List the image definitions in a gallery using az sig image-definition list to see the name and ID of the definitions.
az sig image-definition list --resource-group $resourceGroup --gallery-name $gallery --query "[].[name, id]" --output tsv
Create a VM using az vm create. To use the latest version of the image, set --image
to the ID of the image definition.
This example is for creating a Linux VM secured with SSH. For Windows or to secure a Linux VM with a password, remove --generate-ssh-keys
to be prompted for a password. If you want to supply a password directly, replace --generate-ssh-keys
with --admin-password
. Replace resource names as needed in this example.
imgDef="/subscriptions/<subscription ID where the gallery is located>/resourceGroups/myGalleryRG/providers/Microsoft.Compute/galleries/myGallery/images/myImageDefinition"
az group create --name $vmResourceGroup --location $location
az vm create\
--resource-group $vmResourceGroup \
--name $vmName \
--image $imgDef \
--admin-username $adminUsername \
You can also use a specific version by using the image version ID for the --image
parameter. For example, to use image version 1.0.0 type: --image "/subscriptions/<subscription ID where the gallery is located>/resourceGroups/myGalleryRG/providers/Microsoft.Compute/galleries/myGallery/images/myImageDefinition/versions/1.0.0"
Once you have a generalized image version, you can create one or more new VMs. Using the New-AzVM cmdlet.
In this example, we're using the image definition ID to ensure your new VM will use the most recent version of an image. You can also use a specific version by using the image version ID for Set-AzVMSourceImage -Id
. For example, to use image version 1.0.0 type: Set-AzVMSourceImage -Id "/subscriptions/<subscription ID where the gallery is located>/resourceGroups/myGalleryRG/providers/Microsoft.Compute/galleries/myGallery/images/myImageDefinition/versions/1.0.0"
Be aware that using a specific image version means automation could fail if that specific image version isn't available because it was deleted or removed from the region. We recommend using the image definition ID for creating your new VM, unless a specific image version is required.
Replace resource names as needed in these examples.
Simplified parameter set
You can use the simplified parameter set to quickly create a VM from an image. The simplified parameter set uses the VM name to automatically create some of the required resources, like vNet and public IP address, for you.
$resourceGroup = "myResourceGroup"
$location = "South Central US"
$vmName = "myVMfromImage"
$imageDefinition = Get-AzGalleryImageDefinition `
-GalleryName myGallery `
-ResourceGroupName myResourceGroup `
-Name myImageDefinition
$cred = Get-Credential `
-Message "Enter a username and password for the virtual machine."
New-AzResourceGroup `
-Name $resourceGroup `
-Location $location
New-AzVM `
-ResourceGroupName $resourceGroup `
-Location $location `
-Name $vmName `
-Image $imageDefinition.Id
-Credential $cred
Full parameter set
You can create a VM using specific resources by using the full parameter set.
$resourceGroup = "myResourceGroup"
$location = "South Central US"
$vmName = "myVMfromImage"
$imageDefinition = Get-AzGalleryImageDefinition `
-GalleryName myGallery `
-ResourceGroupName myResourceGroup `
-Name myImageDefinition
$cred = Get-Credential `
-Message "Enter a username and password for the virtual machine."
New-AzResourceGroup `
-Name $resourceGroup `
-Location $location
$subnetConfig = New-AzVirtualNetworkSubnetConfig `
-Name mySubnet `
$vnet = New-AzVirtualNetwork `
-ResourceGroupName $resourceGroup `
-Location $location `
-Name MYvNET `
-AddressPrefix `
-Subnet $subnetConfig
$pip = New-AzPublicIpAddress `
-ResourceGroupName $resourceGroup `
-Location $location `
-Name "mypublicdns$(Get-Random)" `
-AllocationMethod Static `
-IdleTimeoutInMinutes 4
$nsgRuleRDP = New-AzNetworkSecurityRuleConfig `
-Name myNetworkSecurityGroupRuleRDP `
-Protocol Tcp `
-Direction Inbound `
-Priority 1000 `
-SourceAddressPrefix * `
-SourcePortRange * `
-DestinationAddressPrefix * `
-DestinationPortRange 3389 `
-Access Deny
$nsg = New-AzNetworkSecurityGroup `
-ResourceGroupName $resourceGroup `
-Location $location `
-Name myNetworkSecurityGroup `
-SecurityRules $nsgRuleRDP
$nic = New-AzNetworkInterface `
-Name myNic `
-ResourceGroupName $resourceGroup `
-Location $location `
-SubnetId $vnet.Subnets[0].Id `
-PublicIpAddressId $pip.Id `
-NetworkSecurityGroupId $nsg.Id
$vmConfig = New-AzVMConfig `
-VMName $vmName `
-VMSize Standard_D1_v2 | `
Set-AzVMOperatingSystem -Windows -ComputerName $vmName -Credential $cred | `
Set-AzVMSourceImage -Id $imageDefinition.Id | `
Add-AzVMNetworkInterface -Id $nic.Id
New-AzVM `
-ResourceGroupName $resourceGroup `
-Location $location `
-VM $vmConfig
Create a Virtual Network.
"properties": {
"addressSpace": {
"addressPrefixes": [
"location": "eastus"
Create a subnet.
"properties": {
"addressPrefix": ""
Create a public IP address.
"location": "eastus"
Create a network security group.
# @name vmNSG
"properties": {
"securityRules": [
"name": "AllowSSH",
"properties": {
"protocol": "Tcp",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"destinationPortRange": "3389",
"sourcePortRange": "*",
"priority": 1000,
"direction": "Inbound"
"location": "eastus"
Create a NIC.
# @name vmNIC
"properties": {
"enableAcceleratedNetworking": true,
"networkSecurityGroup": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkSecurityGroups/{nsgName}"
"ipConfigurations": [
"name": "ipconfig1",
"properties": {
"subnet": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vNetName}/subnets/{subNetName}",
"publicIPAddress": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPAddresses/{pipName}"
"location": "eastus",
Create a Linux VM. The oSProfile
section contains some OS specific details. See the next code example for the Windows syntax.
# @name vm
"location": "eastus",
"properties": {
"hardwareProfile": {
"vmSize": "Standard_DS3_v2"
"storageProfile": {
"imageReference": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/images/{galleryImageName}/versions/{versionNumber}"
"osDisk": {
"caching": "ReadWrite",
"managedDisk": {
"storageAccountType": "StandardSSD_LRS"
"createOption": "FromImage"
"osProfile": {
"adminUsername": "{your-username}",
"computerName": "myVM",
"linuxConfiguration": {
"ssh": {
"publicKeys": [
"path": "/home/{your-username}/.ssh/authorized_keys",
"keyData": "{sshKey}",
"disablePasswordAuthentication": true
"networkProfile": {
"networkInterfaces": [
"id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkInterfaces/{nicName}",
Create a Windows VM.
# @name vm
"location": "eastus",
"properties": {
"hardwareProfile": {
"vmSize": "Standard_DS3_v2"
"storageProfile": {
"imageReference": {
"id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/images/{galleryImageName}/versions/{versionNumber}"
"osDisk": {
"caching": "ReadWrite",
"managedDisk": {
"storageAccountType": "StandardSSD_LRS"
"createOption": "FromImage"
"osProfile": {
"adminUsername": "{your-username}",
"computerName": "myVM",
"adminPassword": "{your-password}"
"networkProfile": {
"networkInterfaces": [
"id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkInterfaces/{nicName}",