Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The fleets resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.AzureFleet/fleets resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.AzureFleet/fleets@2025-07-01-preview' = {
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
location: 'string'
name: 'string'
plan: {
name: 'string'
product: 'string'
promotionCode: 'string'
publisher: 'string'
version: 'string'
}
properties: {
additionalLocationsProfile: {
locationProfiles: [
{
location: 'string'
virtualMachineProfileOverride: {
applicationProfile: {
galleryApplications: [
{
configurationReference: 'string'
enableAutomaticUpgrade: bool
order: int
packageReferenceId: 'string'
tags: 'string'
treatFailureAsDeploymentFailure: bool
}
]
}
capacityReservation: {
capacityReservationGroup: {
id: 'string'
}
}
diagnosticsProfile: {
bootDiagnostics: {
enabled: bool
storageUri: 'string'
}
}
extensionProfile: {
extensions: [
{
name: 'string'
properties: {
autoUpgradeMinorVersion: bool
enableAutomaticUpgrade: bool
forceUpdateTag: 'string'
protectedSettings: {
{customized property}: any(...)
}
protectedSettingsFromKeyVault: {
secretUrl: 'string'
sourceVault: {
id: 'string'
}
}
provisionAfterExtensions: [
'string'
]
publisher: 'string'
settings: {
{customized property}: any(...)
}
suppressFailures: bool
type: 'string'
typeHandlerVersion: 'string'
}
}
]
extensionsTimeBudget: 'string'
}
hardwareProfile: {
vmSizeProperties: {
vCPUsAvailable: int
vCPUsPerCore: int
}
}
licenseType: 'string'
networkProfile: {
healthProbe: {
id: 'string'
}
networkApiVersion: 'string'
networkInterfaceConfigurations: [
{
name: 'string'
properties: {
auxiliaryMode: 'string'
auxiliarySku: 'string'
deleteOption: 'string'
disableTcpStateTracking: bool
dnsSettings: {
dnsServers: [
'string'
]
}
enableAcceleratedNetworking: bool
enableFpga: bool
enableIPForwarding: bool
ipConfigurations: [
{
name: 'string'
properties: {
applicationGatewayBackendAddressPools: [
{
id: 'string'
}
]
applicationSecurityGroups: [
{
id: 'string'
}
]
loadBalancerBackendAddressPools: [
{
id: 'string'
}
]
loadBalancerInboundNatPools: [
{
id: 'string'
}
]
primary: bool
privateIPAddressVersion: 'string'
publicIPAddressConfiguration: {
name: 'string'
properties: {
deleteOption: 'string'
dnsSettings: {
domainNameLabel: 'string'
domainNameLabelScope: 'string'
}
idleTimeoutInMinutes: int
ipTags: [
{
ipTagType: 'string'
tag: 'string'
}
]
publicIPAddressVersion: 'string'
publicIPPrefix: {
id: 'string'
}
}
sku: {
name: 'string'
tier: 'string'
}
}
subnet: {
id: 'string'
}
}
}
]
networkSecurityGroup: {
id: 'string'
}
primary: bool
}
}
]
}
osProfile: {
adminPassword: 'string'
adminUsername: 'string'
allowExtensionOperations: bool
computerNamePrefix: 'string'
customData: 'string'
linuxConfiguration: {
disablePasswordAuthentication: bool
enableVMAgentPlatformUpdates: bool
patchSettings: {
assessmentMode: 'string'
automaticByPlatformSettings: {
bypassPlatformSafetyChecksOnUserSchedule: bool
rebootSetting: 'string'
}
patchMode: 'string'
}
provisionVMAgent: bool
ssh: {
publicKeys: [
{
keyData: 'string'
path: 'string'
}
]
}
}
requireGuestProvisionSignal: bool
secrets: [
{
sourceVault: {
id: 'string'
}
vaultCertificates: [
{
certificateStore: 'string'
certificateUrl: 'string'
}
]
}
]
windowsConfiguration: {
additionalUnattendContent: [
{
componentName: 'Microsoft-Windows-Shell-Setup'
content: 'string'
passName: 'OobeSystem'
settingName: 'string'
}
]
enableAutomaticUpdates: bool
enableVMAgentPlatformUpdates: bool
patchSettings: {
assessmentMode: 'string'
automaticByPlatformSettings: {
bypassPlatformSafetyChecksOnUserSchedule: bool
rebootSetting: 'string'
}
enableHotpatching: bool
patchMode: 'string'
}
provisionVMAgent: bool
timeZone: 'string'
winRM: {
listeners: [
{
certificateUrl: 'string'
protocol: 'string'
}
]
}
}
}
scheduledEventsProfile: {
osImageNotificationProfile: {
enable: bool
notBeforeTimeout: 'string'
}
terminateNotificationProfile: {
enable: bool
notBeforeTimeout: 'string'
}
}
securityPostureReference: {
excludeExtensions: [
'string'
]
id: 'string'
isOverridable: bool
}
securityProfile: {
encryptionAtHost: bool
encryptionIdentity: {
userAssignedIdentityResourceId: 'string'
}
proxyAgentSettings: {
enabled: bool
keyIncarnationId: int
mode: 'string'
}
securityType: 'string'
uefiSettings: {
secureBootEnabled: bool
vTpmEnabled: bool
}
}
serviceArtifactReference: {
id: 'string'
}
storageProfile: {
dataDisks: [
{
caching: 'string'
createOption: 'string'
deleteOption: 'string'
diskIOPSReadWrite: int
diskMBpsReadWrite: int
diskSizeGB: int
lun: int
managedDisk: {
diskEncryptionSet: {
id: 'string'
}
securityProfile: {
diskEncryptionSet: {
id: 'string'
}
securityEncryptionType: 'string'
}
storageAccountType: 'string'
}
name: 'string'
writeAcceleratorEnabled: bool
}
]
diskControllerType: 'string'
imageReference: {
communityGalleryImageId: 'string'
id: 'string'
offer: 'string'
publisher: 'string'
sharedGalleryImageId: 'string'
sku: 'string'
version: 'string'
}
osDisk: {
caching: 'string'
createOption: 'string'
deleteOption: 'string'
diffDiskSettings: {
option: 'string'
placement: 'string'
}
diskSizeGB: int
image: {
uri: 'string'
}
managedDisk: {
diskEncryptionSet: {
id: 'string'
}
securityProfile: {
diskEncryptionSet: {
id: 'string'
}
securityEncryptionType: 'string'
}
storageAccountType: 'string'
}
name: 'string'
osType: 'string'
vhdContainers: [
'string'
]
writeAcceleratorEnabled: bool
}
}
userData: 'string'
}
}
]
}
capacityType: 'string'
computeProfile: {
additionalVirtualMachineCapabilities: {
hibernationEnabled: bool
ultraSSDEnabled: bool
}
baseVirtualMachineProfile: {
applicationProfile: {
galleryApplications: [
{
configurationReference: 'string'
enableAutomaticUpgrade: bool
order: int
packageReferenceId: 'string'
tags: 'string'
treatFailureAsDeploymentFailure: bool
}
]
}
capacityReservation: {
capacityReservationGroup: {
id: 'string'
}
}
diagnosticsProfile: {
bootDiagnostics: {
enabled: bool
storageUri: 'string'
}
}
extensionProfile: {
extensions: [
{
name: 'string'
properties: {
autoUpgradeMinorVersion: bool
enableAutomaticUpgrade: bool
forceUpdateTag: 'string'
protectedSettings: {
{customized property}: any(...)
}
protectedSettingsFromKeyVault: {
secretUrl: 'string'
sourceVault: {
id: 'string'
}
}
provisionAfterExtensions: [
'string'
]
publisher: 'string'
settings: {
{customized property}: any(...)
}
suppressFailures: bool
type: 'string'
typeHandlerVersion: 'string'
}
}
]
extensionsTimeBudget: 'string'
}
hardwareProfile: {
vmSizeProperties: {
vCPUsAvailable: int
vCPUsPerCore: int
}
}
licenseType: 'string'
networkProfile: {
healthProbe: {
id: 'string'
}
networkApiVersion: 'string'
networkInterfaceConfigurations: [
{
name: 'string'
properties: {
auxiliaryMode: 'string'
auxiliarySku: 'string'
deleteOption: 'string'
disableTcpStateTracking: bool
dnsSettings: {
dnsServers: [
'string'
]
}
enableAcceleratedNetworking: bool
enableFpga: bool
enableIPForwarding: bool
ipConfigurations: [
{
name: 'string'
properties: {
applicationGatewayBackendAddressPools: [
{
id: 'string'
}
]
applicationSecurityGroups: [
{
id: 'string'
}
]
loadBalancerBackendAddressPools: [
{
id: 'string'
}
]
loadBalancerInboundNatPools: [
{
id: 'string'
}
]
primary: bool
privateIPAddressVersion: 'string'
publicIPAddressConfiguration: {
name: 'string'
properties: {
deleteOption: 'string'
dnsSettings: {
domainNameLabel: 'string'
domainNameLabelScope: 'string'
}
idleTimeoutInMinutes: int
ipTags: [
{
ipTagType: 'string'
tag: 'string'
}
]
publicIPAddressVersion: 'string'
publicIPPrefix: {
id: 'string'
}
}
sku: {
name: 'string'
tier: 'string'
}
}
subnet: {
id: 'string'
}
}
}
]
networkSecurityGroup: {
id: 'string'
}
primary: bool
}
}
]
}
osProfile: {
adminPassword: 'string'
adminUsername: 'string'
allowExtensionOperations: bool
computerNamePrefix: 'string'
customData: 'string'
linuxConfiguration: {
disablePasswordAuthentication: bool
enableVMAgentPlatformUpdates: bool
patchSettings: {
assessmentMode: 'string'
automaticByPlatformSettings: {
bypassPlatformSafetyChecksOnUserSchedule: bool
rebootSetting: 'string'
}
patchMode: 'string'
}
provisionVMAgent: bool
ssh: {
publicKeys: [
{
keyData: 'string'
path: 'string'
}
]
}
}
requireGuestProvisionSignal: bool
secrets: [
{
sourceVault: {
id: 'string'
}
vaultCertificates: [
{
certificateStore: 'string'
certificateUrl: 'string'
}
]
}
]
windowsConfiguration: {
additionalUnattendContent: [
{
componentName: 'Microsoft-Windows-Shell-Setup'
content: 'string'
passName: 'OobeSystem'
settingName: 'string'
}
]
enableAutomaticUpdates: bool
enableVMAgentPlatformUpdates: bool
patchSettings: {
assessmentMode: 'string'
automaticByPlatformSettings: {
bypassPlatformSafetyChecksOnUserSchedule: bool
rebootSetting: 'string'
}
enableHotpatching: bool
patchMode: 'string'
}
provisionVMAgent: bool
timeZone: 'string'
winRM: {
listeners: [
{
certificateUrl: 'string'
protocol: 'string'
}
]
}
}
}
scheduledEventsProfile: {
osImageNotificationProfile: {
enable: bool
notBeforeTimeout: 'string'
}
terminateNotificationProfile: {
enable: bool
notBeforeTimeout: 'string'
}
}
securityPostureReference: {
excludeExtensions: [
'string'
]
id: 'string'
isOverridable: bool
}
securityProfile: {
encryptionAtHost: bool
encryptionIdentity: {
userAssignedIdentityResourceId: 'string'
}
proxyAgentSettings: {
enabled: bool
keyIncarnationId: int
mode: 'string'
}
securityType: 'string'
uefiSettings: {
secureBootEnabled: bool
vTpmEnabled: bool
}
}
serviceArtifactReference: {
id: 'string'
}
storageProfile: {
dataDisks: [
{
caching: 'string'
createOption: 'string'
deleteOption: 'string'
diskIOPSReadWrite: int
diskMBpsReadWrite: int
diskSizeGB: int
lun: int
managedDisk: {
diskEncryptionSet: {
id: 'string'
}
securityProfile: {
diskEncryptionSet: {
id: 'string'
}
securityEncryptionType: 'string'
}
storageAccountType: 'string'
}
name: 'string'
writeAcceleratorEnabled: bool
}
]
diskControllerType: 'string'
imageReference: {
communityGalleryImageId: 'string'
id: 'string'
offer: 'string'
publisher: 'string'
sharedGalleryImageId: 'string'
sku: 'string'
version: 'string'
}
osDisk: {
caching: 'string'
createOption: 'string'
deleteOption: 'string'
diffDiskSettings: {
option: 'string'
placement: 'string'
}
diskSizeGB: int
image: {
uri: 'string'
}
managedDisk: {
diskEncryptionSet: {
id: 'string'
}
securityProfile: {
diskEncryptionSet: {
id: 'string'
}
securityEncryptionType: 'string'
}
storageAccountType: 'string'
}
name: 'string'
osType: 'string'
vhdContainers: [
'string'
]
writeAcceleratorEnabled: bool
}
}
userData: 'string'
}
computeApiVersion: 'string'
platformFaultDomainCount: int
}
mode: 'string'
regularPriorityProfile: {
allocationStrategy: 'string'
capacity: int
minCapacity: int
}
spotPriorityProfile: {
allocationStrategy: 'string'
capacity: int
evictionPolicy: 'string'
maintain: bool
maxPricePerVM: int
minCapacity: int
}
vmAttributes: {
acceleratorCount: {
max: int
min: int
}
acceleratorManufacturers: [
'string'
]
acceleratorSupport: 'string'
acceleratorTypes: [
'string'
]
architectureTypes: [
'string'
]
burstableSupport: 'string'
cpuManufacturers: [
'string'
]
dataDiskCount: {
max: int
min: int
}
excludedVMSizes: [
'string'
]
localStorageDiskTypes: [
'string'
]
localStorageInGiB: {
max: int
min: int
}
localStorageSupport: 'string'
memoryInGiB: {
max: int
min: int
}
memoryInGiBPerVCpu: {
max: int
min: int
}
networkBandwidthInMbps: {
max: int
min: int
}
networkInterfaceCount: {
max: int
min: int
}
rdmaNetworkInterfaceCount: {
max: int
min: int
}
rdmaSupport: 'string'
vCpuCount: {
max: int
min: int
}
vmCategories: [
'string'
]
}
vmSizesProfile: [
{
name: 'string'
rank: int
}
]
zoneAllocationPolicy: {
distributionStrategy: 'string'
zonePreferences: [
{
rank: int
zone: 'string'
}
]
}
}
tags: {
{customized property}: 'string'
}
zones: [
'string'
]
}
Property Values
Microsoft.AzureFleet/fleets
| Name | Description | Value |
|---|---|---|
| identity | The managed service identities assigned to this resource. | ManagedServiceIdentity |
| location | The geo-location where the resource lives | string (required) |
| name | The resource name | string Constraints: Pattern = ^[^_\W][\w\-._]{0,79}(?<![-.])$ (required) |
| plan | Details of the resource plan. | Plan |
| properties | The resource-specific properties for this resource. | FleetProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| zones | Zones in which the Compute Fleet is available | string[] |
AdditionalCapabilities
| Name | Description | Value |
|---|---|---|
| hibernationEnabled | The flag that enables or disables hibernation capability on the VM. | bool |
| ultraSSDEnabled | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. |
bool |
AdditionalLocationsProfile
| Name | Description | Value |
|---|---|---|
| locationProfiles | The list of location profiles. | LocationProfile[] (required) |
AdditionalUnattendContent
| Name | Description | Value |
|---|---|---|
| componentName | The component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup. |
'Microsoft-Windows-Shell-Setup' |
| content | Specifies the XML formatted content that is added to the unattend.xml file for the specified path and component. The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted. |
string Constraints: Sensitive value. Pass in as a secure parameter. |
| passName | The pass name. Currently, the only allowable value is OobeSystem. | 'OobeSystem' |
| settingName | Specifies the name of the setting to which the content applies. Possible values are: FirstLogonCommands and AutoLogon. |
'AutoLogon' 'FirstLogonCommands' |
ApiEntityReference
| Name | Description | Value |
|---|---|---|
| id | The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/... |
string |
ApplicationProfile
| Name | Description | Value |
|---|---|---|
| galleryApplications | Specifies the gallery applications that should be made available to the VM/VMSS | VMGalleryApplication[] |
BaseVirtualMachineProfile
| Name | Description | Value |
|---|---|---|
| applicationProfile | Specifies the gallery applications that should be made available to the VM/VMSS | ApplicationProfile |
| capacityReservation | Specifies the capacity reservation related details of a scale set. Minimum api-version: 2021-04-01. |
CapacityReservationProfile |
| diagnosticsProfile | Specifies the boot diagnostic settings state. | DiagnosticsProfile |
| extensionProfile | Specifies a collection of settings for extensions installed on virtual machines in the scale set. |
VirtualMachineScaleSetExtensionProfile |
| hardwareProfile | Specifies the hardware profile related details of a scale set. Minimum api-version: 2021-11-01. |
VirtualMachineScaleSetHardwareProfile |
| licenseType | Specifies that the image or disk that is being used was licensed on-premises. Possible values for Windows Server operating system are: Windows_Client Windows_Server Possible values for Linux Server operating system are: RHEL_BYOS (for RHEL) SLES_BYOS (for SUSE) For more information, see Azure Hybrid Use Benefit for Windows Server Azure Hybrid Use Benefit for Linux Server Minimum api-version: 2015-06-15 |
string |
| networkProfile | Specifies properties of the network interfaces of the virtual machines in the scale set. |
VirtualMachineScaleSetNetworkProfile |
| osProfile | Specifies the operating system settings for the virtual machines in the scale set. |
VirtualMachineScaleSetOSProfile |
| scheduledEventsProfile | Specifies Scheduled Event related configurations. | ScheduledEventsProfile |
| securityPostureReference | Specifies the security posture to be used for all virtual machines in the scale set. Minimum api-version: 2023-03-01 |
SecurityPostureReference |
| securityProfile | Specifies the Security related profile settings for the virtual machines in the scale set. |
SecurityProfile |
| serviceArtifactReference | Specifies the service artifact reference id used to set same image version for all virtual machines in the scale set when using 'latest' image version. Minimum api-version: 2022-11-01 |
ServiceArtifactReference |
| storageProfile | Specifies the storage settings for the virtual machine disks. | VirtualMachineScaleSetStorageProfile |
| userData | UserData for the virtual machines in the scale set, which must be base-64 encoded. Customer should not pass any secrets in here. Minimum api-version: 2021-03-01. |
string |
BootDiagnostics
| Name | Description | Value |
|---|---|---|
| enabled | Whether boot diagnostics should be enabled on the Virtual Machine. | bool |
| storageUri | Uri of the storage account to use for placing the console output and screenshot. If storageUri is not specified while enabling boot diagnostics, managed storage will be used. |
string |
CapacityReservationProfile
| Name | Description | Value |
|---|---|---|
| capacityReservationGroup | Specifies the capacity reservation group resource id that should be used for allocating the virtual machine or scaleset vm instances provided enough capacity has been reserved. Please refer to https://aka.ms/CapacityReservation for more details. |
SubResource |
ComputeProfile
| Name | Description | Value |
|---|---|---|
| additionalVirtualMachineCapabilities | Specifies VMSS and VM API entity models support two additional capabilities as of today: ultraSSDEnabled and hibernationEnabled. ultraSSDEnabled: Enables UltraSSD_LRS storage account type on the VMSS VMs. hibernationEnabled: Enables the hibernation capability on the VMSS VMs. Default value is null if not specified. This property cannot be updated once set. |
AdditionalCapabilities |
| baseVirtualMachineProfile | Base Virtual Machine Profile Properties to be specified according to "specification/compute/resource-manager/Microsoft.Compute/ComputeRP/stable/{computeApiVersion}/virtualMachineScaleSet.json#/definitions/VirtualMachineScaleSetVMProfile" | BaseVirtualMachineProfile (required) |
| computeApiVersion | Specifies the Microsoft.Compute API version to use when creating underlying Virtual Machine scale sets and Virtual Machines. The default value will be the latest supported computeApiVersion by Compute Fleet. |
string |
| platformFaultDomainCount | Specifies the number of fault domains to use when creating the underlying VMSS. A fault domain is a logical group of hardware within an Azure datacenter. VMs in the same fault domain share a common power source and network switch. If not specified, defaults to 1, which represents "Max Spreading" (using as many fault domains as possible). This property cannot be updated. |
int |
DiagnosticsProfile
| Name | Description | Value |
|---|---|---|
| bootDiagnostics | Boot Diagnostics is a debugging feature which allows you to view Console Output and Screenshot to diagnose VM status. NOTE: If storageUri is being specified then ensure that the storage account is in the same region and subscription as the VM. You can easily view the output of your console log. Azure also enables you to see a screenshot of the VM from the hypervisor. |
BootDiagnostics |
DiffDiskSettings
| Name | Description | Value |
|---|---|---|
| option | Specifies the ephemeral disk settings for operating system disk. | 'Local' |
| placement | Specifies the ephemeral disk placement for operating system disk. Possible values are: CacheDisk, ResourceDisk. The defaulting behavior is: CacheDisk if one is configured for the VM size otherwise ResourceDisk is used. Refer to the VM size documentation for Windows VM at /azure/virtual-machines/windows/sizes and Linux VM at /azure/virtual-machines/linux/sizes to check which VM sizes exposes a cache disk. |
'CacheDisk' 'NvmeDisk' 'ResourceDisk' |
DiskEncryptionSetParameters
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
EncryptionIdentity
| Name | Description | Value |
|---|---|---|
| userAssignedIdentityResourceId | Specifies ARM Resource ID of one of the user identities associated with the VM. | string |
FleetProperties
| Name | Description | Value |
|---|---|---|
| additionalLocationsProfile | Represents the configuration for additional locations where Fleet resources may be deployed. | AdditionalLocationsProfile |
| capacityType | Specifies capacity type for Fleet Regular and Spot priority profiles. capacityType is an immutable property. Once set during Fleet creation, it cannot be updated. Specifying different capacity type for Fleet Regular and Spot priority profiles is not allowed. |
'VCpu' 'VM' |
| computeProfile | Compute Profile to use for running user's workloads. | ComputeProfile (required) |
| mode | Mode of the Fleet. | 'Instance' 'Managed' |
| regularPriorityProfile | Configuration Options for Regular instances in Compute Fleet. | RegularPriorityProfile |
| spotPriorityProfile | Configuration Options for Spot instances in Compute Fleet. | SpotPriorityProfile |
| vmAttributes | Attribute based Fleet. | VMAttributes |
| vmSizesProfile | List of VM sizes supported for Compute Fleet | VmSizeProfile[] (required) |
| zoneAllocationPolicy | Zone Allocation Policy for Fleet. | ZoneAllocationPolicy |
ImageReference
| Name | Description | Value |
|---|---|---|
| communityGalleryImageId | Specified the community gallery image unique id for vm deployment. This can be fetched from community gallery image GET call. |
string |
| id | Resource Id | string |
| offer | Specifies the offer of the platform image or marketplace image used to create the virtual machine. |
string |
| publisher | The image publisher. | string |
| sharedGalleryImageId | Specified the shared gallery image unique id for vm deployment. This can be fetched from shared gallery image GET call. |
string |
| sku | The image SKU. | string |
| version | Specifies the version of the platform image or marketplace image used to create the virtual machine. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available. Please do not use field 'version' for gallery image deployment, gallery image should always use 'id' field for deployment, to use 'latest' version of gallery image, just set '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/images/{imageName}' in the 'id' field without version input. |
string |
KeyVaultSecretReference
| Name | Description | Value |
|---|---|---|
| secretUrl | The URL referencing a secret in a Key Vault. | string (required) |
| sourceVault | The relative URL of the Key Vault containing the secret. | SubResource (required) |
LinuxConfiguration
| Name | Description | Value |
|---|---|---|
| disablePasswordAuthentication | Specifies whether password authentication should be disabled. | bool |
| enableVMAgentPlatformUpdates | Indicates whether VMAgent Platform Updates is enabled for the Linux virtual machine. Default value is false. |
bool |
| patchSettings | [Preview Feature] Specifies settings related to VM Guest Patching on Linux. | LinuxPatchSettings |
| provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. |
bool |
| ssh | Specifies the ssh key configuration for a Linux OS. | SshConfiguration |
LinuxPatchSettings
| Name | Description | Value |
|---|---|---|
| assessmentMode | Specifies the mode of VM Guest Patch Assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. |
'AutomaticByPlatform' 'ImageDefault' |
| automaticByPlatformSettings | Specifies additional settings for patch mode AutomaticByPlatform in VM Guest Patching on Linux. |
LinuxVMGuestPatchAutomaticByPlatformSettings |
| patchMode | Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: ImageDefault - The virtual machine's default patching configuration is used. AutomaticByPlatform - The virtual machine will be automatically updated by the platform. The property provisionVMAgent must be true |
'AutomaticByPlatform' 'ImageDefault' |
LinuxVMGuestPatchAutomaticByPlatformSettings
| Name | Description | Value |
|---|---|---|
| bypassPlatformSafetyChecksOnUserSchedule | Enables customer to schedule patching without accidental upgrades | bool |
| rebootSetting | Specifies the reboot setting for all AutomaticByPlatform patch installation operations. |
'Always' 'IfRequired' 'Never' 'Unknown' |
LocationProfile
| Name | Description | Value |
|---|---|---|
| location | The ARM location name of the additional region. If LocationProfile is specified, then location is required. | string (required) |
| virtualMachineProfileOverride | An override for computeProfile.baseVirtualMachineProfile specific to this region. This override is merged with the base virtual machine profile to define the final virtual machine profile for the resources deployed in this location. |
BaseVirtualMachineProfile |
ManagedServiceIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
| userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
OSImageNotificationProfile
| Name | Description | Value |
|---|---|---|
| enable | Specifies whether the OS Image Scheduled event is enabled or disabled. | bool |
| notBeforeTimeout | Length of time a Virtual Machine being reimaged or having its OS upgraded will have to potentially approve the OS Image Scheduled Event before the event is auto approved (timed out). The configuration is specified in ISO 8601 format, and the value must not exceed 15 minutes (PT15M) |
string |
PatchSettings
| Name | Description | Value |
|---|---|---|
| assessmentMode | Specifies the mode of VM Guest patch assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. |
'AutomaticByPlatform' 'ImageDefault' |
| automaticByPlatformSettings | Specifies additional settings for patch mode AutomaticByPlatform in VM Guest Patching on Windows. |
WindowsVMGuestPatchAutomaticByPlatformSettings |
| enableHotpatching | Enables customers to patch their Azure VMs without requiring a reboot. For enableHotpatching, the 'provisionVMAgent' must be set to true and 'patchMode' must be set to 'AutomaticByPlatform'. |
bool |
| patchMode | Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: Manual - You control the application of patches to a virtual machine. You do this by applying patches manually inside the VM. In this mode, automatic updates are disabled; the property WindowsConfiguration.enableAutomaticUpdates must be false AutomaticByOS - The virtual machine will automatically be updated by the OS. The property WindowsConfiguration.enableAutomaticUpdates must be true. AutomaticByPlatform - the virtual machine will automatically updated by the platform. The properties provisionVMAgent and WindowsConfiguration.enableAutomaticUpdates must be true |
'AutomaticByOS' 'AutomaticByPlatform' 'Manual' |
Plan
| Name | Description | Value |
|---|---|---|
| name | A user defined name of the 3rd Party Artifact that is being procured. | string (required) |
| product | The 3rd Party artifact that is being procured. E.g. NewRelic. Product maps to the OfferID specified for the artifact at the time of Data Market onboarding. | string (required) |
| promotionCode | A publisher provided promotion code as provisioned in Data Market for the said product/artifact. | string |
| publisher | The publisher of the 3rd Party Artifact that is being bought. E.g. NewRelic | string (required) |
| version | The version of the desired product/artifact. | string |
ProxyAgentSettings
| Name | Description | Value |
|---|---|---|
| enabled | Specifies whether ProxyAgent feature should be enabled on the virtual machine or virtual machine scale set. |
bool |
| keyIncarnationId | Increase the value of this property allows user to reset the key used for securing communication channel between guest and host. |
int |
| mode | Specifies the mode that ProxyAgent will execute on if the feature is enabled. ProxyAgent will start to audit or monitor but not enforce access control over requests to host endpoints in Audit mode, while in Enforce mode it will enforce access control. The default value is Enforce mode. |
'Audit' 'Enforce' |
PublicIPAddressSku
| Name | Description | Value |
|---|---|---|
| name | Specify public IP sku name | 'Basic' 'Standard' |
| tier | Specify public IP sku tier | 'Global' 'Regional' |
RegularPriorityProfile
| Name | Description | Value |
|---|---|---|
| allocationStrategy | Allocation strategy to follow when determining the VM sizes distribution for Regular VMs. | 'LowestPrice' 'Prioritized' |
| capacity | Total capacity to achieve. It is currently in terms of number of VMs. | int Constraints: Min value = 0 |
| minCapacity | Minimum capacity to achieve which cannot be updated. If we will not be able to "guarantee" minimum capacity, we will reject the request in the sync path itself. | int Constraints: Min value = 0 |
ScheduledEventsProfile
| Name | Description | Value |
|---|---|---|
| osImageNotificationProfile | Specifies OS Image Scheduled Event related configurations. | OSImageNotificationProfile |
| terminateNotificationProfile | Specifies Terminate Scheduled Event related configurations. | TerminateNotificationProfile |
SecurityPostureReference
| Name | Description | Value |
|---|---|---|
| excludeExtensions | List of virtual machine extension names to exclude when applying the security posture. |
string[] |
| id | The security posture reference id in the form of /CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|{major.*}|latest |
string |
| isOverridable | Whether the security posture can be overridden by the user. | bool |
SecurityProfile
| Name | Description | Value |
|---|---|---|
| encryptionAtHost | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. The default behavior is: The Encryption at host will be disabled unless this property is set to true for the resource. |
bool |
| encryptionIdentity | Specifies the Managed Identity used by ADE to get access token for keyvault operations. |
EncryptionIdentity |
| proxyAgentSettings | Specifies ProxyAgent settings while creating the virtual machine. Minimum api-version: 2023-09-01. |
ProxyAgentSettings |
| securityType | Specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UefiSettings. The default behavior is: UefiSettings will not be enabled unless this property is set. |
'ConfidentialVM' 'TrustedLaunch' |
| uefiSettings | Specifies the security settings like secure boot and vTPM used while creating the virtual machine. Minimum api-version: 2020-12-01. |
UefiSettings |
ServiceArtifactReference
| Name | Description | Value |
|---|---|---|
| id | The service artifact reference id in the form of /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/galleries/{galleryName}/serviceArtifacts/{serviceArtifactName}/vmArtifactsProfiles/{vmArtifactsProfilesName} |
string |
SpotPriorityProfile
| Name | Description | Value |
|---|---|---|
| allocationStrategy | Allocation strategy to follow when determining the VM sizes distribution for Spot VMs. | 'CapacityOptimized' 'LowestPrice' 'PriceCapacityOptimized' |
| capacity | Total capacity to achieve. It is currently in terms of number of VMs. | int Constraints: Min value = 0 |
| evictionPolicy | Eviction Policy to follow when evicting Spot VMs. | 'Deallocate' 'Delete' |
| maintain | Flag to enable/disable continuous goal seeking for the desired capacity and restoration of evicted Spot VMs. If maintain is enabled, AzureFleetRP will use all VM sizes in vmSizesProfile to create new VMs (if VMs are evicted deleted) or update existing VMs with new VM sizes (if VMs are evicted deallocated or failed to allocate due to capacity constraint) in order to achieve the desired capacity. Maintain is enabled by default. |
bool |
| maxPricePerVM | Price per hour of each Spot VM will never exceed this. | int |
| minCapacity | Minimum capacity to achieve which cannot be updated. If we will not be able to "guarantee" minimum capacity, we will reject the request in the sync path itself. | int Constraints: Min value = 0 |
SshConfiguration
| Name | Description | Value |
|---|---|---|
| publicKeys | The list of SSH public keys used to authenticate with linux based VMs. | SshPublicKey[] |
SshPublicKey
| Name | Description | Value |
|---|---|---|
| keyData | SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format. For creating ssh keys, see [Create SSH keys on Linux and Mac for Linux VMs in Azure]/azure/virtual-machines/linux/create-ssh-keys-detailed). |
string |
| path | Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys |
string |
SubResource
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
TerminateNotificationProfile
| Name | Description | Value |
|---|---|---|
| enable | Specifies whether the Terminate Scheduled event is enabled or disabled. | bool |
| notBeforeTimeout | Configurable length of time a Virtual Machine being deleted will have to potentially approve the Terminate Scheduled Event before the event is auto approved (timed out). The configuration must be specified in ISO 8601 format, the default value is 5 minutes (PT5M) |
string |
TrackedResourceTags
| Name | Description | Value |
|---|
UefiSettings
| Name | Description | Value |
|---|---|---|
| secureBootEnabled | Specifies whether secure boot should be enabled on the virtual machine. Minimum api-version: 2020-12-01. |
bool |
| vTpmEnabled | Specifies whether vTPM should be enabled on the virtual machine. Minimum api-version: 2020-12-01. |
bool |
UserAssignedIdentities
| Name | Description | Value |
|---|
UserAssignedIdentity
| Name | Description | Value |
|---|
VaultCertificate
| Name | Description | Value |
|---|---|---|
| certificateStore | For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account. For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted. |
string |
| certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"<Base64-encoded-certificate>", "dataType":"pfx", "password":"<pfx-file-password>" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
string |
VaultSecretGroup
| Name | Description | Value |
|---|---|---|
| sourceVault | The relative URL of the Key Vault containing all of the certificates in VaultCertificates. |
SubResource |
| vaultCertificates | The list of key vault references in SourceVault which contain certificates. | VaultCertificate[] |
VirtualHardDisk
| Name | Description | Value |
|---|---|---|
| uri | Specifies the virtual hard disk's uri. | string |
VirtualMachineScaleSetDataDisk
| Name | Description | Value |
|---|---|---|
| caching | Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The default values are: None for Standard storage. ReadOnly for Premium storage. |
'None' 'ReadOnly' 'ReadWrite' |
| createOption | The create option. | 'Attach' 'Copy' 'Empty' 'FromImage' 'Restore' (required) |
| deleteOption | Specifies whether data disk should be deleted or detached upon VMSS Flex deletion (This feature is available for VMSS with Flexible OrchestrationMode only). Possible values: Delete If this value is used, the data disk is deleted when the VMSS Flex VM is deleted. Detach If this value is used, the data disk is retained after VMSS Flex VM is deleted. The default value is set to Delete. |
'Delete' 'Detach' |
| diskIOPSReadWrite | Specifies the Read-Write IOPS for the managed disk. Should be used only when StorageAccountType is UltraSSD_LRS. If not specified, a default value would be assigned based on diskSizeGB. |
int |
| diskMBpsReadWrite | Specifies the bandwidth in MB per second for the managed disk. Should be used only when StorageAccountType is UltraSSD_LRS. If not specified, a default value would be assigned based on diskSizeGB. |
int |
| diskSizeGB | Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property diskSizeGB is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023. |
int |
| lun | Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. |
int (required) |
| managedDisk | The managed disk parameters. | VirtualMachineScaleSetManagedDiskParameters |
| name | The disk name. | string |
| writeAcceleratorEnabled | Specifies whether writeAccelerator should be enabled or disabled on the disk. | bool |
VirtualMachineScaleSetExtension
| Name | Description | Value |
|---|---|---|
| name | The name of the extension. | string |
| properties | Describes the properties of a Virtual Machine Scale Set Extension. | VirtualMachineScaleSetExtensionProperties |
VirtualMachineScaleSetExtensionProfile
| Name | Description | Value |
|---|---|---|
| extensions | The virtual machine scale set child extension resources. | VirtualMachineScaleSetExtension[] |
| extensionsTimeBudget | Specifies the time alloted for all extensions to start. The time duration should be between 15 minutes and 120 minutes (inclusive) and should be specified in ISO 8601 format. The default value is 90 minutes (PT1H30M). Minimum api-version: 2020-06-01. |
string |
VirtualMachineScaleSetExtensionProperties
| Name | Description | Value |
|---|---|---|
| autoUpgradeMinorVersion | Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. |
bool |
| enableAutomaticUpgrade | Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. |
bool |
| forceUpdateTag | If a value is provided and is different from the previous value, the extension handler will be forced to update even if the extension configuration has not changed. |
string |
| protectedSettings | The extension can contain either protectedSettings or protectedSettingsFromKeyVault or no protected settings at all. |
VirtualMachineScaleSetExtensionPropertiesProtectedSettings |
| protectedSettingsFromKeyVault | The extensions protected settings that are passed by reference, and consumed from key vault |
KeyVaultSecretReference |
| provisionAfterExtensions | Collection of extension names after which this extension needs to be provisioned. |
string[] |
| publisher | The name of the extension handler publisher. | string |
| settings | Json formatted public settings for the extension. | VirtualMachineScaleSetExtensionPropertiesSettings |
| suppressFailures | Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. |
bool |
| type | Specifies the type of the extension; an example is "CustomScriptExtension". | string |
| typeHandlerVersion | Specifies the version of the script handler. | string |
VirtualMachineScaleSetExtensionPropertiesProtectedSettings
| Name | Description | Value |
|---|
VirtualMachineScaleSetExtensionPropertiesSettings
| Name | Description | Value |
|---|
VirtualMachineScaleSetHardwareProfile
| Name | Description | Value |
|---|---|---|
| vmSizeProperties | Specifies the properties for customizing the size of the virtual machine. Minimum api-version: 2021-11-01. Please follow the instructions in VM Customization for more details. |
VMSizeProperties |
VirtualMachineScaleSetIPConfiguration
| Name | Description | Value |
|---|---|---|
| name | The IP configuration name. | string (required) |
| properties | Describes a virtual machine scale set network profile's IP configuration properties. |
VirtualMachineScaleSetIPConfigurationProperties |
VirtualMachineScaleSetIPConfigurationProperties
| Name | Description | Value |
|---|---|---|
| applicationGatewayBackendAddressPools | Specifies an array of references to backend address pools of application gateways. A scale set can reference backend address pools of multiple application gateways. Multiple scale sets cannot use the same application gateway. |
SubResource[] |
| applicationSecurityGroups | Specifies an array of references to application security group. | SubResource[] |
| loadBalancerBackendAddressPools | Specifies an array of references to backend address pools of load balancers. A scale set can reference backend address pools of one public and one internal load balancer. Multiple scale sets cannot use the same basic sku load balancer. |
SubResource[] |
| loadBalancerInboundNatPools | Specifies an array of references to inbound Nat pools of the load balancers. A scale set can reference inbound nat pools of one public and one internal load balancer. Multiple scale sets cannot use the same basic sku load balancer. |
SubResource[] |
| primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. |
bool |
| privateIPAddressVersion | Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. |
'IPv4' 'IPv6' |
| publicIPAddressConfiguration | The publicIPAddressConfiguration. | VirtualMachineScaleSetPublicIPAddressConfiguration |
| subnet | Specifies the identifier of the subnet. | ApiEntityReference |
VirtualMachineScaleSetIpTag
| Name | Description | Value |
|---|---|---|
| ipTagType | IP tag type. Example: FirstPartyUsage. | string |
| tag | IP tag associated with the public IP. Example: SQL, Storage etc. | string |
VirtualMachineScaleSetManagedDiskParameters
| Name | Description | Value |
|---|---|---|
| diskEncryptionSet | Specifies the customer managed disk encryption set resource id for the managed disk. |
DiskEncryptionSetParameters |
| securityProfile | Specifies the security profile for the managed disk. | VMDiskSecurityProfile |
| storageAccountType | Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. |
'PremiumV2_LRS' 'Premium_LRS' 'Premium_ZRS' 'StandardSSD_LRS' 'StandardSSD_ZRS' 'Standard_LRS' 'UltraSSD_LRS' |
VirtualMachineScaleSetNetworkConfiguration
| Name | Description | Value |
|---|---|---|
| name | The network configuration name. | string (required) |
| properties | Describes a virtual machine scale set network profile's IP configuration. | VirtualMachineScaleSetNetworkConfigurationProperties |
VirtualMachineScaleSetNetworkConfigurationDnsSettings
| Name | Description | Value |
|---|---|---|
| dnsServers | List of DNS servers IP addresses | string[] |
VirtualMachineScaleSetNetworkConfigurationProperties
| Name | Description | Value |
|---|---|---|
| auxiliaryMode | Specifies whether the Auxiliary mode is enabled for the Network Interface resource. |
'AcceleratedConnections' 'Floating' 'None' |
| auxiliarySku | Specifies whether the Auxiliary sku is enabled for the Network Interface resource. |
'A1' 'A2' 'A4' 'A8' 'None' |
| deleteOption | Specify what happens to the network interface when the VM is deleted | 'Delete' 'Detach' |
| disableTcpStateTracking | Specifies whether the network interface is disabled for tcp state tracking. | bool |
| dnsSettings | The dns settings to be applied on the network interfaces. | VirtualMachineScaleSetNetworkConfigurationDnsSettings |
| enableAcceleratedNetworking | Specifies whether the network interface is accelerated networking-enabled. | bool |
| enableFpga | Specifies whether the network interface is FPGA networking-enabled. | bool |
| enableIPForwarding | Whether IP forwarding enabled on this NIC. | bool |
| ipConfigurations | Specifies the IP configurations of the network interface. | VirtualMachineScaleSetIPConfiguration[] (required) |
| networkSecurityGroup | The network security group. | SubResource |
| primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. |
bool |
VirtualMachineScaleSetNetworkProfile
| Name | Description | Value |
|---|---|---|
| healthProbe | A reference to a load balancer probe used to determine the health of an instance in the virtual machine scale set. The reference will be in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/loadBalancers/{loadBalancerName}/probes/{probeName}'. |
ApiEntityReference |
| networkApiVersion | specifies the Microsoft.Network API version used when creating networking resources in the Network Interface Configurations for Virtual Machine Scale Set with orchestration mode 'Flexible' |
'2020-11-01' |
| networkInterfaceConfigurations | The list of network configurations. | VirtualMachineScaleSetNetworkConfiguration[] |
VirtualMachineScaleSetOSDisk
| Name | Description | Value |
|---|---|---|
| caching | Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The default values are: None for Standard storage. ReadOnly for Premium storage. |
'None' 'ReadOnly' 'ReadWrite' |
| createOption | Specifies how the virtual machines in the scale set should be created. The only allowed value is: FromImage. This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described. |
'Attach' 'Copy' 'Empty' 'FromImage' 'Restore' (required) |
| deleteOption | Specifies whether OS Disk should be deleted or detached upon VMSS Flex deletion (This feature is available for VMSS with Flexible OrchestrationMode only). Possible values: Delete If this value is used, the OS disk is deleted when VMSS Flex VM is deleted. Detach If this value is used, the OS disk is retained after VMSS Flex VM is deleted. The default value is set to Delete. For an Ephemeral OS Disk, the default value is set to Delete. User cannot change the delete option for Ephemeral OS Disk. |
'Delete' 'Detach' |
| diffDiskSettings | Specifies the ephemeral disk Settings for the operating system disk used by the virtual machine scale set. |
DiffDiskSettings |
| diskSizeGB | Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property 'diskSizeGB' is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023. |
int |
| image | Specifies information about the unmanaged user image to base the scale set on. | VirtualHardDisk |
| managedDisk | The managed disk parameters. | VirtualMachineScaleSetManagedDiskParameters |
| name | The disk name. | string |
| osType | This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD. Possible values are: Windows, Linux. |
'Linux' 'Windows' |
| vhdContainers | Specifies the container urls that are used to store operating system disks for the scale set. |
string[] |
| writeAcceleratorEnabled | Specifies whether writeAccelerator should be enabled or disabled on the disk. | bool |
VirtualMachineScaleSetOSProfile
| Name | Description | Value |
|---|---|---|
| adminPassword | Specifies the password of the administrator account. Minimum-length (Windows): 8 characters Minimum-length (Linux): 6 characters Max-length (Windows): 123 characters Max-length (Linux): 72 characters Complexity requirements: 3 out of 4 conditions below need to be fulfilled Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_]) Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!" For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension |
string Constraints: Sensitive value. Pass in as a secure parameter. |
| adminUsername | Specifies the name of the administrator account. Windows-only restriction: Cannot end in "." Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". Minimum-length (Linux): 1 character Max-length (Linux): 64 characters Max-length (Windows): 20 characters |
string |
| allowExtensionOperations | Specifies whether extension operations should be allowed on the virtual machine scale set. This may only be set to False when no extensions are present on the virtual machine scale set. |
bool |
| computerNamePrefix | Specifies the computer name prefix for all of the virtual machines in the scale set. Computer name prefixes must be 1 to 15 characters long. |
string |
| customData | Specifies a base-64 encoded string of custom data. The base-64 encoded string is decoded to a binary array that is saved as a file on the Virtual Machine. The maximum length of the binary array is 65535 bytes. For using cloud-init for your VM, see Using cloud-init to customize a Linux VM during creation |
string Constraints: Sensitive value. Pass in as a secure parameter. |
| linuxConfiguration | Specifies the Linux operating system settings on the virtual machine. For a list of supported Linux distributions, see Linux on Azure-Endorsed Distributions. |
LinuxConfiguration |
| requireGuestProvisionSignal | Optional property which must either be set to True or omitted. | bool |
| secrets | Specifies set of certificates that should be installed onto the virtual machines in the scale set. To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
VaultSecretGroup[] |
| windowsConfiguration | Specifies Windows operating system settings on the virtual machine. | WindowsConfiguration |
VirtualMachineScaleSetPublicIPAddressConfiguration
| Name | Description | Value |
|---|---|---|
| name | The publicIP address configuration name. | string (required) |
| properties | Describes a virtual machines scale set IP Configuration's PublicIPAddress configuration |
VirtualMachineScaleSetPublicIPAddressConfigurationProperties |
| sku | Describes the public IP Sku. It can only be set with OrchestrationMode as Flexible. |
PublicIPAddressSku |
VirtualMachineScaleSetPublicIPAddressConfigurationDnsSettings
| Name | Description | Value |
|---|---|---|
| domainNameLabel | The Domain name label.The concatenation of the domain name label and vm index will be the domain name labels of the PublicIPAddress resources that will be created |
string (required) |
| domainNameLabelScope | The Domain name label scope.The concatenation of the hashed domain name label that generated according to the policy from domain name label scope and vm index will be the domain name labels of the PublicIPAddress resources that will be created |
'NoReuse' 'ResourceGroupReuse' 'SubscriptionReuse' 'TenantReuse' |
VirtualMachineScaleSetPublicIPAddressConfigurationProperties
| Name | Description | Value |
|---|---|---|
| deleteOption | Specify what happens to the public IP when the VM is deleted | 'Delete' 'Detach' |
| dnsSettings | The dns settings to be applied on the publicIP addresses . | VirtualMachineScaleSetPublicIPAddressConfigurationDnsSettings |
| idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
| ipTags | The list of IP tags associated with the public IP address. | VirtualMachineScaleSetIpTag[] |
| publicIPAddressVersion | Available from Api-Version 2019-07-01 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. |
'IPv4' 'IPv6' |
| publicIPPrefix | The PublicIPPrefix from which to allocate publicIP addresses. | SubResource |
VirtualMachineScaleSetStorageProfile
| Name | Description | Value |
|---|---|---|
| dataDisks | Specifies the parameters that are used to add data disks to the virtual machines in the scale set. For more information about disks, see About disks and VHDs for Azure virtual machines. |
VirtualMachineScaleSetDataDisk[] |
| diskControllerType | Specifies the disk controller type configured for the virtual machines in the scale set. Minimum api-version: 2022-08-01 | 'NVMe' 'SCSI' |
| imageReference | Specifies information about the image to use. You can specify information about platform images, marketplace images, or virtual machine images. This element is required when you want to use a platform image, marketplace image, or virtual machine image, but is not used in other creation operations. |
ImageReference |
| osDisk | Specifies information about the operating system disk used by the virtual machines in the scale set. For more information about disks, see About disks and VHDs for Azure virtual machines. |
VirtualMachineScaleSetOSDisk |
VMAttributeMinMaxDouble
| Name | Description | Value |
|---|---|---|
| max | Maximum value. Double.MaxValue(1.7976931348623157E+308) | int Constraints: Min value = 0 |
| min | Minimum value. default 0. Double.MinValue() | int Constraints: Min value = 0 |
VMAttributeMinMaxInteger
| Name | Description | Value |
|---|---|---|
| max | Max VMSize from CRS, Max = 4294967295 (uint.MaxValue) if not specified. | int Constraints: Min value = 0 |
| min | Min VMSize from CRS, Min = 0 (uint.MinValue) if not specified. | int Constraints: Min value = 0 |
VMAttributes
| Name | Description | Value |
|---|---|---|
| acceleratorCount | The range of accelerator count specified from min to max. Optional parameter. Either Min or Max is required if specified. acceleratorSupport should be set to "Included" or "Required" to use this VMAttribute. If acceleratorSupport is "Excluded", this VMAttribute can not be used. |
VMAttributeMinMaxInteger |
| acceleratorManufacturers | The accelerator manufacturers specified as a list. acceleratorSupport should be set to "Included" or "Required" to use this VMAttribute. If acceleratorSupport is "Excluded", this VMAttribute can not be used. |
String array containing any of: 'AMD' 'Nvidia' 'Xilinx' |
| acceleratorSupport | Specifies whether the VMSize supporting accelerator should be used to build Fleet or not. acceleratorSupport should be set to "Included" or "Required" to use this VMAttribute. If acceleratorSupport is "Excluded", this VMAttribute can not be used. |
'Excluded' 'Included' 'Required' |
| acceleratorTypes | The accelerator types specified as a list. acceleratorSupport should be set to "Included" or "Required" to use this VMAttribute. If acceleratorSupport is "Excluded", this VMAttribute can not be used. |
String array containing any of: 'FPGA' 'GPU' |
| architectureTypes | The VM architecture types specified as a list. Optional parameter. | String array containing any of: 'ARM64' 'X64' |
| burstableSupport | Specifies whether the VMSize supporting burstable capability should be used to build Fleet or not. | 'Excluded' 'Included' 'Required' |
| cpuManufacturers | The VM CPU manufacturers specified as a list. Optional parameter. | String array containing any of: 'AMD' 'Ampere' 'Intel' 'Microsoft' |
| dataDiskCount | The range of data disk count specified from Min to Max. Optional parameter. Either Min or Max is required if specified. | VMAttributeMinMaxInteger |
| excludedVMSizes | Specifies which VMSizes should be excluded while building Fleet. Optional parameter. | string[] |
| localStorageDiskTypes | The local storage disk types specified as a list. LocalStorageSupport should be set to "Included" or "Required" to use this VMAttribute. If localStorageSupport is "Excluded", this VMAttribute can not be used. |
String array containing any of: 'HDD' 'SSD' |
| localStorageInGiB | LocalStorageSupport should be set to "Included" or "Required" to use this VMAttribute. If localStorageSupport is "Excluded", this VMAttribute can not be used. |
VMAttributeMinMaxDouble |
| localStorageSupport | Specifies whether the VMSize supporting local storage should be used to build Fleet or not. Included - Default if not specified as most Azure VMs support local storage. |
'Excluded' 'Included' 'Required' |
| memoryInGiB | The range of memory specified from Min to Max. Must be specified if VMAttributes are specified, either Min or Max is required if specified. | VMAttributeMinMaxDouble (required) |
| memoryInGiBPerVCpu | The range of memory in GiB per vCPU specified from min to max. Optional parameter. Either Min or Max is required if specified. | VMAttributeMinMaxDouble |
| networkBandwidthInMbps | The range of network bandwidth in Mbps specified from Min to Max. Optional parameter. Either Min or Max is required if specified. | VMAttributeMinMaxDouble |
| networkInterfaceCount | The range of network interface count specified from Min to Max. Optional parameter. Either Min or Max is required if specified. | VMAttributeMinMaxInteger |
| rdmaNetworkInterfaceCount | The range of RDMA (Remote Direct Memory Access) network interface count specified from Min to Max. Optional parameter. Either Min or Max is required if specified. rdmaSupport should be set to "Included" or "Required" to use this VMAttribute. If rdmaSupport is "Excluded", this VMAttribute can not be used. |
VMAttributeMinMaxInteger |
| rdmaSupport | Specifies whether the VMSize supporting RDMA (Remote Direct Memory Access) should be used to build Fleet or not. | 'Excluded' 'Included' 'Required' |
| vCpuCount | The range of vCpuCount specified from Min to Max. Must be specified if VMAttributes are specified, either Min or Max is required if specified. | VMAttributeMinMaxInteger (required) |
| vmCategories | The VM category specified as a list. Optional parameter. | String array containing any of: 'ComputeOptimized' 'FpgaAccelerated' 'GeneralPurpose' 'GpuAccelerated' 'HighPerformanceCompute' 'MemoryOptimized' 'StorageOptimized' |
VMDiskSecurityProfile
| Name | Description | Value |
|---|---|---|
| diskEncryptionSet | Specifies the customer managed disk encryption set resource id for the managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and VMGuest blob. |
DiskEncryptionSetParameters |
| securityEncryptionType | Specifies the EncryptionType of the managed disk. It is set to DiskWithVMGuestState for encryption of the managed disk along with VMGuestState blob, VMGuestStateOnly for encryption of just the VMGuestState blob, and NonPersistedTPM for not persisting firmware state in the VMGuestState blob.. Note: It can be set for only Confidential VMs. |
'DiskWithVMGuestState' 'NonPersistedTPM' 'VMGuestStateOnly' |
VMGalleryApplication
| Name | Description | Value |
|---|---|---|
| configurationReference | Optional, Specifies the uri to an azure blob that will replace the default configuration for the package if provided |
string |
| enableAutomaticUpgrade | If set to true, when a new Gallery Application version is available in PIR/SIG, it will be automatically updated for the VM/VMSS |
bool |
| order | Optional, Specifies the order in which the packages have to be installed | int |
| packageReferenceId | Specifies the GalleryApplicationVersion resource id on the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/applications/{application}/versions/{version} |
string (required) |
| tags | Optional, Specifies a passthrough value for more generic context. | string |
| treatFailureAsDeploymentFailure | Optional, If true, any failure for any operation in the VmApplication will fail the deployment |
bool |
VmSizeProfile
| Name | Description | Value |
|---|---|---|
| name | The Sku name (e.g. 'Standard_DS1_v2') | string (required) |
| rank | The rank of the VM size. This is used with 'RegularPriorityAllocationStrategy.Prioritized' The lower the number, the higher the priority. Starting with 0. |
int Constraints: Min value = 0 Max value = 65535 |
VMSizeProperties
| Name | Description | Value |
|---|---|---|
| vCPUsAvailable | Specifies the number of vCPUs available for the VM. When this property is not specified in the request body the default behavior is to set it to the value of vCPUs available for that VM size exposed in api response of List all available virtual machine sizes in a region. |
int |
| vCPUsPerCore | Specifies the vCPU to physical core ratio. When this property is not specified in the request body the default behavior is set to the value of vCPUsPerCore for the VM Size exposed in api response of List all available virtual machine sizes in a region. Setting this property to 1 also means that hyper-threading is disabled. |
int |
WindowsConfiguration
| Name | Description | Value |
|---|---|---|
| additionalUnattendContent | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. |
AdditionalUnattendContent[] |
| enableAutomaticUpdates | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. |
bool |
| enableVMAgentPlatformUpdates | Indicates whether VMAgent Platform Updates is enabled for the Windows virtual machine. Default value is false. |
bool |
| patchSettings | [Preview Feature] Specifies settings related to VM Guest Patching on Windows. | PatchSettings |
| provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, it is set to true by default. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. |
bool |
| timeZone | Specifies the time zone of the virtual machine. e.g. "Pacific Standard Time". Possible values can be TimeZoneInfo.Id value from time zones returned by TimeZoneInfo.GetSystemTimeZones. |
string |
| winRM | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. |
WinRMConfiguration |
WindowsVMGuestPatchAutomaticByPlatformSettings
| Name | Description | Value |
|---|---|---|
| bypassPlatformSafetyChecksOnUserSchedule | Enables customer to schedule patching without accidental upgrades | bool |
| rebootSetting | Specifies the reboot setting for all AutomaticByPlatform patch installation operations. |
'Always' 'IfRequired' 'Never' 'Unknown' |
WinRMConfiguration
| Name | Description | Value |
|---|---|---|
| listeners | The list of Windows Remote Management listeners | WinRMListener[] |
WinRMListener
| Name | Description | Value |
|---|---|---|
| certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"<Base64-encoded-certificate>", "dataType":"pfx", "password":"<pfx-file-password>" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
string |
| protocol | Specifies the protocol of WinRM listener. Possible values are: http, https. |
'Http' 'Https' |
ZoneAllocationPolicy
| Name | Description | Value |
|---|---|---|
| distributionStrategy | Distribution strategy used for zone allocation policy. | 'BestEffortSingleZone' 'Prioritized' (required) |
| zonePreferences | Zone preferences, required when zone distribution strategy is Prioritized. | ZonePreference[] |
ZonePreference
| Name | Description | Value |
|---|---|---|
| rank | The rank of the zone. This is used with 'Prioritized' ZoneDistributionStrategy. The lower the number, the higher the priority, starting with 0. 0 is the highest rank. If not specified, defaults to lowest rank. |
int Constraints: Min value = 0 Max value = 65535 |
| zone | Name of the zone. | string (required) |
ARM template resource definition
The fleets resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.AzureFleet/fleets resource, add the following JSON to your template.
{
"type": "Microsoft.AzureFleet/fleets",
"apiVersion": "2025-07-01-preview",
"name": "string",
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {
}
}
},
"location": "string",
"plan": {
"name": "string",
"product": "string",
"promotionCode": "string",
"publisher": "string",
"version": "string"
},
"properties": {
"additionalLocationsProfile": {
"locationProfiles": [
{
"location": "string",
"virtualMachineProfileOverride": {
"applicationProfile": {
"galleryApplications": [
{
"configurationReference": "string",
"enableAutomaticUpgrade": "bool",
"order": "int",
"packageReferenceId": "string",
"tags": "string",
"treatFailureAsDeploymentFailure": "bool"
}
]
},
"capacityReservation": {
"capacityReservationGroup": {
"id": "string"
}
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": "bool",
"storageUri": "string"
}
},
"extensionProfile": {
"extensions": [
{
"name": "string",
"properties": {
"autoUpgradeMinorVersion": "bool",
"enableAutomaticUpgrade": "bool",
"forceUpdateTag": "string",
"protectedSettings": {
"{customized property}": {}
},
"protectedSettingsFromKeyVault": {
"secretUrl": "string",
"sourceVault": {
"id": "string"
}
},
"provisionAfterExtensions": [ "string" ],
"publisher": "string",
"settings": {
"{customized property}": {}
},
"suppressFailures": "bool",
"type": "string",
"typeHandlerVersion": "string"
}
}
],
"extensionsTimeBudget": "string"
},
"hardwareProfile": {
"vmSizeProperties": {
"vCPUsAvailable": "int",
"vCPUsPerCore": "int"
}
},
"licenseType": "string",
"networkProfile": {
"healthProbe": {
"id": "string"
},
"networkApiVersion": "string",
"networkInterfaceConfigurations": [
{
"name": "string",
"properties": {
"auxiliaryMode": "string",
"auxiliarySku": "string",
"deleteOption": "string",
"disableTcpStateTracking": "bool",
"dnsSettings": {
"dnsServers": [ "string" ]
},
"enableAcceleratedNetworking": "bool",
"enableFpga": "bool",
"enableIPForwarding": "bool",
"ipConfigurations": [
{
"name": "string",
"properties": {
"applicationGatewayBackendAddressPools": [
{
"id": "string"
}
],
"applicationSecurityGroups": [
{
"id": "string"
}
],
"loadBalancerBackendAddressPools": [
{
"id": "string"
}
],
"loadBalancerInboundNatPools": [
{
"id": "string"
}
],
"primary": "bool",
"privateIPAddressVersion": "string",
"publicIPAddressConfiguration": {
"name": "string",
"properties": {
"deleteOption": "string",
"dnsSettings": {
"domainNameLabel": "string",
"domainNameLabelScope": "string"
},
"idleTimeoutInMinutes": "int",
"ipTags": [
{
"ipTagType": "string",
"tag": "string"
}
],
"publicIPAddressVersion": "string",
"publicIPPrefix": {
"id": "string"
}
},
"sku": {
"name": "string",
"tier": "string"
}
},
"subnet": {
"id": "string"
}
}
}
],
"networkSecurityGroup": {
"id": "string"
},
"primary": "bool"
}
}
]
},
"osProfile": {
"adminPassword": "string",
"adminUsername": "string",
"allowExtensionOperations": "bool",
"computerNamePrefix": "string",
"customData": "string",
"linuxConfiguration": {
"disablePasswordAuthentication": "bool",
"enableVMAgentPlatformUpdates": "bool",
"patchSettings": {
"assessmentMode": "string",
"automaticByPlatformSettings": {
"bypassPlatformSafetyChecksOnUserSchedule": "bool",
"rebootSetting": "string"
},
"patchMode": "string"
},
"provisionVMAgent": "bool",
"ssh": {
"publicKeys": [
{
"keyData": "string",
"path": "string"
}
]
}
},
"requireGuestProvisionSignal": "bool",
"secrets": [
{
"sourceVault": {
"id": "string"
},
"vaultCertificates": [
{
"certificateStore": "string",
"certificateUrl": "string"
}
]
}
],
"windowsConfiguration": {
"additionalUnattendContent": [
{
"componentName": "Microsoft-Windows-Shell-Setup",
"content": "string",
"passName": "OobeSystem",
"settingName": "string"
}
],
"enableAutomaticUpdates": "bool",
"enableVMAgentPlatformUpdates": "bool",
"patchSettings": {
"assessmentMode": "string",
"automaticByPlatformSettings": {
"bypassPlatformSafetyChecksOnUserSchedule": "bool",
"rebootSetting": "string"
},
"enableHotpatching": "bool",
"patchMode": "string"
},
"provisionVMAgent": "bool",
"timeZone": "string",
"winRM": {
"listeners": [
{
"certificateUrl": "string",
"protocol": "string"
}
]
}
}
},
"scheduledEventsProfile": {
"osImageNotificationProfile": {
"enable": "bool",
"notBeforeTimeout": "string"
},
"terminateNotificationProfile": {
"enable": "bool",
"notBeforeTimeout": "string"
}
},
"securityPostureReference": {
"excludeExtensions": [ "string" ],
"id": "string",
"isOverridable": "bool"
},
"securityProfile": {
"encryptionAtHost": "bool",
"encryptionIdentity": {
"userAssignedIdentityResourceId": "string"
},
"proxyAgentSettings": {
"enabled": "bool",
"keyIncarnationId": "int",
"mode": "string"
},
"securityType": "string",
"uefiSettings": {
"secureBootEnabled": "bool",
"vTpmEnabled": "bool"
}
},
"serviceArtifactReference": {
"id": "string"
},
"storageProfile": {
"dataDisks": [
{
"caching": "string",
"createOption": "string",
"deleteOption": "string",
"diskIOPSReadWrite": "int",
"diskMBpsReadWrite": "int",
"diskSizeGB": "int",
"lun": "int",
"managedDisk": {
"diskEncryptionSet": {
"id": "string"
},
"securityProfile": {
"diskEncryptionSet": {
"id": "string"
},
"securityEncryptionType": "string"
},
"storageAccountType": "string"
},
"name": "string",
"writeAcceleratorEnabled": "bool"
}
],
"diskControllerType": "string",
"imageReference": {
"communityGalleryImageId": "string",
"id": "string",
"offer": "string",
"publisher": "string",
"sharedGalleryImageId": "string",
"sku": "string",
"version": "string"
},
"osDisk": {
"caching": "string",
"createOption": "string",
"deleteOption": "string",
"diffDiskSettings": {
"option": "string",
"placement": "string"
},
"diskSizeGB": "int",
"image": {
"uri": "string"
},
"managedDisk": {
"diskEncryptionSet": {
"id": "string"
},
"securityProfile": {
"diskEncryptionSet": {
"id": "string"
},
"securityEncryptionType": "string"
},
"storageAccountType": "string"
},
"name": "string",
"osType": "string",
"vhdContainers": [ "string" ],
"writeAcceleratorEnabled": "bool"
}
},
"userData": "string"
}
}
]
},
"capacityType": "string",
"computeProfile": {
"additionalVirtualMachineCapabilities": {
"hibernationEnabled": "bool",
"ultraSSDEnabled": "bool"
},
"baseVirtualMachineProfile": {
"applicationProfile": {
"galleryApplications": [
{
"configurationReference": "string",
"enableAutomaticUpgrade": "bool",
"order": "int",
"packageReferenceId": "string",
"tags": "string",
"treatFailureAsDeploymentFailure": "bool"
}
]
},
"capacityReservation": {
"capacityReservationGroup": {
"id": "string"
}
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": "bool",
"storageUri": "string"
}
},
"extensionProfile": {
"extensions": [
{
"name": "string",
"properties": {
"autoUpgradeMinorVersion": "bool",
"enableAutomaticUpgrade": "bool",
"forceUpdateTag": "string",
"protectedSettings": {
"{customized property}": {}
},
"protectedSettingsFromKeyVault": {
"secretUrl": "string",
"sourceVault": {
"id": "string"
}
},
"provisionAfterExtensions": [ "string" ],
"publisher": "string",
"settings": {
"{customized property}": {}
},
"suppressFailures": "bool",
"type": "string",
"typeHandlerVersion": "string"
}
}
],
"extensionsTimeBudget": "string"
},
"hardwareProfile": {
"vmSizeProperties": {
"vCPUsAvailable": "int",
"vCPUsPerCore": "int"
}
},
"licenseType": "string",
"networkProfile": {
"healthProbe": {
"id": "string"
},
"networkApiVersion": "string",
"networkInterfaceConfigurations": [
{
"name": "string",
"properties": {
"auxiliaryMode": "string",
"auxiliarySku": "string",
"deleteOption": "string",
"disableTcpStateTracking": "bool",
"dnsSettings": {
"dnsServers": [ "string" ]
},
"enableAcceleratedNetworking": "bool",
"enableFpga": "bool",
"enableIPForwarding": "bool",
"ipConfigurations": [
{
"name": "string",
"properties": {
"applicationGatewayBackendAddressPools": [
{
"id": "string"
}
],
"applicationSecurityGroups": [
{
"id": "string"
}
],
"loadBalancerBackendAddressPools": [
{
"id": "string"
}
],
"loadBalancerInboundNatPools": [
{
"id": "string"
}
],
"primary": "bool",
"privateIPAddressVersion": "string",
"publicIPAddressConfiguration": {
"name": "string",
"properties": {
"deleteOption": "string",
"dnsSettings": {
"domainNameLabel": "string",
"domainNameLabelScope": "string"
},
"idleTimeoutInMinutes": "int",
"ipTags": [
{
"ipTagType": "string",
"tag": "string"
}
],
"publicIPAddressVersion": "string",
"publicIPPrefix": {
"id": "string"
}
},
"sku": {
"name": "string",
"tier": "string"
}
},
"subnet": {
"id": "string"
}
}
}
],
"networkSecurityGroup": {
"id": "string"
},
"primary": "bool"
}
}
]
},
"osProfile": {
"adminPassword": "string",
"adminUsername": "string",
"allowExtensionOperations": "bool",
"computerNamePrefix": "string",
"customData": "string",
"linuxConfiguration": {
"disablePasswordAuthentication": "bool",
"enableVMAgentPlatformUpdates": "bool",
"patchSettings": {
"assessmentMode": "string",
"automaticByPlatformSettings": {
"bypassPlatformSafetyChecksOnUserSchedule": "bool",
"rebootSetting": "string"
},
"patchMode": "string"
},
"provisionVMAgent": "bool",
"ssh": {
"publicKeys": [
{
"keyData": "string",
"path": "string"
}
]
}
},
"requireGuestProvisionSignal": "bool",
"secrets": [
{
"sourceVault": {
"id": "string"
},
"vaultCertificates": [
{
"certificateStore": "string",
"certificateUrl": "string"
}
]
}
],
"windowsConfiguration": {
"additionalUnattendContent": [
{
"componentName": "Microsoft-Windows-Shell-Setup",
"content": "string",
"passName": "OobeSystem",
"settingName": "string"
}
],
"enableAutomaticUpdates": "bool",
"enableVMAgentPlatformUpdates": "bool",
"patchSettings": {
"assessmentMode": "string",
"automaticByPlatformSettings": {
"bypassPlatformSafetyChecksOnUserSchedule": "bool",
"rebootSetting": "string"
},
"enableHotpatching": "bool",
"patchMode": "string"
},
"provisionVMAgent": "bool",
"timeZone": "string",
"winRM": {
"listeners": [
{
"certificateUrl": "string",
"protocol": "string"
}
]
}
}
},
"scheduledEventsProfile": {
"osImageNotificationProfile": {
"enable": "bool",
"notBeforeTimeout": "string"
},
"terminateNotificationProfile": {
"enable": "bool",
"notBeforeTimeout": "string"
}
},
"securityPostureReference": {
"excludeExtensions": [ "string" ],
"id": "string",
"isOverridable": "bool"
},
"securityProfile": {
"encryptionAtHost": "bool",
"encryptionIdentity": {
"userAssignedIdentityResourceId": "string"
},
"proxyAgentSettings": {
"enabled": "bool",
"keyIncarnationId": "int",
"mode": "string"
},
"securityType": "string",
"uefiSettings": {
"secureBootEnabled": "bool",
"vTpmEnabled": "bool"
}
},
"serviceArtifactReference": {
"id": "string"
},
"storageProfile": {
"dataDisks": [
{
"caching": "string",
"createOption": "string",
"deleteOption": "string",
"diskIOPSReadWrite": "int",
"diskMBpsReadWrite": "int",
"diskSizeGB": "int",
"lun": "int",
"managedDisk": {
"diskEncryptionSet": {
"id": "string"
},
"securityProfile": {
"diskEncryptionSet": {
"id": "string"
},
"securityEncryptionType": "string"
},
"storageAccountType": "string"
},
"name": "string",
"writeAcceleratorEnabled": "bool"
}
],
"diskControllerType": "string",
"imageReference": {
"communityGalleryImageId": "string",
"id": "string",
"offer": "string",
"publisher": "string",
"sharedGalleryImageId": "string",
"sku": "string",
"version": "string"
},
"osDisk": {
"caching": "string",
"createOption": "string",
"deleteOption": "string",
"diffDiskSettings": {
"option": "string",
"placement": "string"
},
"diskSizeGB": "int",
"image": {
"uri": "string"
},
"managedDisk": {
"diskEncryptionSet": {
"id": "string"
},
"securityProfile": {
"diskEncryptionSet": {
"id": "string"
},
"securityEncryptionType": "string"
},
"storageAccountType": "string"
},
"name": "string",
"osType": "string",
"vhdContainers": [ "string" ],
"writeAcceleratorEnabled": "bool"
}
},
"userData": "string"
},
"computeApiVersion": "string",
"platformFaultDomainCount": "int"
},
"mode": "string",
"regularPriorityProfile": {
"allocationStrategy": "string",
"capacity": "int",
"minCapacity": "int"
},
"spotPriorityProfile": {
"allocationStrategy": "string",
"capacity": "int",
"evictionPolicy": "string",
"maintain": "bool",
"maxPricePerVM": "int",
"minCapacity": "int"
},
"vmAttributes": {
"acceleratorCount": {
"max": "int",
"min": "int"
},
"acceleratorManufacturers": [ "string" ],
"acceleratorSupport": "string",
"acceleratorTypes": [ "string" ],
"architectureTypes": [ "string" ],
"burstableSupport": "string",
"cpuManufacturers": [ "string" ],
"dataDiskCount": {
"max": "int",
"min": "int"
},
"excludedVMSizes": [ "string" ],
"localStorageDiskTypes": [ "string" ],
"localStorageInGiB": {
"max": "int",
"min": "int"
},
"localStorageSupport": "string",
"memoryInGiB": {
"max": "int",
"min": "int"
},
"memoryInGiBPerVCpu": {
"max": "int",
"min": "int"
},
"networkBandwidthInMbps": {
"max": "int",
"min": "int"
},
"networkInterfaceCount": {
"max": "int",
"min": "int"
},
"rdmaNetworkInterfaceCount": {
"max": "int",
"min": "int"
},
"rdmaSupport": "string",
"vCpuCount": {
"max": "int",
"min": "int"
},
"vmCategories": [ "string" ]
},
"vmSizesProfile": [
{
"name": "string",
"rank": "int"
}
],
"zoneAllocationPolicy": {
"distributionStrategy": "string",
"zonePreferences": [
{
"rank": "int",
"zone": "string"
}
]
}
},
"tags": {
"{customized property}": "string"
},
"zones": [ "string" ]
}
Property Values
Microsoft.AzureFleet/fleets
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2025-07-01-preview' |
| identity | The managed service identities assigned to this resource. | ManagedServiceIdentity |
| location | The geo-location where the resource lives | string (required) |
| name | The resource name | string Constraints: Pattern = ^[^_\W][\w\-._]{0,79}(?<![-.])$ (required) |
| plan | Details of the resource plan. | Plan |
| properties | The resource-specific properties for this resource. | FleetProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.AzureFleet/fleets' |
| zones | Zones in which the Compute Fleet is available | string[] |
AdditionalCapabilities
| Name | Description | Value |
|---|---|---|
| hibernationEnabled | The flag that enables or disables hibernation capability on the VM. | bool |
| ultraSSDEnabled | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. |
bool |
AdditionalLocationsProfile
| Name | Description | Value |
|---|---|---|
| locationProfiles | The list of location profiles. | LocationProfile[] (required) |
AdditionalUnattendContent
| Name | Description | Value |
|---|---|---|
| componentName | The component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup. |
'Microsoft-Windows-Shell-Setup' |
| content | Specifies the XML formatted content that is added to the unattend.xml file for the specified path and component. The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted. |
string Constraints: Sensitive value. Pass in as a secure parameter. |
| passName | The pass name. Currently, the only allowable value is OobeSystem. | 'OobeSystem' |
| settingName | Specifies the name of the setting to which the content applies. Possible values are: FirstLogonCommands and AutoLogon. |
'AutoLogon' 'FirstLogonCommands' |
ApiEntityReference
| Name | Description | Value |
|---|---|---|
| id | The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/... |
string |
ApplicationProfile
| Name | Description | Value |
|---|---|---|
| galleryApplications | Specifies the gallery applications that should be made available to the VM/VMSS | VMGalleryApplication[] |
BaseVirtualMachineProfile
| Name | Description | Value |
|---|---|---|
| applicationProfile | Specifies the gallery applications that should be made available to the VM/VMSS | ApplicationProfile |
| capacityReservation | Specifies the capacity reservation related details of a scale set. Minimum api-version: 2021-04-01. |
CapacityReservationProfile |
| diagnosticsProfile | Specifies the boot diagnostic settings state. | DiagnosticsProfile |
| extensionProfile | Specifies a collection of settings for extensions installed on virtual machines in the scale set. |
VirtualMachineScaleSetExtensionProfile |
| hardwareProfile | Specifies the hardware profile related details of a scale set. Minimum api-version: 2021-11-01. |
VirtualMachineScaleSetHardwareProfile |
| licenseType | Specifies that the image or disk that is being used was licensed on-premises. Possible values for Windows Server operating system are: Windows_Client Windows_Server Possible values for Linux Server operating system are: RHEL_BYOS (for RHEL) SLES_BYOS (for SUSE) For more information, see Azure Hybrid Use Benefit for Windows Server Azure Hybrid Use Benefit for Linux Server Minimum api-version: 2015-06-15 |
string |
| networkProfile | Specifies properties of the network interfaces of the virtual machines in the scale set. |
VirtualMachineScaleSetNetworkProfile |
| osProfile | Specifies the operating system settings for the virtual machines in the scale set. |
VirtualMachineScaleSetOSProfile |
| scheduledEventsProfile | Specifies Scheduled Event related configurations. | ScheduledEventsProfile |
| securityPostureReference | Specifies the security posture to be used for all virtual machines in the scale set. Minimum api-version: 2023-03-01 |
SecurityPostureReference |
| securityProfile | Specifies the Security related profile settings for the virtual machines in the scale set. |
SecurityProfile |
| serviceArtifactReference | Specifies the service artifact reference id used to set same image version for all virtual machines in the scale set when using 'latest' image version. Minimum api-version: 2022-11-01 |
ServiceArtifactReference |
| storageProfile | Specifies the storage settings for the virtual machine disks. | VirtualMachineScaleSetStorageProfile |
| userData | UserData for the virtual machines in the scale set, which must be base-64 encoded. Customer should not pass any secrets in here. Minimum api-version: 2021-03-01. |
string |
BootDiagnostics
| Name | Description | Value |
|---|---|---|
| enabled | Whether boot diagnostics should be enabled on the Virtual Machine. | bool |
| storageUri | Uri of the storage account to use for placing the console output and screenshot. If storageUri is not specified while enabling boot diagnostics, managed storage will be used. |
string |
CapacityReservationProfile
| Name | Description | Value |
|---|---|---|
| capacityReservationGroup | Specifies the capacity reservation group resource id that should be used for allocating the virtual machine or scaleset vm instances provided enough capacity has been reserved. Please refer to https://aka.ms/CapacityReservation for more details. |
SubResource |
ComputeProfile
| Name | Description | Value |
|---|---|---|
| additionalVirtualMachineCapabilities | Specifies VMSS and VM API entity models support two additional capabilities as of today: ultraSSDEnabled and hibernationEnabled. ultraSSDEnabled: Enables UltraSSD_LRS storage account type on the VMSS VMs. hibernationEnabled: Enables the hibernation capability on the VMSS VMs. Default value is null if not specified. This property cannot be updated once set. |
AdditionalCapabilities |
| baseVirtualMachineProfile | Base Virtual Machine Profile Properties to be specified according to "specification/compute/resource-manager/Microsoft.Compute/ComputeRP/stable/{computeApiVersion}/virtualMachineScaleSet.json#/definitions/VirtualMachineScaleSetVMProfile" | BaseVirtualMachineProfile (required) |
| computeApiVersion | Specifies the Microsoft.Compute API version to use when creating underlying Virtual Machine scale sets and Virtual Machines. The default value will be the latest supported computeApiVersion by Compute Fleet. |
string |
| platformFaultDomainCount | Specifies the number of fault domains to use when creating the underlying VMSS. A fault domain is a logical group of hardware within an Azure datacenter. VMs in the same fault domain share a common power source and network switch. If not specified, defaults to 1, which represents "Max Spreading" (using as many fault domains as possible). This property cannot be updated. |
int |
DiagnosticsProfile
| Name | Description | Value |
|---|---|---|
| bootDiagnostics | Boot Diagnostics is a debugging feature which allows you to view Console Output and Screenshot to diagnose VM status. NOTE: If storageUri is being specified then ensure that the storage account is in the same region and subscription as the VM. You can easily view the output of your console log. Azure also enables you to see a screenshot of the VM from the hypervisor. |
BootDiagnostics |
DiffDiskSettings
| Name | Description | Value |
|---|---|---|
| option | Specifies the ephemeral disk settings for operating system disk. | 'Local' |
| placement | Specifies the ephemeral disk placement for operating system disk. Possible values are: CacheDisk, ResourceDisk. The defaulting behavior is: CacheDisk if one is configured for the VM size otherwise ResourceDisk is used. Refer to the VM size documentation for Windows VM at /azure/virtual-machines/windows/sizes and Linux VM at /azure/virtual-machines/linux/sizes to check which VM sizes exposes a cache disk. |
'CacheDisk' 'NvmeDisk' 'ResourceDisk' |
DiskEncryptionSetParameters
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
EncryptionIdentity
| Name | Description | Value |
|---|---|---|
| userAssignedIdentityResourceId | Specifies ARM Resource ID of one of the user identities associated with the VM. | string |
FleetProperties
| Name | Description | Value |
|---|---|---|
| additionalLocationsProfile | Represents the configuration for additional locations where Fleet resources may be deployed. | AdditionalLocationsProfile |
| capacityType | Specifies capacity type for Fleet Regular and Spot priority profiles. capacityType is an immutable property. Once set during Fleet creation, it cannot be updated. Specifying different capacity type for Fleet Regular and Spot priority profiles is not allowed. |
'VCpu' 'VM' |
| computeProfile | Compute Profile to use for running user's workloads. | ComputeProfile (required) |
| mode | Mode of the Fleet. | 'Instance' 'Managed' |
| regularPriorityProfile | Configuration Options for Regular instances in Compute Fleet. | RegularPriorityProfile |
| spotPriorityProfile | Configuration Options for Spot instances in Compute Fleet. | SpotPriorityProfile |
| vmAttributes | Attribute based Fleet. | VMAttributes |
| vmSizesProfile | List of VM sizes supported for Compute Fleet | VmSizeProfile[] (required) |
| zoneAllocationPolicy | Zone Allocation Policy for Fleet. | ZoneAllocationPolicy |
ImageReference
| Name | Description | Value |
|---|---|---|
| communityGalleryImageId | Specified the community gallery image unique id for vm deployment. This can be fetched from community gallery image GET call. |
string |
| id | Resource Id | string |
| offer | Specifies the offer of the platform image or marketplace image used to create the virtual machine. |
string |
| publisher | The image publisher. | string |
| sharedGalleryImageId | Specified the shared gallery image unique id for vm deployment. This can be fetched from shared gallery image GET call. |
string |
| sku | The image SKU. | string |
| version | Specifies the version of the platform image or marketplace image used to create the virtual machine. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available. Please do not use field 'version' for gallery image deployment, gallery image should always use 'id' field for deployment, to use 'latest' version of gallery image, just set '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/images/{imageName}' in the 'id' field without version input. |
string |
KeyVaultSecretReference
| Name | Description | Value |
|---|---|---|
| secretUrl | The URL referencing a secret in a Key Vault. | string (required) |
| sourceVault | The relative URL of the Key Vault containing the secret. | SubResource (required) |
LinuxConfiguration
| Name | Description | Value |
|---|---|---|
| disablePasswordAuthentication | Specifies whether password authentication should be disabled. | bool |
| enableVMAgentPlatformUpdates | Indicates whether VMAgent Platform Updates is enabled for the Linux virtual machine. Default value is false. |
bool |
| patchSettings | [Preview Feature] Specifies settings related to VM Guest Patching on Linux. | LinuxPatchSettings |
| provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. |
bool |
| ssh | Specifies the ssh key configuration for a Linux OS. | SshConfiguration |
LinuxPatchSettings
| Name | Description | Value |
|---|---|---|
| assessmentMode | Specifies the mode of VM Guest Patch Assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. |
'AutomaticByPlatform' 'ImageDefault' |
| automaticByPlatformSettings | Specifies additional settings for patch mode AutomaticByPlatform in VM Guest Patching on Linux. |
LinuxVMGuestPatchAutomaticByPlatformSettings |
| patchMode | Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: ImageDefault - The virtual machine's default patching configuration is used. AutomaticByPlatform - The virtual machine will be automatically updated by the platform. The property provisionVMAgent must be true |
'AutomaticByPlatform' 'ImageDefault' |
LinuxVMGuestPatchAutomaticByPlatformSettings
| Name | Description | Value |
|---|---|---|
| bypassPlatformSafetyChecksOnUserSchedule | Enables customer to schedule patching without accidental upgrades | bool |
| rebootSetting | Specifies the reboot setting for all AutomaticByPlatform patch installation operations. |
'Always' 'IfRequired' 'Never' 'Unknown' |
LocationProfile
| Name | Description | Value |
|---|---|---|
| location | The ARM location name of the additional region. If LocationProfile is specified, then location is required. | string (required) |
| virtualMachineProfileOverride | An override for computeProfile.baseVirtualMachineProfile specific to this region. This override is merged with the base virtual machine profile to define the final virtual machine profile for the resources deployed in this location. |
BaseVirtualMachineProfile |
ManagedServiceIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
| userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
OSImageNotificationProfile
| Name | Description | Value |
|---|---|---|
| enable | Specifies whether the OS Image Scheduled event is enabled or disabled. | bool |
| notBeforeTimeout | Length of time a Virtual Machine being reimaged or having its OS upgraded will have to potentially approve the OS Image Scheduled Event before the event is auto approved (timed out). The configuration is specified in ISO 8601 format, and the value must not exceed 15 minutes (PT15M) |
string |
PatchSettings
| Name | Description | Value |
|---|---|---|
| assessmentMode | Specifies the mode of VM Guest patch assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. |
'AutomaticByPlatform' 'ImageDefault' |
| automaticByPlatformSettings | Specifies additional settings for patch mode AutomaticByPlatform in VM Guest Patching on Windows. |
WindowsVMGuestPatchAutomaticByPlatformSettings |
| enableHotpatching | Enables customers to patch their Azure VMs without requiring a reboot. For enableHotpatching, the 'provisionVMAgent' must be set to true and 'patchMode' must be set to 'AutomaticByPlatform'. |
bool |
| patchMode | Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: Manual - You control the application of patches to a virtual machine. You do this by applying patches manually inside the VM. In this mode, automatic updates are disabled; the property WindowsConfiguration.enableAutomaticUpdates must be false AutomaticByOS - The virtual machine will automatically be updated by the OS. The property WindowsConfiguration.enableAutomaticUpdates must be true. AutomaticByPlatform - the virtual machine will automatically updated by the platform. The properties provisionVMAgent and WindowsConfiguration.enableAutomaticUpdates must be true |
'AutomaticByOS' 'AutomaticByPlatform' 'Manual' |
Plan
| Name | Description | Value |
|---|---|---|
| name | A user defined name of the 3rd Party Artifact that is being procured. | string (required) |
| product | The 3rd Party artifact that is being procured. E.g. NewRelic. Product maps to the OfferID specified for the artifact at the time of Data Market onboarding. | string (required) |
| promotionCode | A publisher provided promotion code as provisioned in Data Market for the said product/artifact. | string |
| publisher | The publisher of the 3rd Party Artifact that is being bought. E.g. NewRelic | string (required) |
| version | The version of the desired product/artifact. | string |
ProxyAgentSettings
| Name | Description | Value |
|---|---|---|
| enabled | Specifies whether ProxyAgent feature should be enabled on the virtual machine or virtual machine scale set. |
bool |
| keyIncarnationId | Increase the value of this property allows user to reset the key used for securing communication channel between guest and host. |
int |
| mode | Specifies the mode that ProxyAgent will execute on if the feature is enabled. ProxyAgent will start to audit or monitor but not enforce access control over requests to host endpoints in Audit mode, while in Enforce mode it will enforce access control. The default value is Enforce mode. |
'Audit' 'Enforce' |
PublicIPAddressSku
| Name | Description | Value |
|---|---|---|
| name | Specify public IP sku name | 'Basic' 'Standard' |
| tier | Specify public IP sku tier | 'Global' 'Regional' |
RegularPriorityProfile
| Name | Description | Value |
|---|---|---|
| allocationStrategy | Allocation strategy to follow when determining the VM sizes distribution for Regular VMs. | 'LowestPrice' 'Prioritized' |
| capacity | Total capacity to achieve. It is currently in terms of number of VMs. | int Constraints: Min value = 0 |
| minCapacity | Minimum capacity to achieve which cannot be updated. If we will not be able to "guarantee" minimum capacity, we will reject the request in the sync path itself. | int Constraints: Min value = 0 |
ScheduledEventsProfile
| Name | Description | Value |
|---|---|---|
| osImageNotificationProfile | Specifies OS Image Scheduled Event related configurations. | OSImageNotificationProfile |
| terminateNotificationProfile | Specifies Terminate Scheduled Event related configurations. | TerminateNotificationProfile |
SecurityPostureReference
| Name | Description | Value |
|---|---|---|
| excludeExtensions | List of virtual machine extension names to exclude when applying the security posture. |
string[] |
| id | The security posture reference id in the form of /CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|{major.*}|latest |
string |
| isOverridable | Whether the security posture can be overridden by the user. | bool |
SecurityProfile
| Name | Description | Value |
|---|---|---|
| encryptionAtHost | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. The default behavior is: The Encryption at host will be disabled unless this property is set to true for the resource. |
bool |
| encryptionIdentity | Specifies the Managed Identity used by ADE to get access token for keyvault operations. |
EncryptionIdentity |
| proxyAgentSettings | Specifies ProxyAgent settings while creating the virtual machine. Minimum api-version: 2023-09-01. |
ProxyAgentSettings |
| securityType | Specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UefiSettings. The default behavior is: UefiSettings will not be enabled unless this property is set. |
'ConfidentialVM' 'TrustedLaunch' |
| uefiSettings | Specifies the security settings like secure boot and vTPM used while creating the virtual machine. Minimum api-version: 2020-12-01. |
UefiSettings |
ServiceArtifactReference
| Name | Description | Value |
|---|---|---|
| id | The service artifact reference id in the form of /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/galleries/{galleryName}/serviceArtifacts/{serviceArtifactName}/vmArtifactsProfiles/{vmArtifactsProfilesName} |
string |
SpotPriorityProfile
| Name | Description | Value |
|---|---|---|
| allocationStrategy | Allocation strategy to follow when determining the VM sizes distribution for Spot VMs. | 'CapacityOptimized' 'LowestPrice' 'PriceCapacityOptimized' |
| capacity | Total capacity to achieve. It is currently in terms of number of VMs. | int Constraints: Min value = 0 |
| evictionPolicy | Eviction Policy to follow when evicting Spot VMs. | 'Deallocate' 'Delete' |
| maintain | Flag to enable/disable continuous goal seeking for the desired capacity and restoration of evicted Spot VMs. If maintain is enabled, AzureFleetRP will use all VM sizes in vmSizesProfile to create new VMs (if VMs are evicted deleted) or update existing VMs with new VM sizes (if VMs are evicted deallocated or failed to allocate due to capacity constraint) in order to achieve the desired capacity. Maintain is enabled by default. |
bool |
| maxPricePerVM | Price per hour of each Spot VM will never exceed this. | int |
| minCapacity | Minimum capacity to achieve which cannot be updated. If we will not be able to "guarantee" minimum capacity, we will reject the request in the sync path itself. | int Constraints: Min value = 0 |
SshConfiguration
| Name | Description | Value |
|---|---|---|
| publicKeys | The list of SSH public keys used to authenticate with linux based VMs. | SshPublicKey[] |
SshPublicKey
| Name | Description | Value |
|---|---|---|
| keyData | SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format. For creating ssh keys, see [Create SSH keys on Linux and Mac for Linux VMs in Azure]/azure/virtual-machines/linux/create-ssh-keys-detailed). |
string |
| path | Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys |
string |
SubResource
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
TerminateNotificationProfile
| Name | Description | Value |
|---|---|---|
| enable | Specifies whether the Terminate Scheduled event is enabled or disabled. | bool |
| notBeforeTimeout | Configurable length of time a Virtual Machine being deleted will have to potentially approve the Terminate Scheduled Event before the event is auto approved (timed out). The configuration must be specified in ISO 8601 format, the default value is 5 minutes (PT5M) |
string |
TrackedResourceTags
| Name | Description | Value |
|---|
UefiSettings
| Name | Description | Value |
|---|---|---|
| secureBootEnabled | Specifies whether secure boot should be enabled on the virtual machine. Minimum api-version: 2020-12-01. |
bool |
| vTpmEnabled | Specifies whether vTPM should be enabled on the virtual machine. Minimum api-version: 2020-12-01. |
bool |
UserAssignedIdentities
| Name | Description | Value |
|---|
UserAssignedIdentity
| Name | Description | Value |
|---|
VaultCertificate
| Name | Description | Value |
|---|---|---|
| certificateStore | For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account. For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted. |
string |
| certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"<Base64-encoded-certificate>", "dataType":"pfx", "password":"<pfx-file-password>" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
string |
VaultSecretGroup
| Name | Description | Value |
|---|---|---|
| sourceVault | The relative URL of the Key Vault containing all of the certificates in VaultCertificates. |
SubResource |
| vaultCertificates | The list of key vault references in SourceVault which contain certificates. | VaultCertificate[] |
VirtualHardDisk
| Name | Description | Value |
|---|---|---|
| uri | Specifies the virtual hard disk's uri. | string |
VirtualMachineScaleSetDataDisk
| Name | Description | Value |
|---|---|---|
| caching | Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The default values are: None for Standard storage. ReadOnly for Premium storage. |
'None' 'ReadOnly' 'ReadWrite' |
| createOption | The create option. | 'Attach' 'Copy' 'Empty' 'FromImage' 'Restore' (required) |
| deleteOption | Specifies whether data disk should be deleted or detached upon VMSS Flex deletion (This feature is available for VMSS with Flexible OrchestrationMode only). Possible values: Delete If this value is used, the data disk is deleted when the VMSS Flex VM is deleted. Detach If this value is used, the data disk is retained after VMSS Flex VM is deleted. The default value is set to Delete. |
'Delete' 'Detach' |
| diskIOPSReadWrite | Specifies the Read-Write IOPS for the managed disk. Should be used only when StorageAccountType is UltraSSD_LRS. If not specified, a default value would be assigned based on diskSizeGB. |
int |
| diskMBpsReadWrite | Specifies the bandwidth in MB per second for the managed disk. Should be used only when StorageAccountType is UltraSSD_LRS. If not specified, a default value would be assigned based on diskSizeGB. |
int |
| diskSizeGB | Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property diskSizeGB is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023. |
int |
| lun | Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. |
int (required) |
| managedDisk | The managed disk parameters. | VirtualMachineScaleSetManagedDiskParameters |
| name | The disk name. | string |
| writeAcceleratorEnabled | Specifies whether writeAccelerator should be enabled or disabled on the disk. | bool |
VirtualMachineScaleSetExtension
| Name | Description | Value |
|---|---|---|
| name | The name of the extension. | string |
| properties | Describes the properties of a Virtual Machine Scale Set Extension. | VirtualMachineScaleSetExtensionProperties |
VirtualMachineScaleSetExtensionProfile
| Name | Description | Value |
|---|---|---|
| extensions | The virtual machine scale set child extension resources. | VirtualMachineScaleSetExtension[] |
| extensionsTimeBudget | Specifies the time alloted for all extensions to start. The time duration should be between 15 minutes and 120 minutes (inclusive) and should be specified in ISO 8601 format. The default value is 90 minutes (PT1H30M). Minimum api-version: 2020-06-01. |
string |
VirtualMachineScaleSetExtensionProperties
| Name | Description | Value |
|---|---|---|
| autoUpgradeMinorVersion | Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. |
bool |
| enableAutomaticUpgrade | Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. |
bool |
| forceUpdateTag | If a value is provided and is different from the previous value, the extension handler will be forced to update even if the extension configuration has not changed. |
string |
| protectedSettings | The extension can contain either protectedSettings or protectedSettingsFromKeyVault or no protected settings at all. |
VirtualMachineScaleSetExtensionPropertiesProtectedSettings |
| protectedSettingsFromKeyVault | The extensions protected settings that are passed by reference, and consumed from key vault |
KeyVaultSecretReference |
| provisionAfterExtensions | Collection of extension names after which this extension needs to be provisioned. |
string[] |
| publisher | The name of the extension handler publisher. | string |
| settings | Json formatted public settings for the extension. | VirtualMachineScaleSetExtensionPropertiesSettings |
| suppressFailures | Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. |
bool |
| type | Specifies the type of the extension; an example is "CustomScriptExtension". | string |
| typeHandlerVersion | Specifies the version of the script handler. | string |
VirtualMachineScaleSetExtensionPropertiesProtectedSettings
| Name | Description | Value |
|---|
VirtualMachineScaleSetExtensionPropertiesSettings
| Name | Description | Value |
|---|
VirtualMachineScaleSetHardwareProfile
| Name | Description | Value |
|---|---|---|
| vmSizeProperties | Specifies the properties for customizing the size of the virtual machine. Minimum api-version: 2021-11-01. Please follow the instructions in VM Customization for more details. |
VMSizeProperties |
VirtualMachineScaleSetIPConfiguration
| Name | Description | Value |
|---|---|---|
| name | The IP configuration name. | string (required) |
| properties | Describes a virtual machine scale set network profile's IP configuration properties. |
VirtualMachineScaleSetIPConfigurationProperties |
VirtualMachineScaleSetIPConfigurationProperties
| Name | Description | Value |
|---|---|---|
| applicationGatewayBackendAddressPools | Specifies an array of references to backend address pools of application gateways. A scale set can reference backend address pools of multiple application gateways. Multiple scale sets cannot use the same application gateway. |
SubResource[] |
| applicationSecurityGroups | Specifies an array of references to application security group. | SubResource[] |
| loadBalancerBackendAddressPools | Specifies an array of references to backend address pools of load balancers. A scale set can reference backend address pools of one public and one internal load balancer. Multiple scale sets cannot use the same basic sku load balancer. |
SubResource[] |
| loadBalancerInboundNatPools | Specifies an array of references to inbound Nat pools of the load balancers. A scale set can reference inbound nat pools of one public and one internal load balancer. Multiple scale sets cannot use the same basic sku load balancer. |
SubResource[] |
| primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. |
bool |
| privateIPAddressVersion | Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. |
'IPv4' 'IPv6' |
| publicIPAddressConfiguration | The publicIPAddressConfiguration. | VirtualMachineScaleSetPublicIPAddressConfiguration |
| subnet | Specifies the identifier of the subnet. | ApiEntityReference |
VirtualMachineScaleSetIpTag
| Name | Description | Value |
|---|---|---|
| ipTagType | IP tag type. Example: FirstPartyUsage. | string |
| tag | IP tag associated with the public IP. Example: SQL, Storage etc. | string |
VirtualMachineScaleSetManagedDiskParameters
| Name | Description | Value |
|---|---|---|
| diskEncryptionSet | Specifies the customer managed disk encryption set resource id for the managed disk. |
DiskEncryptionSetParameters |
| securityProfile | Specifies the security profile for the managed disk. | VMDiskSecurityProfile |
| storageAccountType | Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. |
'PremiumV2_LRS' 'Premium_LRS' 'Premium_ZRS' 'StandardSSD_LRS' 'StandardSSD_ZRS' 'Standard_LRS' 'UltraSSD_LRS' |
VirtualMachineScaleSetNetworkConfiguration
| Name | Description | Value |
|---|---|---|
| name | The network configuration name. | string (required) |
| properties | Describes a virtual machine scale set network profile's IP configuration. | VirtualMachineScaleSetNetworkConfigurationProperties |
VirtualMachineScaleSetNetworkConfigurationDnsSettings
| Name | Description | Value |
|---|---|---|
| dnsServers | List of DNS servers IP addresses | string[] |
VirtualMachineScaleSetNetworkConfigurationProperties
| Name | Description | Value |
|---|---|---|
| auxiliaryMode | Specifies whether the Auxiliary mode is enabled for the Network Interface resource. |
'AcceleratedConnections' 'Floating' 'None' |
| auxiliarySku | Specifies whether the Auxiliary sku is enabled for the Network Interface resource. |
'A1' 'A2' 'A4' 'A8' 'None' |
| deleteOption | Specify what happens to the network interface when the VM is deleted | 'Delete' 'Detach' |
| disableTcpStateTracking | Specifies whether the network interface is disabled for tcp state tracking. | bool |
| dnsSettings | The dns settings to be applied on the network interfaces. | VirtualMachineScaleSetNetworkConfigurationDnsSettings |
| enableAcceleratedNetworking | Specifies whether the network interface is accelerated networking-enabled. | bool |
| enableFpga | Specifies whether the network interface is FPGA networking-enabled. | bool |
| enableIPForwarding | Whether IP forwarding enabled on this NIC. | bool |
| ipConfigurations | Specifies the IP configurations of the network interface. | VirtualMachineScaleSetIPConfiguration[] (required) |
| networkSecurityGroup | The network security group. | SubResource |
| primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. |
bool |
VirtualMachineScaleSetNetworkProfile
| Name | Description | Value |
|---|---|---|
| healthProbe | A reference to a load balancer probe used to determine the health of an instance in the virtual machine scale set. The reference will be in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/loadBalancers/{loadBalancerName}/probes/{probeName}'. |
ApiEntityReference |
| networkApiVersion | specifies the Microsoft.Network API version used when creating networking resources in the Network Interface Configurations for Virtual Machine Scale Set with orchestration mode 'Flexible' |
'2020-11-01' |
| networkInterfaceConfigurations | The list of network configurations. | VirtualMachineScaleSetNetworkConfiguration[] |
VirtualMachineScaleSetOSDisk
| Name | Description | Value |
|---|---|---|
| caching | Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The default values are: None for Standard storage. ReadOnly for Premium storage. |
'None' 'ReadOnly' 'ReadWrite' |
| createOption | Specifies how the virtual machines in the scale set should be created. The only allowed value is: FromImage. This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described. |
'Attach' 'Copy' 'Empty' 'FromImage' 'Restore' (required) |
| deleteOption | Specifies whether OS Disk should be deleted or detached upon VMSS Flex deletion (This feature is available for VMSS with Flexible OrchestrationMode only). Possible values: Delete If this value is used, the OS disk is deleted when VMSS Flex VM is deleted. Detach If this value is used, the OS disk is retained after VMSS Flex VM is deleted. The default value is set to Delete. For an Ephemeral OS Disk, the default value is set to Delete. User cannot change the delete option for Ephemeral OS Disk. |
'Delete' 'Detach' |
| diffDiskSettings | Specifies the ephemeral disk Settings for the operating system disk used by the virtual machine scale set. |
DiffDiskSettings |
| diskSizeGB | Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property 'diskSizeGB' is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023. |
int |
| image | Specifies information about the unmanaged user image to base the scale set on. | VirtualHardDisk |
| managedDisk | The managed disk parameters. | VirtualMachineScaleSetManagedDiskParameters |
| name | The disk name. | string |
| osType | This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD. Possible values are: Windows, Linux. |
'Linux' 'Windows' |
| vhdContainers | Specifies the container urls that are used to store operating system disks for the scale set. |
string[] |
| writeAcceleratorEnabled | Specifies whether writeAccelerator should be enabled or disabled on the disk. | bool |
VirtualMachineScaleSetOSProfile
| Name | Description | Value |
|---|---|---|
| adminPassword | Specifies the password of the administrator account. Minimum-length (Windows): 8 characters Minimum-length (Linux): 6 characters Max-length (Windows): 123 characters Max-length (Linux): 72 characters Complexity requirements: 3 out of 4 conditions below need to be fulfilled Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_]) Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!" For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension |
string Constraints: Sensitive value. Pass in as a secure parameter. |
| adminUsername | Specifies the name of the administrator account. Windows-only restriction: Cannot end in "." Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". Minimum-length (Linux): 1 character Max-length (Linux): 64 characters Max-length (Windows): 20 characters |
string |
| allowExtensionOperations | Specifies whether extension operations should be allowed on the virtual machine scale set. This may only be set to False when no extensions are present on the virtual machine scale set. |
bool |
| computerNamePrefix | Specifies the computer name prefix for all of the virtual machines in the scale set. Computer name prefixes must be 1 to 15 characters long. |
string |
| customData | Specifies a base-64 encoded string of custom data. The base-64 encoded string is decoded to a binary array that is saved as a file on the Virtual Machine. The maximum length of the binary array is 65535 bytes. For using cloud-init for your VM, see Using cloud-init to customize a Linux VM during creation |
string Constraints: Sensitive value. Pass in as a secure parameter. |
| linuxConfiguration | Specifies the Linux operating system settings on the virtual machine. For a list of supported Linux distributions, see Linux on Azure-Endorsed Distributions. |
LinuxConfiguration |
| requireGuestProvisionSignal | Optional property which must either be set to True or omitted. | bool |
| secrets | Specifies set of certificates that should be installed onto the virtual machines in the scale set. To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
VaultSecretGroup[] |
| windowsConfiguration | Specifies Windows operating system settings on the virtual machine. | WindowsConfiguration |
VirtualMachineScaleSetPublicIPAddressConfiguration
| Name | Description | Value |
|---|---|---|
| name | The publicIP address configuration name. | string (required) |
| properties | Describes a virtual machines scale set IP Configuration's PublicIPAddress configuration |
VirtualMachineScaleSetPublicIPAddressConfigurationProperties |
| sku | Describes the public IP Sku. It can only be set with OrchestrationMode as Flexible. |
PublicIPAddressSku |
VirtualMachineScaleSetPublicIPAddressConfigurationDnsSettings
| Name | Description | Value |
|---|---|---|
| domainNameLabel | The Domain name label.The concatenation of the domain name label and vm index will be the domain name labels of the PublicIPAddress resources that will be created |
string (required) |
| domainNameLabelScope | The Domain name label scope.The concatenation of the hashed domain name label that generated according to the policy from domain name label scope and vm index will be the domain name labels of the PublicIPAddress resources that will be created |
'NoReuse' 'ResourceGroupReuse' 'SubscriptionReuse' 'TenantReuse' |
VirtualMachineScaleSetPublicIPAddressConfigurationProperties
| Name | Description | Value |
|---|---|---|
| deleteOption | Specify what happens to the public IP when the VM is deleted | 'Delete' 'Detach' |
| dnsSettings | The dns settings to be applied on the publicIP addresses . | VirtualMachineScaleSetPublicIPAddressConfigurationDnsSettings |
| idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
| ipTags | The list of IP tags associated with the public IP address. | VirtualMachineScaleSetIpTag[] |
| publicIPAddressVersion | Available from Api-Version 2019-07-01 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. |
'IPv4' 'IPv6' |
| publicIPPrefix | The PublicIPPrefix from which to allocate publicIP addresses. | SubResource |
VirtualMachineScaleSetStorageProfile
| Name | Description | Value |
|---|---|---|
| dataDisks | Specifies the parameters that are used to add data disks to the virtual machines in the scale set. For more information about disks, see About disks and VHDs for Azure virtual machines. |
VirtualMachineScaleSetDataDisk[] |
| diskControllerType | Specifies the disk controller type configured for the virtual machines in the scale set. Minimum api-version: 2022-08-01 | 'NVMe' 'SCSI' |
| imageReference | Specifies information about the image to use. You can specify information about platform images, marketplace images, or virtual machine images. This element is required when you want to use a platform image, marketplace image, or virtual machine image, but is not used in other creation operations. |
ImageReference |
| osDisk | Specifies information about the operating system disk used by the virtual machines in the scale set. For more information about disks, see About disks and VHDs for Azure virtual machines. |
VirtualMachineScaleSetOSDisk |
VMAttributeMinMaxDouble
| Name | Description | Value |
|---|---|---|
| max | Maximum value. Double.MaxValue(1.7976931348623157E+308) | int Constraints: Min value = 0 |
| min | Minimum value. default 0. Double.MinValue() | int Constraints: Min value = 0 |
VMAttributeMinMaxInteger
| Name | Description | Value |
|---|---|---|
| max | Max VMSize from CRS, Max = 4294967295 (uint.MaxValue) if not specified. | int Constraints: Min value = 0 |
| min | Min VMSize from CRS, Min = 0 (uint.MinValue) if not specified. | int Constraints: Min value = 0 |
VMAttributes
| Name | Description | Value |
|---|---|---|
| acceleratorCount | The range of accelerator count specified from min to max. Optional parameter. Either Min or Max is required if specified. acceleratorSupport should be set to "Included" or "Required" to use this VMAttribute. If acceleratorSupport is "Excluded", this VMAttribute can not be used. |
VMAttributeMinMaxInteger |
| acceleratorManufacturers | The accelerator manufacturers specified as a list. acceleratorSupport should be set to "Included" or "Required" to use this VMAttribute. If acceleratorSupport is "Excluded", this VMAttribute can not be used. |
String array containing any of: 'AMD' 'Nvidia' 'Xilinx' |
| acceleratorSupport | Specifies whether the VMSize supporting accelerator should be used to build Fleet or not. acceleratorSupport should be set to "Included" or "Required" to use this VMAttribute. If acceleratorSupport is "Excluded", this VMAttribute can not be used. |
'Excluded' 'Included' 'Required' |
| acceleratorTypes | The accelerator types specified as a list. acceleratorSupport should be set to "Included" or "Required" to use this VMAttribute. If acceleratorSupport is "Excluded", this VMAttribute can not be used. |
String array containing any of: 'FPGA' 'GPU' |
| architectureTypes | The VM architecture types specified as a list. Optional parameter. | String array containing any of: 'ARM64' 'X64' |
| burstableSupport | Specifies whether the VMSize supporting burstable capability should be used to build Fleet or not. | 'Excluded' 'Included' 'Required' |
| cpuManufacturers | The VM CPU manufacturers specified as a list. Optional parameter. | String array containing any of: 'AMD' 'Ampere' 'Intel' 'Microsoft' |
| dataDiskCount | The range of data disk count specified from Min to Max. Optional parameter. Either Min or Max is required if specified. | VMAttributeMinMaxInteger |
| excludedVMSizes | Specifies which VMSizes should be excluded while building Fleet. Optional parameter. | string[] |
| localStorageDiskTypes | The local storage disk types specified as a list. LocalStorageSupport should be set to "Included" or "Required" to use this VMAttribute. If localStorageSupport is "Excluded", this VMAttribute can not be used. |
String array containing any of: 'HDD' 'SSD' |
| localStorageInGiB | LocalStorageSupport should be set to "Included" or "Required" to use this VMAttribute. If localStorageSupport is "Excluded", this VMAttribute can not be used. |
VMAttributeMinMaxDouble |
| localStorageSupport | Specifies whether the VMSize supporting local storage should be used to build Fleet or not. Included - Default if not specified as most Azure VMs support local storage. |
'Excluded' 'Included' 'Required' |
| memoryInGiB | The range of memory specified from Min to Max. Must be specified if VMAttributes are specified, either Min or Max is required if specified. | VMAttributeMinMaxDouble (required) |
| memoryInGiBPerVCpu | The range of memory in GiB per vCPU specified from min to max. Optional parameter. Either Min or Max is required if specified. | VMAttributeMinMaxDouble |
| networkBandwidthInMbps | The range of network bandwidth in Mbps specified from Min to Max. Optional parameter. Either Min or Max is required if specified. | VMAttributeMinMaxDouble |
| networkInterfaceCount | The range of network interface count specified from Min to Max. Optional parameter. Either Min or Max is required if specified. | VMAttributeMinMaxInteger |
| rdmaNetworkInterfaceCount | The range of RDMA (Remote Direct Memory Access) network interface count specified from Min to Max. Optional parameter. Either Min or Max is required if specified. rdmaSupport should be set to "Included" or "Required" to use this VMAttribute. If rdmaSupport is "Excluded", this VMAttribute can not be used. |
VMAttributeMinMaxInteger |
| rdmaSupport | Specifies whether the VMSize supporting RDMA (Remote Direct Memory Access) should be used to build Fleet or not. | 'Excluded' 'Included' 'Required' |
| vCpuCount | The range of vCpuCount specified from Min to Max. Must be specified if VMAttributes are specified, either Min or Max is required if specified. | VMAttributeMinMaxInteger (required) |
| vmCategories | The VM category specified as a list. Optional parameter. | String array containing any of: 'ComputeOptimized' 'FpgaAccelerated' 'GeneralPurpose' 'GpuAccelerated' 'HighPerformanceCompute' 'MemoryOptimized' 'StorageOptimized' |
VMDiskSecurityProfile
| Name | Description | Value |
|---|---|---|
| diskEncryptionSet | Specifies the customer managed disk encryption set resource id for the managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and VMGuest blob. |
DiskEncryptionSetParameters |
| securityEncryptionType | Specifies the EncryptionType of the managed disk. It is set to DiskWithVMGuestState for encryption of the managed disk along with VMGuestState blob, VMGuestStateOnly for encryption of just the VMGuestState blob, and NonPersistedTPM for not persisting firmware state in the VMGuestState blob.. Note: It can be set for only Confidential VMs. |
'DiskWithVMGuestState' 'NonPersistedTPM' 'VMGuestStateOnly' |
VMGalleryApplication
| Name | Description | Value |
|---|---|---|
| configurationReference | Optional, Specifies the uri to an azure blob that will replace the default configuration for the package if provided |
string |
| enableAutomaticUpgrade | If set to true, when a new Gallery Application version is available in PIR/SIG, it will be automatically updated for the VM/VMSS |
bool |
| order | Optional, Specifies the order in which the packages have to be installed | int |
| packageReferenceId | Specifies the GalleryApplicationVersion resource id on the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/applications/{application}/versions/{version} |
string (required) |
| tags | Optional, Specifies a passthrough value for more generic context. | string |
| treatFailureAsDeploymentFailure | Optional, If true, any failure for any operation in the VmApplication will fail the deployment |
bool |
VmSizeProfile
| Name | Description | Value |
|---|---|---|
| name | The Sku name (e.g. 'Standard_DS1_v2') | string (required) |
| rank | The rank of the VM size. This is used with 'RegularPriorityAllocationStrategy.Prioritized' The lower the number, the higher the priority. Starting with 0. |
int Constraints: Min value = 0 Max value = 65535 |
VMSizeProperties
| Name | Description | Value |
|---|---|---|
| vCPUsAvailable | Specifies the number of vCPUs available for the VM. When this property is not specified in the request body the default behavior is to set it to the value of vCPUs available for that VM size exposed in api response of List all available virtual machine sizes in a region. |
int |
| vCPUsPerCore | Specifies the vCPU to physical core ratio. When this property is not specified in the request body the default behavior is set to the value of vCPUsPerCore for the VM Size exposed in api response of List all available virtual machine sizes in a region. Setting this property to 1 also means that hyper-threading is disabled. |
int |
WindowsConfiguration
| Name | Description | Value |
|---|---|---|
| additionalUnattendContent | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. |
AdditionalUnattendContent[] |
| enableAutomaticUpdates | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. |
bool |
| enableVMAgentPlatformUpdates | Indicates whether VMAgent Platform Updates is enabled for the Windows virtual machine. Default value is false. |
bool |
| patchSettings | [Preview Feature] Specifies settings related to VM Guest Patching on Windows. | PatchSettings |
| provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, it is set to true by default. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. |
bool |
| timeZone | Specifies the time zone of the virtual machine. e.g. "Pacific Standard Time". Possible values can be TimeZoneInfo.Id value from time zones returned by TimeZoneInfo.GetSystemTimeZones. |
string |
| winRM | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. |
WinRMConfiguration |
WindowsVMGuestPatchAutomaticByPlatformSettings
| Name | Description | Value |
|---|---|---|
| bypassPlatformSafetyChecksOnUserSchedule | Enables customer to schedule patching without accidental upgrades | bool |
| rebootSetting | Specifies the reboot setting for all AutomaticByPlatform patch installation operations. |
'Always' 'IfRequired' 'Never' 'Unknown' |
WinRMConfiguration
| Name | Description | Value |
|---|---|---|
| listeners | The list of Windows Remote Management listeners | WinRMListener[] |
WinRMListener
| Name | Description | Value |
|---|---|---|
| certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"<Base64-encoded-certificate>", "dataType":"pfx", "password":"<pfx-file-password>" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
string |
| protocol | Specifies the protocol of WinRM listener. Possible values are: http, https. |
'Http' 'Https' |
ZoneAllocationPolicy
| Name | Description | Value |
|---|---|---|
| distributionStrategy | Distribution strategy used for zone allocation policy. | 'BestEffortSingleZone' 'Prioritized' (required) |
| zonePreferences | Zone preferences, required when zone distribution strategy is Prioritized. | ZonePreference[] |
ZonePreference
| Name | Description | Value |
|---|---|---|
| rank | The rank of the zone. This is used with 'Prioritized' ZoneDistributionStrategy. The lower the number, the higher the priority, starting with 0. 0 is the highest rank. If not specified, defaults to lowest rank. |
int Constraints: Min value = 0 Max value = 65535 |
| zone | Name of the zone. | string (required) |
Usage Examples
Terraform (AzAPI provider) resource definition
The fleets resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.AzureFleet/fleets resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.AzureFleet/fleets@2025-07-01-preview"
name = "string"
parent_id = "string"
identity {
type = "string"
identity_ids = [
"string"
]
}
location = "string"
tags = {
{customized property} = "string"
}
body = {
plan = {
name = "string"
product = "string"
promotionCode = "string"
publisher = "string"
version = "string"
}
properties = {
additionalLocationsProfile = {
locationProfiles = [
{
location = "string"
virtualMachineProfileOverride = {
applicationProfile = {
galleryApplications = [
{
configurationReference = "string"
enableAutomaticUpgrade = bool
order = int
packageReferenceId = "string"
tags = "string"
treatFailureAsDeploymentFailure = bool
}
]
}
capacityReservation = {
capacityReservationGroup = {
id = "string"
}
}
diagnosticsProfile = {
bootDiagnostics = {
enabled = bool
storageUri = "string"
}
}
extensionProfile = {
extensions = [
{
name = "string"
properties = {
autoUpgradeMinorVersion = bool
enableAutomaticUpgrade = bool
forceUpdateTag = "string"
protectedSettings = {
{customized property} = ?
}
protectedSettingsFromKeyVault = {
secretUrl = "string"
sourceVault = {
id = "string"
}
}
provisionAfterExtensions = [
"string"
]
publisher = "string"
settings = {
{customized property} = ?
}
suppressFailures = bool
type = "string"
typeHandlerVersion = "string"
}
}
]
extensionsTimeBudget = "string"
}
hardwareProfile = {
vmSizeProperties = {
vCPUsAvailable = int
vCPUsPerCore = int
}
}
licenseType = "string"
networkProfile = {
healthProbe = {
id = "string"
}
networkApiVersion = "string"
networkInterfaceConfigurations = [
{
name = "string"
properties = {
auxiliaryMode = "string"
auxiliarySku = "string"
deleteOption = "string"
disableTcpStateTracking = bool
dnsSettings = {
dnsServers = [
"string"
]
}
enableAcceleratedNetworking = bool
enableFpga = bool
enableIPForwarding = bool
ipConfigurations = [
{
name = "string"
properties = {
applicationGatewayBackendAddressPools = [
{
id = "string"
}
]
applicationSecurityGroups = [
{
id = "string"
}
]
loadBalancerBackendAddressPools = [
{
id = "string"
}
]
loadBalancerInboundNatPools = [
{
id = "string"
}
]
primary = bool
privateIPAddressVersion = "string"
publicIPAddressConfiguration = {
name = "string"
properties = {
deleteOption = "string"
dnsSettings = {
domainNameLabel = "string"
domainNameLabelScope = "string"
}
idleTimeoutInMinutes = int
ipTags = [
{
ipTagType = "string"
tag = "string"
}
]
publicIPAddressVersion = "string"
publicIPPrefix = {
id = "string"
}
}
sku = {
name = "string"
tier = "string"
}
}
subnet = {
id = "string"
}
}
}
]
networkSecurityGroup = {
id = "string"
}
primary = bool
}
}
]
}
osProfile = {
adminPassword = "string"
adminUsername = "string"
allowExtensionOperations = bool
computerNamePrefix = "string"
customData = "string"
linuxConfiguration = {
disablePasswordAuthentication = bool
enableVMAgentPlatformUpdates = bool
patchSettings = {
assessmentMode = "string"
automaticByPlatformSettings = {
bypassPlatformSafetyChecksOnUserSchedule = bool
rebootSetting = "string"
}
patchMode = "string"
}
provisionVMAgent = bool
ssh = {
publicKeys = [
{
keyData = "string"
path = "string"
}
]
}
}
requireGuestProvisionSignal = bool
secrets = [
{
sourceVault = {
id = "string"
}
vaultCertificates = [
{
certificateStore = "string"
certificateUrl = "string"
}
]
}
]
windowsConfiguration = {
additionalUnattendContent = [
{
componentName = "Microsoft-Windows-Shell-Setup"
content = "string"
passName = "OobeSystem"
settingName = "string"
}
]
enableAutomaticUpdates = bool
enableVMAgentPlatformUpdates = bool
patchSettings = {
assessmentMode = "string"
automaticByPlatformSettings = {
bypassPlatformSafetyChecksOnUserSchedule = bool
rebootSetting = "string"
}
enableHotpatching = bool
patchMode = "string"
}
provisionVMAgent = bool
timeZone = "string"
winRM = {
listeners = [
{
certificateUrl = "string"
protocol = "string"
}
]
}
}
}
scheduledEventsProfile = {
osImageNotificationProfile = {
enable = bool
notBeforeTimeout = "string"
}
terminateNotificationProfile = {
enable = bool
notBeforeTimeout = "string"
}
}
securityPostureReference = {
excludeExtensions = [
"string"
]
id = "string"
isOverridable = bool
}
securityProfile = {
encryptionAtHost = bool
encryptionIdentity = {
userAssignedIdentityResourceId = "string"
}
proxyAgentSettings = {
enabled = bool
keyIncarnationId = int
mode = "string"
}
securityType = "string"
uefiSettings = {
secureBootEnabled = bool
vTpmEnabled = bool
}
}
serviceArtifactReference = {
id = "string"
}
storageProfile = {
dataDisks = [
{
caching = "string"
createOption = "string"
deleteOption = "string"
diskIOPSReadWrite = int
diskMBpsReadWrite = int
diskSizeGB = int
lun = int
managedDisk = {
diskEncryptionSet = {
id = "string"
}
securityProfile = {
diskEncryptionSet = {
id = "string"
}
securityEncryptionType = "string"
}
storageAccountType = "string"
}
name = "string"
writeAcceleratorEnabled = bool
}
]
diskControllerType = "string"
imageReference = {
communityGalleryImageId = "string"
id = "string"
offer = "string"
publisher = "string"
sharedGalleryImageId = "string"
sku = "string"
version = "string"
}
osDisk = {
caching = "string"
createOption = "string"
deleteOption = "string"
diffDiskSettings = {
option = "string"
placement = "string"
}
diskSizeGB = int
image = {
uri = "string"
}
managedDisk = {
diskEncryptionSet = {
id = "string"
}
securityProfile = {
diskEncryptionSet = {
id = "string"
}
securityEncryptionType = "string"
}
storageAccountType = "string"
}
name = "string"
osType = "string"
vhdContainers = [
"string"
]
writeAcceleratorEnabled = bool
}
}
userData = "string"
}
}
]
}
capacityType = "string"
computeProfile = {
additionalVirtualMachineCapabilities = {
hibernationEnabled = bool
ultraSSDEnabled = bool
}
baseVirtualMachineProfile = {
applicationProfile = {
galleryApplications = [
{
configurationReference = "string"
enableAutomaticUpgrade = bool
order = int
packageReferenceId = "string"
tags = "string"
treatFailureAsDeploymentFailure = bool
}
]
}
capacityReservation = {
capacityReservationGroup = {
id = "string"
}
}
diagnosticsProfile = {
bootDiagnostics = {
enabled = bool
storageUri = "string"
}
}
extensionProfile = {
extensions = [
{
name = "string"
properties = {
autoUpgradeMinorVersion = bool
enableAutomaticUpgrade = bool
forceUpdateTag = "string"
protectedSettings = {
{customized property} = ?
}
protectedSettingsFromKeyVault = {
secretUrl = "string"
sourceVault = {
id = "string"
}
}
provisionAfterExtensions = [
"string"
]
publisher = "string"
settings = {
{customized property} = ?
}
suppressFailures = bool
type = "string"
typeHandlerVersion = "string"
}
}
]
extensionsTimeBudget = "string"
}
hardwareProfile = {
vmSizeProperties = {
vCPUsAvailable = int
vCPUsPerCore = int
}
}
licenseType = "string"
networkProfile = {
healthProbe = {
id = "string"
}
networkApiVersion = "string"
networkInterfaceConfigurations = [
{
name = "string"
properties = {
auxiliaryMode = "string"
auxiliarySku = "string"
deleteOption = "string"
disableTcpStateTracking = bool
dnsSettings = {
dnsServers = [
"string"
]
}
enableAcceleratedNetworking = bool
enableFpga = bool
enableIPForwarding = bool
ipConfigurations = [
{
name = "string"
properties = {
applicationGatewayBackendAddressPools = [
{
id = "string"
}
]
applicationSecurityGroups = [
{
id = "string"
}
]
loadBalancerBackendAddressPools = [
{
id = "string"
}
]
loadBalancerInboundNatPools = [
{
id = "string"
}
]
primary = bool
privateIPAddressVersion = "string"
publicIPAddressConfiguration = {
name = "string"
properties = {
deleteOption = "string"
dnsSettings = {
domainNameLabel = "string"
domainNameLabelScope = "string"
}
idleTimeoutInMinutes = int
ipTags = [
{
ipTagType = "string"
tag = "string"
}
]
publicIPAddressVersion = "string"
publicIPPrefix = {
id = "string"
}
}
sku = {
name = "string"
tier = "string"
}
}
subnet = {
id = "string"
}
}
}
]
networkSecurityGroup = {
id = "string"
}
primary = bool
}
}
]
}
osProfile = {
adminPassword = "string"
adminUsername = "string"
allowExtensionOperations = bool
computerNamePrefix = "string"
customData = "string"
linuxConfiguration = {
disablePasswordAuthentication = bool
enableVMAgentPlatformUpdates = bool
patchSettings = {
assessmentMode = "string"
automaticByPlatformSettings = {
bypassPlatformSafetyChecksOnUserSchedule = bool
rebootSetting = "string"
}
patchMode = "string"
}
provisionVMAgent = bool
ssh = {
publicKeys = [
{
keyData = "string"
path = "string"
}
]
}
}
requireGuestProvisionSignal = bool
secrets = [
{
sourceVault = {
id = "string"
}
vaultCertificates = [
{
certificateStore = "string"
certificateUrl = "string"
}
]
}
]
windowsConfiguration = {
additionalUnattendContent = [
{
componentName = "Microsoft-Windows-Shell-Setup"
content = "string"
passName = "OobeSystem"
settingName = "string"
}
]
enableAutomaticUpdates = bool
enableVMAgentPlatformUpdates = bool
patchSettings = {
assessmentMode = "string"
automaticByPlatformSettings = {
bypassPlatformSafetyChecksOnUserSchedule = bool
rebootSetting = "string"
}
enableHotpatching = bool
patchMode = "string"
}
provisionVMAgent = bool
timeZone = "string"
winRM = {
listeners = [
{
certificateUrl = "string"
protocol = "string"
}
]
}
}
}
scheduledEventsProfile = {
osImageNotificationProfile = {
enable = bool
notBeforeTimeout = "string"
}
terminateNotificationProfile = {
enable = bool
notBeforeTimeout = "string"
}
}
securityPostureReference = {
excludeExtensions = [
"string"
]
id = "string"
isOverridable = bool
}
securityProfile = {
encryptionAtHost = bool
encryptionIdentity = {
userAssignedIdentityResourceId = "string"
}
proxyAgentSettings = {
enabled = bool
keyIncarnationId = int
mode = "string"
}
securityType = "string"
uefiSettings = {
secureBootEnabled = bool
vTpmEnabled = bool
}
}
serviceArtifactReference = {
id = "string"
}
storageProfile = {
dataDisks = [
{
caching = "string"
createOption = "string"
deleteOption = "string"
diskIOPSReadWrite = int
diskMBpsReadWrite = int
diskSizeGB = int
lun = int
managedDisk = {
diskEncryptionSet = {
id = "string"
}
securityProfile = {
diskEncryptionSet = {
id = "string"
}
securityEncryptionType = "string"
}
storageAccountType = "string"
}
name = "string"
writeAcceleratorEnabled = bool
}
]
diskControllerType = "string"
imageReference = {
communityGalleryImageId = "string"
id = "string"
offer = "string"
publisher = "string"
sharedGalleryImageId = "string"
sku = "string"
version = "string"
}
osDisk = {
caching = "string"
createOption = "string"
deleteOption = "string"
diffDiskSettings = {
option = "string"
placement = "string"
}
diskSizeGB = int
image = {
uri = "string"
}
managedDisk = {
diskEncryptionSet = {
id = "string"
}
securityProfile = {
diskEncryptionSet = {
id = "string"
}
securityEncryptionType = "string"
}
storageAccountType = "string"
}
name = "string"
osType = "string"
vhdContainers = [
"string"
]
writeAcceleratorEnabled = bool
}
}
userData = "string"
}
computeApiVersion = "string"
platformFaultDomainCount = int
}
mode = "string"
regularPriorityProfile = {
allocationStrategy = "string"
capacity = int
minCapacity = int
}
spotPriorityProfile = {
allocationStrategy = "string"
capacity = int
evictionPolicy = "string"
maintain = bool
maxPricePerVM = int
minCapacity = int
}
vmAttributes = {
acceleratorCount = {
max = int
min = int
}
acceleratorManufacturers = [
"string"
]
acceleratorSupport = "string"
acceleratorTypes = [
"string"
]
architectureTypes = [
"string"
]
burstableSupport = "string"
cpuManufacturers = [
"string"
]
dataDiskCount = {
max = int
min = int
}
excludedVMSizes = [
"string"
]
localStorageDiskTypes = [
"string"
]
localStorageInGiB = {
max = int
min = int
}
localStorageSupport = "string"
memoryInGiB = {
max = int
min = int
}
memoryInGiBPerVCpu = {
max = int
min = int
}
networkBandwidthInMbps = {
max = int
min = int
}
networkInterfaceCount = {
max = int
min = int
}
rdmaNetworkInterfaceCount = {
max = int
min = int
}
rdmaSupport = "string"
vCpuCount = {
max = int
min = int
}
vmCategories = [
"string"
]
}
vmSizesProfile = [
{
name = "string"
rank = int
}
]
zoneAllocationPolicy = {
distributionStrategy = "string"
zonePreferences = [
{
rank = int
zone = "string"
}
]
}
}
zones = [
"string"
]
}
}
Property Values
Microsoft.AzureFleet/fleets
| Name | Description | Value |
|---|---|---|
| identity | The managed service identities assigned to this resource. | ManagedServiceIdentity |
| location | The geo-location where the resource lives | string (required) |
| name | The resource name | string Constraints: Pattern = ^[^_\W][\w\-._]{0,79}(?<![-.])$ (required) |
| plan | Details of the resource plan. | Plan |
| properties | The resource-specific properties for this resource. | FleetProperties |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.AzureFleet/fleets@2025-07-01-preview" |
| zones | Zones in which the Compute Fleet is available | string[] |
AdditionalCapabilities
| Name | Description | Value |
|---|---|---|
| hibernationEnabled | The flag that enables or disables hibernation capability on the VM. | bool |
| ultraSSDEnabled | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. |
bool |
AdditionalLocationsProfile
| Name | Description | Value |
|---|---|---|
| locationProfiles | The list of location profiles. | LocationProfile[] (required) |
AdditionalUnattendContent
| Name | Description | Value |
|---|---|---|
| componentName | The component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup. |
'Microsoft-Windows-Shell-Setup' |
| content | Specifies the XML formatted content that is added to the unattend.xml file for the specified path and component. The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted. |
string Constraints: Sensitive value. Pass in as a secure parameter. |
| passName | The pass name. Currently, the only allowable value is OobeSystem. | 'OobeSystem' |
| settingName | Specifies the name of the setting to which the content applies. Possible values are: FirstLogonCommands and AutoLogon. |
'AutoLogon' 'FirstLogonCommands' |
ApiEntityReference
| Name | Description | Value |
|---|---|---|
| id | The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/... |
string |
ApplicationProfile
| Name | Description | Value |
|---|---|---|
| galleryApplications | Specifies the gallery applications that should be made available to the VM/VMSS | VMGalleryApplication[] |
BaseVirtualMachineProfile
| Name | Description | Value |
|---|---|---|
| applicationProfile | Specifies the gallery applications that should be made available to the VM/VMSS | ApplicationProfile |
| capacityReservation | Specifies the capacity reservation related details of a scale set. Minimum api-version: 2021-04-01. |
CapacityReservationProfile |
| diagnosticsProfile | Specifies the boot diagnostic settings state. | DiagnosticsProfile |
| extensionProfile | Specifies a collection of settings for extensions installed on virtual machines in the scale set. |
VirtualMachineScaleSetExtensionProfile |
| hardwareProfile | Specifies the hardware profile related details of a scale set. Minimum api-version: 2021-11-01. |
VirtualMachineScaleSetHardwareProfile |
| licenseType | Specifies that the image or disk that is being used was licensed on-premises. Possible values for Windows Server operating system are: Windows_Client Windows_Server Possible values for Linux Server operating system are: RHEL_BYOS (for RHEL) SLES_BYOS (for SUSE) For more information, see Azure Hybrid Use Benefit for Windows Server Azure Hybrid Use Benefit for Linux Server Minimum api-version: 2015-06-15 |
string |
| networkProfile | Specifies properties of the network interfaces of the virtual machines in the scale set. |
VirtualMachineScaleSetNetworkProfile |
| osProfile | Specifies the operating system settings for the virtual machines in the scale set. |
VirtualMachineScaleSetOSProfile |
| scheduledEventsProfile | Specifies Scheduled Event related configurations. | ScheduledEventsProfile |
| securityPostureReference | Specifies the security posture to be used for all virtual machines in the scale set. Minimum api-version: 2023-03-01 |
SecurityPostureReference |
| securityProfile | Specifies the Security related profile settings for the virtual machines in the scale set. |
SecurityProfile |
| serviceArtifactReference | Specifies the service artifact reference id used to set same image version for all virtual machines in the scale set when using 'latest' image version. Minimum api-version: 2022-11-01 |
ServiceArtifactReference |
| storageProfile | Specifies the storage settings for the virtual machine disks. | VirtualMachineScaleSetStorageProfile |
| userData | UserData for the virtual machines in the scale set, which must be base-64 encoded. Customer should not pass any secrets in here. Minimum api-version: 2021-03-01. |
string |
BootDiagnostics
| Name | Description | Value |
|---|---|---|
| enabled | Whether boot diagnostics should be enabled on the Virtual Machine. | bool |
| storageUri | Uri of the storage account to use for placing the console output and screenshot. If storageUri is not specified while enabling boot diagnostics, managed storage will be used. |
string |
CapacityReservationProfile
| Name | Description | Value |
|---|---|---|
| capacityReservationGroup | Specifies the capacity reservation group resource id that should be used for allocating the virtual machine or scaleset vm instances provided enough capacity has been reserved. Please refer to https://aka.ms/CapacityReservation for more details. |
SubResource |
ComputeProfile
| Name | Description | Value |
|---|---|---|
| additionalVirtualMachineCapabilities | Specifies VMSS and VM API entity models support two additional capabilities as of today: ultraSSDEnabled and hibernationEnabled. ultraSSDEnabled: Enables UltraSSD_LRS storage account type on the VMSS VMs. hibernationEnabled: Enables the hibernation capability on the VMSS VMs. Default value is null if not specified. This property cannot be updated once set. |
AdditionalCapabilities |
| baseVirtualMachineProfile | Base Virtual Machine Profile Properties to be specified according to "specification/compute/resource-manager/Microsoft.Compute/ComputeRP/stable/{computeApiVersion}/virtualMachineScaleSet.json#/definitions/VirtualMachineScaleSetVMProfile" | BaseVirtualMachineProfile (required) |
| computeApiVersion | Specifies the Microsoft.Compute API version to use when creating underlying Virtual Machine scale sets and Virtual Machines. The default value will be the latest supported computeApiVersion by Compute Fleet. |
string |
| platformFaultDomainCount | Specifies the number of fault domains to use when creating the underlying VMSS. A fault domain is a logical group of hardware within an Azure datacenter. VMs in the same fault domain share a common power source and network switch. If not specified, defaults to 1, which represents "Max Spreading" (using as many fault domains as possible). This property cannot be updated. |
int |
DiagnosticsProfile
| Name | Description | Value |
|---|---|---|
| bootDiagnostics | Boot Diagnostics is a debugging feature which allows you to view Console Output and Screenshot to diagnose VM status. NOTE: If storageUri is being specified then ensure that the storage account is in the same region and subscription as the VM. You can easily view the output of your console log. Azure also enables you to see a screenshot of the VM from the hypervisor. |
BootDiagnostics |
DiffDiskSettings
| Name | Description | Value |
|---|---|---|
| option | Specifies the ephemeral disk settings for operating system disk. | 'Local' |
| placement | Specifies the ephemeral disk placement for operating system disk. Possible values are: CacheDisk, ResourceDisk. The defaulting behavior is: CacheDisk if one is configured for the VM size otherwise ResourceDisk is used. Refer to the VM size documentation for Windows VM at /azure/virtual-machines/windows/sizes and Linux VM at /azure/virtual-machines/linux/sizes to check which VM sizes exposes a cache disk. |
'CacheDisk' 'NvmeDisk' 'ResourceDisk' |
DiskEncryptionSetParameters
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
EncryptionIdentity
| Name | Description | Value |
|---|---|---|
| userAssignedIdentityResourceId | Specifies ARM Resource ID of one of the user identities associated with the VM. | string |
FleetProperties
| Name | Description | Value |
|---|---|---|
| additionalLocationsProfile | Represents the configuration for additional locations where Fleet resources may be deployed. | AdditionalLocationsProfile |
| capacityType | Specifies capacity type for Fleet Regular and Spot priority profiles. capacityType is an immutable property. Once set during Fleet creation, it cannot be updated. Specifying different capacity type for Fleet Regular and Spot priority profiles is not allowed. |
'VCpu' 'VM' |
| computeProfile | Compute Profile to use for running user's workloads. | ComputeProfile (required) |
| mode | Mode of the Fleet. | 'Instance' 'Managed' |
| regularPriorityProfile | Configuration Options for Regular instances in Compute Fleet. | RegularPriorityProfile |
| spotPriorityProfile | Configuration Options for Spot instances in Compute Fleet. | SpotPriorityProfile |
| vmAttributes | Attribute based Fleet. | VMAttributes |
| vmSizesProfile | List of VM sizes supported for Compute Fleet | VmSizeProfile[] (required) |
| zoneAllocationPolicy | Zone Allocation Policy for Fleet. | ZoneAllocationPolicy |
ImageReference
| Name | Description | Value |
|---|---|---|
| communityGalleryImageId | Specified the community gallery image unique id for vm deployment. This can be fetched from community gallery image GET call. |
string |
| id | Resource Id | string |
| offer | Specifies the offer of the platform image or marketplace image used to create the virtual machine. |
string |
| publisher | The image publisher. | string |
| sharedGalleryImageId | Specified the shared gallery image unique id for vm deployment. This can be fetched from shared gallery image GET call. |
string |
| sku | The image SKU. | string |
| version | Specifies the version of the platform image or marketplace image used to create the virtual machine. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available. Please do not use field 'version' for gallery image deployment, gallery image should always use 'id' field for deployment, to use 'latest' version of gallery image, just set '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/images/{imageName}' in the 'id' field without version input. |
string |
KeyVaultSecretReference
| Name | Description | Value |
|---|---|---|
| secretUrl | The URL referencing a secret in a Key Vault. | string (required) |
| sourceVault | The relative URL of the Key Vault containing the secret. | SubResource (required) |
LinuxConfiguration
| Name | Description | Value |
|---|---|---|
| disablePasswordAuthentication | Specifies whether password authentication should be disabled. | bool |
| enableVMAgentPlatformUpdates | Indicates whether VMAgent Platform Updates is enabled for the Linux virtual machine. Default value is false. |
bool |
| patchSettings | [Preview Feature] Specifies settings related to VM Guest Patching on Linux. | LinuxPatchSettings |
| provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. |
bool |
| ssh | Specifies the ssh key configuration for a Linux OS. | SshConfiguration |
LinuxPatchSettings
| Name | Description | Value |
|---|---|---|
| assessmentMode | Specifies the mode of VM Guest Patch Assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. |
'AutomaticByPlatform' 'ImageDefault' |
| automaticByPlatformSettings | Specifies additional settings for patch mode AutomaticByPlatform in VM Guest Patching on Linux. |
LinuxVMGuestPatchAutomaticByPlatformSettings |
| patchMode | Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: ImageDefault - The virtual machine's default patching configuration is used. AutomaticByPlatform - The virtual machine will be automatically updated by the platform. The property provisionVMAgent must be true |
'AutomaticByPlatform' 'ImageDefault' |
LinuxVMGuestPatchAutomaticByPlatformSettings
| Name | Description | Value |
|---|---|---|
| bypassPlatformSafetyChecksOnUserSchedule | Enables customer to schedule patching without accidental upgrades | bool |
| rebootSetting | Specifies the reboot setting for all AutomaticByPlatform patch installation operations. |
'Always' 'IfRequired' 'Never' 'Unknown' |
LocationProfile
| Name | Description | Value |
|---|---|---|
| location | The ARM location name of the additional region. If LocationProfile is specified, then location is required. | string (required) |
| virtualMachineProfileOverride | An override for computeProfile.baseVirtualMachineProfile specific to this region. This override is merged with the base virtual machine profile to define the final virtual machine profile for the resources deployed in this location. |
BaseVirtualMachineProfile |
ManagedServiceIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
| userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
OSImageNotificationProfile
| Name | Description | Value |
|---|---|---|
| enable | Specifies whether the OS Image Scheduled event is enabled or disabled. | bool |
| notBeforeTimeout | Length of time a Virtual Machine being reimaged or having its OS upgraded will have to potentially approve the OS Image Scheduled Event before the event is auto approved (timed out). The configuration is specified in ISO 8601 format, and the value must not exceed 15 minutes (PT15M) |
string |
PatchSettings
| Name | Description | Value |
|---|---|---|
| assessmentMode | Specifies the mode of VM Guest patch assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. |
'AutomaticByPlatform' 'ImageDefault' |
| automaticByPlatformSettings | Specifies additional settings for patch mode AutomaticByPlatform in VM Guest Patching on Windows. |
WindowsVMGuestPatchAutomaticByPlatformSettings |
| enableHotpatching | Enables customers to patch their Azure VMs without requiring a reboot. For enableHotpatching, the 'provisionVMAgent' must be set to true and 'patchMode' must be set to 'AutomaticByPlatform'. |
bool |
| patchMode | Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: Manual - You control the application of patches to a virtual machine. You do this by applying patches manually inside the VM. In this mode, automatic updates are disabled; the property WindowsConfiguration.enableAutomaticUpdates must be false AutomaticByOS - The virtual machine will automatically be updated by the OS. The property WindowsConfiguration.enableAutomaticUpdates must be true. AutomaticByPlatform - the virtual machine will automatically updated by the platform. The properties provisionVMAgent and WindowsConfiguration.enableAutomaticUpdates must be true |
'AutomaticByOS' 'AutomaticByPlatform' 'Manual' |
Plan
| Name | Description | Value |
|---|---|---|
| name | A user defined name of the 3rd Party Artifact that is being procured. | string (required) |
| product | The 3rd Party artifact that is being procured. E.g. NewRelic. Product maps to the OfferID specified for the artifact at the time of Data Market onboarding. | string (required) |
| promotionCode | A publisher provided promotion code as provisioned in Data Market for the said product/artifact. | string |
| publisher | The publisher of the 3rd Party Artifact that is being bought. E.g. NewRelic | string (required) |
| version | The version of the desired product/artifact. | string |
ProxyAgentSettings
| Name | Description | Value |
|---|---|---|
| enabled | Specifies whether ProxyAgent feature should be enabled on the virtual machine or virtual machine scale set. |
bool |
| keyIncarnationId | Increase the value of this property allows user to reset the key used for securing communication channel between guest and host. |
int |
| mode | Specifies the mode that ProxyAgent will execute on if the feature is enabled. ProxyAgent will start to audit or monitor but not enforce access control over requests to host endpoints in Audit mode, while in Enforce mode it will enforce access control. The default value is Enforce mode. |
'Audit' 'Enforce' |
PublicIPAddressSku
| Name | Description | Value |
|---|---|---|
| name | Specify public IP sku name | 'Basic' 'Standard' |
| tier | Specify public IP sku tier | 'Global' 'Regional' |
RegularPriorityProfile
| Name | Description | Value |
|---|---|---|
| allocationStrategy | Allocation strategy to follow when determining the VM sizes distribution for Regular VMs. | 'LowestPrice' 'Prioritized' |
| capacity | Total capacity to achieve. It is currently in terms of number of VMs. | int Constraints: Min value = 0 |
| minCapacity | Minimum capacity to achieve which cannot be updated. If we will not be able to "guarantee" minimum capacity, we will reject the request in the sync path itself. | int Constraints: Min value = 0 |
ScheduledEventsProfile
| Name | Description | Value |
|---|---|---|
| osImageNotificationProfile | Specifies OS Image Scheduled Event related configurations. | OSImageNotificationProfile |
| terminateNotificationProfile | Specifies Terminate Scheduled Event related configurations. | TerminateNotificationProfile |
SecurityPostureReference
| Name | Description | Value |
|---|---|---|
| excludeExtensions | List of virtual machine extension names to exclude when applying the security posture. |
string[] |
| id | The security posture reference id in the form of /CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|{major.*}|latest |
string |
| isOverridable | Whether the security posture can be overridden by the user. | bool |
SecurityProfile
| Name | Description | Value |
|---|---|---|
| encryptionAtHost | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. The default behavior is: The Encryption at host will be disabled unless this property is set to true for the resource. |
bool |
| encryptionIdentity | Specifies the Managed Identity used by ADE to get access token for keyvault operations. |
EncryptionIdentity |
| proxyAgentSettings | Specifies ProxyAgent settings while creating the virtual machine. Minimum api-version: 2023-09-01. |
ProxyAgentSettings |
| securityType | Specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UefiSettings. The default behavior is: UefiSettings will not be enabled unless this property is set. |
'ConfidentialVM' 'TrustedLaunch' |
| uefiSettings | Specifies the security settings like secure boot and vTPM used while creating the virtual machine. Minimum api-version: 2020-12-01. |
UefiSettings |
ServiceArtifactReference
| Name | Description | Value |
|---|---|---|
| id | The service artifact reference id in the form of /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/galleries/{galleryName}/serviceArtifacts/{serviceArtifactName}/vmArtifactsProfiles/{vmArtifactsProfilesName} |
string |
SpotPriorityProfile
| Name | Description | Value |
|---|---|---|
| allocationStrategy | Allocation strategy to follow when determining the VM sizes distribution for Spot VMs. | 'CapacityOptimized' 'LowestPrice' 'PriceCapacityOptimized' |
| capacity | Total capacity to achieve. It is currently in terms of number of VMs. | int Constraints: Min value = 0 |
| evictionPolicy | Eviction Policy to follow when evicting Spot VMs. | 'Deallocate' 'Delete' |
| maintain | Flag to enable/disable continuous goal seeking for the desired capacity and restoration of evicted Spot VMs. If maintain is enabled, AzureFleetRP will use all VM sizes in vmSizesProfile to create new VMs (if VMs are evicted deleted) or update existing VMs with new VM sizes (if VMs are evicted deallocated or failed to allocate due to capacity constraint) in order to achieve the desired capacity. Maintain is enabled by default. |
bool |
| maxPricePerVM | Price per hour of each Spot VM will never exceed this. | int |
| minCapacity | Minimum capacity to achieve which cannot be updated. If we will not be able to "guarantee" minimum capacity, we will reject the request in the sync path itself. | int Constraints: Min value = 0 |
SshConfiguration
| Name | Description | Value |
|---|---|---|
| publicKeys | The list of SSH public keys used to authenticate with linux based VMs. | SshPublicKey[] |
SshPublicKey
| Name | Description | Value |
|---|---|---|
| keyData | SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format. For creating ssh keys, see [Create SSH keys on Linux and Mac for Linux VMs in Azure]/azure/virtual-machines/linux/create-ssh-keys-detailed). |
string |
| path | Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys |
string |
SubResource
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
TerminateNotificationProfile
| Name | Description | Value |
|---|---|---|
| enable | Specifies whether the Terminate Scheduled event is enabled or disabled. | bool |
| notBeforeTimeout | Configurable length of time a Virtual Machine being deleted will have to potentially approve the Terminate Scheduled Event before the event is auto approved (timed out). The configuration must be specified in ISO 8601 format, the default value is 5 minutes (PT5M) |
string |
TrackedResourceTags
| Name | Description | Value |
|---|
UefiSettings
| Name | Description | Value |
|---|---|---|
| secureBootEnabled | Specifies whether secure boot should be enabled on the virtual machine. Minimum api-version: 2020-12-01. |
bool |
| vTpmEnabled | Specifies whether vTPM should be enabled on the virtual machine. Minimum api-version: 2020-12-01. |
bool |
UserAssignedIdentities
| Name | Description | Value |
|---|
UserAssignedIdentity
| Name | Description | Value |
|---|
VaultCertificate
| Name | Description | Value |
|---|---|---|
| certificateStore | For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account. For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted. |
string |
| certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"<Base64-encoded-certificate>", "dataType":"pfx", "password":"<pfx-file-password>" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
string |
VaultSecretGroup
| Name | Description | Value |
|---|---|---|
| sourceVault | The relative URL of the Key Vault containing all of the certificates in VaultCertificates. |
SubResource |
| vaultCertificates | The list of key vault references in SourceVault which contain certificates. | VaultCertificate[] |
VirtualHardDisk
| Name | Description | Value |
|---|---|---|
| uri | Specifies the virtual hard disk's uri. | string |
VirtualMachineScaleSetDataDisk
| Name | Description | Value |
|---|---|---|
| caching | Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The default values are: None for Standard storage. ReadOnly for Premium storage. |
'None' 'ReadOnly' 'ReadWrite' |
| createOption | The create option. | 'Attach' 'Copy' 'Empty' 'FromImage' 'Restore' (required) |
| deleteOption | Specifies whether data disk should be deleted or detached upon VMSS Flex deletion (This feature is available for VMSS with Flexible OrchestrationMode only). Possible values: Delete If this value is used, the data disk is deleted when the VMSS Flex VM is deleted. Detach If this value is used, the data disk is retained after VMSS Flex VM is deleted. The default value is set to Delete. |
'Delete' 'Detach' |
| diskIOPSReadWrite | Specifies the Read-Write IOPS for the managed disk. Should be used only when StorageAccountType is UltraSSD_LRS. If not specified, a default value would be assigned based on diskSizeGB. |
int |
| diskMBpsReadWrite | Specifies the bandwidth in MB per second for the managed disk. Should be used only when StorageAccountType is UltraSSD_LRS. If not specified, a default value would be assigned based on diskSizeGB. |
int |
| diskSizeGB | Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property diskSizeGB is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023. |
int |
| lun | Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. |
int (required) |
| managedDisk | The managed disk parameters. | VirtualMachineScaleSetManagedDiskParameters |
| name | The disk name. | string |
| writeAcceleratorEnabled | Specifies whether writeAccelerator should be enabled or disabled on the disk. | bool |
VirtualMachineScaleSetExtension
| Name | Description | Value |
|---|---|---|
| name | The name of the extension. | string |
| properties | Describes the properties of a Virtual Machine Scale Set Extension. | VirtualMachineScaleSetExtensionProperties |
VirtualMachineScaleSetExtensionProfile
| Name | Description | Value |
|---|---|---|
| extensions | The virtual machine scale set child extension resources. | VirtualMachineScaleSetExtension[] |
| extensionsTimeBudget | Specifies the time alloted for all extensions to start. The time duration should be between 15 minutes and 120 minutes (inclusive) and should be specified in ISO 8601 format. The default value is 90 minutes (PT1H30M). Minimum api-version: 2020-06-01. |
string |
VirtualMachineScaleSetExtensionProperties
| Name | Description | Value |
|---|---|---|
| autoUpgradeMinorVersion | Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. |
bool |
| enableAutomaticUpgrade | Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. |
bool |
| forceUpdateTag | If a value is provided and is different from the previous value, the extension handler will be forced to update even if the extension configuration has not changed. |
string |
| protectedSettings | The extension can contain either protectedSettings or protectedSettingsFromKeyVault or no protected settings at all. |
VirtualMachineScaleSetExtensionPropertiesProtectedSettings |
| protectedSettingsFromKeyVault | The extensions protected settings that are passed by reference, and consumed from key vault |
KeyVaultSecretReference |
| provisionAfterExtensions | Collection of extension names after which this extension needs to be provisioned. |
string[] |
| publisher | The name of the extension handler publisher. | string |
| settings | Json formatted public settings for the extension. | VirtualMachineScaleSetExtensionPropertiesSettings |
| suppressFailures | Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. |
bool |
| type | Specifies the type of the extension; an example is "CustomScriptExtension". | string |
| typeHandlerVersion | Specifies the version of the script handler. | string |
VirtualMachineScaleSetExtensionPropertiesProtectedSettings
| Name | Description | Value |
|---|
VirtualMachineScaleSetExtensionPropertiesSettings
| Name | Description | Value |
|---|
VirtualMachineScaleSetHardwareProfile
| Name | Description | Value |
|---|---|---|
| vmSizeProperties | Specifies the properties for customizing the size of the virtual machine. Minimum api-version: 2021-11-01. Please follow the instructions in VM Customization for more details. |
VMSizeProperties |
VirtualMachineScaleSetIPConfiguration
| Name | Description | Value |
|---|---|---|
| name | The IP configuration name. | string (required) |
| properties | Describes a virtual machine scale set network profile's IP configuration properties. |
VirtualMachineScaleSetIPConfigurationProperties |
VirtualMachineScaleSetIPConfigurationProperties
| Name | Description | Value |
|---|---|---|
| applicationGatewayBackendAddressPools | Specifies an array of references to backend address pools of application gateways. A scale set can reference backend address pools of multiple application gateways. Multiple scale sets cannot use the same application gateway. |
SubResource[] |
| applicationSecurityGroups | Specifies an array of references to application security group. | SubResource[] |
| loadBalancerBackendAddressPools | Specifies an array of references to backend address pools of load balancers. A scale set can reference backend address pools of one public and one internal load balancer. Multiple scale sets cannot use the same basic sku load balancer. |
SubResource[] |
| loadBalancerInboundNatPools | Specifies an array of references to inbound Nat pools of the load balancers. A scale set can reference inbound nat pools of one public and one internal load balancer. Multiple scale sets cannot use the same basic sku load balancer. |
SubResource[] |
| primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. |
bool |
| privateIPAddressVersion | Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. |
'IPv4' 'IPv6' |
| publicIPAddressConfiguration | The publicIPAddressConfiguration. | VirtualMachineScaleSetPublicIPAddressConfiguration |
| subnet | Specifies the identifier of the subnet. | ApiEntityReference |
VirtualMachineScaleSetIpTag
| Name | Description | Value |
|---|---|---|
| ipTagType | IP tag type. Example: FirstPartyUsage. | string |
| tag | IP tag associated with the public IP. Example: SQL, Storage etc. | string |
VirtualMachineScaleSetManagedDiskParameters
| Name | Description | Value |
|---|---|---|
| diskEncryptionSet | Specifies the customer managed disk encryption set resource id for the managed disk. |
DiskEncryptionSetParameters |
| securityProfile | Specifies the security profile for the managed disk. | VMDiskSecurityProfile |
| storageAccountType | Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. |
'PremiumV2_LRS' 'Premium_LRS' 'Premium_ZRS' 'StandardSSD_LRS' 'StandardSSD_ZRS' 'Standard_LRS' 'UltraSSD_LRS' |
VirtualMachineScaleSetNetworkConfiguration
| Name | Description | Value |
|---|---|---|
| name | The network configuration name. | string (required) |
| properties | Describes a virtual machine scale set network profile's IP configuration. | VirtualMachineScaleSetNetworkConfigurationProperties |
VirtualMachineScaleSetNetworkConfigurationDnsSettings
| Name | Description | Value |
|---|---|---|
| dnsServers | List of DNS servers IP addresses | string[] |
VirtualMachineScaleSetNetworkConfigurationProperties
| Name | Description | Value |
|---|---|---|
| auxiliaryMode | Specifies whether the Auxiliary mode is enabled for the Network Interface resource. |
'AcceleratedConnections' 'Floating' 'None' |
| auxiliarySku | Specifies whether the Auxiliary sku is enabled for the Network Interface resource. |
'A1' 'A2' 'A4' 'A8' 'None' |
| deleteOption | Specify what happens to the network interface when the VM is deleted | 'Delete' 'Detach' |
| disableTcpStateTracking | Specifies whether the network interface is disabled for tcp state tracking. | bool |
| dnsSettings | The dns settings to be applied on the network interfaces. | VirtualMachineScaleSetNetworkConfigurationDnsSettings |
| enableAcceleratedNetworking | Specifies whether the network interface is accelerated networking-enabled. | bool |
| enableFpga | Specifies whether the network interface is FPGA networking-enabled. | bool |
| enableIPForwarding | Whether IP forwarding enabled on this NIC. | bool |
| ipConfigurations | Specifies the IP configurations of the network interface. | VirtualMachineScaleSetIPConfiguration[] (required) |
| networkSecurityGroup | The network security group. | SubResource |
| primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. |
bool |
VirtualMachineScaleSetNetworkProfile
| Name | Description | Value |
|---|---|---|
| healthProbe | A reference to a load balancer probe used to determine the health of an instance in the virtual machine scale set. The reference will be in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/loadBalancers/{loadBalancerName}/probes/{probeName}'. |
ApiEntityReference |
| networkApiVersion | specifies the Microsoft.Network API version used when creating networking resources in the Network Interface Configurations for Virtual Machine Scale Set with orchestration mode 'Flexible' |
'2020-11-01' |
| networkInterfaceConfigurations | The list of network configurations. | VirtualMachineScaleSetNetworkConfiguration[] |
VirtualMachineScaleSetOSDisk
| Name | Description | Value |
|---|---|---|
| caching | Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The default values are: None for Standard storage. ReadOnly for Premium storage. |
'None' 'ReadOnly' 'ReadWrite' |
| createOption | Specifies how the virtual machines in the scale set should be created. The only allowed value is: FromImage. This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described. |
'Attach' 'Copy' 'Empty' 'FromImage' 'Restore' (required) |
| deleteOption | Specifies whether OS Disk should be deleted or detached upon VMSS Flex deletion (This feature is available for VMSS with Flexible OrchestrationMode only). Possible values: Delete If this value is used, the OS disk is deleted when VMSS Flex VM is deleted. Detach If this value is used, the OS disk is retained after VMSS Flex VM is deleted. The default value is set to Delete. For an Ephemeral OS Disk, the default value is set to Delete. User cannot change the delete option for Ephemeral OS Disk. |
'Delete' 'Detach' |
| diffDiskSettings | Specifies the ephemeral disk Settings for the operating system disk used by the virtual machine scale set. |
DiffDiskSettings |
| diskSizeGB | Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property 'diskSizeGB' is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023. |
int |
| image | Specifies information about the unmanaged user image to base the scale set on. | VirtualHardDisk |
| managedDisk | The managed disk parameters. | VirtualMachineScaleSetManagedDiskParameters |
| name | The disk name. | string |
| osType | This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD. Possible values are: Windows, Linux. |
'Linux' 'Windows' |
| vhdContainers | Specifies the container urls that are used to store operating system disks for the scale set. |
string[] |
| writeAcceleratorEnabled | Specifies whether writeAccelerator should be enabled or disabled on the disk. | bool |
VirtualMachineScaleSetOSProfile
| Name | Description | Value |
|---|---|---|
| adminPassword | Specifies the password of the administrator account. Minimum-length (Windows): 8 characters Minimum-length (Linux): 6 characters Max-length (Windows): 123 characters Max-length (Linux): 72 characters Complexity requirements: 3 out of 4 conditions below need to be fulfilled Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_]) Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!" For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension |
string Constraints: Sensitive value. Pass in as a secure parameter. |
| adminUsername | Specifies the name of the administrator account. Windows-only restriction: Cannot end in "." Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". Minimum-length (Linux): 1 character Max-length (Linux): 64 characters Max-length (Windows): 20 characters |
string |
| allowExtensionOperations | Specifies whether extension operations should be allowed on the virtual machine scale set. This may only be set to False when no extensions are present on the virtual machine scale set. |
bool |
| computerNamePrefix | Specifies the computer name prefix for all of the virtual machines in the scale set. Computer name prefixes must be 1 to 15 characters long. |
string |
| customData | Specifies a base-64 encoded string of custom data. The base-64 encoded string is decoded to a binary array that is saved as a file on the Virtual Machine. The maximum length of the binary array is 65535 bytes. For using cloud-init for your VM, see Using cloud-init to customize a Linux VM during creation |
string Constraints: Sensitive value. Pass in as a secure parameter. |
| linuxConfiguration | Specifies the Linux operating system settings on the virtual machine. For a list of supported Linux distributions, see Linux on Azure-Endorsed Distributions. |
LinuxConfiguration |
| requireGuestProvisionSignal | Optional property which must either be set to True or omitted. | bool |
| secrets | Specifies set of certificates that should be installed onto the virtual machines in the scale set. To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
VaultSecretGroup[] |
| windowsConfiguration | Specifies Windows operating system settings on the virtual machine. | WindowsConfiguration |
VirtualMachineScaleSetPublicIPAddressConfiguration
| Name | Description | Value |
|---|---|---|
| name | The publicIP address configuration name. | string (required) |
| properties | Describes a virtual machines scale set IP Configuration's PublicIPAddress configuration |
VirtualMachineScaleSetPublicIPAddressConfigurationProperties |
| sku | Describes the public IP Sku. It can only be set with OrchestrationMode as Flexible. |
PublicIPAddressSku |
VirtualMachineScaleSetPublicIPAddressConfigurationDnsSettings
| Name | Description | Value |
|---|---|---|
| domainNameLabel | The Domain name label.The concatenation of the domain name label and vm index will be the domain name labels of the PublicIPAddress resources that will be created |
string (required) |
| domainNameLabelScope | The Domain name label scope.The concatenation of the hashed domain name label that generated according to the policy from domain name label scope and vm index will be the domain name labels of the PublicIPAddress resources that will be created |
'NoReuse' 'ResourceGroupReuse' 'SubscriptionReuse' 'TenantReuse' |
VirtualMachineScaleSetPublicIPAddressConfigurationProperties
| Name | Description | Value |
|---|---|---|
| deleteOption | Specify what happens to the public IP when the VM is deleted | 'Delete' 'Detach' |
| dnsSettings | The dns settings to be applied on the publicIP addresses . | VirtualMachineScaleSetPublicIPAddressConfigurationDnsSettings |
| idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
| ipTags | The list of IP tags associated with the public IP address. | VirtualMachineScaleSetIpTag[] |
| publicIPAddressVersion | Available from Api-Version 2019-07-01 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. |
'IPv4' 'IPv6' |
| publicIPPrefix | The PublicIPPrefix from which to allocate publicIP addresses. | SubResource |
VirtualMachineScaleSetStorageProfile
| Name | Description | Value |
|---|---|---|
| dataDisks | Specifies the parameters that are used to add data disks to the virtual machines in the scale set. For more information about disks, see About disks and VHDs for Azure virtual machines. |
VirtualMachineScaleSetDataDisk[] |
| diskControllerType | Specifies the disk controller type configured for the virtual machines in the scale set. Minimum api-version: 2022-08-01 | 'NVMe' 'SCSI' |
| imageReference | Specifies information about the image to use. You can specify information about platform images, marketplace images, or virtual machine images. This element is required when you want to use a platform image, marketplace image, or virtual machine image, but is not used in other creation operations. |
ImageReference |
| osDisk | Specifies information about the operating system disk used by the virtual machines in the scale set. For more information about disks, see About disks and VHDs for Azure virtual machines. |
VirtualMachineScaleSetOSDisk |
VMAttributeMinMaxDouble
| Name | Description | Value |
|---|---|---|
| max | Maximum value. Double.MaxValue(1.7976931348623157E+308) | int Constraints: Min value = 0 |
| min | Minimum value. default 0. Double.MinValue() | int Constraints: Min value = 0 |
VMAttributeMinMaxInteger
| Name | Description | Value |
|---|---|---|
| max | Max VMSize from CRS, Max = 4294967295 (uint.MaxValue) if not specified. | int Constraints: Min value = 0 |
| min | Min VMSize from CRS, Min = 0 (uint.MinValue) if not specified. | int Constraints: Min value = 0 |
VMAttributes
| Name | Description | Value |
|---|---|---|
| acceleratorCount | The range of accelerator count specified from min to max. Optional parameter. Either Min or Max is required if specified. acceleratorSupport should be set to "Included" or "Required" to use this VMAttribute. If acceleratorSupport is "Excluded", this VMAttribute can not be used. |
VMAttributeMinMaxInteger |
| acceleratorManufacturers | The accelerator manufacturers specified as a list. acceleratorSupport should be set to "Included" or "Required" to use this VMAttribute. If acceleratorSupport is "Excluded", this VMAttribute can not be used. |
String array containing any of: 'AMD' 'Nvidia' 'Xilinx' |
| acceleratorSupport | Specifies whether the VMSize supporting accelerator should be used to build Fleet or not. acceleratorSupport should be set to "Included" or "Required" to use this VMAttribute. If acceleratorSupport is "Excluded", this VMAttribute can not be used. |
'Excluded' 'Included' 'Required' |
| acceleratorTypes | The accelerator types specified as a list. acceleratorSupport should be set to "Included" or "Required" to use this VMAttribute. If acceleratorSupport is "Excluded", this VMAttribute can not be used. |
String array containing any of: 'FPGA' 'GPU' |
| architectureTypes | The VM architecture types specified as a list. Optional parameter. | String array containing any of: 'ARM64' 'X64' |
| burstableSupport | Specifies whether the VMSize supporting burstable capability should be used to build Fleet or not. | 'Excluded' 'Included' 'Required' |
| cpuManufacturers | The VM CPU manufacturers specified as a list. Optional parameter. | String array containing any of: 'AMD' 'Ampere' 'Intel' 'Microsoft' |
| dataDiskCount | The range of data disk count specified from Min to Max. Optional parameter. Either Min or Max is required if specified. | VMAttributeMinMaxInteger |
| excludedVMSizes | Specifies which VMSizes should be excluded while building Fleet. Optional parameter. | string[] |
| localStorageDiskTypes | The local storage disk types specified as a list. LocalStorageSupport should be set to "Included" or "Required" to use this VMAttribute. If localStorageSupport is "Excluded", this VMAttribute can not be used. |
String array containing any of: 'HDD' 'SSD' |
| localStorageInGiB | LocalStorageSupport should be set to "Included" or "Required" to use this VMAttribute. If localStorageSupport is "Excluded", this VMAttribute can not be used. |
VMAttributeMinMaxDouble |
| localStorageSupport | Specifies whether the VMSize supporting local storage should be used to build Fleet or not. Included - Default if not specified as most Azure VMs support local storage. |
'Excluded' 'Included' 'Required' |
| memoryInGiB | The range of memory specified from Min to Max. Must be specified if VMAttributes are specified, either Min or Max is required if specified. | VMAttributeMinMaxDouble (required) |
| memoryInGiBPerVCpu | The range of memory in GiB per vCPU specified from min to max. Optional parameter. Either Min or Max is required if specified. | VMAttributeMinMaxDouble |
| networkBandwidthInMbps | The range of network bandwidth in Mbps specified from Min to Max. Optional parameter. Either Min or Max is required if specified. | VMAttributeMinMaxDouble |
| networkInterfaceCount | The range of network interface count specified from Min to Max. Optional parameter. Either Min or Max is required if specified. | VMAttributeMinMaxInteger |
| rdmaNetworkInterfaceCount | The range of RDMA (Remote Direct Memory Access) network interface count specified from Min to Max. Optional parameter. Either Min or Max is required if specified. rdmaSupport should be set to "Included" or "Required" to use this VMAttribute. If rdmaSupport is "Excluded", this VMAttribute can not be used. |
VMAttributeMinMaxInteger |
| rdmaSupport | Specifies whether the VMSize supporting RDMA (Remote Direct Memory Access) should be used to build Fleet or not. | 'Excluded' 'Included' 'Required' |
| vCpuCount | The range of vCpuCount specified from Min to Max. Must be specified if VMAttributes are specified, either Min or Max is required if specified. | VMAttributeMinMaxInteger (required) |
| vmCategories | The VM category specified as a list. Optional parameter. | String array containing any of: 'ComputeOptimized' 'FpgaAccelerated' 'GeneralPurpose' 'GpuAccelerated' 'HighPerformanceCompute' 'MemoryOptimized' 'StorageOptimized' |
VMDiskSecurityProfile
| Name | Description | Value |
|---|---|---|
| diskEncryptionSet | Specifies the customer managed disk encryption set resource id for the managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and VMGuest blob. |
DiskEncryptionSetParameters |
| securityEncryptionType | Specifies the EncryptionType of the managed disk. It is set to DiskWithVMGuestState for encryption of the managed disk along with VMGuestState blob, VMGuestStateOnly for encryption of just the VMGuestState blob, and NonPersistedTPM for not persisting firmware state in the VMGuestState blob.. Note: It can be set for only Confidential VMs. |
'DiskWithVMGuestState' 'NonPersistedTPM' 'VMGuestStateOnly' |
VMGalleryApplication
| Name | Description | Value |
|---|---|---|
| configurationReference | Optional, Specifies the uri to an azure blob that will replace the default configuration for the package if provided |
string |
| enableAutomaticUpgrade | If set to true, when a new Gallery Application version is available in PIR/SIG, it will be automatically updated for the VM/VMSS |
bool |
| order | Optional, Specifies the order in which the packages have to be installed | int |
| packageReferenceId | Specifies the GalleryApplicationVersion resource id on the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/applications/{application}/versions/{version} |
string (required) |
| tags | Optional, Specifies a passthrough value for more generic context. | string |
| treatFailureAsDeploymentFailure | Optional, If true, any failure for any operation in the VmApplication will fail the deployment |
bool |
VmSizeProfile
| Name | Description | Value |
|---|---|---|
| name | The Sku name (e.g. 'Standard_DS1_v2') | string (required) |
| rank | The rank of the VM size. This is used with 'RegularPriorityAllocationStrategy.Prioritized' The lower the number, the higher the priority. Starting with 0. |
int Constraints: Min value = 0 Max value = 65535 |
VMSizeProperties
| Name | Description | Value |
|---|---|---|
| vCPUsAvailable | Specifies the number of vCPUs available for the VM. When this property is not specified in the request body the default behavior is to set it to the value of vCPUs available for that VM size exposed in api response of List all available virtual machine sizes in a region. |
int |
| vCPUsPerCore | Specifies the vCPU to physical core ratio. When this property is not specified in the request body the default behavior is set to the value of vCPUsPerCore for the VM Size exposed in api response of List all available virtual machine sizes in a region. Setting this property to 1 also means that hyper-threading is disabled. |
int |
WindowsConfiguration
| Name | Description | Value |
|---|---|---|
| additionalUnattendContent | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. |
AdditionalUnattendContent[] |
| enableAutomaticUpdates | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. |
bool |
| enableVMAgentPlatformUpdates | Indicates whether VMAgent Platform Updates is enabled for the Windows virtual machine. Default value is false. |
bool |
| patchSettings | [Preview Feature] Specifies settings related to VM Guest Patching on Windows. | PatchSettings |
| provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, it is set to true by default. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. |
bool |
| timeZone | Specifies the time zone of the virtual machine. e.g. "Pacific Standard Time". Possible values can be TimeZoneInfo.Id value from time zones returned by TimeZoneInfo.GetSystemTimeZones. |
string |
| winRM | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. |
WinRMConfiguration |
WindowsVMGuestPatchAutomaticByPlatformSettings
| Name | Description | Value |
|---|---|---|
| bypassPlatformSafetyChecksOnUserSchedule | Enables customer to schedule patching without accidental upgrades | bool |
| rebootSetting | Specifies the reboot setting for all AutomaticByPlatform patch installation operations. |
'Always' 'IfRequired' 'Never' 'Unknown' |
WinRMConfiguration
| Name | Description | Value |
|---|---|---|
| listeners | The list of Windows Remote Management listeners | WinRMListener[] |
WinRMListener
| Name | Description | Value |
|---|---|---|
| certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"<Base64-encoded-certificate>", "dataType":"pfx", "password":"<pfx-file-password>" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
string |
| protocol | Specifies the protocol of WinRM listener. Possible values are: http, https. |
'Http' 'Https' |
ZoneAllocationPolicy
| Name | Description | Value |
|---|---|---|
| distributionStrategy | Distribution strategy used for zone allocation policy. | 'BestEffortSingleZone' 'Prioritized' (required) |
| zonePreferences | Zone preferences, required when zone distribution strategy is Prioritized. | ZonePreference[] |
ZonePreference
| Name | Description | Value |
|---|---|---|
| rank | The rank of the zone. This is used with 'Prioritized' ZoneDistributionStrategy. The lower the number, the higher the priority, starting with 0. 0 is the highest rank. If not specified, defaults to lowest rank. |
int Constraints: Min value = 0 Max value = 65535 |
| zone | Name of the zone. | string (required) |