Споделяне чрез


Create a virtual machine using your own image

This article describes how to publish a virtual machine (VM) image that you built on your premises.

Bring your image into Azure

Upload your VHD to an Azure Compute Gallery (formerly know as Shared Image Gallery).

  1. On the Azure portal, search for Azure Compute Galleries.
  2. Create or use an existing Azure Compute Gallery. We suggest you create a separate Azure Compute Gallery for images being published to the Marketplace.
  3. Create or use an existing image definition.
  4. Select Create a version.
  5. Choose the region and image version.
  6. If your VHD isn't yet uploaded to Azure portal, choose Storage blobs (VHDs) as the Source, then Browse. You can create a storage account and storage container if you haven’t created one before. Upload your VHD.
  7. Select Review + create. Once validation finishes, select Create.

Tip

Publisher account must have “Owner” access to publish the Azure Compute Gallery Image. If required, follow the steps in the following section, Set the right permissions, to grant access.

Publishing your Virtual Machine images to Azure Marketplace from your Azure Compute Gallery requires you to set permissions so that that Partner Center can acquire the images hosted within your gallery.

Important

Microsoft is transitioning the process for acquiring images from your Compute Gallery to a more secure process. To continue updating your Virtual Machine offers, please ensure the following Microsoft apps are granted access by following these steps. These steps must be performed once for each Compute Gallery used to published to Azure Marketplace.

Prerequisites

To grant Partner Center permission, you need to ensure the following prerequisites are met:

  • Your Azure Compute Gallery must be in the same Microsoft Entra tenant that is linked to your Partner Center account
  • You must be an Owner of the subscription where the Compute Gallery is present.

Tip

It is recommended you use a dedicated Compute Gallery for the purposes of publishing to Partner Center and that you only grant permission to this dedicated gallery. You do not need to grant permissions at subscription level.

Step 1: Provision the Service Principals

You first need to provision service principals in your Azure subscription, which is done by registering the Microsoft Partner Center Resource Provider (RP). A service principal is an identity that will then be used to provide Partner Center with access to your Compute Gallery for acquiring your images. This step isn't granting access.

PowerShell
# Connect to your Azure account
Connect-AzAccount

# Set the subscription to use in the current session. Use the subscription that contains your Azure Compute Gallery.
Set-AzContext -Subscription <SubscriptionId>

# Register the Microsoft Partner Center Resource Provider (RP). This creates the Service Principals in your tenant. 
Register-AzResourceProvider -ProviderNamespace Microsoft.PartnerCenterIngestion

# Ensure the Resource Principal is registered successfully.
Get-AzResourceProvider -ProviderNamespace Microsoft.PartnerCenterIngestion
Azure CLI
# Connect to your Azure account
Az login

# Set the subscription to use in the current session. Use the subscription that contains your Azure Compute Gallery.
az account set --subscription <subscriptionId>

# Register the Microsoft Partner Center Resource Provider (RP). This creates the Service Principals in your tenant. 
az provider register --namespace

# Ensure the Resource Principal is registered successfully.
az provider show --namespace Microsoft.PartnerCenterIngestion

Once the service principals are provisioned, they must be granted explicit permissions to read images from a specific Compute Gallery. Partner Center is in the process of transitioning to a more secure process for acquiring your images. During this transition, we ask that you temporarily grant access to two Microsoft applications so that you can continue updating your Virtual Machine offers.

PowerShell
# Get the Resource Id of your Azure Compute Gallery. The result is the <gallery-id>.
Get-AzGallery -ResourceGroupName <resource-group> -GalleryName <gallery-name>

# Get the service principal object Id for the first Microsoft application. The result is the <sp-id1>.
Get-AzADServicePrincipal -SearchString "Microsoft Partner Center Resource Provider"

# Create a role assignment to the first Microsoft application.
New-AzRoleAssignment -ObjectId <sp-id1> -RoleDefinitionId cf7c76d2-98a3-4358-a134-615aa78bf44d -Scope <gallery-id>

# Get the service principal for the second Microsoft application. The result is the <sp-id2>.
Get-AzADServicePrincipal -SearchString "Compute Image Registry"

# Create a role assignment to the second Microsoft application.
New-AzRoleAssignment -ObjectId <sp-id2> -RoleDefinitionId cf7c76d2-98a3-4358-a134-615aa78bf44d -Scope <gallery-id>
Azure CLI
# Get the Resource Id of your Azure Compute Gallery. The result is the <gallery-id>.
az sig show --resource-group <resource-group> --gallery-name <gallery-name>

# Get the service principal object Id for the first Microsoft application. The result is the <sp-id1>.
az ad sp list --display-name "Microsoft Partner Center Resource Provider" --query '[].id'

# Create a role assignment to the first Microsoft application.
az role assignment create --assignee-object-id <sp-id1> --assignee-principal-type ServicePrincipal --role cf7c76d2-98a3-4358-a134-615aa78bf44d –scope <gallery-id>

# Get the service principal for the second Microsoft application. The result is the <sp-id2>.
az ad sp list --display-name "Compute Image Registry" --query '[].id'

# Create a role assignment to the second Microsoft application.
az role assignment create --assignee-object-id <sp-id2> --assignee-principal-type ServicePrincipal --role cf7c76d2-98a3-4358-a134-615aa78bf44d –scope <gallery-id>
Azure portal
  1. Login to Azure portal
  2. Navigate to your Azure Compute Gallery that contains your Virtual Machine image.
  3. Navigate to the Access control tab within your Azure Compute Gallery.
  4. Select Add > Add role assignment.
  5. Select the role Compute Gallery Image Reader and click Next.
  6. Select to assign access to User, group or service principal.
  7. Click + Select members and search for and select the service principals “Microsoft Partner Center Resource Provider” and “Compute Image Registry”. Click Next.
  8. Click Review + Assign.
  • Test your VM image to ensure it meets Azure Marketplace publishing requirements (optional).
  • If you don't want to test your VM image, sign in to Partner Center and publish the Azure Compute Gallery Image.
  • If you encountered difficulty creating your new Azure-based VHD, see VM FAQ for Azure Marketplace.