Download a Windows VHD from Azure
Applies to: ✔️ Windows VMs
In this article, you learn how to download a Windows virtual hard disk (VHD) file from Azure using the Azure portal.
Optional: Generalize the VM
If you want to use the VHD as an image to create other VMs, you should use Sysprep to generalize the operating system. Otherwise, you will have to make a copy of the disk for each VM you want to create.
To use the VHD as an image to create other VMs, generalize the VM.
- If you haven't already done so, sign in to the Azure portal.
- Connect to the VM.
- On the VM, open the Command Prompt window as an administrator.
- Change the directory to %windir%\system32\sysprep and run sysprep.exe.
- In the System Preparation Tool dialog box, select Enter System Out-of-Box Experience (OOBE), and make sure that Generalize is selected.
- In Shutdown Options, select Shutdown, and then click OK.
If you don't want to generalize your current VM, you can still create a generalized image by first making a snapshot of the OS disk, creating a new VM from the snapshot, and then generalizing the copy.
Stop the VM
A VHD can’t be downloaded from Azure if it's attached to a running VM. If you want to keep the VM running, you can create a snapshot and then download the snapshot.
- On the Hub menu in the Azure portal, click Virtual Machines.
- Select the VM from the list.
- On the blade for the VM, click Stop.
Alternative: Snapshot the VM disk
Take a snapshot of the disk to download.
- Select the VM in the portal.
- Select Disks in the left menu and then select the disk you want to snapshot. The details of the disk will be displayed.
- Select Create Snapshot from the menu at the top of the page. The Create snapshot page will open.
- In Name, type a name for the snapshot.
- For Snapshot type, select Full or Incremental.
- When you are done, select Review + create.
Your snapshot will be created shortly, and can then be used to download or create another VM.
If you don't stop the VM first, the snapshot will not be clean. The snapshot will be in the same state as if the VM had been power cycled or crashed at the point in time when the snapshot was made. While usually safe, it could cause problems if the running applications running at the time were not crash resistant.
This method is only recommended for VMs with a single OS disk. VMs with one or more data disks should be stopped before download or before creating a snapshot for the OS disk and each data disk.
Secure downloads and uploads with Azure AD
If you're using Azure Active Directory (Azure AD) to control resource access, you can now use it to restrict uploads and downloads of Azure managed disks. This feature is available as a GA offering in all regions. When a user attempts to upload or download a disk, Azure validates the identity of the requesting user in Azure AD, and confirms that user has the required permissions. At a higher level, a system administrator could set a policy at the Azure account or subscription level, to ensure that all disks and snapshots must use Azure AD for uploads or downloads. If you have any questions on securing uploads or downloads with Azure AD, reach out to this email: azuredisks@microsoft .com
- VHDs can't be uploaded to empty snapshots.
- Azure Backup doesn't currently support disks secured with Azure AD.
- Install the latest Azure PowerShell module.
Assign RBAC role
To access managed disks secured with Azure AD, the requesting user must have either the Data Operator for Managed Disks role, or a custom role with the following permissions:
For detailed steps on assigning a role, see the following articles for portal, PowerShell, or CLI. To create or update a custom role, see the following articles for portal, PowerShell, or CLI.
Enable data access authentication mode
Enable data access authentication mode to restrict access to the disk. You can either enable it when creating the disk, or you can enable it on the Disk Export page for existing disks.
Generate download URL
To download the VHD file, you need to generate a shared access signature (SAS) URL. When the URL is generated, an expiration time is assigned to the URL.
- On the page for the VM, click Disks in the left menu.
- Select the operating system disk for the VM.
- On the page for the disk, select Disk Export from the left menu.
- The default expiration time of the URL is 3600 seconds (one hour). You may need to increase this for Windows OS disks or large data disks. 36000 seconds (10 hours) is usually sufficient.
- Click Generate URL.
The expiration time is increased from the default to provide enough time to download the large VHD file for a Windows Server operating system. Large VHDs can take up to several hours to download depending on your connection and the size of the VM.
If you're using Azure AD to secure managed disk downloads, the user downloading the VHD must have the appropriate RBAC permissions.
- Under the URL that was generated, click Download the VHD file.
- You may need to click Save in your browser to start the download. The default name for the VHD file is abcd.
Submit and view feedback for