Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The virtualMachineInstances resource type can be deployed with operations that target:
- Tenant - See tenant deployment commands* Management groups - See management group deployment commands* Subscription - See subscription deployment commands* Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.AzureStackHCI/virtualMachineInstances resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.AzureStackHCI/virtualMachineInstances@2025-09-01-preview' = {
scope: resourceSymbolicName or scope
extendedLocation: {
name: 'string'
type: 'string'
}
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
name: 'default'
properties: {
createFromLocal: bool
guestAgentInstallStatus: {}
hardwareProfile: {
dynamicMemoryConfig: {
maximumMemoryMB: int
minimumMemoryMB: int
targetMemoryBuffer: int
}
memoryMB: int
processors: int
virtualMachineGPUs: [
{
assignmentType: 'string'
gpuName: 'string'
partitionSizeMB: int
}
]
vmSize: 'string'
}
httpProxyConfig: {
httpProxy: 'string'
httpsProxy: 'string'
noProxy: [
'string'
]
trustedCa: 'string'
}
localVmName: 'string'
networkProfile: {
networkInterfaces: [
{
id: 'string'
}
]
}
osProfile: {
adminPassword: 'string'
adminUsername: 'string'
computerName: 'string'
linuxConfiguration: {
disablePasswordAuthentication: bool
provisionVMAgent: bool
provisionVMConfigAgent: bool
ssh: {
publicKeys: [
{
keyData: 'string'
path: 'string'
}
]
}
}
windowsConfiguration: {
enableAutomaticUpdates: bool
provisionVMAgent: bool
provisionVMConfigAgent: bool
ssh: {
publicKeys: [
{
keyData: 'string'
path: 'string'
}
]
}
timeZone: 'string'
}
}
placementProfile: {
strictPlacementPolicy: bool
zone: 'string'
}
resourceUid: 'string'
securityProfile: {
enableTPM: bool
securityType: 'string'
uefiSettings: {
secureBootEnabled: bool
}
}
storageProfile: {
dataDisks: [
{
id: 'string'
}
]
imageReference: {
id: 'string'
}
osDisk: {
id: 'string'
managedDisk: {
securityProfile: {
securityEncryptionType: 'string'
}
}
osType: 'string'
}
vmConfigStoragePathId: 'string'
}
}
}
Property Values
Microsoft.AzureStackHCI/virtualMachineInstances
| Name | Description | Value |
|---|---|---|
| extendedLocation | The extendedLocation of the resource. | ExtendedLocation |
| identity | The managed service identities assigned to this resource. | ManagedServiceIdentity |
| name | The resource name | 'default' (required) |
| properties | The resource-specific properties for this resource. | VirtualMachineInstanceProperties |
| scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the extension resource. |
ExtendedLocation
| Name | Description | Value |
|---|---|---|
| name | The name of the extended location. | string |
| type | The type of the extended location. | 'CustomLocation' |
GuestAgentInstallStatus
| Name | Description | Value |
|---|
HttpProxyConfiguration
| Name | Description | Value |
|---|---|---|
| httpProxy | The HTTP proxy server endpoint to use. | string Constraints: Sensitive value. Pass in as a secure parameter. |
| httpsProxy | The HTTPS proxy server endpoint to use. | string Constraints: Sensitive value. Pass in as a secure parameter. |
| noProxy | The endpoints that should not go through proxy. | string[] |
| trustedCa | Alternative CA cert to use for connecting to proxy servers. | string |
ImageArmReference
| Name | Description | Value |
|---|---|---|
| id | The Azure Resource ID for an image resource used by the virtual machine instance. | string |
ManagedServiceIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
| userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
NetworkInterfaceArmReference
| Name | Description | Value |
|---|---|---|
| id | The Azure Resource ID for a Network Interface. | string |
SshConfiguration
| Name | Description | Value |
|---|---|---|
| publicKeys | The list of SSH public keys used to authenticate with linux based VMs. | SshPublicKey[] |
SshPublicKey
| Name | Description | Value |
|---|---|---|
| keyData | SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format. For creating ssh keys, see [Create SSH keys on Linux and Mac for Linux VMs in Azure]/azure/virtual-machines/linux/create-ssh-keys-detailed). |
string |
| path | Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys | string |
UserAssignedIdentities
| Name | Description | Value |
|---|
UserAssignedIdentity
| Name | Description | Value |
|---|
VirtualHardDiskArmReference
| Name | Description | Value |
|---|---|---|
| id | The Azure Resource ID for a Virtual Hard Disk. | string |
VirtualMachineInstanceManagedDiskParameters
| Name | Description | Value |
|---|---|---|
| securityProfile | Specifies the security profile for the managed disk. | VMDiskSecurityProfile |
VirtualMachineInstanceProperties
| Name | Description | Value |
|---|---|---|
| createFromLocal | Boolean indicating whether this is an existing local virtual machine or if one should be created. | bool |
| guestAgentInstallStatus | Guest agent install status. | GuestAgentInstallStatus |
| hardwareProfile | HardwareProfile - Specifies the hardware settings for the virtual machine instance. | VirtualMachineInstancePropertiesHardwareProfile |
| httpProxyConfig | HTTP Proxy configuration for the VM. | HttpProxyConfiguration |
| localVmName | HyperV name of the VM. This is only applicable when createFromLocal is true. | string |
| networkProfile | NetworkProfile - describes the network configuration the virtual machine instance | VirtualMachineInstancePropertiesNetworkProfile |
| osProfile | OsProfile - describes the configuration of the operating system and sets login data | VirtualMachineInstancePropertiesOsProfile |
| placementProfile | PlacementProfile - Specifies the placement related settings for the virtual machine. | VirtualMachineInstancePropertiesPlacementProfile |
| resourceUid | Unique identifier defined by ARC to identify the guest of the VM. | string |
| securityProfile | SecurityProfile - Specifies the security settings for the virtual machine instance. | VirtualMachineInstancePropertiesSecurityProfile |
| storageProfile | StorageProfile - contains information about the disks and storage information for the virtual machine instance | VirtualMachineInstancePropertiesStorageProfile |
VirtualMachineInstancePropertiesHardwareProfile
| Name | Description | Value |
|---|---|---|
| dynamicMemoryConfig | Dynamic memory config | VirtualMachineInstancePropertiesHardwareProfileDynamicMemoryConfig |
| memoryMB | RAM in MB for the virtual machine instance | int |
| processors | number of processors for the virtual machine instance | int |
| virtualMachineGPUs | virtualMachineGPUs - list of gpus to be attached to the virtual machine instance | VirtualMachineInstancePropertiesHardwareProfileVirtualMachineGPU[] |
| vmSize | Enum of VM Sizes | 'Custom' 'Default' 'Standard_A2_v2' 'Standard_A4_v2' 'Standard_D16s_v3' 'Standard_D2s_v3' 'Standard_D32s_v3' 'Standard_D4s_v3' 'Standard_D8s_v3' 'Standard_DS13_v2' 'Standard_DS2_v2' 'Standard_DS3_v2' 'Standard_DS4_v2' 'Standard_DS5_v2' 'Standard_K8S2_v1' 'Standard_K8S3_v1' 'Standard_K8S4_v1' 'Standard_K8S5_v1' 'Standard_K8S_v1' 'Standard_NK12' 'Standard_NK6' 'Standard_NV12' 'Standard_NV6' |
VirtualMachineInstancePropertiesHardwareProfileDynamicMemoryConfig
| Name | Description | Value |
|---|---|---|
| maximumMemoryMB | Maximum memory in MB | int |
| minimumMemoryMB | Minimum memory in MB | int |
| targetMemoryBuffer | Defines the amount of extra memory that should be reserved for a virtual machine instance at runtime, as a percentage of the total memory that the virtual machine instance is thought to need. This only applies to virtual systems with dynamic memory enabled. This property can be in the range of 5 to 2000. | int |
VirtualMachineInstancePropertiesHardwareProfileVirtualMachineGPU
| Name | Description | Value |
|---|---|---|
| assignmentType | GPU assignment type | 'GpuDDA' 'GpuP' (required) |
| gpuName | Name of the GPU | string |
| partitionSizeMB | Size of gpu partition in MB for GPU-P | int |
VirtualMachineInstancePropertiesNetworkProfile
| Name | Description | Value |
|---|---|---|
| networkInterfaces | NetworkInterfaces - list of network interfaces to be attached to the virtual machine instance | NetworkInterfaceArmReference[] |
VirtualMachineInstancePropertiesOsProfile
| Name | Description | Value |
|---|---|---|
| adminPassword | AdminPassword - admin password | string Constraints: Sensitive value. Pass in as a secure parameter. |
| adminUsername | AdminUsername - admin username | string |
| computerName | ComputerName - name of the compute | string |
| linuxConfiguration | LinuxConfiguration - linux specific configuration values for the virtual machine instance | VirtualMachineInstancePropertiesOsProfileLinuxConfiguration |
| windowsConfiguration | Windows Configuration for the virtual machine instance | VirtualMachineInstancePropertiesOsProfileWindowsConfiguration |
VirtualMachineInstancePropertiesOsProfileLinuxConfiguration
| Name | Description | Value |
|---|---|---|
| disablePasswordAuthentication | DisablePasswordAuthentication - whether password authentication should be disabled | bool |
| provisionVMAgent | Used to indicate whether Arc for Servers agent onboarding should be triggered during the virtual machine instance creation process. | bool |
| provisionVMConfigAgent | Used to indicate whether the VM Config Agent should be installed during the virtual machine creation process. | bool |
| ssh | Specifies the ssh key configuration for a Linux OS. | SshConfiguration |
VirtualMachineInstancePropertiesOsProfileWindowsConfiguration
| Name | Description | Value |
|---|---|---|
| enableAutomaticUpdates | Whether to EnableAutomaticUpdates on the machine | bool |
| provisionVMAgent | Used to indicate whether Arc for Servers agent onboarding should be triggered during the virtual machine instance creation process. | bool |
| provisionVMConfigAgent | Used to indicate whether the VM Config Agent should be installed during the virtual machine creation process. | bool |
| ssh | Specifies the ssh key configuration for Windows OS. | SshConfiguration |
| timeZone | TimeZone for the virtual machine instance | string |
VirtualMachineInstancePropertiesPlacementProfile
| Name | Description | Value |
|---|---|---|
| strictPlacementPolicy | Specifies whether VM can only failover strictly within the zone it was placed in | bool |
| zone | The zone in which the VM should be placed in. | string |
VirtualMachineInstancePropertiesSecurityProfile
| Name | Description | Value |
|---|---|---|
| enableTPM | Enable TPM flag | bool |
| securityType | Specifies the SecurityType of the virtual machine. EnableTPM and SecureBootEnabled must be set to true for SecurityType to function. | 'ConfidentialVM' 'TrustedLaunch' |
| uefiSettings | Uefi settings of the virtual machine instance | VirtualMachineInstancePropertiesSecurityProfileUefiSettings |
VirtualMachineInstancePropertiesSecurityProfileUefiSettings
| Name | Description | Value |
|---|---|---|
| secureBootEnabled | Specifies whether secure boot should be enabled on the virtual machine instance. | bool |
VirtualMachineInstancePropertiesStorageProfile
| Name | Description | Value |
|---|---|---|
| dataDisks | adds data disks to the virtual machine instance | VirtualHardDiskArmReference[] |
| imageReference | Which Image to use for the virtual machine instance | ImageArmReference |
| osDisk | VHD to attach as OS disk | VirtualMachineInstancePropertiesStorageProfileOsDisk |
| vmConfigStoragePathId | Id of the storage container that hosts the VM configuration file | string |
VirtualMachineInstancePropertiesStorageProfileOsDisk
| Name | Description | Value |
|---|---|---|
| id | The Azure Resource ID for a Virtual Hard Disk. | string |
| managedDisk | The managed disk parameters. | VirtualMachineInstanceManagedDiskParameters |
| osType | This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD. Possible values are: Windows, Linux. | 'Linux' 'Windows' |
VMDiskSecurityProfile
| Name | Description | Value |
|---|---|---|
| securityEncryptionType | Specifies the EncryptionType of the managed disk. It is set to NonPersistedTPM for not persisting firmware state in the VMGuestState blob. NOTE: It can be set for only Confidential VMs. | 'NonPersistedTPM' |
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
| Module | Description |
|---|---|
| Azure Stack HCI Virtual Machine Instance | AVM Resource Module for Azure Stack HCI Virtual Machine Instance |
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
| Bicep File | Description |
|---|---|
| Create a Linux VM from a gallery image on Azure Stack HCI | This template creates a simple Linux VM from the referenced custom image on Azure Stack HCI version 23H2+ |
| Create a VM from the referenced image on Azure Stack HCI | This template creates a simple Windows VM from the referenced Azure Marketplace image on Azure Stack HCI version 23H2+ |
ARM template resource definition
The virtualMachineInstances resource type can be deployed with operations that target:
- Tenant - See tenant deployment commands* Management groups - See management group deployment commands* Subscription - See subscription deployment commands* Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.AzureStackHCI/virtualMachineInstances resource, add the following JSON to your template.
{
"type": "Microsoft.AzureStackHCI/virtualMachineInstances",
"apiVersion": "2025-09-01-preview",
"name": "string",
"extendedLocation": {
"name": "string",
"type": "string"
},
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {
}
}
},
"properties": {
"createFromLocal": "bool",
"guestAgentInstallStatus": {
},
"hardwareProfile": {
"dynamicMemoryConfig": {
"maximumMemoryMB": "int",
"minimumMemoryMB": "int",
"targetMemoryBuffer": "int"
},
"memoryMB": "int",
"processors": "int",
"virtualMachineGPUs": [
{
"assignmentType": "string",
"gpuName": "string",
"partitionSizeMB": "int"
}
],
"vmSize": "string"
},
"httpProxyConfig": {
"httpProxy": "string",
"httpsProxy": "string",
"noProxy": [ "string" ],
"trustedCa": "string"
},
"localVmName": "string",
"networkProfile": {
"networkInterfaces": [
{
"id": "string"
}
]
},
"osProfile": {
"adminPassword": "string",
"adminUsername": "string",
"computerName": "string",
"linuxConfiguration": {
"disablePasswordAuthentication": "bool",
"provisionVMAgent": "bool",
"provisionVMConfigAgent": "bool",
"ssh": {
"publicKeys": [
{
"keyData": "string",
"path": "string"
}
]
}
},
"windowsConfiguration": {
"enableAutomaticUpdates": "bool",
"provisionVMAgent": "bool",
"provisionVMConfigAgent": "bool",
"ssh": {
"publicKeys": [
{
"keyData": "string",
"path": "string"
}
]
},
"timeZone": "string"
}
},
"placementProfile": {
"strictPlacementPolicy": "bool",
"zone": "string"
},
"resourceUid": "string",
"securityProfile": {
"enableTPM": "bool",
"securityType": "string",
"uefiSettings": {
"secureBootEnabled": "bool"
}
},
"storageProfile": {
"dataDisks": [
{
"id": "string"
}
],
"imageReference": {
"id": "string"
},
"osDisk": {
"id": "string",
"managedDisk": {
"securityProfile": {
"securityEncryptionType": "string"
}
},
"osType": "string"
},
"vmConfigStoragePathId": "string"
}
}
}
Property Values
Microsoft.AzureStackHCI/virtualMachineInstances
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2025-09-01-preview' |
| extendedLocation | The extendedLocation of the resource. | ExtendedLocation |
| identity | The managed service identities assigned to this resource. | ManagedServiceIdentity |
| name | The resource name | 'default' (required) |
| properties | The resource-specific properties for this resource. | VirtualMachineInstanceProperties |
| type | The resource type | 'Microsoft.AzureStackHCI/virtualMachineInstances' |
ExtendedLocation
| Name | Description | Value |
|---|---|---|
| name | The name of the extended location. | string |
| type | The type of the extended location. | 'CustomLocation' |
GuestAgentInstallStatus
| Name | Description | Value |
|---|
HttpProxyConfiguration
| Name | Description | Value |
|---|---|---|
| httpProxy | The HTTP proxy server endpoint to use. | string Constraints: Sensitive value. Pass in as a secure parameter. |
| httpsProxy | The HTTPS proxy server endpoint to use. | string Constraints: Sensitive value. Pass in as a secure parameter. |
| noProxy | The endpoints that should not go through proxy. | string[] |
| trustedCa | Alternative CA cert to use for connecting to proxy servers. | string |
ImageArmReference
| Name | Description | Value |
|---|---|---|
| id | The Azure Resource ID for an image resource used by the virtual machine instance. | string |
ManagedServiceIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
| userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
NetworkInterfaceArmReference
| Name | Description | Value |
|---|---|---|
| id | The Azure Resource ID for a Network Interface. | string |
SshConfiguration
| Name | Description | Value |
|---|---|---|
| publicKeys | The list of SSH public keys used to authenticate with linux based VMs. | SshPublicKey[] |
SshPublicKey
| Name | Description | Value |
|---|---|---|
| keyData | SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format. For creating ssh keys, see [Create SSH keys on Linux and Mac for Linux VMs in Azure]/azure/virtual-machines/linux/create-ssh-keys-detailed). |
string |
| path | Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys | string |
UserAssignedIdentities
| Name | Description | Value |
|---|
UserAssignedIdentity
| Name | Description | Value |
|---|
VirtualHardDiskArmReference
| Name | Description | Value |
|---|---|---|
| id | The Azure Resource ID for a Virtual Hard Disk. | string |
VirtualMachineInstanceManagedDiskParameters
| Name | Description | Value |
|---|---|---|
| securityProfile | Specifies the security profile for the managed disk. | VMDiskSecurityProfile |
VirtualMachineInstanceProperties
| Name | Description | Value |
|---|---|---|
| createFromLocal | Boolean indicating whether this is an existing local virtual machine or if one should be created. | bool |
| guestAgentInstallStatus | Guest agent install status. | GuestAgentInstallStatus |
| hardwareProfile | HardwareProfile - Specifies the hardware settings for the virtual machine instance. | VirtualMachineInstancePropertiesHardwareProfile |
| httpProxyConfig | HTTP Proxy configuration for the VM. | HttpProxyConfiguration |
| localVmName | HyperV name of the VM. This is only applicable when createFromLocal is true. | string |
| networkProfile | NetworkProfile - describes the network configuration the virtual machine instance | VirtualMachineInstancePropertiesNetworkProfile |
| osProfile | OsProfile - describes the configuration of the operating system and sets login data | VirtualMachineInstancePropertiesOsProfile |
| placementProfile | PlacementProfile - Specifies the placement related settings for the virtual machine. | VirtualMachineInstancePropertiesPlacementProfile |
| resourceUid | Unique identifier defined by ARC to identify the guest of the VM. | string |
| securityProfile | SecurityProfile - Specifies the security settings for the virtual machine instance. | VirtualMachineInstancePropertiesSecurityProfile |
| storageProfile | StorageProfile - contains information about the disks and storage information for the virtual machine instance | VirtualMachineInstancePropertiesStorageProfile |
VirtualMachineInstancePropertiesHardwareProfile
| Name | Description | Value |
|---|---|---|
| dynamicMemoryConfig | Dynamic memory config | VirtualMachineInstancePropertiesHardwareProfileDynamicMemoryConfig |
| memoryMB | RAM in MB for the virtual machine instance | int |
| processors | number of processors for the virtual machine instance | int |
| virtualMachineGPUs | virtualMachineGPUs - list of gpus to be attached to the virtual machine instance | VirtualMachineInstancePropertiesHardwareProfileVirtualMachineGPU[] |
| vmSize | Enum of VM Sizes | 'Custom' 'Default' 'Standard_A2_v2' 'Standard_A4_v2' 'Standard_D16s_v3' 'Standard_D2s_v3' 'Standard_D32s_v3' 'Standard_D4s_v3' 'Standard_D8s_v3' 'Standard_DS13_v2' 'Standard_DS2_v2' 'Standard_DS3_v2' 'Standard_DS4_v2' 'Standard_DS5_v2' 'Standard_K8S2_v1' 'Standard_K8S3_v1' 'Standard_K8S4_v1' 'Standard_K8S5_v1' 'Standard_K8S_v1' 'Standard_NK12' 'Standard_NK6' 'Standard_NV12' 'Standard_NV6' |
VirtualMachineInstancePropertiesHardwareProfileDynamicMemoryConfig
| Name | Description | Value |
|---|---|---|
| maximumMemoryMB | Maximum memory in MB | int |
| minimumMemoryMB | Minimum memory in MB | int |
| targetMemoryBuffer | Defines the amount of extra memory that should be reserved for a virtual machine instance at runtime, as a percentage of the total memory that the virtual machine instance is thought to need. This only applies to virtual systems with dynamic memory enabled. This property can be in the range of 5 to 2000. | int |
VirtualMachineInstancePropertiesHardwareProfileVirtualMachineGPU
| Name | Description | Value |
|---|---|---|
| assignmentType | GPU assignment type | 'GpuDDA' 'GpuP' (required) |
| gpuName | Name of the GPU | string |
| partitionSizeMB | Size of gpu partition in MB for GPU-P | int |
VirtualMachineInstancePropertiesNetworkProfile
| Name | Description | Value |
|---|---|---|
| networkInterfaces | NetworkInterfaces - list of network interfaces to be attached to the virtual machine instance | NetworkInterfaceArmReference[] |
VirtualMachineInstancePropertiesOsProfile
| Name | Description | Value |
|---|---|---|
| adminPassword | AdminPassword - admin password | string Constraints: Sensitive value. Pass in as a secure parameter. |
| adminUsername | AdminUsername - admin username | string |
| computerName | ComputerName - name of the compute | string |
| linuxConfiguration | LinuxConfiguration - linux specific configuration values for the virtual machine instance | VirtualMachineInstancePropertiesOsProfileLinuxConfiguration |
| windowsConfiguration | Windows Configuration for the virtual machine instance | VirtualMachineInstancePropertiesOsProfileWindowsConfiguration |
VirtualMachineInstancePropertiesOsProfileLinuxConfiguration
| Name | Description | Value |
|---|---|---|
| disablePasswordAuthentication | DisablePasswordAuthentication - whether password authentication should be disabled | bool |
| provisionVMAgent | Used to indicate whether Arc for Servers agent onboarding should be triggered during the virtual machine instance creation process. | bool |
| provisionVMConfigAgent | Used to indicate whether the VM Config Agent should be installed during the virtual machine creation process. | bool |
| ssh | Specifies the ssh key configuration for a Linux OS. | SshConfiguration |
VirtualMachineInstancePropertiesOsProfileWindowsConfiguration
| Name | Description | Value |
|---|---|---|
| enableAutomaticUpdates | Whether to EnableAutomaticUpdates on the machine | bool |
| provisionVMAgent | Used to indicate whether Arc for Servers agent onboarding should be triggered during the virtual machine instance creation process. | bool |
| provisionVMConfigAgent | Used to indicate whether the VM Config Agent should be installed during the virtual machine creation process. | bool |
| ssh | Specifies the ssh key configuration for Windows OS. | SshConfiguration |
| timeZone | TimeZone for the virtual machine instance | string |
VirtualMachineInstancePropertiesPlacementProfile
| Name | Description | Value |
|---|---|---|
| strictPlacementPolicy | Specifies whether VM can only failover strictly within the zone it was placed in | bool |
| zone | The zone in which the VM should be placed in. | string |
VirtualMachineInstancePropertiesSecurityProfile
| Name | Description | Value |
|---|---|---|
| enableTPM | Enable TPM flag | bool |
| securityType | Specifies the SecurityType of the virtual machine. EnableTPM and SecureBootEnabled must be set to true for SecurityType to function. | 'ConfidentialVM' 'TrustedLaunch' |
| uefiSettings | Uefi settings of the virtual machine instance | VirtualMachineInstancePropertiesSecurityProfileUefiSettings |
VirtualMachineInstancePropertiesSecurityProfileUefiSettings
| Name | Description | Value |
|---|---|---|
| secureBootEnabled | Specifies whether secure boot should be enabled on the virtual machine instance. | bool |
VirtualMachineInstancePropertiesStorageProfile
| Name | Description | Value |
|---|---|---|
| dataDisks | adds data disks to the virtual machine instance | VirtualHardDiskArmReference[] |
| imageReference | Which Image to use for the virtual machine instance | ImageArmReference |
| osDisk | VHD to attach as OS disk | VirtualMachineInstancePropertiesStorageProfileOsDisk |
| vmConfigStoragePathId | Id of the storage container that hosts the VM configuration file | string |
VirtualMachineInstancePropertiesStorageProfileOsDisk
| Name | Description | Value |
|---|---|---|
| id | The Azure Resource ID for a Virtual Hard Disk. | string |
| managedDisk | The managed disk parameters. | VirtualMachineInstanceManagedDiskParameters |
| osType | This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD. Possible values are: Windows, Linux. | 'Linux' 'Windows' |
VMDiskSecurityProfile
| Name | Description | Value |
|---|---|---|
| securityEncryptionType | Specifies the EncryptionType of the managed disk. It is set to NonPersistedTPM for not persisting firmware state in the VMGuestState blob. NOTE: It can be set for only Confidential VMs. | 'NonPersistedTPM' |
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Create a Linux VM from a gallery image on Azure Stack HCI |
This template creates a simple Linux VM from the referenced custom image on Azure Stack HCI version 23H2+ |
| Create a VM from the referenced image on Azure Stack HCI |
This template creates a simple Windows VM from the referenced Azure Marketplace image on Azure Stack HCI version 23H2+ |
Terraform (AzAPI provider) resource definition
The virtualMachineInstances resource type can be deployed with operations that target:
- Tenant* Management groups* Subscription* Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.AzureStackHCI/virtualMachineInstances resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.AzureStackHCI/virtualMachineInstances@2025-09-01-preview"
name = "string"
parent_id = "string"
identity {
type = "string"
identity_ids = [
"string"
]
}
body = {
extendedLocation = {
name = "string"
type = "string"
}
properties = {
createFromLocal = bool
guestAgentInstallStatus = {
}
hardwareProfile = {
dynamicMemoryConfig = {
maximumMemoryMB = int
minimumMemoryMB = int
targetMemoryBuffer = int
}
memoryMB = int
processors = int
virtualMachineGPUs = [
{
assignmentType = "string"
gpuName = "string"
partitionSizeMB = int
}
]
vmSize = "string"
}
httpProxyConfig = {
httpProxy = "string"
httpsProxy = "string"
noProxy = [
"string"
]
trustedCa = "string"
}
localVmName = "string"
networkProfile = {
networkInterfaces = [
{
id = "string"
}
]
}
osProfile = {
adminPassword = "string"
adminUsername = "string"
computerName = "string"
linuxConfiguration = {
disablePasswordAuthentication = bool
provisionVMAgent = bool
provisionVMConfigAgent = bool
ssh = {
publicKeys = [
{
keyData = "string"
path = "string"
}
]
}
}
windowsConfiguration = {
enableAutomaticUpdates = bool
provisionVMAgent = bool
provisionVMConfigAgent = bool
ssh = {
publicKeys = [
{
keyData = "string"
path = "string"
}
]
}
timeZone = "string"
}
}
placementProfile = {
strictPlacementPolicy = bool
zone = "string"
}
resourceUid = "string"
securityProfile = {
enableTPM = bool
securityType = "string"
uefiSettings = {
secureBootEnabled = bool
}
}
storageProfile = {
dataDisks = [
{
id = "string"
}
]
imageReference = {
id = "string"
}
osDisk = {
id = "string"
managedDisk = {
securityProfile = {
securityEncryptionType = "string"
}
}
osType = "string"
}
vmConfigStoragePathId = "string"
}
}
}
}
Property Values
Microsoft.AzureStackHCI/virtualMachineInstances
| Name | Description | Value |
|---|---|---|
| extendedLocation | The extendedLocation of the resource. | ExtendedLocation |
| identity | The managed service identities assigned to this resource. | ManagedServiceIdentity |
| name | The resource name | 'default' (required) |
| parent_id | The ID of the resource to apply this extension resource to. | string (required) |
| properties | The resource-specific properties for this resource. | VirtualMachineInstanceProperties |
| type | The resource type | "Microsoft.AzureStackHCI/virtualMachineInstances@2025-09-01-preview" |
ExtendedLocation
| Name | Description | Value |
|---|---|---|
| name | The name of the extended location. | string |
| type | The type of the extended location. | 'CustomLocation' |
GuestAgentInstallStatus
| Name | Description | Value |
|---|
HttpProxyConfiguration
| Name | Description | Value |
|---|---|---|
| httpProxy | The HTTP proxy server endpoint to use. | string Constraints: Sensitive value. Pass in as a secure parameter. |
| httpsProxy | The HTTPS proxy server endpoint to use. | string Constraints: Sensitive value. Pass in as a secure parameter. |
| noProxy | The endpoints that should not go through proxy. | string[] |
| trustedCa | Alternative CA cert to use for connecting to proxy servers. | string |
ImageArmReference
| Name | Description | Value |
|---|---|---|
| id | The Azure Resource ID for an image resource used by the virtual machine instance. | string |
ManagedServiceIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
| userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
NetworkInterfaceArmReference
| Name | Description | Value |
|---|---|---|
| id | The Azure Resource ID for a Network Interface. | string |
SshConfiguration
| Name | Description | Value |
|---|---|---|
| publicKeys | The list of SSH public keys used to authenticate with linux based VMs. | SshPublicKey[] |
SshPublicKey
| Name | Description | Value |
|---|---|---|
| keyData | SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format. For creating ssh keys, see [Create SSH keys on Linux and Mac for Linux VMs in Azure]/azure/virtual-machines/linux/create-ssh-keys-detailed). |
string |
| path | Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys | string |
UserAssignedIdentities
| Name | Description | Value |
|---|
UserAssignedIdentity
| Name | Description | Value |
|---|
VirtualHardDiskArmReference
| Name | Description | Value |
|---|---|---|
| id | The Azure Resource ID for a Virtual Hard Disk. | string |
VirtualMachineInstanceManagedDiskParameters
| Name | Description | Value |
|---|---|---|
| securityProfile | Specifies the security profile for the managed disk. | VMDiskSecurityProfile |
VirtualMachineInstanceProperties
| Name | Description | Value |
|---|---|---|
| createFromLocal | Boolean indicating whether this is an existing local virtual machine or if one should be created. | bool |
| guestAgentInstallStatus | Guest agent install status. | GuestAgentInstallStatus |
| hardwareProfile | HardwareProfile - Specifies the hardware settings for the virtual machine instance. | VirtualMachineInstancePropertiesHardwareProfile |
| httpProxyConfig | HTTP Proxy configuration for the VM. | HttpProxyConfiguration |
| localVmName | HyperV name of the VM. This is only applicable when createFromLocal is true. | string |
| networkProfile | NetworkProfile - describes the network configuration the virtual machine instance | VirtualMachineInstancePropertiesNetworkProfile |
| osProfile | OsProfile - describes the configuration of the operating system and sets login data | VirtualMachineInstancePropertiesOsProfile |
| placementProfile | PlacementProfile - Specifies the placement related settings for the virtual machine. | VirtualMachineInstancePropertiesPlacementProfile |
| resourceUid | Unique identifier defined by ARC to identify the guest of the VM. | string |
| securityProfile | SecurityProfile - Specifies the security settings for the virtual machine instance. | VirtualMachineInstancePropertiesSecurityProfile |
| storageProfile | StorageProfile - contains information about the disks and storage information for the virtual machine instance | VirtualMachineInstancePropertiesStorageProfile |
VirtualMachineInstancePropertiesHardwareProfile
| Name | Description | Value |
|---|---|---|
| dynamicMemoryConfig | Dynamic memory config | VirtualMachineInstancePropertiesHardwareProfileDynamicMemoryConfig |
| memoryMB | RAM in MB for the virtual machine instance | int |
| processors | number of processors for the virtual machine instance | int |
| virtualMachineGPUs | virtualMachineGPUs - list of gpus to be attached to the virtual machine instance | VirtualMachineInstancePropertiesHardwareProfileVirtualMachineGPU[] |
| vmSize | Enum of VM Sizes | 'Custom' 'Default' 'Standard_A2_v2' 'Standard_A4_v2' 'Standard_D16s_v3' 'Standard_D2s_v3' 'Standard_D32s_v3' 'Standard_D4s_v3' 'Standard_D8s_v3' 'Standard_DS13_v2' 'Standard_DS2_v2' 'Standard_DS3_v2' 'Standard_DS4_v2' 'Standard_DS5_v2' 'Standard_K8S2_v1' 'Standard_K8S3_v1' 'Standard_K8S4_v1' 'Standard_K8S5_v1' 'Standard_K8S_v1' 'Standard_NK12' 'Standard_NK6' 'Standard_NV12' 'Standard_NV6' |
VirtualMachineInstancePropertiesHardwareProfileDynamicMemoryConfig
| Name | Description | Value |
|---|---|---|
| maximumMemoryMB | Maximum memory in MB | int |
| minimumMemoryMB | Minimum memory in MB | int |
| targetMemoryBuffer | Defines the amount of extra memory that should be reserved for a virtual machine instance at runtime, as a percentage of the total memory that the virtual machine instance is thought to need. This only applies to virtual systems with dynamic memory enabled. This property can be in the range of 5 to 2000. | int |
VirtualMachineInstancePropertiesHardwareProfileVirtualMachineGPU
| Name | Description | Value |
|---|---|---|
| assignmentType | GPU assignment type | 'GpuDDA' 'GpuP' (required) |
| gpuName | Name of the GPU | string |
| partitionSizeMB | Size of gpu partition in MB for GPU-P | int |
VirtualMachineInstancePropertiesNetworkProfile
| Name | Description | Value |
|---|---|---|
| networkInterfaces | NetworkInterfaces - list of network interfaces to be attached to the virtual machine instance | NetworkInterfaceArmReference[] |
VirtualMachineInstancePropertiesOsProfile
| Name | Description | Value |
|---|---|---|
| adminPassword | AdminPassword - admin password | string Constraints: Sensitive value. Pass in as a secure parameter. |
| adminUsername | AdminUsername - admin username | string |
| computerName | ComputerName - name of the compute | string |
| linuxConfiguration | LinuxConfiguration - linux specific configuration values for the virtual machine instance | VirtualMachineInstancePropertiesOsProfileLinuxConfiguration |
| windowsConfiguration | Windows Configuration for the virtual machine instance | VirtualMachineInstancePropertiesOsProfileWindowsConfiguration |
VirtualMachineInstancePropertiesOsProfileLinuxConfiguration
| Name | Description | Value |
|---|---|---|
| disablePasswordAuthentication | DisablePasswordAuthentication - whether password authentication should be disabled | bool |
| provisionVMAgent | Used to indicate whether Arc for Servers agent onboarding should be triggered during the virtual machine instance creation process. | bool |
| provisionVMConfigAgent | Used to indicate whether the VM Config Agent should be installed during the virtual machine creation process. | bool |
| ssh | Specifies the ssh key configuration for a Linux OS. | SshConfiguration |
VirtualMachineInstancePropertiesOsProfileWindowsConfiguration
| Name | Description | Value |
|---|---|---|
| enableAutomaticUpdates | Whether to EnableAutomaticUpdates on the machine | bool |
| provisionVMAgent | Used to indicate whether Arc for Servers agent onboarding should be triggered during the virtual machine instance creation process. | bool |
| provisionVMConfigAgent | Used to indicate whether the VM Config Agent should be installed during the virtual machine creation process. | bool |
| ssh | Specifies the ssh key configuration for Windows OS. | SshConfiguration |
| timeZone | TimeZone for the virtual machine instance | string |
VirtualMachineInstancePropertiesPlacementProfile
| Name | Description | Value |
|---|---|---|
| strictPlacementPolicy | Specifies whether VM can only failover strictly within the zone it was placed in | bool |
| zone | The zone in which the VM should be placed in. | string |
VirtualMachineInstancePropertiesSecurityProfile
| Name | Description | Value |
|---|---|---|
| enableTPM | Enable TPM flag | bool |
| securityType | Specifies the SecurityType of the virtual machine. EnableTPM and SecureBootEnabled must be set to true for SecurityType to function. | 'ConfidentialVM' 'TrustedLaunch' |
| uefiSettings | Uefi settings of the virtual machine instance | VirtualMachineInstancePropertiesSecurityProfileUefiSettings |
VirtualMachineInstancePropertiesSecurityProfileUefiSettings
| Name | Description | Value |
|---|---|---|
| secureBootEnabled | Specifies whether secure boot should be enabled on the virtual machine instance. | bool |
VirtualMachineInstancePropertiesStorageProfile
| Name | Description | Value |
|---|---|---|
| dataDisks | adds data disks to the virtual machine instance | VirtualHardDiskArmReference[] |
| imageReference | Which Image to use for the virtual machine instance | ImageArmReference |
| osDisk | VHD to attach as OS disk | VirtualMachineInstancePropertiesStorageProfileOsDisk |
| vmConfigStoragePathId | Id of the storage container that hosts the VM configuration file | string |
VirtualMachineInstancePropertiesStorageProfileOsDisk
| Name | Description | Value |
|---|---|---|
| id | The Azure Resource ID for a Virtual Hard Disk. | string |
| managedDisk | The managed disk parameters. | VirtualMachineInstanceManagedDiskParameters |
| osType | This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD. Possible values are: Windows, Linux. | 'Linux' 'Windows' |
VMDiskSecurityProfile
| Name | Description | Value |
|---|---|---|
| securityEncryptionType | Specifies the EncryptionType of the managed disk. It is set to NonPersistedTPM for not persisting firmware state in the VMGuestState blob. NOTE: It can be set for only Confidential VMs. | 'NonPersistedTPM' |
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
| Module | Description |
|---|---|
| Stack HCI Virtual Machine Instance | AVM Resource Module for Stack HCI Virtual Machine Instance |