Microsoft.Compute virtualMachines/extensions
Bicep resource definition
The virtualMachines/extensions resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Compute/virtualMachines/extensions resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Compute/virtualMachines/extensions@2024-07-01' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
parent: resourceSymbolicName
properties: {
autoUpgradeMinorVersion: bool
enableAutomaticUpgrade: bool
forceUpdateTag: 'string'
instanceView: {
name: 'string'
statuses: [
{
code: 'string'
displayStatus: 'string'
level: 'string'
message: 'string'
time: 'string'
}
]
substatuses: [
{
code: 'string'
displayStatus: 'string'
level: 'string'
message: 'string'
time: 'string'
}
]
type: 'string'
typeHandlerVersion: 'string'
}
protectedSettings: any()
protectedSettingsFromKeyVault: {
secretUrl: 'string'
sourceVault: {
id: 'string'
}
}
provisionAfterExtensions: [
'string'
]
publisher: 'string'
settings: any()
suppressFailures: bool
type: 'string'
typeHandlerVersion: 'string'
}
}
Property values
virtualMachines/extensions
Name | Description | Value |
---|---|---|
name | The resource name See how to set names and types for child resources in Bicep. |
string (required) |
location | Resource location | string |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: virtualMachines |
properties | Describes the properties of a Virtual Machine Extension. | VirtualMachineExtensionProperties |
VirtualMachineExtensionProperties
Name | Description | Value |
---|---|---|
autoUpgradeMinorVersion | Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. | bool |
enableAutomaticUpgrade | Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. | bool |
forceUpdateTag | How the extension handler should be forced to update even if the extension configuration has not changed. | string |
instanceView | The virtual machine extension instance view. | VirtualMachineExtensionInstanceView |
protectedSettings | The extension can contain either protectedSettings or protectedSettingsFromKeyVault or no protected settings at all. | For Bicep, you can use the any() function. |
protectedSettingsFromKeyVault | The extensions protected settings that are passed by reference, and consumed from key vault | KeyVaultSecretReference |
provisionAfterExtensions | Collection of extension names after which this extension needs to be provisioned. | string[] |
publisher | The name of the extension handler publisher. | string |
settings | Json formatted public settings for the extension. | For Bicep, you can use the any() function. |
suppressFailures | Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. | bool |
type | Specifies the type of the extension; an example is "CustomScriptExtension". | string |
typeHandlerVersion | Specifies the version of the script handler. | string |
VirtualMachineExtensionInstanceView
Name | Description | Value |
---|---|---|
name | The virtual machine extension name. | string |
statuses | The resource status information. | InstanceViewStatus[] |
substatuses | The resource status information. | InstanceViewStatus[] |
type | Specifies the type of the extension; an example is "CustomScriptExtension". | string |
typeHandlerVersion | Specifies the version of the script handler. | string |
InstanceViewStatus
Name | Description | Value |
---|---|---|
code | The status code. | string |
displayStatus | The short localizable label for the status. | string |
level | The level code. | 'Error' 'Info' 'Warning' |
message | The detailed status message, including for alerts and error messages. | string |
time | The time of the status. | string |
KeyVaultSecretReference
Name | Description | Value |
---|---|---|
secretUrl | The URL referencing a secret in a Key Vault. | string (required) |
sourceVault | The relative URL of the Key Vault containing the secret. | SubResource (required) |
SubResource
Name | Description | Value |
---|---|---|
id | Resource Id | string |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Create a Windows VM with Anti-Malware extension enabled |
This template creates a Windows VM and sets up the Anti-Malware protection |
IIS Server using DSC extension on a Windows VM |
This template creates a Windows VM and sets up an IIS server using the DSC extension. Note, the DSC configuration module needs a SAS token to be passed in if you are using Azure Storage. For DSC module link from GitHub (default in this template), this is not needed. |
ESET VM Extension |
Creates a VM with ESET extension |
McAfee Endpoint Security (trial license) on Windows VM |
This template creates a Windows VM and sets up a trial version of McAfee Endpoint Security |
Deploy a Ubuntu VM with the OMS extension |
This template allows you to deploy a Ubuntu VM with the OMS extension installed and onboarded to a specified workspace |
Deploy a Windows VM with the OMS extension |
This template allows you to deploy a Windows VM with the OMS extension installed and onboarded to a specified workspace |
Symantec Endpoint Protection extension trial on Windows VM |
This template creates a Windows VM and sets up a trial version of Symantec Endpoint Protection |
Custom Script extension on a Ubuntu VM |
This template creates a Ubuntu VM and installs the CustomScript extension |
OS Patching extension on a Ubuntu VM |
This template creates a Ubuntu VM and installs the OSPatching extension |
Deploy a Premium Windows VM with diagnostics |
This template allows you to deploy a Premium Windows VM using a few different options for the Windows version, using the latest patched version. |
Deploy a simple Windows VM with monitoring and diagnostics |
This template allows you to deploy a simple Windows VM along with the diagnostics extension which enables monitoring and diagnostics for the VM |
Use script extensions to install Mongo DB on Ubuntu VM |
This template deploys Configures and Installs Mongo DB on a Ubuntu Virtual Machine in two separate scripts. This template is a good example that showcases how to express dependencies between two scripts running on the same virtual machine. This template also deploys a Storage Account, Virtual Network, Public IP addresses and a Network Interface. |
ARM template resource definition
The virtualMachines/extensions resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Compute/virtualMachines/extensions resource, add the following JSON to your template.
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "2024-07-01",
"name": "string",
"location": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"properties": {
"autoUpgradeMinorVersion": "bool",
"enableAutomaticUpgrade": "bool",
"forceUpdateTag": "string",
"instanceView": {
"name": "string",
"statuses": [
{
"code": "string",
"displayStatus": "string",
"level": "string",
"message": "string",
"time": "string"
}
],
"substatuses": [
{
"code": "string",
"displayStatus": "string",
"level": "string",
"message": "string",
"time": "string"
}
],
"type": "string",
"typeHandlerVersion": "string"
},
"protectedSettings": {},
"protectedSettingsFromKeyVault": {
"secretUrl": "string",
"sourceVault": {
"id": "string"
}
},
"provisionAfterExtensions": [ "string" ],
"publisher": "string",
"settings": {},
"suppressFailures": "bool",
"type": "string",
"typeHandlerVersion": "string"
}
}
Property values
virtualMachines/extensions
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.Compute/virtualMachines/extensions' |
apiVersion | The resource api version | '2024-07-01' |
name | The resource name See how to set names and types for child resources in JSON ARM templates. |
string (required) |
location | Resource location | string |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
properties | Describes the properties of a Virtual Machine Extension. | VirtualMachineExtensionProperties |
VirtualMachineExtensionProperties
Name | Description | Value |
---|---|---|
autoUpgradeMinorVersion | Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. | bool |
enableAutomaticUpgrade | Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. | bool |
forceUpdateTag | How the extension handler should be forced to update even if the extension configuration has not changed. | string |
instanceView | The virtual machine extension instance view. | VirtualMachineExtensionInstanceView |
protectedSettings | The extension can contain either protectedSettings or protectedSettingsFromKeyVault or no protected settings at all. | |
protectedSettingsFromKeyVault | The extensions protected settings that are passed by reference, and consumed from key vault | KeyVaultSecretReference |
provisionAfterExtensions | Collection of extension names after which this extension needs to be provisioned. | string[] |
publisher | The name of the extension handler publisher. | string |
settings | Json formatted public settings for the extension. | |
suppressFailures | Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. | bool |
type | Specifies the type of the extension; an example is "CustomScriptExtension". | string |
typeHandlerVersion | Specifies the version of the script handler. | string |
VirtualMachineExtensionInstanceView
Name | Description | Value |
---|---|---|
name | The virtual machine extension name. | string |
statuses | The resource status information. | InstanceViewStatus[] |
substatuses | The resource status information. | InstanceViewStatus[] |
type | Specifies the type of the extension; an example is "CustomScriptExtension". | string |
typeHandlerVersion | Specifies the version of the script handler. | string |
InstanceViewStatus
Name | Description | Value |
---|---|---|
code | The status code. | string |
displayStatus | The short localizable label for the status. | string |
level | The level code. | 'Error' 'Info' 'Warning' |
message | The detailed status message, including for alerts and error messages. | string |
time | The time of the status. | string |
KeyVaultSecretReference
Name | Description | Value |
---|---|---|
secretUrl | The URL referencing a secret in a Key Vault. | string (required) |
sourceVault | The relative URL of the Key Vault containing the secret. | SubResource (required) |
SubResource
Name | Description | Value |
---|---|---|
id | Resource Id | string |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Create a Windows VM with Anti-Malware extension enabled |
This template creates a Windows VM and sets up the Anti-Malware protection |
IIS Server using DSC extension on a Windows VM |
This template creates a Windows VM and sets up an IIS server using the DSC extension. Note, the DSC configuration module needs a SAS token to be passed in if you are using Azure Storage. For DSC module link from GitHub (default in this template), this is not needed. |
ESET VM Extension |
Creates a VM with ESET extension |
McAfee Endpoint Security (trial license) on Windows VM |
This template creates a Windows VM and sets up a trial version of McAfee Endpoint Security |
Deploy a Ubuntu VM with the OMS extension |
This template allows you to deploy a Ubuntu VM with the OMS extension installed and onboarded to a specified workspace |
Deploy a Windows VM with the OMS extension |
This template allows you to deploy a Windows VM with the OMS extension installed and onboarded to a specified workspace |
Symantec Endpoint Protection extension trial on Windows VM |
This template creates a Windows VM and sets up a trial version of Symantec Endpoint Protection |
Custom Script extension on a Ubuntu VM |
This template creates a Ubuntu VM and installs the CustomScript extension |
OS Patching extension on a Ubuntu VM |
This template creates a Ubuntu VM and installs the OSPatching extension |
Deploy a Premium Windows VM with diagnostics |
This template allows you to deploy a Premium Windows VM using a few different options for the Windows version, using the latest patched version. |
Deploy a simple Windows VM with monitoring and diagnostics |
This template allows you to deploy a simple Windows VM along with the diagnostics extension which enables monitoring and diagnostics for the VM |
Use script extensions to install Mongo DB on Ubuntu VM |
This template deploys Configures and Installs Mongo DB on a Ubuntu Virtual Machine in two separate scripts. This template is a good example that showcases how to express dependencies between two scripts running on the same virtual machine. This template also deploys a Storage Account, Virtual Network, Public IP addresses and a Network Interface. |
Terraform (AzAPI provider) resource definition
The virtualMachines/extensions resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Compute/virtualMachines/extensions resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Compute/virtualMachines/extensions@2024-07-01"
name = "string"
location = "string"
parent_id = "string"
tags = {
tagName1 = "tagValue1"
tagName2 = "tagValue2"
}
body = jsonencode({
properties = {
autoUpgradeMinorVersion = bool
enableAutomaticUpgrade = bool
forceUpdateTag = "string"
instanceView = {
name = "string"
statuses = [
{
code = "string"
displayStatus = "string"
level = "string"
message = "string"
time = "string"
}
]
substatuses = [
{
code = "string"
displayStatus = "string"
level = "string"
message = "string"
time = "string"
}
]
type = "string"
typeHandlerVersion = "string"
}
protectedSettingsFromKeyVault = {
secretUrl = "string"
sourceVault = {
id = "string"
}
}
provisionAfterExtensions = [
"string"
]
publisher = "string"
suppressFailures = bool
type = "string"
typeHandlerVersion = "string"
}
})
}
Property values
virtualMachines/extensions
Name | Description | Value |
---|---|---|
type | The resource type | "Microsoft.Compute/virtualMachines/extensions@2024-07-01" |
name | The resource name | string (required) |
location | Resource location | string |
parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: virtualMachines |
tags | Resource tags | Dictionary of tag names and values. |
properties | Describes the properties of a Virtual Machine Extension. | VirtualMachineExtensionProperties |
VirtualMachineExtensionProperties
Name | Description | Value |
---|---|---|
autoUpgradeMinorVersion | Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. | bool |
enableAutomaticUpgrade | Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. | bool |
forceUpdateTag | How the extension handler should be forced to update even if the extension configuration has not changed. | string |
instanceView | The virtual machine extension instance view. | VirtualMachineExtensionInstanceView |
protectedSettings | The extension can contain either protectedSettings or protectedSettingsFromKeyVault or no protected settings at all. | |
protectedSettingsFromKeyVault | The extensions protected settings that are passed by reference, and consumed from key vault | KeyVaultSecretReference |
provisionAfterExtensions | Collection of extension names after which this extension needs to be provisioned. | string[] |
publisher | The name of the extension handler publisher. | string |
settings | Json formatted public settings for the extension. | |
suppressFailures | Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. | bool |
type | Specifies the type of the extension; an example is "CustomScriptExtension". | string |
typeHandlerVersion | Specifies the version of the script handler. | string |
VirtualMachineExtensionInstanceView
Name | Description | Value |
---|---|---|
name | The virtual machine extension name. | string |
statuses | The resource status information. | InstanceViewStatus[] |
substatuses | The resource status information. | InstanceViewStatus[] |
type | Specifies the type of the extension; an example is "CustomScriptExtension". | string |
typeHandlerVersion | Specifies the version of the script handler. | string |
InstanceViewStatus
Name | Description | Value |
---|---|---|
code | The status code. | string |
displayStatus | The short localizable label for the status. | string |
level | The level code. | "Error" "Info" "Warning" |
message | The detailed status message, including for alerts and error messages. | string |
time | The time of the status. | string |
KeyVaultSecretReference
Name | Description | Value |
---|---|---|
secretUrl | The URL referencing a secret in a Key Vault. | string (required) |
sourceVault | The relative URL of the Key Vault containing the secret. | SubResource (required) |
SubResource
Name | Description | Value |
---|---|---|
id | Resource Id | string |