Remove machine specific information by generalizing a VM before creating an image
Generalizing a VM is not necessary for creating an image in an Azure Compute Gallery unless you specifically want to create a generalized image. Generalizing is required when creating a managed image outside of a gallery.
Generalizing removes machine specific information so the image can be used to create multiple VMs. Once the VM has been generalized, you need to let the platform know so that the boot sequence can be set correctly.
Distribution specific instructions for preparing Linux images for Azure are available here:
The following instructions only cover setting the VM to generalized. We recommend you follow the distro specific instructions for production workloads.
First you'll deprovision the VM by using the Azure VM agent to delete machine-specific files and data. Use the
waagent command with the
-deprovision+user parameter on your source Linux VM. For more information, see the Azure Linux Agent user guide. This process can't be reversed.
Connect to your Linux VM with an SSH client.
In the SSH window, enter the following command:
sudo waagent -deprovision+user
Only run this command on a VM that you'll capture as an image. This command does not guarantee that the image is cleared of all sensitive information or is suitable for redistribution. The
+userparameter also removes the last provisioned user account. To keep user account credentials in the VM, use only
Enter y to continue. You can add the
-forceparameter to avoid this confirmation step.
After the command completes, enter exit to close the SSH client. The VM will still be running at this point.
Deallocate the VM that you deprovisioned with
az vm deallocate so that it can be generalized.
az vm deallocate \ --resource-group myResourceGroup \ --name myVM
Then the VM needs to be marked as generalized on the platform.
az vm generalize \ --resource-group myResourceGroup \ --name myVM
Sysprep removes all your personal account and security information, and then prepares the machine to be used as an image. For information about Sysprep, see Sysprep overview.
After you have run Sysprep on a VM, that VM is considered generalized and cannot be restarted. The process of generalizing a VM is not reversible. If you need to keep the original VM functioning, you should create a copy of the VM and generalize its copy.
Sysprep requires the drives to be fully decrypted. If you have enabled encryption on your VM, disable encryption before you run Sysprep.
If you plan to run Sysprep before uploading your virtual hard disk (VHD) to Azure for the first time, make sure you have prepared your VM.
We do not support custom answer file in the sysprep step, hence you should not use the "/unattend:answerfile" switch with your sysprep command.
To generalize your Windows VM, follow these steps:
Sign in to your Windows VM.
Open a Command Prompt window as an administrator.
Delete the panther directory (C:\Windows\Panther).
Then change the directory to %windir%\system32\sysprep, and then run:
sysprep.exe /oobe /generalize /mode:vm /shutdown
The VM will shut down when Sysprep is finished generalizing the VM. Do not restart the VM.
Optional Use DISM to optimize your image and reduce your VM's first boot time.
To optimize your image, mount your VHD by double-clicking on it in Windows explorer, and then run DISM with the
DISM /image:D:\ /optimize-image /boot
Where D: is the mounted VHD's path.
DISM /optimize-image should be the last modification you make to your VHD. If you make any changes to your VHD prior to deployment, you'll have to run
DISM /optimize-image again.
Once Sysprep has finished, set the status of the virtual machine to Generalized.
Set-AzVm -ResourceGroupName $rgName -Name $vmName -Generalized