Hello, @Tomoki Endo ! If you already have a VHD you can try going the direct deployment route if you meet the requirements however it sounds like you may want to create the VM from your VHD and enable Trusted Launch after the fact. I've included steps and information below. Make sure you meet all the requirements before you start!
Is it possible to enable Trusted Launch when creating a virtual machine from a custom image?
Yes, you can use custom OS image or disks however there are several requirements.
A direct deployment of a Trusted Launch VM supports the following image sources:
For the following image sources, the security type on the image definition should be set to
TrustedLaunchsupported
:
- Gen2 OS Disk VHD
- Gen2 Managed Image
- Gen2 Gallery Image Version No VM Guest State information shall be included in the image source. The resulting image version can be used to create either Azure Gen2 VMs or Trusted launch VMs. These images can be shared using Azure Compute Gallery - Direct Shared Gallery and Azure Compute Gallery - Community Gallery
It is also possible to enable Trusted Launch on an existing Azure VM:
https://learn.microsoft.com/en-us/azure/virtual-machines/trusted-launch-existing-vm?tabs=portal
- Azure Generation 2 VM(s) is configured with: Trusted launch supported size family Trusted launch supported OS Image. For custom OS image or disks, the base image should be Trusted launch capable.
- Azure Generation 2 VM(s) is not using features currently not supported with Trusted launch.
- Azure Generation 2 VM(s) should be stopped and deallocated before enabling Trusted launch security type.
- Azure Backup if enabled for VM(s) should be configured with Enhanced Backup Policy. Trusted launch security type cannot be enabled for Generation 2 VM(s) configured with Standard Policy backup protection. Existing Azure VM backup can be migrated from Standard to Enhanced policy using private preview migration feature. Submit on-boarding request to preview using link https://aka.ms/formBackupPolicyMigration.
If you are able to create a VM that meets those requirements, then you will be able to deploy a VM with Trusted Launch enabled. The following pages of documentation includes relevant information:
- Trusted launch for Azure virtual machines
- Deploy a VM with trusted launch enabled
- Enable Trusted launch on existing Azure VMs
- Trusted Launch FAQ
I hope this has been helpful! Your feedback is important so please take a moment to accept answers.
If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!