Microsoft.Compute virtualMachineScaleSets/virtualmachines 2021-04-01
Bicep resource definition
The virtualMachineScaleSets/virtualmachines resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Compute/virtualMachineScaleSets/virtualmachines resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Compute/virtualMachineScaleSets/virtualmachines@2021-04-01' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
parent: resourceSymbolicName
plan: {
name: 'string'
product: 'string'
promotionCode: 'string'
publisher: 'string'
}
properties: {
additionalCapabilities: {
ultraSSDEnabled: bool
}
availabilitySet: {
id: 'string'
}
diagnosticsProfile: {
bootDiagnostics: {
enabled: bool
storageUri: 'string'
}
}
hardwareProfile: {
vmSize: 'string'
}
licenseType: 'string'
networkProfile: {
networkApiVersion: '2020-11-01'
networkInterfaceConfigurations: [
{
name: 'string'
properties: {
deleteOption: 'string'
dnsSettings: {
dnsServers: [
'string'
]
}
dscpConfiguration: {
id: 'string'
}
enableAcceleratedNetworking: bool
enableFpga: bool
enableIPForwarding: bool
ipConfigurations: [
{
name: 'string'
properties: {
applicationGatewayBackendAddressPools: [
{
id: 'string'
}
]
applicationSecurityGroups: [
{
id: 'string'
}
]
loadBalancerBackendAddressPools: [
{
id: 'string'
}
]
primary: bool
privateIPAddressVersion: 'string'
publicIPAddressConfiguration: {
name: 'string'
properties: {
deleteOption: 'string'
dnsSettings: {
domainNameLabel: 'string'
}
idleTimeoutInMinutes: int
ipTags: [
{
ipTagType: 'string'
tag: 'string'
}
]
publicIPAddressVersion: 'string'
publicIPAllocationMethod: 'string'
publicIPPrefix: {
id: 'string'
}
}
sku: {
name: 'string'
tier: 'string'
}
}
subnet: {
id: 'string'
}
}
}
]
networkSecurityGroup: {
id: 'string'
}
primary: bool
}
}
]
networkInterfaces: [
{
id: 'string'
properties: {
deleteOption: 'string'
primary: bool
}
}
]
}
networkProfileConfiguration: {
networkInterfaceConfigurations: [
{
id: 'string'
name: 'string'
properties: {
deleteOption: 'string'
dnsSettings: {
dnsServers: [
'string'
]
}
enableAcceleratedNetworking: bool
enableFpga: bool
enableIPForwarding: bool
ipConfigurations: [
{
id: 'string'
name: 'string'
properties: {
applicationGatewayBackendAddressPools: [
{
id: 'string'
}
]
applicationSecurityGroups: [
{
id: 'string'
}
]
loadBalancerBackendAddressPools: [
{
id: 'string'
}
]
loadBalancerInboundNatPools: [
{
id: 'string'
}
]
primary: bool
privateIPAddressVersion: 'string'
publicIPAddressConfiguration: {
name: 'string'
properties: {
deleteOption: 'string'
dnsSettings: {
domainNameLabel: 'string'
}
idleTimeoutInMinutes: int
ipTags: [
{
ipTagType: 'string'
tag: 'string'
}
]
publicIPAddressVersion: 'string'
publicIPPrefix: {
id: 'string'
}
}
sku: {
name: 'string'
tier: 'string'
}
}
subnet: {
id: 'string'
}
}
}
]
networkSecurityGroup: {
id: 'string'
}
primary: bool
}
}
]
}
osProfile: {
adminPassword: 'string'
adminUsername: 'string'
allowExtensionOperations: bool
computerName: 'string'
customData: 'string'
linuxConfiguration: {
disablePasswordAuthentication: bool
patchSettings: {
assessmentMode: 'string'
patchMode: 'string'
}
provisionVMAgent: bool
ssh: {
publicKeys: [
{
keyData: 'string'
path: 'string'
}
]
}
}
requireGuestProvisionSignal: bool
secrets: [
{
sourceVault: {
id: 'string'
}
vaultCertificates: [
{
certificateStore: 'string'
certificateUrl: 'string'
}
]
}
]
windowsConfiguration: {
additionalUnattendContent: [
{
componentName: 'Microsoft-Windows-Shell-Setup'
content: 'string'
passName: 'OobeSystem'
settingName: 'string'
}
]
enableAutomaticUpdates: bool
patchSettings: {
assessmentMode: 'string'
enableHotpatching: bool
patchMode: 'string'
}
provisionVMAgent: bool
timeZone: 'string'
winRM: {
listeners: [
{
certificateUrl: 'string'
protocol: 'string'
}
]
}
}
}
protectionPolicy: {
protectFromScaleIn: bool
protectFromScaleSetActions: bool
}
securityProfile: {
encryptionAtHost: bool
securityType: 'TrustedLaunch'
uefiSettings: {
secureBootEnabled: bool
vTpmEnabled: bool
}
}
storageProfile: {
dataDisks: [
{
caching: 'string'
createOption: 'string'
deleteOption: 'string'
detachOption: 'ForceDetach'
diskSizeGB: int
image: {
uri: 'string'
}
lun: int
managedDisk: {
diskEncryptionSet: {
id: 'string'
}
id: 'string'
storageAccountType: 'string'
}
name: 'string'
toBeDetached: bool
vhd: {
uri: 'string'
}
writeAcceleratorEnabled: bool
}
]
imageReference: {
id: 'string'
offer: 'string'
publisher: 'string'
sku: 'string'
version: 'string'
}
osDisk: {
caching: 'string'
createOption: 'string'
deleteOption: 'string'
diffDiskSettings: {
option: 'Local'
placement: 'string'
}
diskSizeGB: int
encryptionSettings: {
diskEncryptionKey: {
secretUrl: 'string'
sourceVault: {
id: 'string'
}
}
enabled: bool
keyEncryptionKey: {
keyUrl: 'string'
sourceVault: {
id: 'string'
}
}
}
image: {
uri: 'string'
}
managedDisk: {
diskEncryptionSet: {
id: 'string'
}
id: 'string'
storageAccountType: 'string'
}
name: 'string'
osType: 'string'
vhd: {
uri: 'string'
}
writeAcceleratorEnabled: bool
}
}
userData: 'string'
}
}
Property values
virtualMachineScaleSets/virtualmachines
| Name | Description | Value |
|---|---|---|
| name | The resource name See how to set names and types for child resources in Bicep. |
string (required) |
| location | Resource location | string (required) |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: virtualMachineScaleSets |
| plan | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. In the Azure portal, find the marketplace image that you want to use and then click Want to deploy programmatically, Get Started ->. Enter any required information and then click Save. | Plan |
| properties | Describes the properties of a virtual machine scale set virtual machine. | VirtualMachineScaleSetVMProperties |
Plan
| Name | Description | Value |
|---|---|---|
| name | The plan ID. | string |
| product | Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. | string |
| promotionCode | The promotion code. | string |
| publisher | The publisher ID. | string |
VirtualMachineScaleSetVMProperties
| Name | Description | Value |
|---|---|---|
| additionalCapabilities | Specifies additional capabilities enabled or disabled on the virtual machine in the scale set. For instance: whether the virtual machine has the capability to support attaching managed data disks with UltraSSD_LRS storage account type. | AdditionalCapabilities |
| availabilitySet | Specifies information about the availability set that the virtual machine should be assigned to. Virtual machines specified in the same availability set are allocated to different nodes to maximize availability. For more information about availability sets, see Availability sets overview. For more information on Azure planned maintenance, see Maintenance and updates for Virtual Machines in Azure Currently, a VM can only be added to availability set at creation time. An existing VM cannot be added to an availability set. |
SubResource |
| diagnosticsProfile | Specifies the boot diagnostic settings state. Minimum api-version: 2015-06-15. |
DiagnosticsProfile |
| hardwareProfile | Specifies the hardware settings for the virtual machine. | HardwareProfile |
| licenseType | Specifies that the image or disk that is being used was licensed on-premises. Possible values for Windows Server operating system are: Windows_Client Windows_Server Possible values for Linux Server operating system are: RHEL_BYOS (for RHEL) SLES_BYOS (for SUSE) For more information, see Azure Hybrid Use Benefit for Windows Server Azure Hybrid Use Benefit for Linux Server Minimum api-version: 2015-06-15 |
string |
| networkProfile | Specifies the network interfaces of the virtual machine. | NetworkProfile |
| networkProfileConfiguration | Specifies the network profile configuration of the virtual machine. | VirtualMachineScaleSetVMNetworkProfileConfiguration |
| osProfile | Specifies the operating system settings for the virtual machine. | OSProfile |
| protectionPolicy | Specifies the protection policy of the virtual machine. | VirtualMachineScaleSetVMProtectionPolicy |
| securityProfile | Specifies the Security related profile settings for the virtual machine. | SecurityProfile |
| storageProfile | Specifies the storage settings for the virtual machine disks. | StorageProfile |
| userData | UserData for the VM, which must be base-64 encoded. Customer should not pass any secrets in here. Minimum api-version: 2021-03-01 |
string |
AdditionalCapabilities
| Name | Description | Value |
|---|---|---|
| ultraSSDEnabled | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. | bool |
SubResource
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
DiagnosticsProfile
| Name | Description | Value |
|---|---|---|
| bootDiagnostics | Boot Diagnostics is a debugging feature which allows you to view Console Output and Screenshot to diagnose VM status. You can easily view the output of your console log. Azure also enables you to see a screenshot of the VM from the hypervisor. |
BootDiagnostics |
BootDiagnostics
| Name | Description | Value |
|---|---|---|
| enabled | Whether boot diagnostics should be enabled on the Virtual Machine. | bool |
| storageUri | Uri of the storage account to use for placing the console output and screenshot. If storageUri is not specified while enabling boot diagnostics, managed storage will be used. |
string |
HardwareProfile
| Name | Description | Value |
|---|---|---|
| vmSize | Specifies the size of the virtual machine. The enum data type is currently deprecated and will be removed by December 23rd 2023. Recommended way to get the list of available sizes is using these APIs: List all available virtual machine sizes in an availability set List all available virtual machine sizes in a region List all available virtual machine sizes for resizing. For more information about virtual machine sizes, see Sizes for virtual machines. The available VM sizes depend on region and availability set. |
'Basic_A0' 'Basic_A1' 'Basic_A2' 'Basic_A3' 'Basic_A4' 'Standard_A0' 'Standard_A1' 'Standard_A10' 'Standard_A11' 'Standard_A1_v2' 'Standard_A2' 'Standard_A2_v2' 'Standard_A2m_v2' 'Standard_A3' 'Standard_A4' 'Standard_A4_v2' 'Standard_A4m_v2' 'Standard_A5' 'Standard_A6' 'Standard_A7' 'Standard_A8' 'Standard_A8_v2' 'Standard_A8m_v2' 'Standard_A9' 'Standard_B1ms' 'Standard_B1s' 'Standard_B2ms' 'Standard_B2s' 'Standard_B4ms' 'Standard_B8ms' 'Standard_D1' 'Standard_D11' 'Standard_D11_v2' 'Standard_D12' 'Standard_D12_v2' 'Standard_D13' 'Standard_D13_v2' 'Standard_D14' 'Standard_D14_v2' 'Standard_D15_v2' 'Standard_D16_v3' 'Standard_D16s_v3' 'Standard_D1_v2' 'Standard_D2' 'Standard_D2_v2' 'Standard_D2_v3' 'Standard_D2s_v3' 'Standard_D3' 'Standard_D32_v3' 'Standard_D32s_v3' 'Standard_D3_v2' 'Standard_D4' 'Standard_D4_v2' 'Standard_D4_v3' 'Standard_D4s_v3' 'Standard_D5_v2' 'Standard_D64_v3' 'Standard_D64s_v3' 'Standard_D8_v3' 'Standard_D8s_v3' 'Standard_DS1' 'Standard_DS11' 'Standard_DS11_v2' 'Standard_DS12' 'Standard_DS12_v2' 'Standard_DS13' 'Standard_DS13-2_v2' 'Standard_DS13-4_v2' 'Standard_DS13_v2' 'Standard_DS14' 'Standard_DS14-4_v2' 'Standard_DS14-8_v2' 'Standard_DS14_v2' 'Standard_DS15_v2' 'Standard_DS1_v2' 'Standard_DS2' 'Standard_DS2_v2' 'Standard_DS3' 'Standard_DS3_v2' 'Standard_DS4' 'Standard_DS4_v2' 'Standard_DS5_v2' 'Standard_E16_v3' 'Standard_E16s_v3' 'Standard_E2_v3' 'Standard_E2s_v3' 'Standard_E32-16_v3' 'Standard_E32-8s_v3' 'Standard_E32_v3' 'Standard_E32s_v3' 'Standard_E4_v3' 'Standard_E4s_v3' 'Standard_E64-16s_v3' 'Standard_E64-32s_v3' 'Standard_E64_v3' 'Standard_E64s_v3' 'Standard_E8_v3' 'Standard_E8s_v3' 'Standard_F1' 'Standard_F16' 'Standard_F16s' 'Standard_F16s_v2' 'Standard_F1s' 'Standard_F2' 'Standard_F2s' 'Standard_F2s_v2' 'Standard_F32s_v2' 'Standard_F4' 'Standard_F4s' 'Standard_F4s_v2' 'Standard_F64s_v2' 'Standard_F72s_v2' 'Standard_F8' 'Standard_F8s' 'Standard_F8s_v2' 'Standard_G1' 'Standard_G2' 'Standard_G3' 'Standard_G4' 'Standard_G5' 'Standard_GS1' 'Standard_GS2' 'Standard_GS3' 'Standard_GS4' 'Standard_GS4-4' 'Standard_GS4-8' 'Standard_GS5' 'Standard_GS5-16' 'Standard_GS5-8' 'Standard_H16' 'Standard_H16m' 'Standard_H16mr' 'Standard_H16r' 'Standard_H8' 'Standard_H8m' 'Standard_L16s' 'Standard_L32s' 'Standard_L4s' 'Standard_L8s' 'Standard_M128-32ms' 'Standard_M128-64ms' 'Standard_M128ms' 'Standard_M128s' 'Standard_M64-16ms' 'Standard_M64-32ms' 'Standard_M64ms' 'Standard_M64s' 'Standard_NC12' 'Standard_NC12s_v2' 'Standard_NC12s_v3' 'Standard_NC24' 'Standard_NC24r' 'Standard_NC24rs_v2' 'Standard_NC24rs_v3' 'Standard_NC24s_v2' 'Standard_NC24s_v3' 'Standard_NC6' 'Standard_NC6s_v2' 'Standard_NC6s_v3' 'Standard_ND12s' 'Standard_ND24rs' 'Standard_ND24s' 'Standard_ND6s' 'Standard_NV12' 'Standard_NV24' 'Standard_NV6' |
NetworkProfile
| Name | Description | Value |
|---|---|---|
| networkApiVersion | specifies the Microsoft.Network API version used when creating networking resources in the Network Interface Configurations | '2020-11-01' |
| networkInterfaceConfigurations | Specifies the networking configurations that will be used to create the virtual machine networking resources. | VirtualMachineNetworkInterfaceConfiguration[] |
| networkInterfaces | Specifies the list of resource Ids for the network interfaces associated with the virtual machine. | NetworkInterfaceReference[] |
VirtualMachineNetworkInterfaceConfiguration
| Name | Description | Value |
|---|---|---|
| name | The network interface configuration name. | string (required) |
| properties | Describes a virtual machine network profile's IP configuration. | VirtualMachineNetworkInterfaceConfigurationPropertie... |
VirtualMachineNetworkInterfaceConfigurationPropertie...
| Name | Description | Value |
|---|---|---|
| deleteOption | Specify what happens to the network interface when the VM is deleted | 'Delete' 'Detach' |
| dnsSettings | The dns settings to be applied on the network interfaces. | VirtualMachineNetworkInterfaceDnsSettingsConfigurati... |
| dscpConfiguration | SubResource | |
| enableAcceleratedNetworking | Specifies whether the network interface is accelerated networking-enabled. | bool |
| enableFpga | Specifies whether the network interface is FPGA networking-enabled. | bool |
| enableIPForwarding | Whether IP forwarding enabled on this NIC. | bool |
| ipConfigurations | Specifies the IP configurations of the network interface. | VirtualMachineNetworkInterfaceIPConfiguration[] (required) |
| networkSecurityGroup | The network security group. | SubResource |
| primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
VirtualMachineNetworkInterfaceDnsSettingsConfigurati...
| Name | Description | Value |
|---|---|---|
| dnsServers | List of DNS servers IP addresses | string[] |
VirtualMachineNetworkInterfaceIPConfiguration
| Name | Description | Value |
|---|---|---|
| name | The IP configuration name. | string (required) |
| properties | Describes a virtual machine network interface IP configuration properties. | VirtualMachineNetworkInterfaceIPConfigurationPropert... |
VirtualMachineNetworkInterfaceIPConfigurationPropert...
| Name | Description | Value |
|---|---|---|
| applicationGatewayBackendAddressPools | Specifies an array of references to backend address pools of application gateways. A virtual machine can reference backend address pools of multiple application gateways. Multiple virtual machines cannot use the same application gateway. | SubResource[] |
| applicationSecurityGroups | Specifies an array of references to application security group. | SubResource[] |
| loadBalancerBackendAddressPools | Specifies an array of references to backend address pools of load balancers. A virtual machine can reference backend address pools of one public and one internal load balancer. [Multiple virtual machines cannot use the same basic sku load balancer]. | SubResource[] |
| primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
| privateIPAddressVersion | Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | 'IPv4' 'IPv6' |
| publicIPAddressConfiguration | The publicIPAddressConfiguration. | VirtualMachinePublicIPAddressConfiguration |
| subnet | Specifies the identifier of the subnet. | SubResource |
VirtualMachinePublicIPAddressConfiguration
| Name | Description | Value |
|---|---|---|
| name | The publicIP address configuration name. | string (required) |
| properties | Describes a virtual machines IP Configuration's PublicIPAddress configuration | VirtualMachinePublicIPAddressConfigurationProperties |
| sku | Describes the public IP Sku | PublicIPAddressSku |
VirtualMachinePublicIPAddressConfigurationProperties
| Name | Description | Value |
|---|---|---|
| deleteOption | Specify what happens to the public IP address when the VM is deleted | 'Delete' 'Detach' |
| dnsSettings | The dns settings to be applied on the publicIP addresses . | VirtualMachinePublicIPAddressDnsSettingsConfiguratio... |
| idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
| ipTags | The list of IP tags associated with the public IP address. | VirtualMachineIpTag[] |
| publicIPAddressVersion | Available from Api-Version 2019-07-01 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | 'IPv4' 'IPv6' |
| publicIPAllocationMethod | Specify the public IP allocation type | 'Dynamic' 'Static' |
| publicIPPrefix | The PublicIPPrefix from which to allocate publicIP addresses. | SubResource |
VirtualMachinePublicIPAddressDnsSettingsConfiguratio...
| Name | Description | Value |
|---|---|---|
| domainNameLabel | The Domain name label prefix of the PublicIPAddress resources that will be created. The generated name label is the concatenation of the domain name label and vm network profile unique ID. | string (required) |
VirtualMachineIpTag
| Name | Description | Value |
|---|---|---|
| ipTagType | IP tag type. Example: FirstPartyUsage. | string |
| tag | IP tag associated with the public IP. Example: SQL, Storage etc. | string |
PublicIPAddressSku
| Name | Description | Value |
|---|---|---|
| name | Specify public IP sku name | 'Basic' 'Standard' |
| tier | Specify public IP sku tier | 'Global' 'Regional' |
NetworkInterfaceReference
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
| properties | Describes a network interface reference properties. | NetworkInterfaceReferenceProperties |
NetworkInterfaceReferenceProperties
| Name | Description | Value |
|---|---|---|
| deleteOption | Specify what happens to the network interface when the VM is deleted | 'Delete' 'Detach' |
| primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
VirtualMachineScaleSetVMNetworkProfileConfiguration
| Name | Description | Value |
|---|---|---|
| networkInterfaceConfigurations | The list of network configurations. | VirtualMachineScaleSetNetworkConfiguration[] |
VirtualMachineScaleSetNetworkConfiguration
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
| name | The network configuration name. | string (required) |
| properties | Describes a virtual machine scale set network profile's IP configuration. | VirtualMachineScaleSetNetworkConfigurationProperties |
VirtualMachineScaleSetNetworkConfigurationProperties
| Name | Description | Value |
|---|---|---|
| deleteOption | Specify what happens to the network interface when the VM is deleted | 'Delete' 'Detach' |
| dnsSettings | The dns settings to be applied on the network interfaces. | VirtualMachineScaleSetNetworkConfigurationDnsSetting... |
| enableAcceleratedNetworking | Specifies whether the network interface is accelerated networking-enabled. | bool |
| enableFpga | Specifies whether the network interface is FPGA networking-enabled. | bool |
| enableIPForwarding | Whether IP forwarding enabled on this NIC. | bool |
| ipConfigurations | Specifies the IP configurations of the network interface. | VirtualMachineScaleSetIPConfiguration[] (required) |
| networkSecurityGroup | The network security group. | SubResource |
| primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
VirtualMachineScaleSetNetworkConfigurationDnsSetting...
| Name | Description | Value |
|---|---|---|
| dnsServers | List of DNS servers IP addresses | string[] |
VirtualMachineScaleSetIPConfiguration
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
| name | The IP configuration name. | string (required) |
| properties | Describes a virtual machine scale set network profile's IP configuration properties. | VirtualMachineScaleSetIPConfigurationProperties |
VirtualMachineScaleSetIPConfigurationProperties
| Name | Description | Value |
|---|---|---|
| applicationGatewayBackendAddressPools | Specifies an array of references to backend address pools of application gateways. A scale set can reference backend address pools of multiple application gateways. Multiple scale sets cannot use the same application gateway. | SubResource[] |
| applicationSecurityGroups | Specifies an array of references to application security group. | SubResource[] |
| loadBalancerBackendAddressPools | Specifies an array of references to backend address pools of load balancers. A scale set can reference backend address pools of one public and one internal load balancer. Multiple scale sets cannot use the same basic sku load balancer. | SubResource[] |
| loadBalancerInboundNatPools | Specifies an array of references to inbound Nat pools of the load balancers. A scale set can reference inbound nat pools of one public and one internal load balancer. Multiple scale sets cannot use the same basic sku load balancer. | SubResource[] |
| primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
| privateIPAddressVersion | Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | 'IPv4' 'IPv6' |
| publicIPAddressConfiguration | The publicIPAddressConfiguration. | VirtualMachineScaleSetPublicIPAddressConfiguration |
| subnet | Specifies the identifier of the subnet. | ApiEntityReference |
VirtualMachineScaleSetPublicIPAddressConfiguration
| Name | Description | Value |
|---|---|---|
| name | The publicIP address configuration name. | string (required) |
| properties | Describes a virtual machines scale set IP Configuration's PublicIPAddress configuration | VirtualMachineScaleSetPublicIPAddressConfigurationPr... |
| sku | Describes the public IP Sku | PublicIPAddressSku |
VirtualMachineScaleSetPublicIPAddressConfigurationPr...
| Name | Description | Value |
|---|---|---|
| deleteOption | Specify what happens to the public IP when the VM is deleted | 'Delete' 'Detach' |
| dnsSettings | The dns settings to be applied on the publicIP addresses . | VirtualMachineScaleSetPublicIPAddressConfigurationDn... |
| idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
| ipTags | The list of IP tags associated with the public IP address. | VirtualMachineScaleSetIpTag[] |
| publicIPAddressVersion | Available from Api-Version 2019-07-01 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | 'IPv4' 'IPv6' |
| publicIPPrefix | The PublicIPPrefix from which to allocate publicIP addresses. | SubResource |
VirtualMachineScaleSetPublicIPAddressConfigurationDn...
| Name | Description | Value |
|---|---|---|
| domainNameLabel | The Domain name label.The concatenation of the domain name label and vm index will be the domain name labels of the PublicIPAddress resources that will be created | string (required) |
VirtualMachineScaleSetIpTag
| Name | Description | Value |
|---|---|---|
| ipTagType | IP tag type. Example: FirstPartyUsage. | string |
| tag | IP tag associated with the public IP. Example: SQL, Storage etc. | string |
ApiEntityReference
| Name | Description | Value |
|---|---|---|
| id | The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/... | string |
OSProfile
| Name | Description | Value |
|---|---|---|
| adminPassword | Specifies the password of the administrator account. Minimum-length (Windows): 8 characters Minimum-length (Linux): 6 characters Max-length (Windows): 123 characters Max-length (Linux): 72 characters Complexity requirements: 3 out of 4 conditions below need to be fulfilled Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_]) Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!" For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension |
string Constraints: Sensitive value. Pass in as a secure parameter. |
| adminUsername | Specifies the name of the administrator account. This property cannot be updated after the VM is created. Windows-only restriction: Cannot end in "." Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". Minimum-length (Linux): 1 character Max-length (Linux): 64 characters Max-length (Windows): 20 characters. |
string |
| allowExtensionOperations | Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine. |
bool |
| computerName | Specifies the host OS name of the virtual machine. This name cannot be updated after the VM is created. Max-length (Windows): 15 characters Max-length (Linux): 64 characters. For naming conventions and restrictions see Azure infrastructure services implementation guidelines. |
string |
| customData | Specifies a base-64 encoded string of custom data. The base-64 encoded string is decoded to a binary array that is saved as a file on the Virtual Machine. The maximum length of the binary array is 65535 bytes. Note: Do not pass any secrets or passwords in customData property This property cannot be updated after the VM is created. customData is passed to the VM to be saved as a file, for more information see Custom Data on Azure VMs For using cloud-init for your Linux VM, see Using cloud-init to customize a Linux VM during creation |
string |
| linuxConfiguration | Specifies the Linux operating system settings on the virtual machine. For a list of supported Linux distributions, see Linux on Azure-Endorsed Distributions. |
LinuxConfiguration |
| requireGuestProvisionSignal | Specifies whether the guest provision signal is required to infer provision success of the virtual machine. Note: This property is for private testing only, and all customers must not set the property to false. | bool |
| secrets | Specifies set of certificates that should be installed onto the virtual machine. To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. | VaultSecretGroup[] |
| windowsConfiguration | Specifies Windows operating system settings on the virtual machine. | WindowsConfiguration |
LinuxConfiguration
| Name | Description | Value |
|---|---|---|
| disablePasswordAuthentication | Specifies whether password authentication should be disabled. | bool |
| patchSettings | [Preview Feature] Specifies settings related to VM Guest Patching on Linux. | LinuxPatchSettings |
| provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. |
bool |
| ssh | Specifies the ssh key configuration for a Linux OS. | SshConfiguration |
LinuxPatchSettings
| Name | Description | Value |
|---|---|---|
| assessmentMode | Specifies the mode of VM Guest Patch Assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. |
'AutomaticByPlatform' 'ImageDefault' |
| patchMode | Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: ImageDefault - The virtual machine's default patching configuration is used. AutomaticByPlatform - The virtual machine will be automatically updated by the platform. The property provisionVMAgent must be true |
'AutomaticByPlatform' 'ImageDefault' |
SshConfiguration
| Name | Description | Value |
|---|---|---|
| publicKeys | The list of SSH public keys used to authenticate with linux based VMs. | SshPublicKey[] |
SshPublicKey
| Name | Description | Value |
|---|---|---|
| keyData | SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format. For creating ssh keys, see [Create SSH keys on Linux and Mac for Linux VMs in Azure]/azure/virtual-machines/linux/create-ssh-keys-detailed). |
string |
| path | Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys | string |
VaultSecretGroup
| Name | Description | Value |
|---|---|---|
| sourceVault | The relative URL of the Key Vault containing all of the certificates in VaultCertificates. | SubResource |
| vaultCertificates | The list of key vault references in SourceVault which contain certificates. | VaultCertificate[] |
VaultCertificate
| Name | Description | Value |
|---|---|---|
| certificateStore | For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account. For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted. |
string |
| certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"{Base64-encoded-certificate}", "dataType":"pfx", "password":"{pfx-file-password}" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
string |
WindowsConfiguration
| Name | Description | Value |
|---|---|---|
| additionalUnattendContent | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. | AdditionalUnattendContent[] |
| enableAutomaticUpdates | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. |
bool |
| patchSettings | [Preview Feature] Specifies settings related to VM Guest Patching on Windows. | PatchSettings |
| provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. |
bool |
| timeZone | Specifies the time zone of the virtual machine. e.g. "Pacific Standard Time". Possible values can be TimeZoneInfo.Id value from time zones returned by TimeZoneInfo.GetSystemTimeZones. |
string |
| winRM | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. | WinRMConfiguration |
AdditionalUnattendContent
| Name | Description | Value |
|---|---|---|
| componentName | The component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup. | 'Microsoft-Windows-Shell-Setup' |
| content | Specifies the XML formatted content that is added to the unattend.xml file for the specified path and component. The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted. | string |
| passName | The pass name. Currently, the only allowable value is OobeSystem. | 'OobeSystem' |
| settingName | Specifies the name of the setting to which the content applies. Possible values are: FirstLogonCommands and AutoLogon. | 'AutoLogon' 'FirstLogonCommands' |
PatchSettings
| Name | Description | Value |
|---|---|---|
| assessmentMode | Specifies the mode of VM Guest patch assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. |
'AutomaticByPlatform' 'ImageDefault' |
| enableHotpatching | Enables customers to patch their Azure VMs without requiring a reboot. For enableHotpatching, the 'provisionVMAgent' must be set to true and 'patchMode' must be set to 'AutomaticByPlatform'. | bool |
| patchMode | Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: Manual - You control the application of patches to a virtual machine. You do this by applying patches manually inside the VM. In this mode, automatic updates are disabled; the property WindowsConfiguration.enableAutomaticUpdates must be false AutomaticByOS - The virtual machine will automatically be updated by the OS. The property WindowsConfiguration.enableAutomaticUpdates must be true. AutomaticByPlatform - the virtual machine will automatically updated by the platform. The properties provisionVMAgent and WindowsConfiguration.enableAutomaticUpdates must be true |
'AutomaticByOS' 'AutomaticByPlatform' 'Manual' |
WinRMConfiguration
| Name | Description | Value |
|---|---|---|
| listeners | The list of Windows Remote Management listeners | WinRMListener[] |
WinRMListener
| Name | Description | Value |
|---|---|---|
| certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"{Base64-encoded-certificate}", "dataType":"pfx", "password":"{pfx-file-password}" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
string |
| protocol | Specifies the protocol of WinRM listener. Possible values are: http https |
'Http' 'Https' |
VirtualMachineScaleSetVMProtectionPolicy
| Name | Description | Value |
|---|---|---|
| protectFromScaleIn | Indicates that the virtual machine scale set VM shouldn't be considered for deletion during a scale-in operation. | bool |
| protectFromScaleSetActions | Indicates that model updates or actions (including scale-in) initiated on the virtual machine scale set should not be applied to the virtual machine scale set VM. | bool |
SecurityProfile
| Name | Description | Value |
|---|---|---|
| encryptionAtHost | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. Default: The Encryption at host will be disabled unless this property is set to true for the resource. |
bool |
| securityType | Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings. Default: UefiSettings will not be enabled unless this property is set as TrustedLaunch. |
'TrustedLaunch' |
| uefiSettings | Specifies the security settings like secure boot and vTPM used while creating the virtual machine. Minimum api-version: 2020-12-01 |
UefiSettings |
UefiSettings
| Name | Description | Value |
|---|---|---|
| secureBootEnabled | Specifies whether secure boot should be enabled on the virtual machine. Minimum api-version: 2020-12-01 |
bool |
| vTpmEnabled | Specifies whether vTPM should be enabled on the virtual machine. Minimum api-version: 2020-12-01 |
bool |
StorageProfile
| Name | Description | Value |
|---|---|---|
| dataDisks | Specifies the parameters that are used to add a data disk to a virtual machine. For more information about disks, see About disks and VHDs for Azure virtual machines. |
DataDisk[] |
| imageReference | Specifies information about the image to use. You can specify information about platform images, marketplace images, or virtual machine images. This element is required when you want to use a platform image, marketplace image, or virtual machine image, but is not used in other creation operations. | ImageReference |
| osDisk | Specifies information about the operating system disk used by the virtual machine. For more information about disks, see About disks and VHDs for Azure virtual machines. |
OSDisk |
DataDisk
| Name | Description | Value |
|---|---|---|
| caching | Specifies the caching requirements. Possible values are: None ReadOnly ReadWrite Default: None for Standard storage. ReadOnly for Premium storage |
'None' 'ReadOnly' 'ReadWrite' |
| createOption | Specifies how the virtual machine should be created. Possible values are: Attach \u2013 This value is used when you are using a specialized disk to create the virtual machine. FromImage \u2013 This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described. |
'Attach' 'Empty' 'FromImage' (required) |
| deleteOption | Specifies whether data disk should be deleted or detached upon VM deletion. Possible values: Delete If this value is used, the data disk is deleted when VM is deleted. Detach If this value is used, the data disk is retained after VM is deleted. The default value is set to detach |
'Delete' 'Detach' |
| detachOption | Specifies the detach behavior to be used while detaching a disk or which is already in the process of detachment from the virtual machine. Supported values: ForceDetach. detachOption: ForceDetach is applicable only for managed data disks. If a previous detachment attempt of the data disk did not complete due to an unexpected failure from the virtual machine and the disk is still not released then use force-detach as a last resort option to detach the disk forcibly from the VM. All writes might not have been flushed when using this detach behavior. This feature is still in preview mode and is not supported for VirtualMachineScaleSet. To force-detach a data disk update toBeDetached to 'true' along with setting detachOption: 'ForceDetach'. |
'ForceDetach' |
| diskSizeGB | Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. This value cannot be larger than 1023 GB |
int |
| image | The source user image virtual hard disk. The virtual hard disk will be copied before being attached to the virtual machine. If SourceImage is provided, the destination virtual hard drive must not exist. | VirtualHardDisk |
| lun | Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. | int (required) |
| managedDisk | The managed disk parameters. | ManagedDiskParameters |
| name | The disk name. | string |
| toBeDetached | Specifies whether the data disk is in process of detachment from the VirtualMachine/VirtualMachineScaleset | bool |
| vhd | The virtual hard disk. | VirtualHardDisk |
| writeAcceleratorEnabled | Specifies whether writeAccelerator should be enabled or disabled on the disk. | bool |
VirtualHardDisk
| Name | Description | Value |
|---|---|---|
| uri | Specifies the virtual hard disk's uri. | string |
ManagedDiskParameters
| Name | Description | Value |
|---|---|---|
| diskEncryptionSet | Specifies the customer managed disk encryption set resource id for the managed disk. | DiskEncryptionSetParameters |
| id | Resource Id | string |
| storageAccountType | Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. | 'Premium_LRS' 'Premium_ZRS' 'StandardSSD_LRS' 'StandardSSD_ZRS' 'Standard_LRS' 'UltraSSD_LRS' |
DiskEncryptionSetParameters
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
ImageReference
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
| offer | Specifies the offer of the platform image or marketplace image used to create the virtual machine. | string |
| publisher | The image publisher. | string |
| sku | The image SKU. | string |
| version | Specifies the version of the platform image or marketplace image used to create the virtual machine. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available. | string |
OSDisk
| Name | Description | Value |
|---|---|---|
| caching | Specifies the caching requirements. Possible values are: None ReadOnly ReadWrite Default: None for Standard storage. ReadOnly for Premium storage. |
'None' 'ReadOnly' 'ReadWrite' |
| createOption | Specifies how the virtual machine should be created. Possible values are: Attach \u2013 This value is used when you are using a specialized disk to create the virtual machine. FromImage \u2013 This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described. |
'Attach' 'Empty' 'FromImage' (required) |
| deleteOption | Specifies whether OS Disk should be deleted or detached upon VM deletion. Possible values: Delete If this value is used, the OS disk is deleted when VM is deleted. Detach If this value is used, the os disk is retained after VM is deleted. The default value is set to detach. For an ephemeral OS Disk, the default value is set to Delete. User cannot change the delete option for ephemeral OS Disk. |
'Delete' 'Detach' |
| diffDiskSettings | Specifies the ephemeral Disk Settings for the operating system disk used by the virtual machine. | DiffDiskSettings |
| diskSizeGB | Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. This value cannot be larger than 1023 GB |
int |
| encryptionSettings | Specifies the encryption settings for the OS Disk. Minimum api-version: 2015-06-15 |
DiskEncryptionSettings |
| image | The source user image virtual hard disk. The virtual hard disk will be copied before being attached to the virtual machine. If SourceImage is provided, the destination virtual hard drive must not exist. | VirtualHardDisk |
| managedDisk | The managed disk parameters. | ManagedDiskParameters |
| name | The disk name. | string |
| osType | This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD. Possible values are: Windows Linux |
'Linux' 'Windows' |
| vhd | The virtual hard disk. | VirtualHardDisk |
| writeAcceleratorEnabled | Specifies whether writeAccelerator should be enabled or disabled on the disk. | bool |
DiffDiskSettings
| Name | Description | Value |
|---|---|---|
| option | Specifies the ephemeral disk settings for operating system disk. | 'Local' |
| placement | Specifies the ephemeral disk placement for operating system disk. Possible values are: CacheDisk ResourceDisk Default: CacheDisk if one is configured for the VM size otherwise ResourceDisk is used. Refer to VM size documentation for Windows VM at /azure/virtual-machines/windows/sizes and Linux VM at /azure/virtual-machines/linux/sizes to check which VM sizes exposes a cache disk. |
'CacheDisk' 'ResourceDisk' |
DiskEncryptionSettings
| Name | Description | Value |
|---|---|---|
| diskEncryptionKey | Specifies the location of the disk encryption key, which is a Key Vault Secret. | KeyVaultSecretReference |
| enabled | Specifies whether disk encryption should be enabled on the virtual machine. | bool |
| keyEncryptionKey | Specifies the location of the key encryption key in Key Vault. | KeyVaultKeyReference |
KeyVaultSecretReference
| Name | Description | Value |
|---|---|---|
| secretUrl | The URL referencing a secret in a Key Vault. | string (required) |
| sourceVault | The relative URL of the Key Vault containing the secret. | SubResource (required) |
KeyVaultKeyReference
| Name | Description | Value |
|---|---|---|
| keyUrl | The URL referencing a key encryption key in Key Vault. | string (required) |
| sourceVault | The relative URL of the Key Vault containing the key. | SubResource (required) |
ARM template resource definition
The virtualMachineScaleSets/virtualmachines resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Compute/virtualMachineScaleSets/virtualmachines resource, add the following JSON to your template.
{
"type": "Microsoft.Compute/virtualMachineScaleSets/virtualmachines",
"apiVersion": "2021-04-01",
"name": "string",
"location": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"plan": {
"name": "string",
"product": "string",
"promotionCode": "string",
"publisher": "string"
},
"properties": {
"additionalCapabilities": {
"ultraSSDEnabled": "bool"
},
"availabilitySet": {
"id": "string"
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": "bool",
"storageUri": "string"
}
},
"hardwareProfile": {
"vmSize": "string"
},
"licenseType": "string",
"networkProfile": {
"networkApiVersion": "2020-11-01",
"networkInterfaceConfigurations": [
{
"name": "string",
"properties": {
"deleteOption": "string",
"dnsSettings": {
"dnsServers": [ "string" ]
},
"dscpConfiguration": {
"id": "string"
},
"enableAcceleratedNetworking": "bool",
"enableFpga": "bool",
"enableIPForwarding": "bool",
"ipConfigurations": [
{
"name": "string",
"properties": {
"applicationGatewayBackendAddressPools": [
{
"id": "string"
}
],
"applicationSecurityGroups": [
{
"id": "string"
}
],
"loadBalancerBackendAddressPools": [
{
"id": "string"
}
],
"primary": "bool",
"privateIPAddressVersion": "string",
"publicIPAddressConfiguration": {
"name": "string",
"properties": {
"deleteOption": "string",
"dnsSettings": {
"domainNameLabel": "string"
},
"idleTimeoutInMinutes": "int",
"ipTags": [
{
"ipTagType": "string",
"tag": "string"
}
],
"publicIPAddressVersion": "string",
"publicIPAllocationMethod": "string",
"publicIPPrefix": {
"id": "string"
}
},
"sku": {
"name": "string",
"tier": "string"
}
},
"subnet": {
"id": "string"
}
}
}
],
"networkSecurityGroup": {
"id": "string"
},
"primary": "bool"
}
}
],
"networkInterfaces": [
{
"id": "string",
"properties": {
"deleteOption": "string",
"primary": "bool"
}
}
]
},
"networkProfileConfiguration": {
"networkInterfaceConfigurations": [
{
"id": "string",
"name": "string",
"properties": {
"deleteOption": "string",
"dnsSettings": {
"dnsServers": [ "string" ]
},
"enableAcceleratedNetworking": "bool",
"enableFpga": "bool",
"enableIPForwarding": "bool",
"ipConfigurations": [
{
"id": "string",
"name": "string",
"properties": {
"applicationGatewayBackendAddressPools": [
{
"id": "string"
}
],
"applicationSecurityGroups": [
{
"id": "string"
}
],
"loadBalancerBackendAddressPools": [
{
"id": "string"
}
],
"loadBalancerInboundNatPools": [
{
"id": "string"
}
],
"primary": "bool",
"privateIPAddressVersion": "string",
"publicIPAddressConfiguration": {
"name": "string",
"properties": {
"deleteOption": "string",
"dnsSettings": {
"domainNameLabel": "string"
},
"idleTimeoutInMinutes": "int",
"ipTags": [
{
"ipTagType": "string",
"tag": "string"
}
],
"publicIPAddressVersion": "string",
"publicIPPrefix": {
"id": "string"
}
},
"sku": {
"name": "string",
"tier": "string"
}
},
"subnet": {
"id": "string"
}
}
}
],
"networkSecurityGroup": {
"id": "string"
},
"primary": "bool"
}
}
]
},
"osProfile": {
"adminPassword": "string",
"adminUsername": "string",
"allowExtensionOperations": "bool",
"computerName": "string",
"customData": "string",
"linuxConfiguration": {
"disablePasswordAuthentication": "bool",
"patchSettings": {
"assessmentMode": "string",
"patchMode": "string"
},
"provisionVMAgent": "bool",
"ssh": {
"publicKeys": [
{
"keyData": "string",
"path": "string"
}
]
}
},
"requireGuestProvisionSignal": "bool",
"secrets": [
{
"sourceVault": {
"id": "string"
},
"vaultCertificates": [
{
"certificateStore": "string",
"certificateUrl": "string"
}
]
}
],
"windowsConfiguration": {
"additionalUnattendContent": [
{
"componentName": "Microsoft-Windows-Shell-Setup",
"content": "string",
"passName": "OobeSystem",
"settingName": "string"
}
],
"enableAutomaticUpdates": "bool",
"patchSettings": {
"assessmentMode": "string",
"enableHotpatching": "bool",
"patchMode": "string"
},
"provisionVMAgent": "bool",
"timeZone": "string",
"winRM": {
"listeners": [
{
"certificateUrl": "string",
"protocol": "string"
}
]
}
}
},
"protectionPolicy": {
"protectFromScaleIn": "bool",
"protectFromScaleSetActions": "bool"
},
"securityProfile": {
"encryptionAtHost": "bool",
"securityType": "TrustedLaunch",
"uefiSettings": {
"secureBootEnabled": "bool",
"vTpmEnabled": "bool"
}
},
"storageProfile": {
"dataDisks": [
{
"caching": "string",
"createOption": "string",
"deleteOption": "string",
"detachOption": "ForceDetach",
"diskSizeGB": "int",
"image": {
"uri": "string"
},
"lun": "int",
"managedDisk": {
"diskEncryptionSet": {
"id": "string"
},
"id": "string",
"storageAccountType": "string"
},
"name": "string",
"toBeDetached": "bool",
"vhd": {
"uri": "string"
},
"writeAcceleratorEnabled": "bool"
}
],
"imageReference": {
"id": "string",
"offer": "string",
"publisher": "string",
"sku": "string",
"version": "string"
},
"osDisk": {
"caching": "string",
"createOption": "string",
"deleteOption": "string",
"diffDiskSettings": {
"option": "Local",
"placement": "string"
},
"diskSizeGB": "int",
"encryptionSettings": {
"diskEncryptionKey": {
"secretUrl": "string",
"sourceVault": {
"id": "string"
}
},
"enabled": "bool",
"keyEncryptionKey": {
"keyUrl": "string",
"sourceVault": {
"id": "string"
}
}
},
"image": {
"uri": "string"
},
"managedDisk": {
"diskEncryptionSet": {
"id": "string"
},
"id": "string",
"storageAccountType": "string"
},
"name": "string",
"osType": "string",
"vhd": {
"uri": "string"
},
"writeAcceleratorEnabled": "bool"
}
},
"userData": "string"
}
}
Property values
virtualMachineScaleSets/virtualmachines
| Name | Description | Value |
|---|---|---|
| type | The resource type | 'Microsoft.Compute/virtualMachineScaleSets/virtualmachines' |
| apiVersion | The resource api version | '2021-04-01' |
| name | The resource name See how to set names and types for child resources in JSON ARM templates. |
string (required) |
| location | Resource location | string (required) |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| plan | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. In the Azure portal, find the marketplace image that you want to use and then click Want to deploy programmatically, Get Started ->. Enter any required information and then click Save. | Plan |
| properties | Describes the properties of a virtual machine scale set virtual machine. | VirtualMachineScaleSetVMProperties |
Plan
| Name | Description | Value |
|---|---|---|
| name | The plan ID. | string |
| product | Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. | string |
| promotionCode | The promotion code. | string |
| publisher | The publisher ID. | string |
VirtualMachineScaleSetVMProperties
| Name | Description | Value |
|---|---|---|
| additionalCapabilities | Specifies additional capabilities enabled or disabled on the virtual machine in the scale set. For instance: whether the virtual machine has the capability to support attaching managed data disks with UltraSSD_LRS storage account type. | AdditionalCapabilities |
| availabilitySet | Specifies information about the availability set that the virtual machine should be assigned to. Virtual machines specified in the same availability set are allocated to different nodes to maximize availability. For more information about availability sets, see Availability sets overview. For more information on Azure planned maintenance, see Maintenance and updates for Virtual Machines in Azure Currently, a VM can only be added to availability set at creation time. An existing VM cannot be added to an availability set. |
SubResource |
| diagnosticsProfile | Specifies the boot diagnostic settings state. Minimum api-version: 2015-06-15. |
DiagnosticsProfile |
| hardwareProfile | Specifies the hardware settings for the virtual machine. | HardwareProfile |
| licenseType | Specifies that the image or disk that is being used was licensed on-premises. Possible values for Windows Server operating system are: Windows_Client Windows_Server Possible values for Linux Server operating system are: RHEL_BYOS (for RHEL) SLES_BYOS (for SUSE) For more information, see Azure Hybrid Use Benefit for Windows Server Azure Hybrid Use Benefit for Linux Server Minimum api-version: 2015-06-15 |
string |
| networkProfile | Specifies the network interfaces of the virtual machine. | NetworkProfile |
| networkProfileConfiguration | Specifies the network profile configuration of the virtual machine. | VirtualMachineScaleSetVMNetworkProfileConfiguration |
| osProfile | Specifies the operating system settings for the virtual machine. | OSProfile |
| protectionPolicy | Specifies the protection policy of the virtual machine. | VirtualMachineScaleSetVMProtectionPolicy |
| securityProfile | Specifies the Security related profile settings for the virtual machine. | SecurityProfile |
| storageProfile | Specifies the storage settings for the virtual machine disks. | StorageProfile |
| userData | UserData for the VM, which must be base-64 encoded. Customer should not pass any secrets in here. Minimum api-version: 2021-03-01 |
string |
AdditionalCapabilities
| Name | Description | Value |
|---|---|---|
| ultraSSDEnabled | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. | bool |
SubResource
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
DiagnosticsProfile
| Name | Description | Value |
|---|---|---|
| bootDiagnostics | Boot Diagnostics is a debugging feature which allows you to view Console Output and Screenshot to diagnose VM status. You can easily view the output of your console log. Azure also enables you to see a screenshot of the VM from the hypervisor. |
BootDiagnostics |
BootDiagnostics
| Name | Description | Value |
|---|---|---|
| enabled | Whether boot diagnostics should be enabled on the Virtual Machine. | bool |
| storageUri | Uri of the storage account to use for placing the console output and screenshot. If storageUri is not specified while enabling boot diagnostics, managed storage will be used. |
string |
HardwareProfile
| Name | Description | Value |
|---|---|---|
| vmSize | Specifies the size of the virtual machine. The enum data type is currently deprecated and will be removed by December 23rd 2023. Recommended way to get the list of available sizes is using these APIs: List all available virtual machine sizes in an availability set List all available virtual machine sizes in a region List all available virtual machine sizes for resizing. For more information about virtual machine sizes, see Sizes for virtual machines. The available VM sizes depend on region and availability set. |
'Basic_A0' 'Basic_A1' 'Basic_A2' 'Basic_A3' 'Basic_A4' 'Standard_A0' 'Standard_A1' 'Standard_A10' 'Standard_A11' 'Standard_A1_v2' 'Standard_A2' 'Standard_A2_v2' 'Standard_A2m_v2' 'Standard_A3' 'Standard_A4' 'Standard_A4_v2' 'Standard_A4m_v2' 'Standard_A5' 'Standard_A6' 'Standard_A7' 'Standard_A8' 'Standard_A8_v2' 'Standard_A8m_v2' 'Standard_A9' 'Standard_B1ms' 'Standard_B1s' 'Standard_B2ms' 'Standard_B2s' 'Standard_B4ms' 'Standard_B8ms' 'Standard_D1' 'Standard_D11' 'Standard_D11_v2' 'Standard_D12' 'Standard_D12_v2' 'Standard_D13' 'Standard_D13_v2' 'Standard_D14' 'Standard_D14_v2' 'Standard_D15_v2' 'Standard_D16_v3' 'Standard_D16s_v3' 'Standard_D1_v2' 'Standard_D2' 'Standard_D2_v2' 'Standard_D2_v3' 'Standard_D2s_v3' 'Standard_D3' 'Standard_D32_v3' 'Standard_D32s_v3' 'Standard_D3_v2' 'Standard_D4' 'Standard_D4_v2' 'Standard_D4_v3' 'Standard_D4s_v3' 'Standard_D5_v2' 'Standard_D64_v3' 'Standard_D64s_v3' 'Standard_D8_v3' 'Standard_D8s_v3' 'Standard_DS1' 'Standard_DS11' 'Standard_DS11_v2' 'Standard_DS12' 'Standard_DS12_v2' 'Standard_DS13' 'Standard_DS13-2_v2' 'Standard_DS13-4_v2' 'Standard_DS13_v2' 'Standard_DS14' 'Standard_DS14-4_v2' 'Standard_DS14-8_v2' 'Standard_DS14_v2' 'Standard_DS15_v2' 'Standard_DS1_v2' 'Standard_DS2' 'Standard_DS2_v2' 'Standard_DS3' 'Standard_DS3_v2' 'Standard_DS4' 'Standard_DS4_v2' 'Standard_DS5_v2' 'Standard_E16_v3' 'Standard_E16s_v3' 'Standard_E2_v3' 'Standard_E2s_v3' 'Standard_E32-16_v3' 'Standard_E32-8s_v3' 'Standard_E32_v3' 'Standard_E32s_v3' 'Standard_E4_v3' 'Standard_E4s_v3' 'Standard_E64-16s_v3' 'Standard_E64-32s_v3' 'Standard_E64_v3' 'Standard_E64s_v3' 'Standard_E8_v3' 'Standard_E8s_v3' 'Standard_F1' 'Standard_F16' 'Standard_F16s' 'Standard_F16s_v2' 'Standard_F1s' 'Standard_F2' 'Standard_F2s' 'Standard_F2s_v2' 'Standard_F32s_v2' 'Standard_F4' 'Standard_F4s' 'Standard_F4s_v2' 'Standard_F64s_v2' 'Standard_F72s_v2' 'Standard_F8' 'Standard_F8s' 'Standard_F8s_v2' 'Standard_G1' 'Standard_G2' 'Standard_G3' 'Standard_G4' 'Standard_G5' 'Standard_GS1' 'Standard_GS2' 'Standard_GS3' 'Standard_GS4' 'Standard_GS4-4' 'Standard_GS4-8' 'Standard_GS5' 'Standard_GS5-16' 'Standard_GS5-8' 'Standard_H16' 'Standard_H16m' 'Standard_H16mr' 'Standard_H16r' 'Standard_H8' 'Standard_H8m' 'Standard_L16s' 'Standard_L32s' 'Standard_L4s' 'Standard_L8s' 'Standard_M128-32ms' 'Standard_M128-64ms' 'Standard_M128ms' 'Standard_M128s' 'Standard_M64-16ms' 'Standard_M64-32ms' 'Standard_M64ms' 'Standard_M64s' 'Standard_NC12' 'Standard_NC12s_v2' 'Standard_NC12s_v3' 'Standard_NC24' 'Standard_NC24r' 'Standard_NC24rs_v2' 'Standard_NC24rs_v3' 'Standard_NC24s_v2' 'Standard_NC24s_v3' 'Standard_NC6' 'Standard_NC6s_v2' 'Standard_NC6s_v3' 'Standard_ND12s' 'Standard_ND24rs' 'Standard_ND24s' 'Standard_ND6s' 'Standard_NV12' 'Standard_NV24' 'Standard_NV6' |
NetworkProfile
| Name | Description | Value |
|---|---|---|
| networkApiVersion | specifies the Microsoft.Network API version used when creating networking resources in the Network Interface Configurations | '2020-11-01' |
| networkInterfaceConfigurations | Specifies the networking configurations that will be used to create the virtual machine networking resources. | VirtualMachineNetworkInterfaceConfiguration[] |
| networkInterfaces | Specifies the list of resource Ids for the network interfaces associated with the virtual machine. | NetworkInterfaceReference[] |
VirtualMachineNetworkInterfaceConfiguration
| Name | Description | Value |
|---|---|---|
| name | The network interface configuration name. | string (required) |
| properties | Describes a virtual machine network profile's IP configuration. | VirtualMachineNetworkInterfaceConfigurationPropertie... |
VirtualMachineNetworkInterfaceConfigurationPropertie...
| Name | Description | Value |
|---|---|---|
| deleteOption | Specify what happens to the network interface when the VM is deleted | 'Delete' 'Detach' |
| dnsSettings | The dns settings to be applied on the network interfaces. | VirtualMachineNetworkInterfaceDnsSettingsConfigurati... |
| dscpConfiguration | SubResource | |
| enableAcceleratedNetworking | Specifies whether the network interface is accelerated networking-enabled. | bool |
| enableFpga | Specifies whether the network interface is FPGA networking-enabled. | bool |
| enableIPForwarding | Whether IP forwarding enabled on this NIC. | bool |
| ipConfigurations | Specifies the IP configurations of the network interface. | VirtualMachineNetworkInterfaceIPConfiguration[] (required) |
| networkSecurityGroup | The network security group. | SubResource |
| primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
VirtualMachineNetworkInterfaceDnsSettingsConfigurati...
| Name | Description | Value |
|---|---|---|
| dnsServers | List of DNS servers IP addresses | string[] |
VirtualMachineNetworkInterfaceIPConfiguration
| Name | Description | Value |
|---|---|---|
| name | The IP configuration name. | string (required) |
| properties | Describes a virtual machine network interface IP configuration properties. | VirtualMachineNetworkInterfaceIPConfigurationPropert... |
VirtualMachineNetworkInterfaceIPConfigurationPropert...
| Name | Description | Value |
|---|---|---|
| applicationGatewayBackendAddressPools | Specifies an array of references to backend address pools of application gateways. A virtual machine can reference backend address pools of multiple application gateways. Multiple virtual machines cannot use the same application gateway. | SubResource[] |
| applicationSecurityGroups | Specifies an array of references to application security group. | SubResource[] |
| loadBalancerBackendAddressPools | Specifies an array of references to backend address pools of load balancers. A virtual machine can reference backend address pools of one public and one internal load balancer. [Multiple virtual machines cannot use the same basic sku load balancer]. | SubResource[] |
| primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
| privateIPAddressVersion | Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | 'IPv4' 'IPv6' |
| publicIPAddressConfiguration | The publicIPAddressConfiguration. | VirtualMachinePublicIPAddressConfiguration |
| subnet | Specifies the identifier of the subnet. | SubResource |
VirtualMachinePublicIPAddressConfiguration
| Name | Description | Value |
|---|---|---|
| name | The publicIP address configuration name. | string (required) |
| properties | Describes a virtual machines IP Configuration's PublicIPAddress configuration | VirtualMachinePublicIPAddressConfigurationProperties |
| sku | Describes the public IP Sku | PublicIPAddressSku |
VirtualMachinePublicIPAddressConfigurationProperties
| Name | Description | Value |
|---|---|---|
| deleteOption | Specify what happens to the public IP address when the VM is deleted | 'Delete' 'Detach' |
| dnsSettings | The dns settings to be applied on the publicIP addresses . | VirtualMachinePublicIPAddressDnsSettingsConfiguratio... |
| idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
| ipTags | The list of IP tags associated with the public IP address. | VirtualMachineIpTag[] |
| publicIPAddressVersion | Available from Api-Version 2019-07-01 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | 'IPv4' 'IPv6' |
| publicIPAllocationMethod | Specify the public IP allocation type | 'Dynamic' 'Static' |
| publicIPPrefix | The PublicIPPrefix from which to allocate publicIP addresses. | SubResource |
VirtualMachinePublicIPAddressDnsSettingsConfiguratio...
| Name | Description | Value |
|---|---|---|
| domainNameLabel | The Domain name label prefix of the PublicIPAddress resources that will be created. The generated name label is the concatenation of the domain name label and vm network profile unique ID. | string (required) |
VirtualMachineIpTag
| Name | Description | Value |
|---|---|---|
| ipTagType | IP tag type. Example: FirstPartyUsage. | string |
| tag | IP tag associated with the public IP. Example: SQL, Storage etc. | string |
PublicIPAddressSku
| Name | Description | Value |
|---|---|---|
| name | Specify public IP sku name | 'Basic' 'Standard' |
| tier | Specify public IP sku tier | 'Global' 'Regional' |
NetworkInterfaceReference
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
| properties | Describes a network interface reference properties. | NetworkInterfaceReferenceProperties |
NetworkInterfaceReferenceProperties
| Name | Description | Value |
|---|---|---|
| deleteOption | Specify what happens to the network interface when the VM is deleted | 'Delete' 'Detach' |
| primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
VirtualMachineScaleSetVMNetworkProfileConfiguration
| Name | Description | Value |
|---|---|---|
| networkInterfaceConfigurations | The list of network configurations. | VirtualMachineScaleSetNetworkConfiguration[] |
VirtualMachineScaleSetNetworkConfiguration
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
| name | The network configuration name. | string (required) |
| properties | Describes a virtual machine scale set network profile's IP configuration. | VirtualMachineScaleSetNetworkConfigurationProperties |
VirtualMachineScaleSetNetworkConfigurationProperties
| Name | Description | Value |
|---|---|---|
| deleteOption | Specify what happens to the network interface when the VM is deleted | 'Delete' 'Detach' |
| dnsSettings | The dns settings to be applied on the network interfaces. | VirtualMachineScaleSetNetworkConfigurationDnsSetting... |
| enableAcceleratedNetworking | Specifies whether the network interface is accelerated networking-enabled. | bool |
| enableFpga | Specifies whether the network interface is FPGA networking-enabled. | bool |
| enableIPForwarding | Whether IP forwarding enabled on this NIC. | bool |
| ipConfigurations | Specifies the IP configurations of the network interface. | VirtualMachineScaleSetIPConfiguration[] (required) |
| networkSecurityGroup | The network security group. | SubResource |
| primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
VirtualMachineScaleSetNetworkConfigurationDnsSetting...
| Name | Description | Value |
|---|---|---|
| dnsServers | List of DNS servers IP addresses | string[] |
VirtualMachineScaleSetIPConfiguration
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
| name | The IP configuration name. | string (required) |
| properties | Describes a virtual machine scale set network profile's IP configuration properties. | VirtualMachineScaleSetIPConfigurationProperties |
VirtualMachineScaleSetIPConfigurationProperties
| Name | Description | Value |
|---|---|---|
| applicationGatewayBackendAddressPools | Specifies an array of references to backend address pools of application gateways. A scale set can reference backend address pools of multiple application gateways. Multiple scale sets cannot use the same application gateway. | SubResource[] |
| applicationSecurityGroups | Specifies an array of references to application security group. | SubResource[] |
| loadBalancerBackendAddressPools | Specifies an array of references to backend address pools of load balancers. A scale set can reference backend address pools of one public and one internal load balancer. Multiple scale sets cannot use the same basic sku load balancer. | SubResource[] |
| loadBalancerInboundNatPools | Specifies an array of references to inbound Nat pools of the load balancers. A scale set can reference inbound nat pools of one public and one internal load balancer. Multiple scale sets cannot use the same basic sku load balancer. | SubResource[] |
| primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
| privateIPAddressVersion | Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | 'IPv4' 'IPv6' |
| publicIPAddressConfiguration | The publicIPAddressConfiguration. | VirtualMachineScaleSetPublicIPAddressConfiguration |
| subnet | Specifies the identifier of the subnet. | ApiEntityReference |
VirtualMachineScaleSetPublicIPAddressConfiguration
| Name | Description | Value |
|---|---|---|
| name | The publicIP address configuration name. | string (required) |
| properties | Describes a virtual machines scale set IP Configuration's PublicIPAddress configuration | VirtualMachineScaleSetPublicIPAddressConfigurationPr... |
| sku | Describes the public IP Sku | PublicIPAddressSku |
VirtualMachineScaleSetPublicIPAddressConfigurationPr...
| Name | Description | Value |
|---|---|---|
| deleteOption | Specify what happens to the public IP when the VM is deleted | 'Delete' 'Detach' |
| dnsSettings | The dns settings to be applied on the publicIP addresses . | VirtualMachineScaleSetPublicIPAddressConfigurationDn... |
| idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
| ipTags | The list of IP tags associated with the public IP address. | VirtualMachineScaleSetIpTag[] |
| publicIPAddressVersion | Available from Api-Version 2019-07-01 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | 'IPv4' 'IPv6' |
| publicIPPrefix | The PublicIPPrefix from which to allocate publicIP addresses. | SubResource |
VirtualMachineScaleSetPublicIPAddressConfigurationDn...
| Name | Description | Value |
|---|---|---|
| domainNameLabel | The Domain name label.The concatenation of the domain name label and vm index will be the domain name labels of the PublicIPAddress resources that will be created | string (required) |
VirtualMachineScaleSetIpTag
| Name | Description | Value |
|---|---|---|
| ipTagType | IP tag type. Example: FirstPartyUsage. | string |
| tag | IP tag associated with the public IP. Example: SQL, Storage etc. | string |
ApiEntityReference
| Name | Description | Value |
|---|---|---|
| id | The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/... | string |
OSProfile
| Name | Description | Value |
|---|---|---|
| adminPassword | Specifies the password of the administrator account. Minimum-length (Windows): 8 characters Minimum-length (Linux): 6 characters Max-length (Windows): 123 characters Max-length (Linux): 72 characters Complexity requirements: 3 out of 4 conditions below need to be fulfilled Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_]) Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!" For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension |
string Constraints: Sensitive value. Pass in as a secure parameter. |
| adminUsername | Specifies the name of the administrator account. This property cannot be updated after the VM is created. Windows-only restriction: Cannot end in "." Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". Minimum-length (Linux): 1 character Max-length (Linux): 64 characters Max-length (Windows): 20 characters. |
string |
| allowExtensionOperations | Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine. |
bool |
| computerName | Specifies the host OS name of the virtual machine. This name cannot be updated after the VM is created. Max-length (Windows): 15 characters Max-length (Linux): 64 characters. For naming conventions and restrictions see Azure infrastructure services implementation guidelines. |
string |
| customData | Specifies a base-64 encoded string of custom data. The base-64 encoded string is decoded to a binary array that is saved as a file on the Virtual Machine. The maximum length of the binary array is 65535 bytes. Note: Do not pass any secrets or passwords in customData property This property cannot be updated after the VM is created. customData is passed to the VM to be saved as a file, for more information see Custom Data on Azure VMs For using cloud-init for your Linux VM, see Using cloud-init to customize a Linux VM during creation |
string |
| linuxConfiguration | Specifies the Linux operating system settings on the virtual machine. For a list of supported Linux distributions, see Linux on Azure-Endorsed Distributions. |
LinuxConfiguration |
| requireGuestProvisionSignal | Specifies whether the guest provision signal is required to infer provision success of the virtual machine. Note: This property is for private testing only, and all customers must not set the property to false. | bool |
| secrets | Specifies set of certificates that should be installed onto the virtual machine. To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. | VaultSecretGroup[] |
| windowsConfiguration | Specifies Windows operating system settings on the virtual machine. | WindowsConfiguration |
LinuxConfiguration
| Name | Description | Value |
|---|---|---|
| disablePasswordAuthentication | Specifies whether password authentication should be disabled. | bool |
| patchSettings | [Preview Feature] Specifies settings related to VM Guest Patching on Linux. | LinuxPatchSettings |
| provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. |
bool |
| ssh | Specifies the ssh key configuration for a Linux OS. | SshConfiguration |
LinuxPatchSettings
| Name | Description | Value |
|---|---|---|
| assessmentMode | Specifies the mode of VM Guest Patch Assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. |
'AutomaticByPlatform' 'ImageDefault' |
| patchMode | Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: ImageDefault - The virtual machine's default patching configuration is used. AutomaticByPlatform - The virtual machine will be automatically updated by the platform. The property provisionVMAgent must be true |
'AutomaticByPlatform' 'ImageDefault' |
SshConfiguration
| Name | Description | Value |
|---|---|---|
| publicKeys | The list of SSH public keys used to authenticate with linux based VMs. | SshPublicKey[] |
SshPublicKey
| Name | Description | Value |
|---|---|---|
| keyData | SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format. For creating ssh keys, see [Create SSH keys on Linux and Mac for Linux VMs in Azure]/azure/virtual-machines/linux/create-ssh-keys-detailed). |
string |
| path | Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys | string |
VaultSecretGroup
| Name | Description | Value |
|---|---|---|
| sourceVault | The relative URL of the Key Vault containing all of the certificates in VaultCertificates. | SubResource |
| vaultCertificates | The list of key vault references in SourceVault which contain certificates. | VaultCertificate[] |
VaultCertificate
| Name | Description | Value |
|---|---|---|
| certificateStore | For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account. For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted. |
string |
| certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"{Base64-encoded-certificate}", "dataType":"pfx", "password":"{pfx-file-password}" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
string |
WindowsConfiguration
| Name | Description | Value |
|---|---|---|
| additionalUnattendContent | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. | AdditionalUnattendContent[] |
| enableAutomaticUpdates | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. |
bool |
| patchSettings | [Preview Feature] Specifies settings related to VM Guest Patching on Windows. | PatchSettings |
| provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. |
bool |
| timeZone | Specifies the time zone of the virtual machine. e.g. "Pacific Standard Time". Possible values can be TimeZoneInfo.Id value from time zones returned by TimeZoneInfo.GetSystemTimeZones. |
string |
| winRM | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. | WinRMConfiguration |
AdditionalUnattendContent
| Name | Description | Value |
|---|---|---|
| componentName | The component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup. | 'Microsoft-Windows-Shell-Setup' |
| content | Specifies the XML formatted content that is added to the unattend.xml file for the specified path and component. The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted. | string |
| passName | The pass name. Currently, the only allowable value is OobeSystem. | 'OobeSystem' |
| settingName | Specifies the name of the setting to which the content applies. Possible values are: FirstLogonCommands and AutoLogon. | 'AutoLogon' 'FirstLogonCommands' |
PatchSettings
| Name | Description | Value |
|---|---|---|
| assessmentMode | Specifies the mode of VM Guest patch assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. |
'AutomaticByPlatform' 'ImageDefault' |
| enableHotpatching | Enables customers to patch their Azure VMs without requiring a reboot. For enableHotpatching, the 'provisionVMAgent' must be set to true and 'patchMode' must be set to 'AutomaticByPlatform'. | bool |
| patchMode | Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: Manual - You control the application of patches to a virtual machine. You do this by applying patches manually inside the VM. In this mode, automatic updates are disabled; the property WindowsConfiguration.enableAutomaticUpdates must be false AutomaticByOS - The virtual machine will automatically be updated by the OS. The property WindowsConfiguration.enableAutomaticUpdates must be true. AutomaticByPlatform - the virtual machine will automatically updated by the platform. The properties provisionVMAgent and WindowsConfiguration.enableAutomaticUpdates must be true |
'AutomaticByOS' 'AutomaticByPlatform' 'Manual' |
WinRMConfiguration
| Name | Description | Value |
|---|---|---|
| listeners | The list of Windows Remote Management listeners | WinRMListener[] |
WinRMListener
| Name | Description | Value |
|---|---|---|
| certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"{Base64-encoded-certificate}", "dataType":"pfx", "password":"{pfx-file-password}" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
string |
| protocol | Specifies the protocol of WinRM listener. Possible values are: http https |
'Http' 'Https' |
VirtualMachineScaleSetVMProtectionPolicy
| Name | Description | Value |
|---|---|---|
| protectFromScaleIn | Indicates that the virtual machine scale set VM shouldn't be considered for deletion during a scale-in operation. | bool |
| protectFromScaleSetActions | Indicates that model updates or actions (including scale-in) initiated on the virtual machine scale set should not be applied to the virtual machine scale set VM. | bool |
SecurityProfile
| Name | Description | Value |
|---|---|---|
| encryptionAtHost | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. Default: The Encryption at host will be disabled unless this property is set to true for the resource. |
bool |
| securityType | Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings. Default: UefiSettings will not be enabled unless this property is set as TrustedLaunch. |
'TrustedLaunch' |
| uefiSettings | Specifies the security settings like secure boot and vTPM used while creating the virtual machine. Minimum api-version: 2020-12-01 |
UefiSettings |
UefiSettings
| Name | Description | Value |
|---|---|---|
| secureBootEnabled | Specifies whether secure boot should be enabled on the virtual machine. Minimum api-version: 2020-12-01 |
bool |
| vTpmEnabled | Specifies whether vTPM should be enabled on the virtual machine. Minimum api-version: 2020-12-01 |
bool |
StorageProfile
| Name | Description | Value |
|---|---|---|
| dataDisks | Specifies the parameters that are used to add a data disk to a virtual machine. For more information about disks, see About disks and VHDs for Azure virtual machines. |
DataDisk[] |
| imageReference | Specifies information about the image to use. You can specify information about platform images, marketplace images, or virtual machine images. This element is required when you want to use a platform image, marketplace image, or virtual machine image, but is not used in other creation operations. | ImageReference |
| osDisk | Specifies information about the operating system disk used by the virtual machine. For more information about disks, see About disks and VHDs for Azure virtual machines. |
OSDisk |
DataDisk
| Name | Description | Value |
|---|---|---|
| caching | Specifies the caching requirements. Possible values are: None ReadOnly ReadWrite Default: None for Standard storage. ReadOnly for Premium storage |
'None' 'ReadOnly' 'ReadWrite' |
| createOption | Specifies how the virtual machine should be created. Possible values are: Attach \u2013 This value is used when you are using a specialized disk to create the virtual machine. FromImage \u2013 This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described. |
'Attach' 'Empty' 'FromImage' (required) |
| deleteOption | Specifies whether data disk should be deleted or detached upon VM deletion. Possible values: Delete If this value is used, the data disk is deleted when VM is deleted. Detach If this value is used, the data disk is retained after VM is deleted. The default value is set to detach |
'Delete' 'Detach' |
| detachOption | Specifies the detach behavior to be used while detaching a disk or which is already in the process of detachment from the virtual machine. Supported values: ForceDetach. detachOption: ForceDetach is applicable only for managed data disks. If a previous detachment attempt of the data disk did not complete due to an unexpected failure from the virtual machine and the disk is still not released then use force-detach as a last resort option to detach the disk forcibly from the VM. All writes might not have been flushed when using this detach behavior. This feature is still in preview mode and is not supported for VirtualMachineScaleSet. To force-detach a data disk update toBeDetached to 'true' along with setting detachOption: 'ForceDetach'. |
'ForceDetach' |
| diskSizeGB | Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. This value cannot be larger than 1023 GB |
int |
| image | The source user image virtual hard disk. The virtual hard disk will be copied before being attached to the virtual machine. If SourceImage is provided, the destination virtual hard drive must not exist. | VirtualHardDisk |
| lun | Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. | int (required) |
| managedDisk | The managed disk parameters. | ManagedDiskParameters |
| name | The disk name. | string |
| toBeDetached | Specifies whether the data disk is in process of detachment from the VirtualMachine/VirtualMachineScaleset | bool |
| vhd | The virtual hard disk. | VirtualHardDisk |
| writeAcceleratorEnabled | Specifies whether writeAccelerator should be enabled or disabled on the disk. | bool |
VirtualHardDisk
| Name | Description | Value |
|---|---|---|
| uri | Specifies the virtual hard disk's uri. | string |
ManagedDiskParameters
| Name | Description | Value |
|---|---|---|
| diskEncryptionSet | Specifies the customer managed disk encryption set resource id for the managed disk. | DiskEncryptionSetParameters |
| id | Resource Id | string |
| storageAccountType | Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. | 'Premium_LRS' 'Premium_ZRS' 'StandardSSD_LRS' 'StandardSSD_ZRS' 'Standard_LRS' 'UltraSSD_LRS' |
DiskEncryptionSetParameters
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
ImageReference
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
| offer | Specifies the offer of the platform image or marketplace image used to create the virtual machine. | string |
| publisher | The image publisher. | string |
| sku | The image SKU. | string |
| version | Specifies the version of the platform image or marketplace image used to create the virtual machine. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available. | string |
OSDisk
| Name | Description | Value |
|---|---|---|
| caching | Specifies the caching requirements. Possible values are: None ReadOnly ReadWrite Default: None for Standard storage. ReadOnly for Premium storage. |
'None' 'ReadOnly' 'ReadWrite' |
| createOption | Specifies how the virtual machine should be created. Possible values are: Attach \u2013 This value is used when you are using a specialized disk to create the virtual machine. FromImage \u2013 This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described. |
'Attach' 'Empty' 'FromImage' (required) |
| deleteOption | Specifies whether OS Disk should be deleted or detached upon VM deletion. Possible values: Delete If this value is used, the OS disk is deleted when VM is deleted. Detach If this value is used, the os disk is retained after VM is deleted. The default value is set to detach. For an ephemeral OS Disk, the default value is set to Delete. User cannot change the delete option for ephemeral OS Disk. |
'Delete' 'Detach' |
| diffDiskSettings | Specifies the ephemeral Disk Settings for the operating system disk used by the virtual machine. | DiffDiskSettings |
| diskSizeGB | Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. This value cannot be larger than 1023 GB |
int |
| encryptionSettings | Specifies the encryption settings for the OS Disk. Minimum api-version: 2015-06-15 |
DiskEncryptionSettings |
| image | The source user image virtual hard disk. The virtual hard disk will be copied before being attached to the virtual machine. If SourceImage is provided, the destination virtual hard drive must not exist. | VirtualHardDisk |
| managedDisk | The managed disk parameters. | ManagedDiskParameters |
| name | The disk name. | string |
| osType | This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD. Possible values are: Windows Linux |
'Linux' 'Windows' |
| vhd | The virtual hard disk. | VirtualHardDisk |
| writeAcceleratorEnabled | Specifies whether writeAccelerator should be enabled or disabled on the disk. | bool |
DiffDiskSettings
| Name | Description | Value |
|---|---|---|
| option | Specifies the ephemeral disk settings for operating system disk. | 'Local' |
| placement | Specifies the ephemeral disk placement for operating system disk. Possible values are: CacheDisk ResourceDisk Default: CacheDisk if one is configured for the VM size otherwise ResourceDisk is used. Refer to VM size documentation for Windows VM at /azure/virtual-machines/windows/sizes and Linux VM at /azure/virtual-machines/linux/sizes to check which VM sizes exposes a cache disk. |
'CacheDisk' 'ResourceDisk' |
DiskEncryptionSettings
| Name | Description | Value |
|---|---|---|
| diskEncryptionKey | Specifies the location of the disk encryption key, which is a Key Vault Secret. | KeyVaultSecretReference |
| enabled | Specifies whether disk encryption should be enabled on the virtual machine. | bool |
| keyEncryptionKey | Specifies the location of the key encryption key in Key Vault. | KeyVaultKeyReference |
KeyVaultSecretReference
| Name | Description | Value |
|---|---|---|
| secretUrl | The URL referencing a secret in a Key Vault. | string (required) |
| sourceVault | The relative URL of the Key Vault containing the secret. | SubResource (required) |
KeyVaultKeyReference
| Name | Description | Value |
|---|---|---|
| keyUrl | The URL referencing a key encryption key in Key Vault. | string (required) |
| sourceVault | The relative URL of the Key Vault containing the key. | SubResource (required) |
Terraform (AzAPI provider) resource definition
The virtualMachineScaleSets/virtualmachines resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Compute/virtualMachineScaleSets/virtualmachines resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Compute/virtualMachineScaleSets/virtualmachines@2021-04-01"
name = "string"
location = "string"
parent_id = "string"
tags = {
tagName1 = "tagValue1"
tagName2 = "tagValue2"
}
body = jsonencode({
properties = {
additionalCapabilities = {
ultraSSDEnabled = bool
}
availabilitySet = {
id = "string"
}
diagnosticsProfile = {
bootDiagnostics = {
enabled = bool
storageUri = "string"
}
}
hardwareProfile = {
vmSize = "string"
}
licenseType = "string"
networkProfile = {
networkApiVersion = "2020-11-01"
networkInterfaceConfigurations = [
{
name = "string"
properties = {
deleteOption = "string"
dnsSettings = {
dnsServers = [
"string"
]
}
dscpConfiguration = {
id = "string"
}
enableAcceleratedNetworking = bool
enableFpga = bool
enableIPForwarding = bool
ipConfigurations = [
{
name = "string"
properties = {
applicationGatewayBackendAddressPools = [
{
id = "string"
}
]
applicationSecurityGroups = [
{
id = "string"
}
]
loadBalancerBackendAddressPools = [
{
id = "string"
}
]
primary = bool
privateIPAddressVersion = "string"
publicIPAddressConfiguration = {
name = "string"
properties = {
deleteOption = "string"
dnsSettings = {
domainNameLabel = "string"
}
idleTimeoutInMinutes = int
ipTags = [
{
ipTagType = "string"
tag = "string"
}
]
publicIPAddressVersion = "string"
publicIPAllocationMethod = "string"
publicIPPrefix = {
id = "string"
}
}
sku = {
name = "string"
tier = "string"
}
}
subnet = {
id = "string"
}
}
}
]
networkSecurityGroup = {
id = "string"
}
primary = bool
}
}
]
networkInterfaces = [
{
id = "string"
properties = {
deleteOption = "string"
primary = bool
}
}
]
}
networkProfileConfiguration = {
networkInterfaceConfigurations = [
{
id = "string"
name = "string"
properties = {
deleteOption = "string"
dnsSettings = {
dnsServers = [
"string"
]
}
enableAcceleratedNetworking = bool
enableFpga = bool
enableIPForwarding = bool
ipConfigurations = [
{
id = "string"
name = "string"
properties = {
applicationGatewayBackendAddressPools = [
{
id = "string"
}
]
applicationSecurityGroups = [
{
id = "string"
}
]
loadBalancerBackendAddressPools = [
{
id = "string"
}
]
loadBalancerInboundNatPools = [
{
id = "string"
}
]
primary = bool
privateIPAddressVersion = "string"
publicIPAddressConfiguration = {
name = "string"
properties = {
deleteOption = "string"
dnsSettings = {
domainNameLabel = "string"
}
idleTimeoutInMinutes = int
ipTags = [
{
ipTagType = "string"
tag = "string"
}
]
publicIPAddressVersion = "string"
publicIPPrefix = {
id = "string"
}
}
sku = {
name = "string"
tier = "string"
}
}
subnet = {
id = "string"
}
}
}
]
networkSecurityGroup = {
id = "string"
}
primary = bool
}
}
]
}
osProfile = {
adminPassword = "string"
adminUsername = "string"
allowExtensionOperations = bool
computerName = "string"
customData = "string"
linuxConfiguration = {
disablePasswordAuthentication = bool
patchSettings = {
assessmentMode = "string"
patchMode = "string"
}
provisionVMAgent = bool
ssh = {
publicKeys = [
{
keyData = "string"
path = "string"
}
]
}
}
requireGuestProvisionSignal = bool
secrets = [
{
sourceVault = {
id = "string"
}
vaultCertificates = [
{
certificateStore = "string"
certificateUrl = "string"
}
]
}
]
windowsConfiguration = {
additionalUnattendContent = [
{
componentName = "Microsoft-Windows-Shell-Setup"
content = "string"
passName = "OobeSystem"
settingName = "string"
}
]
enableAutomaticUpdates = bool
patchSettings = {
assessmentMode = "string"
enableHotpatching = bool
patchMode = "string"
}
provisionVMAgent = bool
timeZone = "string"
winRM = {
listeners = [
{
certificateUrl = "string"
protocol = "string"
}
]
}
}
}
protectionPolicy = {
protectFromScaleIn = bool
protectFromScaleSetActions = bool
}
securityProfile = {
encryptionAtHost = bool
securityType = "TrustedLaunch"
uefiSettings = {
secureBootEnabled = bool
vTpmEnabled = bool
}
}
storageProfile = {
dataDisks = [
{
caching = "string"
createOption = "string"
deleteOption = "string"
detachOption = "ForceDetach"
diskSizeGB = int
image = {
uri = "string"
}
lun = int
managedDisk = {
diskEncryptionSet = {
id = "string"
}
id = "string"
storageAccountType = "string"
}
name = "string"
toBeDetached = bool
vhd = {
uri = "string"
}
writeAcceleratorEnabled = bool
}
]
imageReference = {
id = "string"
offer = "string"
publisher = "string"
sku = "string"
version = "string"
}
osDisk = {
caching = "string"
createOption = "string"
deleteOption = "string"
diffDiskSettings = {
option = "Local"
placement = "string"
}
diskSizeGB = int
encryptionSettings = {
diskEncryptionKey = {
secretUrl = "string"
sourceVault = {
id = "string"
}
}
enabled = bool
keyEncryptionKey = {
keyUrl = "string"
sourceVault = {
id = "string"
}
}
}
image = {
uri = "string"
}
managedDisk = {
diskEncryptionSet = {
id = "string"
}
id = "string"
storageAccountType = "string"
}
name = "string"
osType = "string"
vhd = {
uri = "string"
}
writeAcceleratorEnabled = bool
}
}
userData = "string"
}
plan = {
name = "string"
product = "string"
promotionCode = "string"
publisher = "string"
}
})
}
Property values
virtualMachineScaleSets/virtualmachines
| Name | Description | Value |
|---|---|---|
| type | The resource type | "Microsoft.Compute/virtualMachineScaleSets/virtualmachines@2021-04-01" |
| name | The resource name | string (required) |
| location | Resource location | string (required) |
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: virtualMachineScaleSets |
| tags | Resource tags | Dictionary of tag names and values. |
| plan | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. In the Azure portal, find the marketplace image that you want to use and then click Want to deploy programmatically, Get Started ->. Enter any required information and then click Save. | Plan |
| properties | Describes the properties of a virtual machine scale set virtual machine. | VirtualMachineScaleSetVMProperties |
Plan
| Name | Description | Value |
|---|---|---|
| name | The plan ID. | string |
| product | Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. | string |
| promotionCode | The promotion code. | string |
| publisher | The publisher ID. | string |
VirtualMachineScaleSetVMProperties
| Name | Description | Value |
|---|---|---|
| additionalCapabilities | Specifies additional capabilities enabled or disabled on the virtual machine in the scale set. For instance: whether the virtual machine has the capability to support attaching managed data disks with UltraSSD_LRS storage account type. | AdditionalCapabilities |
| availabilitySet | Specifies information about the availability set that the virtual machine should be assigned to. Virtual machines specified in the same availability set are allocated to different nodes to maximize availability. For more information about availability sets, see Availability sets overview. For more information on Azure planned maintenance, see Maintenance and updates for Virtual Machines in Azure Currently, a VM can only be added to availability set at creation time. An existing VM cannot be added to an availability set. |
SubResource |
| diagnosticsProfile | Specifies the boot diagnostic settings state. Minimum api-version: 2015-06-15. |
DiagnosticsProfile |
| hardwareProfile | Specifies the hardware settings for the virtual machine. | HardwareProfile |
| licenseType | Specifies that the image or disk that is being used was licensed on-premises. Possible values for Windows Server operating system are: Windows_Client Windows_Server Possible values for Linux Server operating system are: RHEL_BYOS (for RHEL) SLES_BYOS (for SUSE) For more information, see Azure Hybrid Use Benefit for Windows Server Azure Hybrid Use Benefit for Linux Server Minimum api-version: 2015-06-15 |
string |
| networkProfile | Specifies the network interfaces of the virtual machine. | NetworkProfile |
| networkProfileConfiguration | Specifies the network profile configuration of the virtual machine. | VirtualMachineScaleSetVMNetworkProfileConfiguration |
| osProfile | Specifies the operating system settings for the virtual machine. | OSProfile |
| protectionPolicy | Specifies the protection policy of the virtual machine. | VirtualMachineScaleSetVMProtectionPolicy |
| securityProfile | Specifies the Security related profile settings for the virtual machine. | SecurityProfile |
| storageProfile | Specifies the storage settings for the virtual machine disks. | StorageProfile |
| userData | UserData for the VM, which must be base-64 encoded. Customer should not pass any secrets in here. Minimum api-version: 2021-03-01 |
string |
AdditionalCapabilities
| Name | Description | Value |
|---|---|---|
| ultraSSDEnabled | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. | bool |
SubResource
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
DiagnosticsProfile
| Name | Description | Value |
|---|---|---|
| bootDiagnostics | Boot Diagnostics is a debugging feature which allows you to view Console Output and Screenshot to diagnose VM status. You can easily view the output of your console log. Azure also enables you to see a screenshot of the VM from the hypervisor. |
BootDiagnostics |
BootDiagnostics
| Name | Description | Value |
|---|---|---|
| enabled | Whether boot diagnostics should be enabled on the Virtual Machine. | bool |
| storageUri | Uri of the storage account to use for placing the console output and screenshot. If storageUri is not specified while enabling boot diagnostics, managed storage will be used. |
string |
HardwareProfile
| Name | Description | Value |
|---|---|---|
| vmSize | Specifies the size of the virtual machine. The enum data type is currently deprecated and will be removed by December 23rd 2023. Recommended way to get the list of available sizes is using these APIs: List all available virtual machine sizes in an availability set List all available virtual machine sizes in a region List all available virtual machine sizes for resizing. For more information about virtual machine sizes, see Sizes for virtual machines. The available VM sizes depend on region and availability set. |
"Basic_A0" "Basic_A1" "Basic_A2" "Basic_A3" "Basic_A4" "Standard_A0" "Standard_A1" "Standard_A10" "Standard_A11" "Standard_A1_v2" "Standard_A2" "Standard_A2_v2" "Standard_A2m_v2" "Standard_A3" "Standard_A4" "Standard_A4_v2" "Standard_A4m_v2" "Standard_A5" "Standard_A6" "Standard_A7" "Standard_A8" "Standard_A8_v2" "Standard_A8m_v2" "Standard_A9" "Standard_B1ms" "Standard_B1s" "Standard_B2ms" "Standard_B2s" "Standard_B4ms" "Standard_B8ms" "Standard_D1" "Standard_D11" "Standard_D11_v2" "Standard_D12" "Standard_D12_v2" "Standard_D13" "Standard_D13_v2" "Standard_D14" "Standard_D14_v2" "Standard_D15_v2" "Standard_D16_v3" "Standard_D16s_v3" "Standard_D1_v2" "Standard_D2" "Standard_D2_v2" "Standard_D2_v3" "Standard_D2s_v3" "Standard_D3" "Standard_D32_v3" "Standard_D32s_v3" "Standard_D3_v2" "Standard_D4" "Standard_D4_v2" "Standard_D4_v3" "Standard_D4s_v3" "Standard_D5_v2" "Standard_D64_v3" "Standard_D64s_v3" "Standard_D8_v3" "Standard_D8s_v3" "Standard_DS1" "Standard_DS11" "Standard_DS11_v2" "Standard_DS12" "Standard_DS12_v2" "Standard_DS13" "Standard_DS13-2_v2" "Standard_DS13-4_v2" "Standard_DS13_v2" "Standard_DS14" "Standard_DS14-4_v2" "Standard_DS14-8_v2" "Standard_DS14_v2" "Standard_DS15_v2" "Standard_DS1_v2" "Standard_DS2" "Standard_DS2_v2" "Standard_DS3" "Standard_DS3_v2" "Standard_DS4" "Standard_DS4_v2" "Standard_DS5_v2" "Standard_E16_v3" "Standard_E16s_v3" "Standard_E2_v3" "Standard_E2s_v3" "Standard_E32-16_v3" "Standard_E32-8s_v3" "Standard_E32_v3" "Standard_E32s_v3" "Standard_E4_v3" "Standard_E4s_v3" "Standard_E64-16s_v3" "Standard_E64-32s_v3" "Standard_E64_v3" "Standard_E64s_v3" "Standard_E8_v3" "Standard_E8s_v3" "Standard_F1" "Standard_F16" "Standard_F16s" "Standard_F16s_v2" "Standard_F1s" "Standard_F2" "Standard_F2s" "Standard_F2s_v2" "Standard_F32s_v2" "Standard_F4" "Standard_F4s" "Standard_F4s_v2" "Standard_F64s_v2" "Standard_F72s_v2" "Standard_F8" "Standard_F8s" "Standard_F8s_v2" "Standard_G1" "Standard_G2" "Standard_G3" "Standard_G4" "Standard_G5" "Standard_GS1" "Standard_GS2" "Standard_GS3" "Standard_GS4" "Standard_GS4-4" "Standard_GS4-8" "Standard_GS5" "Standard_GS5-16" "Standard_GS5-8" "Standard_H16" "Standard_H16m" "Standard_H16mr" "Standard_H16r" "Standard_H8" "Standard_H8m" "Standard_L16s" "Standard_L32s" "Standard_L4s" "Standard_L8s" "Standard_M128-32ms" "Standard_M128-64ms" "Standard_M128ms" "Standard_M128s" "Standard_M64-16ms" "Standard_M64-32ms" "Standard_M64ms" "Standard_M64s" "Standard_NC12" "Standard_NC12s_v2" "Standard_NC12s_v3" "Standard_NC24" "Standard_NC24r" "Standard_NC24rs_v2" "Standard_NC24rs_v3" "Standard_NC24s_v2" "Standard_NC24s_v3" "Standard_NC6" "Standard_NC6s_v2" "Standard_NC6s_v3" "Standard_ND12s" "Standard_ND24rs" "Standard_ND24s" "Standard_ND6s" "Standard_NV12" "Standard_NV24" "Standard_NV6" |
NetworkProfile
| Name | Description | Value |
|---|---|---|
| networkApiVersion | specifies the Microsoft.Network API version used when creating networking resources in the Network Interface Configurations | "2020-11-01" |
| networkInterfaceConfigurations | Specifies the networking configurations that will be used to create the virtual machine networking resources. | VirtualMachineNetworkInterfaceConfiguration[] |
| networkInterfaces | Specifies the list of resource Ids for the network interfaces associated with the virtual machine. | NetworkInterfaceReference[] |
VirtualMachineNetworkInterfaceConfiguration
| Name | Description | Value |
|---|---|---|
| name | The network interface configuration name. | string (required) |
| properties | Describes a virtual machine network profile's IP configuration. | VirtualMachineNetworkInterfaceConfigurationPropertie... |
VirtualMachineNetworkInterfaceConfigurationPropertie...
| Name | Description | Value |
|---|---|---|
| deleteOption | Specify what happens to the network interface when the VM is deleted | "Delete" "Detach" |
| dnsSettings | The dns settings to be applied on the network interfaces. | VirtualMachineNetworkInterfaceDnsSettingsConfigurati... |
| dscpConfiguration | SubResource | |
| enableAcceleratedNetworking | Specifies whether the network interface is accelerated networking-enabled. | bool |
| enableFpga | Specifies whether the network interface is FPGA networking-enabled. | bool |
| enableIPForwarding | Whether IP forwarding enabled on this NIC. | bool |
| ipConfigurations | Specifies the IP configurations of the network interface. | VirtualMachineNetworkInterfaceIPConfiguration[] (required) |
| networkSecurityGroup | The network security group. | SubResource |
| primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
VirtualMachineNetworkInterfaceDnsSettingsConfigurati...
| Name | Description | Value |
|---|---|---|
| dnsServers | List of DNS servers IP addresses | string[] |
VirtualMachineNetworkInterfaceIPConfiguration
| Name | Description | Value |
|---|---|---|
| name | The IP configuration name. | string (required) |
| properties | Describes a virtual machine network interface IP configuration properties. | VirtualMachineNetworkInterfaceIPConfigurationPropert... |
VirtualMachineNetworkInterfaceIPConfigurationPropert...
| Name | Description | Value |
|---|---|---|
| applicationGatewayBackendAddressPools | Specifies an array of references to backend address pools of application gateways. A virtual machine can reference backend address pools of multiple application gateways. Multiple virtual machines cannot use the same application gateway. | SubResource[] |
| applicationSecurityGroups | Specifies an array of references to application security group. | SubResource[] |
| loadBalancerBackendAddressPools | Specifies an array of references to backend address pools of load balancers. A virtual machine can reference backend address pools of one public and one internal load balancer. [Multiple virtual machines cannot use the same basic sku load balancer]. | SubResource[] |
| primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
| privateIPAddressVersion | Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | "IPv4" "IPv6" |
| publicIPAddressConfiguration | The publicIPAddressConfiguration. | VirtualMachinePublicIPAddressConfiguration |
| subnet | Specifies the identifier of the subnet. | SubResource |
VirtualMachinePublicIPAddressConfiguration
| Name | Description | Value |
|---|---|---|
| name | The publicIP address configuration name. | string (required) |
| properties | Describes a virtual machines IP Configuration's PublicIPAddress configuration | VirtualMachinePublicIPAddressConfigurationProperties |
| sku | Describes the public IP Sku | PublicIPAddressSku |
VirtualMachinePublicIPAddressConfigurationProperties
| Name | Description | Value |
|---|---|---|
| deleteOption | Specify what happens to the public IP address when the VM is deleted | "Delete" "Detach" |
| dnsSettings | The dns settings to be applied on the publicIP addresses . | VirtualMachinePublicIPAddressDnsSettingsConfiguratio... |
| idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
| ipTags | The list of IP tags associated with the public IP address. | VirtualMachineIpTag[] |
| publicIPAddressVersion | Available from Api-Version 2019-07-01 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | "IPv4" "IPv6" |
| publicIPAllocationMethod | Specify the public IP allocation type | "Dynamic" "Static" |
| publicIPPrefix | The PublicIPPrefix from which to allocate publicIP addresses. | SubResource |
VirtualMachinePublicIPAddressDnsSettingsConfiguratio...
| Name | Description | Value |
|---|---|---|
| domainNameLabel | The Domain name label prefix of the PublicIPAddress resources that will be created. The generated name label is the concatenation of the domain name label and vm network profile unique ID. | string (required) |
VirtualMachineIpTag
| Name | Description | Value |
|---|---|---|
| ipTagType | IP tag type. Example: FirstPartyUsage. | string |
| tag | IP tag associated with the public IP. Example: SQL, Storage etc. | string |
PublicIPAddressSku
| Name | Description | Value |
|---|---|---|
| name | Specify public IP sku name | "Basic" "Standard" |
| tier | Specify public IP sku tier | "Global" "Regional" |
NetworkInterfaceReference
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
| properties | Describes a network interface reference properties. | NetworkInterfaceReferenceProperties |
NetworkInterfaceReferenceProperties
| Name | Description | Value |
|---|---|---|
| deleteOption | Specify what happens to the network interface when the VM is deleted | "Delete" "Detach" |
| primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
VirtualMachineScaleSetVMNetworkProfileConfiguration
| Name | Description | Value |
|---|---|---|
| networkInterfaceConfigurations | The list of network configurations. | VirtualMachineScaleSetNetworkConfiguration[] |
VirtualMachineScaleSetNetworkConfiguration
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
| name | The network configuration name. | string (required) |
| properties | Describes a virtual machine scale set network profile's IP configuration. | VirtualMachineScaleSetNetworkConfigurationProperties |
VirtualMachineScaleSetNetworkConfigurationProperties
| Name | Description | Value |
|---|---|---|
| deleteOption | Specify what happens to the network interface when the VM is deleted | "Delete" "Detach" |
| dnsSettings | The dns settings to be applied on the network interfaces. | VirtualMachineScaleSetNetworkConfigurationDnsSetting... |
| enableAcceleratedNetworking | Specifies whether the network interface is accelerated networking-enabled. | bool |
| enableFpga | Specifies whether the network interface is FPGA networking-enabled. | bool |
| enableIPForwarding | Whether IP forwarding enabled on this NIC. | bool |
| ipConfigurations | Specifies the IP configurations of the network interface. | VirtualMachineScaleSetIPConfiguration[] (required) |
| networkSecurityGroup | The network security group. | SubResource |
| primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
VirtualMachineScaleSetNetworkConfigurationDnsSetting...
| Name | Description | Value |
|---|---|---|
| dnsServers | List of DNS servers IP addresses | string[] |
VirtualMachineScaleSetIPConfiguration
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
| name | The IP configuration name. | string (required) |
| properties | Describes a virtual machine scale set network profile's IP configuration properties. | VirtualMachineScaleSetIPConfigurationProperties |
VirtualMachineScaleSetIPConfigurationProperties
| Name | Description | Value |
|---|---|---|
| applicationGatewayBackendAddressPools | Specifies an array of references to backend address pools of application gateways. A scale set can reference backend address pools of multiple application gateways. Multiple scale sets cannot use the same application gateway. | SubResource[] |
| applicationSecurityGroups | Specifies an array of references to application security group. | SubResource[] |
| loadBalancerBackendAddressPools | Specifies an array of references to backend address pools of load balancers. A scale set can reference backend address pools of one public and one internal load balancer. Multiple scale sets cannot use the same basic sku load balancer. | SubResource[] |
| loadBalancerInboundNatPools | Specifies an array of references to inbound Nat pools of the load balancers. A scale set can reference inbound nat pools of one public and one internal load balancer. Multiple scale sets cannot use the same basic sku load balancer. | SubResource[] |
| primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
| privateIPAddressVersion | Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | "IPv4" "IPv6" |
| publicIPAddressConfiguration | The publicIPAddressConfiguration. | VirtualMachineScaleSetPublicIPAddressConfiguration |
| subnet | Specifies the identifier of the subnet. | ApiEntityReference |
VirtualMachineScaleSetPublicIPAddressConfiguration
| Name | Description | Value |
|---|---|---|
| name | The publicIP address configuration name. | string (required) |
| properties | Describes a virtual machines scale set IP Configuration's PublicIPAddress configuration | VirtualMachineScaleSetPublicIPAddressConfigurationPr... |
| sku | Describes the public IP Sku | PublicIPAddressSku |
VirtualMachineScaleSetPublicIPAddressConfigurationPr...
| Name | Description | Value |
|---|---|---|
| deleteOption | Specify what happens to the public IP when the VM is deleted | "Delete" "Detach" |
| dnsSettings | The dns settings to be applied on the publicIP addresses . | VirtualMachineScaleSetPublicIPAddressConfigurationDn... |
| idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
| ipTags | The list of IP tags associated with the public IP address. | VirtualMachineScaleSetIpTag[] |
| publicIPAddressVersion | Available from Api-Version 2019-07-01 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | "IPv4" "IPv6" |
| publicIPPrefix | The PublicIPPrefix from which to allocate publicIP addresses. | SubResource |
VirtualMachineScaleSetPublicIPAddressConfigurationDn...
| Name | Description | Value |
|---|---|---|
| domainNameLabel | The Domain name label.The concatenation of the domain name label and vm index will be the domain name labels of the PublicIPAddress resources that will be created | string (required) |
VirtualMachineScaleSetIpTag
| Name | Description | Value |
|---|---|---|
| ipTagType | IP tag type. Example: FirstPartyUsage. | string |
| tag | IP tag associated with the public IP. Example: SQL, Storage etc. | string |
ApiEntityReference
| Name | Description | Value |
|---|---|---|
| id | The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/... | string |
OSProfile
| Name | Description | Value |
|---|---|---|
| adminPassword | Specifies the password of the administrator account. Minimum-length (Windows): 8 characters Minimum-length (Linux): 6 characters Max-length (Windows): 123 characters Max-length (Linux): 72 characters Complexity requirements: 3 out of 4 conditions below need to be fulfilled Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_]) Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!" For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension |
string Constraints: Sensitive value. Pass in as a secure parameter. |
| adminUsername | Specifies the name of the administrator account. This property cannot be updated after the VM is created. Windows-only restriction: Cannot end in "." Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". Minimum-length (Linux): 1 character Max-length (Linux): 64 characters Max-length (Windows): 20 characters. |
string |
| allowExtensionOperations | Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine. |
bool |
| computerName | Specifies the host OS name of the virtual machine. This name cannot be updated after the VM is created. Max-length (Windows): 15 characters Max-length (Linux): 64 characters. For naming conventions and restrictions see Azure infrastructure services implementation guidelines. |
string |
| customData | Specifies a base-64 encoded string of custom data. The base-64 encoded string is decoded to a binary array that is saved as a file on the Virtual Machine. The maximum length of the binary array is 65535 bytes. Note: Do not pass any secrets or passwords in customData property This property cannot be updated after the VM is created. customData is passed to the VM to be saved as a file, for more information see Custom Data on Azure VMs For using cloud-init for your Linux VM, see Using cloud-init to customize a Linux VM during creation |
string |
| linuxConfiguration | Specifies the Linux operating system settings on the virtual machine. For a list of supported Linux distributions, see Linux on Azure-Endorsed Distributions. |
LinuxConfiguration |
| requireGuestProvisionSignal | Specifies whether the guest provision signal is required to infer provision success of the virtual machine. Note: This property is for private testing only, and all customers must not set the property to false. | bool |
| secrets | Specifies set of certificates that should be installed onto the virtual machine. To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. | VaultSecretGroup[] |
| windowsConfiguration | Specifies Windows operating system settings on the virtual machine. | WindowsConfiguration |
LinuxConfiguration
| Name | Description | Value |
|---|---|---|
| disablePasswordAuthentication | Specifies whether password authentication should be disabled. | bool |
| patchSettings | [Preview Feature] Specifies settings related to VM Guest Patching on Linux. | LinuxPatchSettings |
| provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. |
bool |
| ssh | Specifies the ssh key configuration for a Linux OS. | SshConfiguration |
LinuxPatchSettings
| Name | Description | Value |
|---|---|---|
| assessmentMode | Specifies the mode of VM Guest Patch Assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. |
"AutomaticByPlatform" "ImageDefault" |
| patchMode | Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: ImageDefault - The virtual machine's default patching configuration is used. AutomaticByPlatform - The virtual machine will be automatically updated by the platform. The property provisionVMAgent must be true |
"AutomaticByPlatform" "ImageDefault" |
SshConfiguration
| Name | Description | Value |
|---|---|---|
| publicKeys | The list of SSH public keys used to authenticate with linux based VMs. | SshPublicKey[] |
SshPublicKey
| Name | Description | Value |
|---|---|---|
| keyData | SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format. For creating ssh keys, see [Create SSH keys on Linux and Mac for Linux VMs in Azure]/azure/virtual-machines/linux/create-ssh-keys-detailed). |
string |
| path | Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys | string |
VaultSecretGroup
| Name | Description | Value |
|---|---|---|
| sourceVault | The relative URL of the Key Vault containing all of the certificates in VaultCertificates. | SubResource |
| vaultCertificates | The list of key vault references in SourceVault which contain certificates. | VaultCertificate[] |
VaultCertificate
| Name | Description | Value |
|---|---|---|
| certificateStore | For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account. For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted. |
string |
| certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"{Base64-encoded-certificate}", "dataType":"pfx", "password":"{pfx-file-password}" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
string |
WindowsConfiguration
| Name | Description | Value |
|---|---|---|
| additionalUnattendContent | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. | AdditionalUnattendContent[] |
| enableAutomaticUpdates | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. |
bool |
| patchSettings | [Preview Feature] Specifies settings related to VM Guest Patching on Windows. | PatchSettings |
| provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. |
bool |
| timeZone | Specifies the time zone of the virtual machine. e.g. "Pacific Standard Time". Possible values can be TimeZoneInfo.Id value from time zones returned by TimeZoneInfo.GetSystemTimeZones. |
string |
| winRM | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. | WinRMConfiguration |
AdditionalUnattendContent
| Name | Description | Value |
|---|---|---|
| componentName | The component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup. | "Microsoft-Windows-Shell-Setup" |
| content | Specifies the XML formatted content that is added to the unattend.xml file for the specified path and component. The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted. | string |
| passName | The pass name. Currently, the only allowable value is OobeSystem. | "OobeSystem" |
| settingName | Specifies the name of the setting to which the content applies. Possible values are: FirstLogonCommands and AutoLogon. | "AutoLogon" "FirstLogonCommands" |
PatchSettings
| Name | Description | Value |
|---|---|---|
| assessmentMode | Specifies the mode of VM Guest patch assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. |
"AutomaticByPlatform" "ImageDefault" |
| enableHotpatching | Enables customers to patch their Azure VMs without requiring a reboot. For enableHotpatching, the 'provisionVMAgent' must be set to true and 'patchMode' must be set to 'AutomaticByPlatform'. | bool |
| patchMode | Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: Manual - You control the application of patches to a virtual machine. You do this by applying patches manually inside the VM. In this mode, automatic updates are disabled; the property WindowsConfiguration.enableAutomaticUpdates must be false AutomaticByOS - The virtual machine will automatically be updated by the OS. The property WindowsConfiguration.enableAutomaticUpdates must be true. AutomaticByPlatform - the virtual machine will automatically updated by the platform. The properties provisionVMAgent and WindowsConfiguration.enableAutomaticUpdates must be true |
"AutomaticByOS" "AutomaticByPlatform" "Manual" |
WinRMConfiguration
| Name | Description | Value |
|---|---|---|
| listeners | The list of Windows Remote Management listeners | WinRMListener[] |
WinRMListener
| Name | Description | Value |
|---|---|---|
| certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"{Base64-encoded-certificate}", "dataType":"pfx", "password":"{pfx-file-password}" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
string |
| protocol | Specifies the protocol of WinRM listener. Possible values are: http https |
"Http" "Https" |
VirtualMachineScaleSetVMProtectionPolicy
| Name | Description | Value |
|---|---|---|
| protectFromScaleIn | Indicates that the virtual machine scale set VM shouldn't be considered for deletion during a scale-in operation. | bool |
| protectFromScaleSetActions | Indicates that model updates or actions (including scale-in) initiated on the virtual machine scale set should not be applied to the virtual machine scale set VM. | bool |
SecurityProfile
| Name | Description | Value |
|---|---|---|
| encryptionAtHost | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. Default: The Encryption at host will be disabled unless this property is set to true for the resource. |
bool |
| securityType | Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings. Default: UefiSettings will not be enabled unless this property is set as TrustedLaunch. |
"TrustedLaunch" |
| uefiSettings | Specifies the security settings like secure boot and vTPM used while creating the virtual machine. Minimum api-version: 2020-12-01 |
UefiSettings |
UefiSettings
| Name | Description | Value |
|---|---|---|
| secureBootEnabled | Specifies whether secure boot should be enabled on the virtual machine. Minimum api-version: 2020-12-01 |
bool |
| vTpmEnabled | Specifies whether vTPM should be enabled on the virtual machine. Minimum api-version: 2020-12-01 |
bool |
StorageProfile
| Name | Description | Value |
|---|---|---|
| dataDisks | Specifies the parameters that are used to add a data disk to a virtual machine. For more information about disks, see About disks and VHDs for Azure virtual machines. |
DataDisk[] |
| imageReference | Specifies information about the image to use. You can specify information about platform images, marketplace images, or virtual machine images. This element is required when you want to use a platform image, marketplace image, or virtual machine image, but is not used in other creation operations. | ImageReference |
| osDisk | Specifies information about the operating system disk used by the virtual machine. For more information about disks, see About disks and VHDs for Azure virtual machines. |
OSDisk |
DataDisk
| Name | Description | Value |
|---|---|---|
| caching | Specifies the caching requirements. Possible values are: None ReadOnly ReadWrite Default: None for Standard storage. ReadOnly for Premium storage |
"None" "ReadOnly" "ReadWrite" |
| createOption | Specifies how the virtual machine should be created. Possible values are: Attach \u2013 This value is used when you are using a specialized disk to create the virtual machine. FromImage \u2013 This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described. |
"Attach" "Empty" "FromImage" (required) |
| deleteOption | Specifies whether data disk should be deleted or detached upon VM deletion. Possible values: Delete If this value is used, the data disk is deleted when VM is deleted. Detach If this value is used, the data disk is retained after VM is deleted. The default value is set to detach |
"Delete" "Detach" |
| detachOption | Specifies the detach behavior to be used while detaching a disk or which is already in the process of detachment from the virtual machine. Supported values: ForceDetach. detachOption: ForceDetach is applicable only for managed data disks. If a previous detachment attempt of the data disk did not complete due to an unexpected failure from the virtual machine and the disk is still not released then use force-detach as a last resort option to detach the disk forcibly from the VM. All writes might not have been flushed when using this detach behavior. This feature is still in preview mode and is not supported for VirtualMachineScaleSet. To force-detach a data disk update toBeDetached to 'true' along with setting detachOption: 'ForceDetach'. |
"ForceDetach" |
| diskSizeGB | Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. This value cannot be larger than 1023 GB |
int |
| image | The source user image virtual hard disk. The virtual hard disk will be copied before being attached to the virtual machine. If SourceImage is provided, the destination virtual hard drive must not exist. | VirtualHardDisk |
| lun | Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. | int (required) |
| managedDisk | The managed disk parameters. | ManagedDiskParameters |
| name | The disk name. | string |
| toBeDetached | Specifies whether the data disk is in process of detachment from the VirtualMachine/VirtualMachineScaleset | bool |
| vhd | The virtual hard disk. | VirtualHardDisk |
| writeAcceleratorEnabled | Specifies whether writeAccelerator should be enabled or disabled on the disk. | bool |
VirtualHardDisk
| Name | Description | Value |
|---|---|---|
| uri | Specifies the virtual hard disk's uri. | string |
ManagedDiskParameters
| Name | Description | Value |
|---|---|---|
| diskEncryptionSet | Specifies the customer managed disk encryption set resource id for the managed disk. | DiskEncryptionSetParameters |
| id | Resource Id | string |
| storageAccountType | Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. | "Premium_LRS" "Premium_ZRS" "StandardSSD_LRS" "StandardSSD_ZRS" "Standard_LRS" "UltraSSD_LRS" |
DiskEncryptionSetParameters
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
ImageReference
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
| offer | Specifies the offer of the platform image or marketplace image used to create the virtual machine. | string |
| publisher | The image publisher. | string |
| sku | The image SKU. | string |
| version | Specifies the version of the platform image or marketplace image used to create the virtual machine. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available. | string |
OSDisk
| Name | Description | Value |
|---|---|---|
| caching | Specifies the caching requirements. Possible values are: None ReadOnly ReadWrite Default: None for Standard storage. ReadOnly for Premium storage. |
"None" "ReadOnly" "ReadWrite" |
| createOption | Specifies how the virtual machine should be created. Possible values are: Attach \u2013 This value is used when you are using a specialized disk to create the virtual machine. FromImage \u2013 This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described. |
"Attach" "Empty" "FromImage" (required) |
| deleteOption | Specifies whether OS Disk should be deleted or detached upon VM deletion. Possible values: Delete If this value is used, the OS disk is deleted when VM is deleted. Detach If this value is used, the os disk is retained after VM is deleted. The default value is set to detach. For an ephemeral OS Disk, the default value is set to Delete. User cannot change the delete option for ephemeral OS Disk. |
"Delete" "Detach" |
| diffDiskSettings | Specifies the ephemeral Disk Settings for the operating system disk used by the virtual machine. | DiffDiskSettings |
| diskSizeGB | Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. This value cannot be larger than 1023 GB |
int |
| encryptionSettings | Specifies the encryption settings for the OS Disk. Minimum api-version: 2015-06-15 |
DiskEncryptionSettings |
| image | The source user image virtual hard disk. The virtual hard disk will be copied before being attached to the virtual machine. If SourceImage is provided, the destination virtual hard drive must not exist. | VirtualHardDisk |
| managedDisk | The managed disk parameters. | ManagedDiskParameters |
| name | The disk name. | string |
| osType | This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD. Possible values are: Windows Linux |
"Linux" "Windows" |
| vhd | The virtual hard disk. | VirtualHardDisk |
| writeAcceleratorEnabled | Specifies whether writeAccelerator should be enabled or disabled on the disk. | bool |
DiffDiskSettings
| Name | Description | Value |
|---|---|---|
| option | Specifies the ephemeral disk settings for operating system disk. | "Local" |
| placement | Specifies the ephemeral disk placement for operating system disk. Possible values are: CacheDisk ResourceDisk Default: CacheDisk if one is configured for the VM size otherwise ResourceDisk is used. Refer to VM size documentation for Windows VM at /azure/virtual-machines/windows/sizes and Linux VM at /azure/virtual-machines/linux/sizes to check which VM sizes exposes a cache disk. |
"CacheDisk" "ResourceDisk" |
DiskEncryptionSettings
| Name | Description | Value |
|---|---|---|
| diskEncryptionKey | Specifies the location of the disk encryption key, which is a Key Vault Secret. | KeyVaultSecretReference |
| enabled | Specifies whether disk encryption should be enabled on the virtual machine. | bool |
| keyEncryptionKey | Specifies the location of the key encryption key in Key Vault. | KeyVaultKeyReference |
KeyVaultSecretReference
| Name | Description | Value |
|---|---|---|
| secretUrl | The URL referencing a secret in a Key Vault. | string (required) |
| sourceVault | The relative URL of the Key Vault containing the secret. | SubResource (required) |
KeyVaultKeyReference
| Name | Description | Value |
|---|---|---|
| keyUrl | The URL referencing a key encryption key in Key Vault. | string (required) |
| sourceVault | The relative URL of the Key Vault containing the key. | SubResource (required) |