conditional Resources

Deploy to Azure
This template allows deploying a linux VM using new or existing resources for the Virtual Network, Storage and Public IP Address. It also allows for choosing between SSH and Password authenticate. The templates uses conditions and logic functions to remove the need for nested deployments.
Virtual Network NAT with VM

Deploy to Azure
Deploy a NAT gateway and virtual machine
Visual Studio 2019 CE with Docker Desktop

Deploy to Azure
Container Development with Visual Studio 2019 CE with Docker Desktop
Visual Studio and Visual Studio Team Services Build Agent VM

Deploy to Azure
This template expands the Visual Studio Dev VM template. It creates the VM in a new vnet, storage account, nic, and public ip with the new compute stack then installs the Visual Studio Team Services build agent.
Visual Studio Development VM

Deploy to Azure
This template creates a Visual Studio 2015 or Dev15 VM from the base gallery VM images available. It creates the VM in a new vnet, storage account, nic, and public ip with the new compute stack.
Visual Studio Development VM with Chocolatey packages

Deploy to Azure
This template creates a Visual Studio 2013 or 2015 VM from the base gallery VM images available. It creates the VM in a new vnet, storage account, nic, and public ip with the new compute stack.
Visual Studio Development VM with O365 Pre-installed

Deploy to Azure
This template creates a Visual Studio 2015 VM from the base gallery VM images available. It creates the VM in a new vnet, storage account, nic, and public ip with the new compute stack.
VM bootstorm workload template

Deploy to Azure
This template creates requested number of VMs and boot them simultaneously to calculate average VM boot time
VM Using Managed Identity for Artifact Download

Deploy to Azure
This template shows how to use a managed identity to download artifacts for the virtual machine's custom script extension.
VMAccess extension on a Ubuntu VM

Deploy to Azure
This template creates a Ubuntu VM and installs the VMAccess extension
VMs in Availability Zones with a Load Balancer and NAT

Deploy to Azure
This template allows you to create Virtual Machines distributed across Availability Zones with a Load Balancer and configure NAT rules through the load balancer. This template also deploys a Virtual Network, Public IP address and Network Interfaces. In this template, we use the resource loops capability to create the network interfaces and virtual machines
VNS3 network appliance for cloud connectivity and security

Deploy to Azure
VNS3 is a software only virtual appliance that provides the combined features and functions of a security appliance, application delivery controller and unified threat management device at the cloud application edge. Key benefits, on top of cloud networking, always on end to end encryption, federate data centres, cloud regions, cloud providers, and/or containers, creating one unified address space, attestable control over encryption keys, meshed network manageable at scale, reliable HA in the cloud, isolate sensitive applications (fast low cost Network Segmentation), segmentation within applications, Analysis of all data in motion in the cloud. Key network functions; virtual router, switch, firewall, vpn concentrator, multicast distributor, with plugins for WAF, NIDS, caching, proxy, load balancers and other layer 4 thru 7 network functions, VNS3 doesn't require new knowledge or training to implement, so you can integrate with existing network equipment.
WildFly 18 on CentOS 8 (stand-alone VM)

Deploy to Azure
This template allows you to create a CentOS 8 VM running WildFly 18.0.1.Final and also deploy a web application called JBoss-EAP on Azure, you can login into the Admin Console using the Wildfly username and password configured at the time of the deployment.
Windows Docker Host with Portainer and Traefik pre-installed

Deploy to Azure
Windows Docker Host with Portainer and Traefik pre-installed
Windows Server VM with SSH

Deploy to Azure
Deploy a single Windows VM with Open SSH enabled so that you can connect through SSH using key-based authentication.
Windows VM with Azure secure baseline

Deploy to Azure
The template creates a virtual machine running Windows Server in a new virtual network, with a public IP address. Once the machine has deployed, the guest configuration extension is installed and the Azure secure baseline for Windows Server is applied. If the configuration of the machines drifts, you can re-apply the settings by deploying the template again.
Windows VM with O365 Pre-installed

Deploy to Azure
This template creates a Windows based VM. It creates the VM in a new vnet, storage account, nic, and public ip with the new compute stack.
WinRM on a Windows VM

Deploy to Azure
This template installs a certificate from Azure Key Vault on a Virtual Machine and opens up WinRM HTTP and HTTPS listeners. Prerequisite: A certificate uploaded to Azure Key Vault. Create the Key Vault using the template at http://azure.microsoft.com/en-us/documentation/templates/101-create-key-vault
Zookeeper cluster on Ubuntu VMs

Deploy to Azure
This template creates a 'n' node Zookeper cluster on Ubuntu VMs. Use the scaleNumber parameter to specify the number of nodes in this cluster

Terraform (AzAPI provider) resource definition

The virtualMachines resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Compute/virtualMachines resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Compute/virtualMachines@2025-04-01"
  name = "string"
  parent_id = "string"
  identity {
    type = "string"
    identity_ids = [
      "string"
    ]
  }
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = {
    extendedLocation = {
      name = "string"
      type = "string"
    }
    placement = {
      excludeZones = [
        "string"
      ]
      includeZones = [
        "string"
      ]
      zonePlacementPolicy = "string"
    }
    plan = {
      name = "string"
      product = "string"
      promotionCode = "string"
      publisher = "string"
    }
    properties = {
      additionalCapabilities = {
        enableFips1403Encryption = bool
        hibernationEnabled = bool
        ultraSSDEnabled = bool
      }
      applicationProfile = {
        galleryApplications = [
          {
            configurationReference = "string"
            enableAutomaticUpgrade = bool
            order = int
            packageReferenceId = "string"
            tags = "string"
            treatFailureAsDeploymentFailure = bool
          }
        ]
      }
      availabilitySet = {
        id = "string"
      }
      billingProfile = {
        maxPrice = int
      }
      capacityReservation = {
        capacityReservationGroup = {
          id = "string"
        }
      }
      diagnosticsProfile = {
        bootDiagnostics = {
          enabled = bool
          storageUri = "string"
        }
      }
      evictionPolicy = "string"
      extensionsTimeBudget = "string"
      hardwareProfile = {
        vmSize = "string"
        vmSizeProperties = {
          vCPUsAvailable = int
          vCPUsPerCore = int
        }
      }
      host = {
        id = "string"
      }
      hostGroup = {
        id = "string"
      }
      licenseType = "string"
      networkProfile = {
        networkApiVersion = "string"
        networkInterfaceConfigurations = [
          {
            name = "string"
            properties = {
              auxiliaryMode = "string"
              auxiliarySku = "string"
              deleteOption = "string"
              disableTcpStateTracking = bool
              dnsSettings = {
                dnsServers = [
                  "string"
                ]
              }
              dscpConfiguration = {
                id = "string"
              }
              enableAcceleratedNetworking = bool
              enableFpga = bool
              enableIPForwarding = bool
              ipConfigurations = [
                {
                  name = "string"
                  properties = {
                    applicationGatewayBackendAddressPools = [
                      {
                        id = "string"
                      }
                    ]
                    applicationSecurityGroups = [
                      {
                        id = "string"
                      }
                    ]
                    loadBalancerBackendAddressPools = [
                      {
                        id = "string"
                      }
                    ]
                    primary = bool
                    privateIPAddressVersion = "string"
                    publicIPAddressConfiguration = {
                      name = "string"
                      properties = {
                        deleteOption = "string"
                        dnsSettings = {
                          domainNameLabel = "string"
                          domainNameLabelScope = "string"
                        }
                        idleTimeoutInMinutes = int
                        ipTags = [
                          {
                            ipTagType = "string"
                            tag = "string"
                          }
                        ]
                        publicIPAddressVersion = "string"
                        publicIPAllocationMethod = "string"
                        publicIPPrefix = {
                          id = "string"
                        }
                      }
                      sku = {
                        name = "string"
                        tier = "string"
                      }
                      tags = {
                        {customized property} = "string"
                      }
                    }
                    subnet = {
                      id = "string"
                    }
                  }
                }
              ]
              networkSecurityGroup = {
                id = "string"
              }
              primary = bool
            }
            tags = {
              {customized property} = "string"
            }
          }
        ]
        networkInterfaces = [
          {
            id = "string"
            properties = {
              deleteOption = "string"
              primary = bool
            }
          }
        ]
      }
      osProfile = {
        adminPassword = "string"
        adminUsername = "string"
        allowExtensionOperations = bool
        computerName = "string"
        customData = "string"
        linuxConfiguration = {
          disablePasswordAuthentication = bool
          enableVMAgentPlatformUpdates = bool
          patchSettings = {
            assessmentMode = "string"
            automaticByPlatformSettings = {
              bypassPlatformSafetyChecksOnUserSchedule = bool
              rebootSetting = "string"
            }
            patchMode = "string"
          }
          provisionVMAgent = bool
          ssh = {
            publicKeys = [
              {
                keyData = "string"
                path = "string"
              }
            ]
          }
        }
        requireGuestProvisionSignal = bool
        secrets = [
          {
            sourceVault = {
              id = "string"
            }
            vaultCertificates = [
              {
                certificateStore = "string"
                certificateUrl = "string"
              }
            ]
          }
        ]
        windowsConfiguration = {
          additionalUnattendContent = [
            {
              componentName = "Microsoft-Windows-Shell-Setup"
              content = "string"
              passName = "OobeSystem"
              settingName = "string"
            }
          ]
          enableAutomaticUpdates = bool
          patchSettings = {
            assessmentMode = "string"
            automaticByPlatformSettings = {
              bypassPlatformSafetyChecksOnUserSchedule = bool
              rebootSetting = "string"
            }
            enableHotpatching = bool
            patchMode = "string"
          }
          provisionVMAgent = bool
          timeZone = "string"
          winRM = {
            listeners = [
              {
                certificateUrl = "string"
                protocol = "string"
              }
            ]
          }
        }
      }
      platformFaultDomain = int
      priority = "string"
      proximityPlacementGroup = {
        id = "string"
      }
      scheduledEventsPolicy = {
        allInstancesDown = {
          automaticallyApprove = bool
        }
        scheduledEventsAdditionalPublishingTargets = {
          eventGridAndResourceGraph = {
            enable = bool
            scheduledEventsApiVersion = "string"
          }
        }
        userInitiatedReboot = {
          automaticallyApprove = bool
        }
        userInitiatedRedeploy = {
          automaticallyApprove = bool
        }
      }
      scheduledEventsProfile = {
        osImageNotificationProfile = {
          enable = bool
          notBeforeTimeout = "string"
        }
        terminateNotificationProfile = {
          enable = bool
          notBeforeTimeout = "string"
        }
      }
      securityProfile = {
        encryptionAtHost = bool
        encryptionIdentity = {
          userAssignedIdentityResourceId = "string"
        }
        proxyAgentSettings = {
          addProxyAgentExtension = bool
          enabled = bool
          imds = {
            inVMAccessControlProfileReferenceId = "string"
            mode = "string"
          }
          keyIncarnationId = int
          mode = "string"
          wireServer = {
            inVMAccessControlProfileReferenceId = "string"
            mode = "string"
          }
        }
        securityType = "string"
        uefiSettings = {
          secureBootEnabled = bool
          vTpmEnabled = bool
        }
      }
      storageProfile = {
        alignRegionalDisksToVMZone = bool
        dataDisks = [
          {
            caching = "string"
            createOption = "string"
            deleteOption = "string"
            detachOption = "string"
            diskIOPSReadWrite = int
            diskMBpsReadWrite = int
            diskSizeGB = int
            image = {
              uri = "string"
            }
            lun = int
            managedDisk = {
              diskEncryptionSet = {
                id = "string"
              }
              id = "string"
              securityProfile = {
                diskEncryptionSet = {
                  id = "string"
                }
                securityEncryptionType = "string"
              }
              storageAccountType = "string"
            }
            name = "string"
            sourceResource = {
              id = "string"
            }
            toBeDetached = bool
            vhd = {
              uri = "string"
            }
            writeAcceleratorEnabled = bool
          }
        ]
        diskControllerType = "string"
        imageReference = {
          communityGalleryImageId = "string"
          id = "string"
          offer = "string"
          publisher = "string"
          sharedGalleryImageId = "string"
          sku = "string"
          version = "string"
        }
        osDisk = {
          caching = "string"
          createOption = "string"
          deleteOption = "string"
          diffDiskSettings = {
            option = "string"
            placement = "string"
          }
          diskSizeGB = int
          encryptionSettings = {
            diskEncryptionKey = {
              secretUrl = "string"
              sourceVault = {
                id = "string"
              }
            }
            enabled = bool
            keyEncryptionKey = {
              keyUrl = "string"
              sourceVault = {
                id = "string"
              }
            }
          }
          image = {
            uri = "string"
          }
          managedDisk = {
            diskEncryptionSet = {
              id = "string"
            }
            id = "string"
            securityProfile = {
              diskEncryptionSet = {
                id = "string"
              }
              securityEncryptionType = "string"
            }
            storageAccountType = "string"
          }
          name = "string"
          osType = "string"
          vhd = {
            uri = "string"
          }
          writeAcceleratorEnabled = bool
        }
      }
      userData = "string"
      virtualMachineScaleSet = {
        id = "string"
      }
    }
    zones = [
      "string"
    ]
  }
}

Property Values

Microsoft.Compute/virtualMachines

Name Description Value
extendedLocation The extended location of the Virtual Machine. ExtendedLocation
identity The identity of the virtual machine, if configured. VirtualMachineIdentity
location The geo-location where the resource lives string (required)
name The resource name string (required)
parent_id The ID of the resource to apply this extension resource to. string (required)
placement Placement section specifies the user-defined constraints for virtual machine hardware placement. This property cannot be changed once VM is provisioned. Minimum api-version: 2024-11-01. Placement
plan Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. In the Azure portal, find the marketplace image that you want to use and then click Want to deploy programmatically, Get Started ->. Enter any required information and then click Save. Plan
properties Describes the properties of a Virtual Machine. VirtualMachineProperties
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.Compute/virtualMachines@2025-04-01"
zones The availability zones. string[]

AdditionalCapabilities

Name Description Value
enableFips1403Encryption The flag enables the usage of FIPS 140-3 compliant cryptography on the protectedSettings of an extension. Learn more at: https://aka.ms/linuxagentfipssupport. bool
hibernationEnabled The flag that enables or disables hibernation capability on the VM. bool
ultraSSDEnabled The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. bool

AdditionalUnattendContent

Name Description Value
componentName The component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup. 'Microsoft-Windows-Shell-Setup'
content Specifies the XML formatted content that is added to the unattend.xml file for the specified path and component. The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted. string
passName The pass name. Currently, the only allowable value is OobeSystem. 'OobeSystem'
settingName Specifies the name of the setting to which the content applies. Possible values are: FirstLogonCommands and AutoLogon. 'AutoLogon'
'FirstLogonCommands'

AllInstancesDown

Name Description Value
automaticallyApprove Specifies if Scheduled Events should be auto-approved when all instances are down.
its default value is true
bool

ApiEntityReference

Name Description Value
id The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/... string

ApplicationProfile

Name Description Value
galleryApplications Specifies the gallery applications that should be made available to the VM/VMSS VMGalleryApplication[]

BillingProfile

Name Description Value
maxPrice Specifies the maximum price you are willing to pay for a Azure Spot VM/VMSS. This price is in US Dollars.

This price will be compared with the current Azure Spot price for the VM size. Also, the prices are compared at the time of create/update of Azure Spot VM/VMSS and the operation will only succeed if the maxPrice is greater than the current Azure Spot price.

The maxPrice will also be used for evicting a Azure Spot VM/VMSS if the current Azure Spot price goes beyond the maxPrice after creation of VM/VMSS.

Possible values are:

- Any decimal value greater than zero. Example: 0.01538

-1 – indicates default price to be up-to on-demand.

You can set the maxPrice to -1 to indicate that the Azure Spot VM/VMSS should not be evicted for price reasons. Also, the default max price is -1 if it is not provided by you.

Minimum api-version: 2019-03-01.
int

BootDiagnostics

Name Description Value
enabled Whether boot diagnostics should be enabled on the Virtual Machine. bool
storageUri Uri of the storage account to use for placing the console output and screenshot. If storageUri is not specified while enabling boot diagnostics, managed storage will be used. string

CapacityReservationProfile

Name Description Value
capacityReservationGroup Specifies the capacity reservation group resource id that should be used for allocating the virtual machine or scaleset vm instances provided enough capacity has been reserved. Please refer to https://aka.ms/CapacityReservation for more details. SubResource

DataDisk

Name Description Value
caching Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The defaulting behavior is: None for Standard storage. ReadOnly for Premium storage. 'None'
'ReadOnly'
'ReadWrite'
createOption Specifies how the virtual machine disk should be created. Possible values are Attach: This value is used when you are using a specialized disk to create the virtual machine. FromImage: This value is used when you are using an image to create the virtual machine data disk. If you are using a platform image, you should also use the imageReference element described above. If you are using a marketplace image, you should also use the plan element previously described. Empty: This value is used when creating an empty data disk. Copy: This value is used to create a data disk from a snapshot or another disk. Restore: This value is used to create a data disk from a disk restore point. 'Attach'
'Copy'
'Empty'
'FromImage'
'Restore' (required)
deleteOption Specifies whether data disk should be deleted or detached upon VM deletion. Possible values are: Delete. If this value is used, the data disk is deleted when VM is deleted. Detach. If this value is used, the data disk is retained after VM is deleted. The default value is set to Detach. 'Delete'
'Detach'
detachOption Specifies the detach behavior to be used while detaching a disk or which is already in the process of detachment from the virtual machine. Supported values: ForceDetach. detachOption: ForceDetach is applicable only for managed data disks. If a previous detachment attempt of the data disk did not complete due to an unexpected failure from the virtual machine and the disk is still not released then use force-detach as a last resort option to detach the disk forcibly from the VM. All writes might not have been flushed when using this detach behavior. This feature is still in preview. To force-detach a data disk update toBeDetached to 'true' along with setting detachOption: 'ForceDetach'. 'ForceDetach'
diskIOPSReadWrite Specifies the Read-Write IOPS for the managed disk when StorageAccountType is UltraSSD_LRS. int
diskMBpsReadWrite Specifies the bandwidth in MB per second for the managed disk when StorageAccountType is UltraSSD_LRS. int
diskSizeGB Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property 'diskSizeGB' is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023. int
image The source user image virtual hard disk. The virtual hard disk will be copied before being attached to the virtual machine. If SourceImage is provided, the destination virtual hard drive must not exist. VirtualHardDisk
lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. int (required)
managedDisk The managed disk parameters. ManagedDiskParameters
name The disk name. string
sourceResource The source resource identifier. It can be a snapshot, or disk restore point from which to create a disk. ApiEntityReference
toBeDetached Specifies whether the data disk is in process of detachment from the VirtualMachine/VirtualMachineScaleset bool
vhd The virtual hard disk. VirtualHardDisk
writeAcceleratorEnabled Specifies whether writeAccelerator should be enabled or disabled on the disk. bool

DiagnosticsProfile

Name Description Value
bootDiagnostics Boot Diagnostics is a debugging feature which allows you to view Console Output and Screenshot to diagnose VM status. NOTE: If storageUri is being specified then ensure that the storage account is in the same region and subscription as the VM. You can easily view the output of your console log. Azure also enables you to see a screenshot of the VM from the hypervisor. BootDiagnostics

DiffDiskSettings

Name Description Value
option Specifies the ephemeral disk settings for operating system disk. 'Local'
placement Specifies the ephemeral disk placement for operating system disk. Possible values are: CacheDisk, ResourceDisk, NvmeDisk. The defaulting behavior is: CacheDisk if one is configured for the VM size otherwise ResourceDisk or NvmeDisk is used. Refer to the VM size documentation for Windows VM at /azure/virtual-machines/windows/sizes and Linux VM at /azure/virtual-machines/linux/sizes to check which VM sizes exposes a cache disk. Minimum api-version for NvmeDisk: 2024-03-01. 'CacheDisk'
'NvmeDisk'
'ResourceDisk'

DiskEncryptionSetParameters

Name Description Value
id Resource Id string

DiskEncryptionSettings

Name Description Value
diskEncryptionKey Specifies the location of the disk encryption key, which is a Key Vault Secret. KeyVaultSecretReference
enabled Specifies whether disk encryption should be enabled on the virtual machine. bool
keyEncryptionKey Specifies the location of the key encryption key in Key Vault. KeyVaultKeyReference

EncryptionIdentity

Name Description Value
userAssignedIdentityResourceId Specifies ARM Resource ID of one of the user identities associated with the VM. string

EventGridAndResourceGraph

Name Description Value
enable Specifies if event grid and resource graph is enabled for Scheduled event related configurations. bool
scheduledEventsApiVersion Specifies the api-version to determine which Scheduled Events configuration schema version will be delivered. string

ExtendedLocation

Name Description Value
name The name of the extended location. string
type The type of the extended location. 'EdgeZone'

HardwareProfile

Name Description Value
vmSize Specifies the size of the virtual machine. The enum data type is currently deprecated and will be removed by December 23rd 2023. The recommended way to get the list of available sizes is using these APIs: List all available virtual machine sizes in an availability set, List all available virtual machine sizes in a region, List all available virtual machine sizes for resizing. For more information about virtual machine sizes, see Sizes for virtual machines. The available VM sizes depend on region and availability set. 'Basic_A0'
'Basic_A1'
'Basic_A2'
'Basic_A3'
'Basic_A4'
'Standard_A0'
'Standard_A1'
'Standard_A10'
'Standard_A11'
'Standard_A1_v2'
'Standard_A2'
'Standard_A2m_v2'
'Standard_A2_v2'
'Standard_A3'
'Standard_A4'
'Standard_A4m_v2'
'Standard_A4_v2'
'Standard_A5'
'Standard_A6'
'Standard_A7'
'Standard_A8'
'Standard_A8m_v2'
'Standard_A8_v2'
'Standard_A9'
'Standard_B1ms'
'Standard_B1s'
'Standard_B2ms'
'Standard_B2s'
'Standard_B4ms'
'Standard_B8ms'
'Standard_D1'
'Standard_D11'
'Standard_D11_v2'
'Standard_D12'
'Standard_D12_v2'
'Standard_D13'
'Standard_D13_v2'
'Standard_D14'
'Standard_D14_v2'
'Standard_D15_v2'
'Standard_D16s_v3'
'Standard_D16_v3'
'Standard_D1_v2'
'Standard_D2'
'Standard_D2s_v3'
'Standard_D2_v2'
'Standard_D2_v3'
'Standard_D3'
'Standard_D32s_v3'
'Standard_D32_v3'
'Standard_D3_v2'
'Standard_D4'
'Standard_D4s_v3'
'Standard_D4_v2'
'Standard_D4_v3'
'Standard_D5_v2'
'Standard_D64s_v3'
'Standard_D64_v3'
'Standard_D8s_v3'
'Standard_D8_v3'
'Standard_DS1'
'Standard_DS11'
'Standard_DS11_v2'
'Standard_DS12'
'Standard_DS12_v2'
'Standard_DS13'
'Standard_DS13-2_v2'
'Standard_DS13-4_v2'
'Standard_DS13_v2'
'Standard_DS14'
'Standard_DS14-4_v2'
'Standard_DS14-8_v2'
'Standard_DS14_v2'
'Standard_DS15_v2'
'Standard_DS1_v2'
'Standard_DS2'
'Standard_DS2_v2'
'Standard_DS3'
'Standard_DS3_v2'
'Standard_DS4'
'Standard_DS4_v2'
'Standard_DS5_v2'
'Standard_E16s_v3'
'Standard_E16_v3'
'Standard_E2s_v3'
'Standard_E2_v3'
'Standard_E32-16_v3'
'Standard_E32-8s_v3'
'Standard_E32s_v3'
'Standard_E32_v3'
'Standard_E4s_v3'
'Standard_E4_v3'
'Standard_E64-16s_v3'
'Standard_E64-32s_v3'
'Standard_E64s_v3'
'Standard_E64_v3'
'Standard_E8s_v3'
'Standard_E8_v3'
'Standard_F1'
'Standard_F16'
'Standard_F16s'
'Standard_F16s_v2'
'Standard_F1s'
'Standard_F2'
'Standard_F2s'
'Standard_F2s_v2'
'Standard_F32s_v2'
'Standard_F4'
'Standard_F4s'
'Standard_F4s_v2'
'Standard_F64s_v2'
'Standard_F72s_v2'
'Standard_F8'
'Standard_F8s'
'Standard_F8s_v2'
'Standard_G1'
'Standard_G2'
'Standard_G3'
'Standard_G4'
'Standard_G5'
'Standard_GS1'
'Standard_GS2'
'Standard_GS3'
'Standard_GS4'
'Standard_GS4-4'
'Standard_GS4-8'
'Standard_GS5'
'Standard_GS5-16'
'Standard_GS5-8'
'Standard_H16'
'Standard_H16m'
'Standard_H16mr'
'Standard_H16r'
'Standard_H8'
'Standard_H8m'
'Standard_L16s'
'Standard_L32s'
'Standard_L4s'
'Standard_L8s'
'Standard_M128-32ms'
'Standard_M128-64ms'
'Standard_M128ms'
'Standard_M128s'
'Standard_M64-16ms'
'Standard_M64-32ms'
'Standard_M64ms'
'Standard_M64s'
'Standard_NC12'
'Standard_NC12s_v2'
'Standard_NC12s_v3'
'Standard_NC24'
'Standard_NC24r'
'Standard_NC24rs_v2'
'Standard_NC24rs_v3'
'Standard_NC24s_v2'
'Standard_NC24s_v3'
'Standard_NC6'
'Standard_NC6s_v2'
'Standard_NC6s_v3'
'Standard_ND12s'
'Standard_ND24rs'
'Standard_ND24s'
'Standard_ND6s'
'Standard_NV12'
'Standard_NV24'
'Standard_NV6'
vmSizeProperties Specifies the properties for customizing the size of the virtual machine. Minimum api-version: 2021-07-01. This feature is still in preview mode and is not supported for VirtualMachineScaleSet. Please follow the instructions in VM Customization for more details. VMSizeProperties

HostEndpointSettings

Name Description Value
inVMAccessControlProfileReferenceId Specifies the InVMAccessControlProfileVersion resource id in the format of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/inVMAccessControlProfiles/{profile}/versions/{version} string
mode Specifies the execution mode. In Audit mode, the system acts as if it is enforcing the access control policy, including emitting access denial entries in the logs but it does not actually deny any requests to host endpoints. In Enforce mode, the system will enforce the access control and it is the recommended mode of operation. 'Audit'
'Disabled'
'Enforce'

ImageReference

Name Description Value
communityGalleryImageId Specified the community gallery image unique id for vm deployment. This can be fetched from community gallery image GET call. string
id Resource Id string
offer Specifies the offer of the platform image or marketplace image used to create the virtual machine. string
publisher The image publisher. string
sharedGalleryImageId Specified the shared gallery image unique id for vm deployment. This can be fetched from shared gallery image GET call. string
sku The image SKU. string
version Specifies the version of the platform image or marketplace image used to create the virtual machine. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available. Please do not use field 'version' for gallery image deployment, gallery image should always use 'id' field for deployment, to use 'latest' version of gallery image, just set '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/images/{imageName}' in the 'id' field without version input. string

KeyVaultKeyReference

Name Description Value
keyUrl The URL referencing a key encryption key in Key Vault. string (required)
sourceVault The relative URL of the Key Vault containing the key. SubResource (required)

KeyVaultSecretReference

Name Description Value
secretUrl The URL referencing a secret in a Key Vault. string (required)
sourceVault The relative URL of the Key Vault containing the secret. SubResource (required)

LinuxConfiguration

Name Description Value
disablePasswordAuthentication Specifies whether password authentication should be disabled. bool
enableVMAgentPlatformUpdates Indicates whether VMAgent Platform Updates is enabled for the Linux virtual machine. Default value is false. bool
patchSettings [Preview Feature] Specifies settings related to VM Guest Patching on Linux. LinuxPatchSettings
provisionVMAgent Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. bool
ssh Specifies the ssh key configuration for a Linux OS. SshConfiguration

LinuxPatchSettings

Name Description Value
assessmentMode Specifies the mode of VM Guest Patch Assessment for the IaaS virtual machine.

Possible values are:

ImageDefault - You control the timing of patch assessments on a virtual machine.

AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true.
'AutomaticByPlatform'
'ImageDefault'
automaticByPlatformSettings Specifies additional settings for patch mode AutomaticByPlatform in VM Guest Patching on Linux. LinuxVMGuestPatchAutomaticByPlatformSettings
patchMode Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible.

Possible values are:

ImageDefault - The virtual machine's default patching configuration is used.

AutomaticByPlatform - The virtual machine will be automatically updated by the platform. The property provisionVMAgent must be true
'AutomaticByPlatform'
'ImageDefault'

LinuxVMGuestPatchAutomaticByPlatformSettings

Name Description Value
bypassPlatformSafetyChecksOnUserSchedule Enables customer to schedule patching without accidental upgrades bool
rebootSetting Specifies the reboot setting for all AutomaticByPlatform patch installation operations. 'Always'
'IfRequired'
'Never'
'Unknown'

ManagedDiskParameters

Name Description Value
diskEncryptionSet Specifies the customer managed disk encryption set resource id for the managed disk. DiskEncryptionSetParameters
id Resource Id string
securityProfile Specifies the security profile for the managed disk. VMDiskSecurityProfile
storageAccountType Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. 'PremiumV2_LRS'
'Premium_LRS'
'Premium_ZRS'
'StandardSSD_LRS'
'StandardSSD_ZRS'
'Standard_LRS'
'UltraSSD_LRS'

NetworkInterfaceReference

Name Description Value
id Resource Id string
properties Describes a network interface reference properties. NetworkInterfaceReferenceProperties

NetworkInterfaceReferenceProperties

Name Description Value
deleteOption Specify what happens to the network interface when the VM is deleted 'Delete'
'Detach'
primary Specifies the primary network interface in case the virtual machine has more than 1 network interface. bool

NetworkProfile

Name Description Value
networkApiVersion specifies the Microsoft.Network API version used when creating networking resources in the Network Interface Configurations '2020-11-01'
'2022-11-01'
networkInterfaceConfigurations Specifies the networking configurations that will be used to create the virtual machine networking resources. VirtualMachineNetworkInterfaceConfiguration[]
networkInterfaces Specifies the list of resource Ids for the network interfaces associated with the virtual machine. NetworkInterfaceReference[]

OSDisk

Name Description Value
caching Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The defaulting behavior is: None for Standard storage. ReadOnly for Premium storage. 'None'
'ReadOnly'
'ReadWrite'
createOption Specifies how the virtual machine disk should be created. Possible values are Attach: This value is used when you are using a specialized disk to create the virtual machine. FromImage: This value is used when you are using an image to create the virtual machine. If you are using a platform image, you should also use the imageReference element described above. If you are using a marketplace image, you should also use the plan element previously described. 'Attach'
'Copy'
'Empty'
'FromImage'
'Restore' (required)
deleteOption Specifies whether OS Disk should be deleted or detached upon VM deletion. Possible values are: Delete. If this value is used, the OS disk is deleted when VM is deleted. Detach. If this value is used, the os disk is retained after VM is deleted. The default value is set to Detach. For an ephemeral OS Disk, the default value is set to Delete. The user cannot change the delete option for an ephemeral OS Disk. 'Delete'
'Detach'
diffDiskSettings Specifies the ephemeral Disk Settings for the operating system disk used by the virtual machine. DiffDiskSettings
diskSizeGB Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property 'diskSizeGB' is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023. int
encryptionSettings Specifies the encryption settings for the OS Disk. Minimum api-version: 2015-06-15. DiskEncryptionSettings
image The source user image virtual hard disk. The virtual hard disk will be copied before being attached to the virtual machine. If SourceImage is provided, the destination virtual hard drive must not exist. VirtualHardDisk
managedDisk The managed disk parameters. ManagedDiskParameters
name The disk name. string
osType This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD. Possible values are: Windows, Linux. 'Linux'
'Windows'
vhd The virtual hard disk. VirtualHardDisk
writeAcceleratorEnabled Specifies whether writeAccelerator should be enabled or disabled on the disk. bool

OSImageNotificationProfile

Name Description Value
enable Specifies whether the OS Image Scheduled event is enabled or disabled. bool
notBeforeTimeout Length of time a Virtual Machine being reimaged or having its OS upgraded will have to potentially approve the OS Image Scheduled Event before the event is auto approved (timed out). The configuration is specified in ISO 8601 format, and the value must be 15 minutes (PT15M) string

OSProfile

Name Description Value
adminPassword Specifies the password of the administrator account.

Minimum-length (Windows): 8 characters

Minimum-length (Linux): 6 characters

Max-length (Windows): 123 characters

Max-length (Linux): 72 characters

Complexity requirements: 3 out of 4 conditions below need to be fulfilled
Has lower characters
Has upper characters
Has a digit
Has a special character (Regex match [\W_])

Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!"

For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM

For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension
string

Constraints:
Sensitive value. Pass in as a secure parameter.
adminUsername Specifies the name of the administrator account.

This property cannot be updated after the VM is created.

Windows-only restriction: Cannot end in "."

Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5".

Minimum-length (Linux): 1 character

Max-length (Linux): 64 characters

Max-length (Windows): 20 characters.
string
allowExtensionOperations Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine. bool
computerName Specifies the host OS name of the virtual machine. This name cannot be updated after the VM is created. Max-length (Windows): 15 characters. Max-length (Linux): 64 characters. For naming conventions and restrictions see Azure infrastructure services implementation guidelines. string
customData Specifies a base-64 encoded string of custom data. The base-64 encoded string is decoded to a binary array that is saved as a file on the Virtual Machine. The maximum length of the binary array is 65535 bytes. Note: Do not pass any secrets or passwords in customData property. This property cannot be updated after the VM is created. The property 'customData' is passed to the VM to be saved as a file, for more information see Custom Data on Azure VMs. For using cloud-init for your Linux VM, see Using cloud-init to customize a Linux VM during creation. string
linuxConfiguration Specifies the Linux operating system settings on the virtual machine. For a list of supported Linux distributions, see Linux on Azure-Endorsed Distributions. LinuxConfiguration
requireGuestProvisionSignal Optional property which must either be set to True or omitted. bool
secrets Specifies set of certificates that should be installed onto the virtual machine. To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. VaultSecretGroup[]
windowsConfiguration Specifies Windows operating system settings on the virtual machine. WindowsConfiguration

PatchSettings

Name Description Value
assessmentMode Specifies the mode of VM Guest patch assessment for the IaaS virtual machine.

Possible values are:

ImageDefault - You control the timing of patch assessments on a virtual machine.

AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true.
'AutomaticByPlatform'
'ImageDefault'
automaticByPlatformSettings Specifies additional settings for patch mode AutomaticByPlatform in VM Guest Patching on Windows. WindowsVMGuestPatchAutomaticByPlatformSettings
enableHotpatching Enables customers to patch their Azure VMs without requiring a reboot. For enableHotpatching, the 'provisionVMAgent' must be set to true and 'patchMode' must be set to 'AutomaticByPlatform'. bool
patchMode Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible.

Possible values are:

Manual - You control the application of patches to a virtual machine. You do this by applying patches manually inside the VM. In this mode, automatic updates are disabled; the property WindowsConfiguration.enableAutomaticUpdates must be false

AutomaticByOS - The virtual machine will automatically be updated by the OS. The property WindowsConfiguration.enableAutomaticUpdates must be true.

AutomaticByPlatform - the virtual machine will automatically updated by the platform. The properties provisionVMAgent and WindowsConfiguration.enableAutomaticUpdates must be true
'AutomaticByOS'
'AutomaticByPlatform'
'Manual'

Placement

Name Description Value
excludeZones This property supplements the 'zonePlacementPolicy' property. If 'zonePlacementPolicy' is set to 'Any'/'Auto', availability zone selected by the system must not be present in the list of availability zones passed with 'excludeZones'. If 'excludeZones' is not provided, all availability zones in region will be considered for selection. string[]
includeZones This property supplements the 'zonePlacementPolicy' property. If 'zonePlacementPolicy' is set to 'Any'/'Auto', availability zone selected by the system must be present in the list of availability zones passed with 'includeZones'. If 'includeZones' is not provided, all availability zones in region will be considered for selection. string[]
zonePlacementPolicy Specifies the policy for resource's placement in availability zone. Possible values are: Any (used for Virtual Machines), Auto (used for Virtual Machine Scale Sets) - An availability zone will be automatically picked by system as part of resource creation. 'Any'
'Auto'

Plan

Name Description Value
name The plan ID. string
product Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. string
promotionCode The promotion code. string
publisher The publisher ID. string

ProxyAgentSettings

Name Description Value
addProxyAgentExtension Specify whether to implicitly install the ProxyAgent Extension. This option is currently applicable only for Linux Os. bool
enabled Specifies whether ProxyAgent feature should be enabled on the virtual machine or virtual machine scale set. bool
imds Specifies the IMDS endpoint settings while creating the virtual machine or virtual machine scale set. Minimum api-version: 2024-03-01. HostEndpointSettings
keyIncarnationId Increase the value of this property allows users to reset the key used for securing communication channel between guest and host. int
mode Specifies the mode that ProxyAgent will execute on. Warning: this property has been deprecated, please specify 'mode' under particular hostendpoint setting. 'Audit'
'Enforce'
wireServer Specifies the Wire Server endpoint settings while creating the virtual machine or virtual machine scale set. Minimum api-version: 2024-03-01. HostEndpointSettings

PublicIPAddressSku

Name Description Value
name Specify public IP sku name 'Basic'
'Standard'
tier Specify public IP sku tier 'Global'
'Regional'

ScheduledEventsAdditionalPublishingTargets

Name Description Value
eventGridAndResourceGraph The configuration parameters used while creating eventGridAndResourceGraph Scheduled Event setting. EventGridAndResourceGraph

ScheduledEventsPolicy

Name Description Value
allInstancesDown The configuration parameters used while creating AllInstancesDown scheduled event setting creation. AllInstancesDown
scheduledEventsAdditionalPublishingTargets The configuration parameters used while publishing scheduledEventsAdditionalPublishingTargets. ScheduledEventsAdditionalPublishingTargets
userInitiatedReboot The configuration parameters used while creating userInitiatedReboot scheduled event setting creation. UserInitiatedReboot
userInitiatedRedeploy The configuration parameters used while creating userInitiatedRedeploy scheduled event setting creation. UserInitiatedRedeploy

ScheduledEventsProfile

Name Description Value
osImageNotificationProfile Specifies OS Image Scheduled Event related configurations. OSImageNotificationProfile
terminateNotificationProfile Specifies Terminate Scheduled Event related configurations. TerminateNotificationProfile

SecurityProfile

Name Description Value
encryptionAtHost This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. The default behavior is: The Encryption at host will be disabled unless this property is set to true for the resource. bool
encryptionIdentity Specifies the Managed Identity used by ADE to get access token for keyvault operations. EncryptionIdentity
proxyAgentSettings Specifies ProxyAgent settings while creating the virtual machine. Minimum api-version: 2023-09-01. ProxyAgentSettings
securityType Specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UefiSettings. The default behavior is: UefiSettings will not be enabled unless this property is set. 'ConfidentialVM'
'TrustedLaunch'
uefiSettings Specifies the security settings like secure boot and vTPM used while creating the virtual machine. Minimum api-version: 2020-12-01. UefiSettings

SshConfiguration

Name Description Value
publicKeys The list of SSH public keys used to authenticate with linux based VMs. SshPublicKey[]

SshPublicKey

Name Description Value
keyData SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format. For creating ssh keys, see [Create SSH keys on Linux and Mac for Linux VMs in Azure]/azure/virtual-machines/linux/create-ssh-keys-detailed). string
path Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys string

StorageProfile

Name Description Value
alignRegionalDisksToVMZone Specifies whether the regional disks should be aligned/moved to the VM zone. This is applicable only for VMs with placement property set. Please note that this change is irreversible. Minimum api-version: 2024-11-01. bool
dataDisks Specifies the parameters that are used to add a data disk to a virtual machine. For more information about disks, see About disks and VHDs for Azure virtual machines. DataDisk[]
diskControllerType Specifies the disk controller type configured for the VM. Note: This property will be set to the default disk controller type if not specified provided virtual machine is being created with 'hyperVGeneration' set to V2 based on the capabilities of the operating system disk and VM size from the the specified minimum api version. You need to deallocate the VM before updating its disk controller type unless you are updating the VM size in the VM configuration which implicitly deallocates and reallocates the VM. Minimum api-version: 2022-08-01. 'NVMe'
'SCSI'
imageReference Specifies information about the image to use. You can specify information about platform images, marketplace images, or virtual machine images. This element is required when you want to use a platform image, marketplace image, or virtual machine image, but is not used in other creation operations. ImageReference
osDisk Specifies information about the operating system disk used by the virtual machine. For more information about disks, see About disks and VHDs for Azure virtual machines. OSDisk

SubResource

Name Description Value
id Resource Id string

TerminateNotificationProfile

Name Description Value
enable Specifies whether the Terminate Scheduled event is enabled or disabled. bool
notBeforeTimeout Configurable length of time a Virtual Machine being deleted will have to potentially approve the Terminate Scheduled Event before the event is auto approved (timed out). The configuration must be specified in ISO 8601 format, the default value is 5 minutes (PT5M) string

TrackedResourceTags

Name Description Value

UefiSettings

Name Description Value
secureBootEnabled Specifies whether secure boot should be enabled on the virtual machine. Minimum api-version: 2020-12-01. bool
vTpmEnabled Specifies whether vTPM should be enabled on the virtual machine. Minimum api-version: 2020-12-01. bool

UserAssignedIdentitiesValue

Name Description Value

UserInitiatedReboot

Name Description Value
automaticallyApprove Specifies Reboot Scheduled Event related configurations. bool

UserInitiatedRedeploy

Name Description Value
automaticallyApprove Specifies Redeploy Scheduled Event related configurations. bool

VaultCertificate

Name Description Value
certificateStore For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account. For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted. string
certificateUrl This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8:

{
"data":"<Base64-encoded-certificate>",
"dataType":"pfx",
"password":"<pfx-file-password>"
}
To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows.
string

VaultSecretGroup

Name Description Value
sourceVault The relative URL of the Key Vault containing all of the certificates in VaultCertificates. SubResource
vaultCertificates The list of key vault references in SourceVault which contain certificates. VaultCertificate[]

VirtualHardDisk

Name Description Value
uri Specifies the virtual hard disk's uri. string

VirtualMachineIdentity

Name Description Value
type The type of identity used for the virtual machine. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned'
userAssignedIdentities The list of user identities associated with the Virtual Machine. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. VirtualMachineIdentityUserAssignedIdentities

VirtualMachineIdentityUserAssignedIdentities

Name Description Value

VirtualMachineIpTag

Name Description Value
ipTagType IP tag type. Example: FirstPartyUsage. string
tag IP tag associated with the public IP. Example: SQL, Storage etc. string

VirtualMachineNetworkInterfaceConfiguration

Name Description Value
name The network interface configuration name. string (required)
properties Describes a virtual machine network profile's IP configuration. VirtualMachineNetworkInterfaceConfigurationProperties
tags Resource tags applied to the networkInterface address created by this NetworkInterfaceConfiguration VirtualMachineNetworkInterfaceConfigurationTags

VirtualMachineNetworkInterfaceConfigurationProperties

Name Description Value
auxiliaryMode Specifies whether the Auxiliary mode is enabled for the Network Interface resource. 'AcceleratedConnections'
'Floating'
'None'
auxiliarySku Specifies whether the Auxiliary sku is enabled for the Network Interface resource. 'A1'
'A2'
'A4'
'A8'
'None'
deleteOption Specify what happens to the network interface when the VM is deleted 'Delete'
'Detach'
disableTcpStateTracking Specifies whether the network interface is disabled for tcp state tracking. bool
dnsSettings The dns settings to be applied on the network interfaces. VirtualMachineNetworkInterfaceDnsSettingsConfiguration
dscpConfiguration SubResource
enableAcceleratedNetworking Specifies whether the network interface is accelerated networking-enabled. bool
enableFpga Specifies whether the network interface is FPGA networking-enabled. bool
enableIPForwarding Whether IP forwarding enabled on this NIC. bool
ipConfigurations Specifies the IP configurations of the network interface. VirtualMachineNetworkInterfaceIPConfiguration[] (required)
networkSecurityGroup The network security group. SubResource
primary Specifies the primary network interface in case the virtual machine has more than 1 network interface. bool

VirtualMachineNetworkInterfaceConfigurationTags

Name Description Value

VirtualMachineNetworkInterfaceDnsSettingsConfiguration

Name Description Value
dnsServers List of DNS servers IP addresses string[]

VirtualMachineNetworkInterfaceIPConfiguration

Name Description Value
name The IP configuration name. string (required)
properties Describes a virtual machine network interface IP configuration properties. VirtualMachineNetworkInterfaceIPConfigurationProperties

VirtualMachineNetworkInterfaceIPConfigurationProperties

Name Description Value
applicationGatewayBackendAddressPools Specifies an array of references to backend address pools of application gateways. A virtual machine can reference backend address pools of multiple application gateways. Multiple virtual machines cannot use the same application gateway. SubResource[]
applicationSecurityGroups Specifies an array of references to application security group. SubResource[]
loadBalancerBackendAddressPools Specifies an array of references to backend address pools of load balancers. A virtual machine can reference backend address pools of one public and one internal load balancer. [Multiple virtual machines cannot use the same basic sku load balancer]. SubResource[]
primary Specifies the primary network interface in case the virtual machine has more than 1 network interface. bool
privateIPAddressVersion Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. 'IPv4'
'IPv6'
publicIPAddressConfiguration The publicIPAddressConfiguration. VirtualMachinePublicIPAddressConfiguration
subnet Specifies the identifier of the subnet. SubResource

VirtualMachineProperties

Name Description Value
additionalCapabilities Specifies additional capabilities enabled or disabled on the virtual machine. AdditionalCapabilities
applicationProfile Specifies the gallery applications that should be made available to the VM/VMSS. ApplicationProfile
availabilitySet Specifies information about the availability set that the virtual machine should be assigned to. Virtual machines specified in the same availability set are allocated to different nodes to maximize availability. For more information about availability sets, see Availability sets overview. For more information on Azure planned maintenance, see Maintenance and updates for Virtual Machines in Azure. Currently, a VM can only be added to availability set at creation time. The availability set to which the VM is being added should be under the same resource group as the availability set resource. An existing VM cannot be added to an availability set. This property cannot exist along with a non-null properties.virtualMachineScaleSet reference. SubResource
billingProfile Specifies the billing related details of a Azure Spot virtual machine. Minimum api-version: 2019-03-01. BillingProfile
capacityReservation Specifies information about the capacity reservation that is used to allocate virtual machine. Minimum api-version: 2021-04-01. CapacityReservationProfile
diagnosticsProfile Specifies the boot diagnostic settings state. Minimum api-version: 2015-06-15. DiagnosticsProfile
evictionPolicy Specifies the eviction policy for the Azure Spot virtual machine and Azure Spot scale set. For Azure Spot virtual machines, both 'Deallocate' and 'Delete' are supported and the minimum api-version is 2019-03-01. For Azure Spot scale sets, both 'Deallocate' and 'Delete' are supported and the minimum api-version is 2017-10-30-preview. 'Deallocate'
'Delete'
extensionsTimeBudget Specifies the time alloted for all extensions to start. The time duration should be between 15 minutes and 120 minutes (inclusive) and should be specified in ISO 8601 format. The default value is 90 minutes (PT1H30M). Minimum api-version: 2020-06-01. string
hardwareProfile Specifies the hardware settings for the virtual machine. HardwareProfile
host Specifies information about the dedicated host that the virtual machine resides in. Minimum api-version: 2018-10-01. SubResource
hostGroup Specifies information about the dedicated host group that the virtual machine resides in. Note: User cannot specify both host and hostGroup properties. Minimum api-version: 2020-06-01. SubResource
licenseType Specifies that the image or disk that is being used was licensed on-premises.

Possible values for Windows Server operating system are:

Windows_Client

Windows_Server

Possible values for Linux Server operating system are:

RHEL_BYOS (for RHEL)

SLES_BYOS (for SUSE)

For more information, see Azure Hybrid Use Benefit for Windows Server

Azure Hybrid Use Benefit for Linux Server

Minimum api-version: 2015-06-15
string
networkProfile Specifies the network interfaces of the virtual machine. NetworkProfile
osProfile Specifies the operating system settings used while creating the virtual machine. Some of the settings cannot be changed once VM is provisioned. OSProfile
platformFaultDomain Specifies the scale set logical fault domain into which the Virtual Machine will be created. By default, the Virtual Machine will by automatically assigned to a fault domain that best maintains balance across available fault domains. This is applicable only if the 'virtualMachineScaleSet' property of this Virtual Machine is set. The Virtual Machine Scale Set that is referenced, must have 'platformFaultDomainCount' greater than 1. This property cannot be updated once the Virtual Machine is created. Fault domain assignment can be viewed in the Virtual Machine Instance View. Minimum api‐version: 2020‐12‐01. int
priority Specifies the priority for the virtual machine. Minimum api-version: 2019-03-01 'Low'
'Regular'
'Spot'
proximityPlacementGroup Specifies information about the proximity placement group that the virtual machine should be assigned to. Minimum api-version: 2018-04-01. SubResource
scheduledEventsPolicy Specifies Redeploy, Reboot and ScheduledEventsAdditionalPublishingTargets Scheduled Event related configurations for the virtual machine. ScheduledEventsPolicy
scheduledEventsProfile Specifies Scheduled Event related configurations. ScheduledEventsProfile
securityProfile Specifies the Security related profile settings for the virtual machine. SecurityProfile
storageProfile Specifies the storage settings for the virtual machine disks. StorageProfile
userData UserData for the VM, which must be base-64 encoded. Customer should not pass any secrets in here. Minimum api-version: 2021-03-01. string
virtualMachineScaleSet Specifies information about the virtual machine scale set that the virtual machine should be assigned to. Virtual machines specified in the same virtual machine scale set are allocated to different nodes to maximize availability. Currently, a VM can only be added to virtual machine scale set at creation time. An existing VM cannot be added to a virtual machine scale set. This property cannot exist along with a non-null properties.availabilitySet reference. Minimum api‐version: 2019‐03‐01. SubResource

VirtualMachinePublicIPAddressConfiguration

Name Description Value
name The publicIP address configuration name. string (required)
properties Describes a virtual machines IP Configuration's PublicIPAddress configuration VirtualMachinePublicIPAddressConfigurationProperties
sku Describes the public IP Sku. It can only be set with OrchestrationMode as Flexible. PublicIPAddressSku
tags Resource tags applied to the publicIP address created by this PublicIPAddressConfiguration VirtualMachinePublicIPAddressConfigurationTags

VirtualMachinePublicIPAddressConfigurationProperties

Name Description Value
deleteOption Specify what happens to the public IP address when the VM is deleted 'Delete'
'Detach'
dnsSettings The dns settings to be applied on the publicIP addresses . VirtualMachinePublicIPAddressDnsSettingsConfiguration
idleTimeoutInMinutes The idle timeout of the public IP address. int
ipTags The list of IP tags associated with the public IP address. VirtualMachineIpTag[]
publicIPAddressVersion Available from Api-Version 2019-07-01 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. 'IPv4'
'IPv6'
publicIPAllocationMethod Specify the public IP allocation type 'Dynamic'
'Static'
publicIPPrefix The PublicIPPrefix from which to allocate publicIP addresses. SubResource

VirtualMachinePublicIPAddressConfigurationTags

Name Description Value

VirtualMachinePublicIPAddressDnsSettingsConfiguration

Name Description Value
domainNameLabel The Domain name label prefix of the PublicIPAddress resources that will be created. The generated name label is the concatenation of the domain name label and vm network profile unique ID. string (required)
domainNameLabelScope The Domain name label scope of the PublicIPAddress resources that will be created. The generated name label is the concatenation of the hashed domain name label with policy according to the domain name label scope and vm network profile unique ID. 'NoReuse'
'ResourceGroupReuse'
'SubscriptionReuse'
'TenantReuse'

VMDiskSecurityProfile

Name Description Value
diskEncryptionSet Specifies the customer managed disk encryption set resource id for the managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and VMGuest blob. DiskEncryptionSetParameters
securityEncryptionType Specifies the EncryptionType of the managed disk. It is set to DiskWithVMGuestState for encryption of the managed disk along with VMGuestState blob, VMGuestStateOnly for encryption of just the VMGuestState blob, and NonPersistedTPM for not persisting firmware state in the VMGuestState blob.. Note: It can be set for only Confidential VMs. 'DiskWithVMGuestState'
'NonPersistedTPM'
'VMGuestStateOnly'

VMGalleryApplication

Name Description Value
configurationReference Optional, Specifies the uri to an azure blob that will replace the default configuration for the package if provided string
enableAutomaticUpgrade If set to true, when a new Gallery Application version is available in PIR/SIG, it will be automatically updated for the VM/VMSS bool
order Optional, Specifies the order in which the packages have to be installed int
packageReferenceId Specifies the GalleryApplicationVersion resource id on the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/applications/{application}/versions/{version} string (required)
tags Optional, Specifies a passthrough value for more generic context. string
treatFailureAsDeploymentFailure Optional, If true, any failure for any operation in the VmApplication will fail the deployment bool

VMSizeProperties

Name Description Value
vCPUsAvailable Specifies the number of vCPUs available for the VM. When this property is not specified in the request body the default behavior is to set it to the value of vCPUs available for that VM size exposed in api response of List all available virtual machine sizes in a region. int
vCPUsPerCore Specifies the vCPU to physical core ratio. When this property is not specified in the request body the default behavior is set to the value of vCPUsPerCore for the VM Size exposed in api response of List all available virtual machine sizes in a region. Setting this property to 1 also means that hyper-threading is disabled. int

WindowsConfiguration

Name Description Value
additionalUnattendContent Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. AdditionalUnattendContent[]
enableAutomaticUpdates Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. bool
patchSettings [Preview Feature] Specifies settings related to VM Guest Patching on Windows. PatchSettings
provisionVMAgent Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, it is set to true by default. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. bool
timeZone Specifies the time zone of the virtual machine. e.g. "Pacific Standard Time". Possible values can be TimeZoneInfo.Id value from time zones returned by TimeZoneInfo.GetSystemTimeZones. string
winRM Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. WinRMConfiguration

WindowsVMGuestPatchAutomaticByPlatformSettings

Name Description Value
bypassPlatformSafetyChecksOnUserSchedule Enables customer to schedule patching without accidental upgrades bool
rebootSetting Specifies the reboot setting for all AutomaticByPlatform patch installation operations. 'Always'
'IfRequired'
'Never'
'Unknown'

WinRMConfiguration

Name Description Value
listeners The list of Windows Remote Management listeners WinRMListener[]

WinRMListener

Name Description Value
certificateUrl This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be the Base64 encoding of the following JSON Object which is encoded in UTF-8:

{
"data":"<Base64-encoded-certificate>",
"dataType":"pfx",
"password":"<pfx-file-password>"
}
To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows.
string
protocol Specifies the protocol of WinRM listener. Possible values are: http, https. 'Http'
'Https'

Usage Examples

Terraform Samples

A attachdatadisk example of deploying Virtual Machine.

terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}

provider "azapi" {
  skip_provider_registration = false
}

variable "resource_name" {
  type    = string
  default = "acctest0001"
}

variable "location" {
  type    = string
  default = "westeurope"
}

variable "admin_username" {
  type        = string
  description = "The administrator username for the virtual machine"
}

variable "admin_password" {
  type        = string
  description = "The administrator password for the virtual machine"
  sensitive   = true
}

locals {
  os_disk_name            = "myosdisk1"
  data_disk_name          = "mydatadisk1"
  attached_data_disk_name = "myattacheddatadisk1"
}

resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  location = var.location
}

resource "azapi_resource" "virtualNetwork" {
  type      = "Microsoft.Network/virtualNetworks@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    properties = {
      addressSpace = {
        addressPrefixes = [
          "10.0.0.0/16",
        ]
      }
      dhcpOptions = {
        dnsServers = [
        ]
      }
      subnets = [
      ]
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
  lifecycle {
    ignore_changes = [body.properties.subnets]
  }
}

resource "azapi_resource" "subnet" {
  type      = "Microsoft.Network/virtualNetworks/subnets@2022-07-01"
  parent_id = azapi_resource.virtualNetwork.id
  name      = var.resource_name
  body = {
    properties = {
      addressPrefix = "10.0.2.0/24"
      delegations = [
      ]
      privateEndpointNetworkPolicies    = "Enabled"
      privateLinkServiceNetworkPolicies = "Enabled"
      serviceEndpointPolicies = [
      ]
      serviceEndpoints = [
      ]
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_resource" "networkInterface" {
  type      = "Microsoft.Network/networkInterfaces@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    properties = {
      enableAcceleratedNetworking = false
      enableIPForwarding          = false
      ipConfigurations = [
        {
          name = "testconfiguration1"
          properties = {
            primary                   = true
            privateIPAddressVersion   = "IPv4"
            privateIPAllocationMethod = "Dynamic"
            subnet = {
              id = azapi_resource.subnet.id
            }
          }
        },
      ]
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_resource" "attachedDisk" {
  type      = "Microsoft.Compute/disks@2022-03-02"
  parent_id = azapi_resource.resourceGroup.id
  name      = local.attached_data_disk_name
  location  = var.location
  body = {
    properties = {
      creationData = {
        createOption = "Empty"
      }
      diskSizeGB = 1
      encryption = {
        type = "EncryptionAtRestWithPlatformKey"
      }
      networkAccessPolicy = "AllowAll"
      osType              = "Linux"
      publicNetworkAccess = "Enabled"
    }
    sku = {
      name = "Standard_LRS"
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_resource" "virtualMachine" {
  type      = "Microsoft.Compute/virtualMachines@2023-03-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    properties = {
      hardwareProfile = {
        vmSize = "Standard_F2"
      }
      networkProfile = {
        networkInterfaces = [
          {
            id = azapi_resource.networkInterface.id
            properties = {
              primary = false
            }
          },
        ]
      }
      osProfile = {
        adminPassword = var.admin_password
        adminUsername = var.admin_username
        computerName  = "hostname230630032848831819"
        linuxConfiguration = {
          disablePasswordAuthentication = false
        }
      }
      storageProfile = {
        imageReference = {
          offer     = "UbuntuServer"
          publisher = "Canonical"
          sku       = "16.04-LTS"
          version   = "latest"
        }
        osDisk = {
          caching                 = "ReadWrite"
          createOption            = "FromImage"
          name                    = local.os_disk_name
          writeAcceleratorEnabled = false
        }
        dataDisks = [
          {
            caching      = "ReadWrite"
            createOption = "Empty"
            name         = local.data_disk_name
            diskSizeGB   = 1
            lun          = 1
            managedDisk = {
              storageAccountType = "Standard_LRS"
            }
          },
          {
            caching      = "ReadWrite"
            createOption = "Attach"
            name         = azapi_resource.attachedDisk.name
            lun          = 2
            managedDisk = {
              id = azapi_resource.attachedDisk.id
            }
          }
        ]
      }
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

A attachosdisk example of deploying Virtual Machine.

terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}

provider "azapi" {
  skip_provider_registration = false
}

variable "resource_name" {
  type    = string
  default = "acctest0001"
}

variable "location" {
  type    = string
  default = "westeurope"
}

variable "admin_username" {
  type        = string
  description = "The administrator username for the virtual machine"
}

variable "admin_password" {
  type        = string
  description = "The administrator password for the virtual machine"
  sensitive   = true
}

variable "attached_resource_name" {
  type    = string
  default = "acctest0002"
}

locals {
  os_disk_name          = "myosdisk1"
  attached_os_disk_name = "myosdisk2"
}

resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  location = var.location
}

resource "azapi_resource" "virtualNetwork" {
  type      = "Microsoft.Network/virtualNetworks@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    properties = {
      addressSpace = {
        addressPrefixes = [
          "10.0.0.0/16",
        ]
      }
      dhcpOptions = {
        dnsServers = [
        ]
      }
      subnets = [
      ]
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
  lifecycle {
    ignore_changes = [body.properties.subnets]
  }
}

resource "azapi_resource" "subnet" {
  type      = "Microsoft.Network/virtualNetworks/subnets@2022-07-01"
  parent_id = azapi_resource.virtualNetwork.id
  name      = var.resource_name
  body = {
    properties = {
      addressPrefix = "10.0.2.0/24"
      delegations = [
      ]
      privateEndpointNetworkPolicies    = "Enabled"
      privateLinkServiceNetworkPolicies = "Enabled"
      serviceEndpointPolicies = [
      ]
      serviceEndpoints = [
      ]
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_resource" "networkInterface" {
  type      = "Microsoft.Network/networkInterfaces@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    properties = {
      enableAcceleratedNetworking = false
      enableIPForwarding          = false
      ipConfigurations = [
        {
          name = "testconfiguration1"
          properties = {
            primary                   = true
            privateIPAddressVersion   = "IPv4"
            privateIPAllocationMethod = "Dynamic"
            subnet = {
              id = azapi_resource.subnet.id
            }
          }
        },
      ]
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}


resource "azapi_resource" "virtualMachine" {
  type      = "Microsoft.Compute/virtualMachines@2023-03-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    properties = {
      hardwareProfile = {
        vmSize = "Standard_F2"
      }
      networkProfile = {
        networkInterfaces = [
          {
            id = azapi_resource.networkInterface.id
            properties = {
              primary = false
            }
          },
        ]
      }
      osProfile = {
        adminPassword = var.admin_password
        adminUsername = var.admin_username
        computerName  = "hostname230630032848831819"
        linuxConfiguration = {
          disablePasswordAuthentication = false
        }
      }
      storageProfile = {
        imageReference = {
          offer     = "UbuntuServer"
          publisher = "Canonical"
          sku       = "16.04-LTS"
          version   = "latest"
        }
        osDisk = {
          caching                 = "ReadWrite"
          createOption            = "FromImage"
          name                    = local.os_disk_name
          writeAcceleratorEnabled = false
        }
      }
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

data "azapi_resource" "managedDisk" {
  type      = "Microsoft.Compute/disks@2023-10-02"
  parent_id = azapi_resource.resourceGroup.id
  name      = local.os_disk_name

  depends_on = [azapi_resource.virtualMachine]
}

resource "azapi_resource" "snapshot" {
  type      = "Microsoft.Compute/snapshots@2023-10-02"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    sku = {
      name = "Standard_ZRS"
    }
    properties = {
      creationData = {
        createOption     = "Copy"
        sourceResourceId = data.azapi_resource.managedDisk.id
      }
      diskSizeGB = 30
      encryption = {
        type = "EncryptionAtRestWithPlatformKey"
      }
      networkAccessPolicy = "AllowAll"
      osType              = "Linux"
      hyperVGeneration    = "V1"
      incremental         = true
      publicNetworkAccess = "Enabled"
      supportedCapabilities = {
        architecture = "x64"
      }
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_resource" "attachedManagedDisk" {
  type      = "Microsoft.Compute/disks@2023-10-02"
  parent_id = azapi_resource.resourceGroup.id
  name      = local.attached_os_disk_name
  location  = var.location
  body = {
    properties = {
      creationData = {
        createOption     = "Copy",
        sourceResourceId = azapi_resource.snapshot.id
      }

      diskSizeGB = 30
      encryption = {
        type = "EncryptionAtRestWithPlatformKey"
      }
      networkAccessPolicy = "AllowAll"
      osType              = "Linux"
      hyperVGeneration    = "V1"
      publicNetworkAccess = "Enabled"
      supportedCapabilities = {
        architecture = "x64"
      }
    }
    sku = {
      name = "Standard_LRS"
    }
    zones = [
      "1"
    ]
  }

  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_resource" "attachedNetworkInterface" {
  type      = "Microsoft.Network/networkInterfaces@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.attached_resource_name
  location  = var.location
  body = {
    properties = {
      enableAcceleratedNetworking = false
      enableIPForwarding          = false
      ipConfigurations = [
        {
          name = "testconfiguration2"
          properties = {
            primary                   = true
            privateIPAddressVersion   = "IPv4"
            privateIPAllocationMethod = "Dynamic"
            subnet = {
              id = azapi_resource.subnet.id
            }
          }
        }
      ]
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_resource" "attachedVirtualMachine" {
  type      = "Microsoft.Compute/virtualMachines@2023-03-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.attached_resource_name
  location  = var.location
  body = {
    properties = {
      hardwareProfile = {
        vmSize = "Standard_F2"
      }
      networkProfile = {
        networkInterfaces = [
          {
            id = azapi_resource.attachedNetworkInterface.id
            properties = {
              primary = false
            }
          },
        ]
      }
      storageProfile = {
        osDisk = {
          caching                 = "ReadWrite"
          createOption            = "Attach"
          name                    = local.attached_os_disk_name
          osType                  = "Linux",
          writeAcceleratorEnabled = false
          managedDisk = {
            id = azapi_resource.attachedManagedDisk.id
          }
        }
      }
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

A basic example of deploying Virtual Machine.

terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}

provider "azapi" {
  skip_provider_registration = false
}

variable "resource_name" {
  type    = string
  default = "acctest0001"
}

variable "location" {
  type    = string
  default = "westeurope"
}

variable "admin_username" {
  type        = string
  description = "The administrator username for the virtual machine"
}

variable "admin_password" {
  type        = string
  description = "The administrator password for the virtual machine"
  sensitive   = true
}

resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  location = var.location
}

resource "azapi_resource" "virtualNetwork" {
  type      = "Microsoft.Network/virtualNetworks@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    properties = {
      addressSpace = {
        addressPrefixes = [
          "10.0.0.0/16",
        ]
      }
      dhcpOptions = {
        dnsServers = [
        ]
      }
      subnets = [
      ]
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
  lifecycle {
    ignore_changes = [body.properties.subnets]
  }
}

resource "azapi_resource" "subnet" {
  type      = "Microsoft.Network/virtualNetworks/subnets@2022-07-01"
  parent_id = azapi_resource.virtualNetwork.id
  name      = var.resource_name
  body = {
    properties = {
      addressPrefix = "10.0.2.0/24"
      delegations = [
      ]
      privateEndpointNetworkPolicies    = "Enabled"
      privateLinkServiceNetworkPolicies = "Enabled"
      serviceEndpointPolicies = [
      ]
      serviceEndpoints = [
      ]
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_resource" "networkInterface" {
  type      = "Microsoft.Network/networkInterfaces@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    properties = {
      enableAcceleratedNetworking = false
      enableIPForwarding          = false
      ipConfigurations = [
        {
          name = "testconfiguration1"
          properties = {
            primary                   = true
            privateIPAddressVersion   = "IPv4"
            privateIPAllocationMethod = "Dynamic"
            subnet = {
              id = azapi_resource.subnet.id
            }
          }
        },
      ]
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_resource" "virtualMachine" {
  type      = "Microsoft.Compute/virtualMachines@2023-03-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    properties = {
      hardwareProfile = {
        vmSize = "Standard_F2"
      }
      networkProfile = {
        networkInterfaces = [
          {
            id = azapi_resource.networkInterface.id
            properties = {
              primary = false
            }
          },
        ]
      }
      osProfile = {
        adminPassword = var.admin_password
        adminUsername = var.admin_username
        computerName  = "hostname230630032848831819"
        linuxConfiguration = {
          disablePasswordAuthentication = false
        }
      }
      storageProfile = {
        imageReference = {
          offer     = "UbuntuServer"
          publisher = "Canonical"
          sku       = "16.04-LTS"
          version   = "latest"
        }
        osDisk = {
          caching                 = "ReadWrite"
          createOption            = "FromImage"
          name                    = "myosdisk1"
          writeAcceleratorEnabled = false
        }
      }
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

A tagosdisk example of deploying Virtual Machine.

terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}

provider "azapi" {
  skip_provider_registration = false
}

variable "resource_name" {
  type    = string
  default = "acctest0001"
}

variable "location" {
  type    = string
  default = "westeurope"
}

variable "admin_username" {
  type        = string
  description = "The administrator username for the virtual machine"
}

variable "admin_password" {
  type        = string
  description = "The administrator password for the virtual machine"
  sensitive   = true
}

locals {
  os_disk_name = "myosdisk1"

  tags = {
    environment = "accTest0001"
  }
}

resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  location = var.location
}

resource "azapi_resource" "virtualNetwork" {
  type      = "Microsoft.Network/virtualNetworks@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    properties = {
      addressSpace = {
        addressPrefixes = [
          "10.0.0.0/16",
        ]
      }
      dhcpOptions = {
        dnsServers = [
        ]
      }
      subnets = [
      ]
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
  lifecycle {
    ignore_changes = [body.properties.subnets]
  }
}

resource "azapi_resource" "subnet" {
  type      = "Microsoft.Network/virtualNetworks/subnets@2022-07-01"
  parent_id = azapi_resource.virtualNetwork.id
  name      = var.resource_name
  body = {
    properties = {
      addressPrefix = "10.0.2.0/24"
      delegations = [
      ]
      privateEndpointNetworkPolicies    = "Enabled"
      privateLinkServiceNetworkPolicies = "Enabled"
      serviceEndpointPolicies = [
      ]
      serviceEndpoints = [
      ]
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_resource" "networkInterface" {
  type      = "Microsoft.Network/networkInterfaces@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    properties = {
      enableAcceleratedNetworking = false
      enableIPForwarding          = false
      ipConfigurations = [
        {
          name = "testconfiguration1"
          properties = {
            primary                   = true
            privateIPAddressVersion   = "IPv4"
            privateIPAllocationMethod = "Dynamic"
            subnet = {
              id = azapi_resource.subnet.id
            }
          }
        },
      ]
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}


resource "azapi_resource" "virtualMachine" {
  type      = "Microsoft.Compute/virtualMachines@2023-03-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    properties = {
      hardwareProfile = {
        vmSize = "Standard_F2"
      }
      networkProfile = {
        networkInterfaces = [
          {
            id = azapi_resource.networkInterface.id
            properties = {
              primary = false
            }
          },
        ]
      }
      osProfile = {
        adminPassword = var.admin_password
        adminUsername = var.admin_username
        computerName  = "hostname230630032848831819"
        linuxConfiguration = {
          disablePasswordAuthentication = false
        }
      }
      storageProfile = {
        imageReference = {
          offer     = "UbuntuServer"
          publisher = "Canonical"
          sku       = "16.04-LTS"
          version   = "latest"
        }
        osDisk = {
          caching                 = "ReadWrite"
          createOption            = "FromImage"
          name                    = local.os_disk_name
          writeAcceleratorEnabled = false
        }
      }
    }
    tags = local.tags
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

data "azapi_resource" "managedDisk" {
  type      = "Microsoft.Compute/disks@2022-03-02"
  parent_id = azapi_resource.resourceGroup.id
  name      = local.os_disk_name

  depends_on = [azapi_resource.virtualMachine]
}

resource "azapi_resource_action" "updateTags" {
  type        = "Microsoft.Compute/disks@2022-03-02"
  resource_id = data.azapi_resource.managedDisk.id
  method      = "PATCH"

  body = {
    tags = local.tags
  }

  depends_on = [azapi_resource.virtualMachine]
}

Azure Verified Modules

The following Azure Verified Modules can be used to deploy this resource type.

Module Description
Virtual Machine AVM Resource Module for Virtual Machine