When you create a new VM from a specialized image, the new VM retains the computer name of the original VM. Other computer-specific information, like the CMID, is also kept. This duplicate information can cause issues. When copying a VM, be aware of what types of computer-specific information your applications rely on.
List the image definitions in a gallery using az sig image-definition list to see the name and ID of the definitions.
resourceGroup=myGalleryRG
gallery=myGallery
az sig image-definition list \
--resource-group $resourceGroup \
--gallery-name $gallery \
--query "[].[name, id]" \
--output tsv
Create the VM using az vm create using the --specialized parameter to indicate that the image is a specialized image.
Use the image definition ID for --image to create the VM from the latest version of the image that is available. You can also create the VM from a specific version by supplying the image version ID for --image.
In this example, we're creating a VM from the latest version of the myImageDefinition image.
az group create --name myResourceGroup --location eastus
az vm create --resource-group myResourceGroup \
--name myVM \
--image "/subscriptions/<Subscription ID>/resourceGroups/myGalleryRG/providers/Microsoft.Compute/galleries/myGallery/images/myImageDefinition" \
--specialized
Once you have a specialized image version, you can create one or more new VMs using the New-AzVM cmdlet.
In this example, we're using the image definition ID to ensure your new VM will use the most recent version of an image. You can also use a specific version by using the image version ID for Set-AzVMSourceImage -Id. For example, to use image version 1.0.0 type: Set-AzVMSourceImage -Id "/subscriptions/<subscription ID where the gallery is located>/resourceGroups/myGalleryRG/providers/Microsoft.Compute/galleries/myGallery/images/myImageDefinition/versions/1.0.0".
Using a specific image version means automation could fail if that specific image version isn't available because it was deleted or removed from the region. We recommend using the image definition ID for creating your new VM, unless a specific image version is required.
Replace resource names as needed in this example.
# Create some variables for the new VM.
$resourceGroup = "mySIGSpecializedRG"
$location = "South Central US"
$vmName = "mySpecializedVM"
# Get the image. Replace the name of your resource group, gallery, and image definition. This will create the VM from the latest image version available.
$imageDefinition = Get-AzGalleryImageDefinition `
-GalleryName myGallery `
-ResourceGroupName myResourceGroup `
-Name myImageDefinition
# Create a resource group
New-AzResourceGroup -Name $resourceGroup -Location $location
# Create the network resources.
$subnetConfig = New-AzVirtualNetworkSubnetConfig `
-Name mySubnet `
-AddressPrefix 192.168.1.0/24
$vnet = New-AzVirtualNetwork `
-ResourceGroupName $resourceGroup `
-Location $location `
-Name MYvNET `
-AddressPrefix 192.168.0.0/16 `
-Subnet $subnetConfig
$pip = New-AzPublicIpAddress `
-ResourceGroupName $resourceGroup `
-Location $location `
-Name "mypublicdns$(Get-Random)" `
-AllocationMethod Static `
-IdleTimeoutInMinutes 4
$nsgRuleRDP = New-AzNetworkSecurityRuleConfig `
-Name myNetworkSecurityGroupRuleRDP `
-Protocol Tcp `
-Direction Inbound `
-Priority 1000 `
-SourceAddressPrefix * `
-SourcePortRange * `
-DestinationAddressPrefix * `
-DestinationPortRange 3389 -Access Deny
$nsg = New-AzNetworkSecurityGroup `
-ResourceGroupName $resourceGroup `
-Location $location `
-Name myNetworkSecurityGroup `
-SecurityRules $nsgRuleRDP
$nic = New-AzNetworkInterface `
-Name $vmName `
-ResourceGroupName $resourceGroup `
-Location $location `
-SubnetId $vnet.Subnets[0].Id `
-PublicIpAddressId $pip.Id `
-NetworkSecurityGroupId $nsg.Id
# Create a virtual machine configuration using Set-AzVMSourceImage -Id $imageDefinition.Id to use the latest available image version.
$vmConfig = New-AzVMConfig `
-VMName $vmName `
-VMSize Standard_D1_v2 | `
Set-AzVMSourceImage -Id $imageDefinition.Id | `
Add-AzVMNetworkInterface -Id $nic.Id
# Create a virtual machine
New-AzVM `
-ResourceGroupName $resourceGroup `
-Location $location `
-VM $vmConfig
Now you can create one or more new VMs. This example creates a VM named myVM, in the myResourceGroup, in the East US datacenter.
Go to your image definition. You can use the resource filter to show all image definitions available.
On the page for your image definition, select Create VM from the menu at the top of the page.
For Resource group, select Create new and type myResourceGroup for the name.
In Virtual machine name, type myVM.
For Region, select East US.
For Availability options, leave the default of No infrastructure redundancy required.
The value for Image is automatically filled with the latest image version if you started from the page for the image definition.
For Size, choose a VM size from the list of available sizes and then choose Select.
Under Administrator account, the username is grayed out because the username and credentials from the source VM are used.
If you want to allow remote access to the VM, under Public inbound ports, choose Allow selected ports and then select SSH (22) or RDP (3389) from the drop-down. If you don't want to allow remote access to the VM, leave None selected for Public inbound ports.
When you're finished, select the Review + create button at the bottom of the page.
After the VM passes validation, select Create at the bottom of the page to start the deployment.
RBAC - within your organization
If the subscription where the gallery resides is within the same tenant, images shared through RBAC can be used to create VMs using the CLI and PowerShell.
You'll need the imageID of the image you want to use and make sure the image is replicated to the region where you want to create the VM.
If the image you want to use is stored in a gallery that isn't in the same tenant (directory) then you will need to sign in to each tenant to verify you have access.
You'll need the imageID of the image you want to use and make sure the image is replicated to the region where you want to create the VM. You'll also need the tenantID for the source gallery and the tenantID for where you want to create the VM.
You need to sign in to the tenant where the image is stored, get an access token, then sign into the tenant where you want to create the VM. This is how Azure authenticates that you have access to the image.
tenant1='<ID for tenant 1>'
tenant2='<ID for tenant 2>'
az account clear
az login --tenant $tenant1
az account get-access-token
az login --tenant $tenant2
az account get-access-token
Create the VM using az vm create using the --specialized parameter to indicate that the image is a specialized image.
imageid=""/subscriptions/<Subscription ID>/resourceGroups/myGalleryRG/providers/Microsoft.Compute/galleries/myGallery/images/myImageDefinition""
resourcegroup="myResourceGroup"
location="West US 3"
name='myVM'
az group create --name $resourcegroup --location $location
az vm create --resource-group $resourcegroup \
--name $name \
--image $image \
--specialized
You need to sign in to the tenant where the image is stored, get an access token, then sign into the tenant where you want to create the VM. This is how Azure authenticates that you have access to the image.
Create the VM. Replace the information in the example with your own. Before you create the VM, make sure that the image is replicated into the region where you want to create the VM.
# Create some variables for the new VM.
$resourceGroup = "myResourceGroup"
$location = "South Central US"
$vmName = "myVM"
# Set a variable for the image version in Tenant 1 using the full image ID of the image version
$image = "/subscriptions/<Tenant 1 subscription>/resourceGroups/<Resource group>/providers/Microsoft.Compute/galleries/<Gallery>/images/<Image definition>/versions/<version>"
# Create a resource group
New-AzResourceGroup -Name $resourceGroup -Location $location
# Create the network resources.
$subnetConfig = New-AzVirtualNetworkSubnetConfig `
-Name mySubnet `
-AddressPrefix 192.168.1.0/24
$vnet = New-AzVirtualNetwork `
-ResourceGroupName $resourceGroup `
-Location $location `
-Name MYvNET `
-AddressPrefix 192.168.0.0/16 `
-Subnet $subnetConfig
$pip = New-AzPublicIpAddress `
-ResourceGroupName $resourceGroup `
-Location $location `
-Name "mypublicdns$(Get-Random)" `
-AllocationMethod Static `
-IdleTimeoutInMinutes 4
$nsgRuleRDP = New-AzNetworkSecurityRuleConfig `
-Name myNetworkSecurityGroupRuleRDP `
-Protocol Tcp `
-Direction Inbound `
-Priority 1000 `
-SourceAddressPrefix * `
-SourcePortRange * `
-DestinationAddressPrefix * `
-DestinationPortRange 3389 -Access Deny
$nsg = New-AzNetworkSecurityGroup `
-ResourceGroupName $resourceGroup `
-Location $location `
-Name myNetworkSecurityGroup `
-SecurityRules $nsgRuleRDP
$nic = New-AzNetworkInterface `
-Name $vmName `
-ResourceGroupName $resourceGroup `
-Location $location `
-SubnetId $vnet.Subnets[0].Id `
-PublicIpAddressId $pip.Id `
-NetworkSecurityGroupId $nsg.Id
# Create a virtual machine configuration using Set-AzVMSourceImage -Id $imageDefinition.Id to use the latest available image version.
$vmConfig = New-AzVMConfig `
-VMName $vmName `
-VMSize Standard_D1_v2 | `
Set-AzVMSourceImage -Id $image | `
Add-AzVMNetworkInterface -Id $nic.Id
# Create a virtual machine
New-AzVM `
-ResourceGroupName $resourceGroup `
-Location $location `
-VM $vmConfig
Community gallery
Important
Microsoft does not provide support for images in the community gallery.
Reporting issues with a community image
Using community-submitted virtual machine images has several risks. Images could contain malware, security vulnerabilities, or violate someone's intellectual property. To help create a secure and reliable experience for the community, you can report images when you see these issues.
The easiest way to report issues with a community gallery is to use the portal, which will pre-fill information for the report:
For issues with links or other information in the fields of an image definition, select Report community image.
If an image version contains malicious code or there are other issues with a specific version of an image, select Report under the Report version column in the table of image versions.
You can also use the following links to report issues, but the forms won't be pre-filled:
As an end user, to get the public name of a community gallery, you need to use the portal. Go to Virtual machines > Create > Azure virtual machine > Image > See all images > Community Images > Public gallery name.
List all of the image definitions that are available in a community gallery using az sig image-definition list-community. In this example, we list all of the images in the ContosoImage gallery in West US and by name, the unique ID that is needed to create a VM, OS and OS state.
az sig image-definition list-community \
--public-gallery-name "ContosoImages-1a2b3c4d-1234-abcd-1234-1a2b3c4d5e6f" \
--location westus \
--query [*]."{Name:name,ID:uniqueId,OS:osType,State:osState}" -o table
Create the VM using az vm create using the --specialized parameter to indicate that the image is a specialized image.
In this example, we're creating a VM from the latest version of the myImageDefinition image.
az group create --name myResourceGroup --location eastus
az vm create --resource-group myResourceGroup \
--name myVM \
--image "/CommunityGalleries/ContosoImages-f61bb1d9-3c5a-4ad2-99b5-744030225de6/Images/LinuxSpecializedVersions/latest" \
--specialized
When using a community image, you'll be prompted to accept the legal terms. The message will look like this:
To create the VM from community gallery image, you must accept the license agreement and privacy statement: http://contoso.com. (If you want to accept the legal terms by default, please use the option '--accept-term' when creating VM/VMSS) (Y/n):
Type virtual machines in the search.
Under Services, select Virtual machines.
In the Virtual machines page, select Create and then Virtual machine. The Create a virtual machine page opens.
In the Basics tab, under Project details, make sure the correct subscription is selected and then choose to Create new resource group or select one from the drop-down.
Under Instance details, type a name for the Virtual machine name.
For Security type, make sure Standard is selected.
For your Image, select See all images. The Select an image page will open.
In the left menu, under Other Items, select Community images. The Other Items | Community Images page will open.
Select an image from the list. Make sure that the OS state is Specialized. If you want to use a specialized image, see Create a VM using a generalized image version. Depending on the image choose, the Region the VM will be created in will change to match the image.
Complete the rest of the options and then select the Review + create button at the bottom of the page.
On the Create a virtual machine page, you can see the details about the VM you're about to create. When you're ready, select Create.
To publish images to a direct shared gallery during the preview, you need to register at https://aka.ms/directsharedgallery-preview. Creating VMs from a direct shared gallery is open to all Azure users.
During the preview, you need to create a new gallery, with the property sharingProfile.permissions set to Groups. When using the CLI to create a gallery, use the --permissions groups parameter. You can't use an existing gallery, the property can't currently be updated.
To find the uniqueID of a gallery that is shared with you, use az sig list-shared. In this example, we're looking for galleries in the West US region.
region=westus
az sig list-shared --location $region --query "[].name" -o tsv
Use the gallery name to find all of the images that are available. In this example, we list all of the images in West US and by name, the unique ID that is needed to create a VM, OS and OS state.
galleryName="1a2b3c4d-1234-abcd-1234-1a2b3c4d5e6f-myDirectShared"
az sig image-definition list-shared \
--gallery-unique-name $galleryName \
--location $region \
--query [*]."{Name:name,ID:uniqueId,OS:osType,State:osState}" -o table
Create the VM using az vm create using the --specialized parameter to indicate that the image is a specialized image.
Use the Id, appended with /Versions/latest to use the latest version, as the value for `--image`` to create a VM.
In this example, we're creating a VM from the latest version of the myImageDefinition image.
imgDef="/SharedGalleries/1a2b3c4d-1234-abcd-1234-1a2b3c4d5e6f-MYDIRECTSHARED/Images/myDirectDefinition/Versions/latest"
vmResourceGroup=myResourceGroup
location=westus
vmName=myVM
az group create --name $vmResourceGroup --location $location
az vm create\
--resource-group $vmResourceGroup \
--name $vmName \
--image $imgDef \
--specialized
Note
Known issue: In the Azure portal, if you select a region, select an image, then change the region, you will get an error message: "You can only create VM in the replication regions of this image" even when the image is replicated to that region. To get rid of the error, select a different region, then switch back to the region you want. If the image is available, it should clear the error message.
You can also use the Azure CLI to check what images are shared with you. For example, you can use `az sig list-shared --location westus" to see what images are shared with you in the West US region.
Type virtual machines in the search.
Under Services, select Virtual machines.
In the Virtual machines page, select Create and then Virtual machine. The Create a virtual machine page opens.
In the Basics tab, under Project details, make sure the correct subscription is selected and then choose to Create new resource group or select one from the drop-down.
Under Instance details, type a name for the Virtual machine name.
For Security type, make sure Standard is selected.
For your Image, select See all images. The Select an image page will open.
In the left menu, under Other Items, select Direct Shared Images (PREVIEW). The Other Items | Direct Shared Images (PREVIEW) page will open.
Select an image from the list. Make sure that the OS state is Specialized. If you want to use a generalized image, see Create a VM using a generalized image version. Depending on the image you choose, the Region the VM will be created in will change to match the image.
Complete the rest of the options and then select the Review + create button at the bottom of the page.
On the Create a virtual machine page, you can see the details about the VM you're about to create. When you're ready, select Create.
