Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
- Latest
- 2025-04-01
- 2024-11-01
- 2024-07-01
- 2024-03-01
- 2023-09-01
- 2023-07-01
- 2023-03-01
- 2022-11-01
- 2022-08-01
- 2022-03-01
- 2021-11-01
- 2021-07-01
- 2021-04-01
- 2021-03-01
- 2020-12-01
- 2020-06-01
- 2019-12-01
- 2019-07-01
- 2019-03-01
- 2018-10-01
- 2018-06-01
- 2018-04-01
- 2017-12-01
- 2017-03-30
- 2016-04-30-preview
- 2016-03-30
- 2015-06-15
Bicep resource definition
The virtualMachineScaleSets resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Compute/virtualMachineScaleSets resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Compute/virtualMachineScaleSets@2024-11-01' = {
scope: resourceSymbolicName or scope
extendedLocation: {
name: 'string'
type: 'string'
}
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
___location: 'string'
name: 'string'
plan: {
name: 'string'
product: 'string'
promotionCode: 'string'
publisher: 'string'
}
properties: {
additionalCapabilities: {
hibernationEnabled: bool
ultraSSDEnabled: bool
}
automaticRepairsPolicy: {
enabled: bool
gracePeriod: 'string'
repairAction: 'string'
}
constrainedMaximumCapacity: bool
doNotRunExtensionsOnOverprovisionedVMs: bool
hostGroup: {
id: 'string'
}
orchestrationMode: 'string'
overprovision: bool
platformFaultDomainCount: int
priorityMixPolicy: {
baseRegularPriorityCount: int
regularPriorityPercentageAboveBase: int
}
proximityPlacementGroup: {
id: 'string'
}
resiliencyPolicy: {
automaticZoneRebalancingPolicy: {
enabled: bool
rebalanceBehavior: 'string'
rebalanceStrategy: 'string'
}
resilientVMCreationPolicy: {
enabled: bool
}
resilientVMDeletionPolicy: {
enabled: bool
}
}
scaleInPolicy: {
forceDeletion: bool
prioritizeUnhealthyVMs: bool
rules: [
'string'
]
}
scheduledEventsPolicy: {
scheduledEventsAdditionalPublishingTargets: {
eventGridAndResourceGraph: {
enable: bool
}
}
userInitiatedReboot: {
automaticallyApprove: bool
}
userInitiatedRedeploy: {
automaticallyApprove: bool
}
}
singlePlacementGroup: bool
skuProfile: {
allocationStrategy: 'string'
vmSizes: [
{
name: 'string'
rank: int
}
]
}
spotRestorePolicy: {
enabled: bool
restoreTimeout: 'string'
}
upgradePolicy: {
automaticOSUpgradePolicy: {
disableAutomaticRollback: bool
enableAutomaticOSUpgrade: bool
osRollingUpgradeDeferral: bool
useRollingUpgradePolicy: bool
}
mode: 'string'
rollingUpgradePolicy: {
enableCrossZoneUpgrade: bool
maxBatchInstancePercent: int
maxSurge: bool
maxUnhealthyInstancePercent: int
maxUnhealthyUpgradedInstancePercent: int
pauseTimeBetweenBatches: 'string'
prioritizeUnhealthyInstances: bool
rollbackFailedInstancesOnPolicyBreach: bool
}
}
virtualMachineProfile: {
applicationProfile: {
galleryApplications: [
{
configurationReference: 'string'
enableAutomaticUpgrade: bool
order: int
packageReferenceId: 'string'
tags: 'string'
treatFailureAsDeploymentFailure: bool
}
]
}
billingProfile: {
maxPrice: int
}
capacityReservation: {
capacityReservationGroup: {
id: 'string'
}
}
diagnosticsProfile: {
bootDiagnostics: {
enabled: bool
storageUri: 'string'
}
}
evictionPolicy: 'string'
extensionProfile: {
extensions: [
{
name: 'string'
properties: {
autoUpgradeMinorVersion: bool
enableAutomaticUpgrade: bool
forceUpdateTag: 'string'
protectedSettings: any(...)
protectedSettingsFromKeyVault: {
secretUrl: 'string'
sourceVault: {
id: 'string'
}
}
provisionAfterExtensions: [
'string'
]
publisher: 'string'
settings: any(...)
suppressFailures: bool
type: 'string'
typeHandlerVersion: 'string'
}
}
]
extensionsTimeBudget: 'string'
}
hardwareProfile: {
vmSizeProperties: {
vCPUsAvailable: int
vCPUsPerCore: int
}
}
licenseType: 'string'
networkProfile: {
healthProbe: {
id: 'string'
}
networkApiVersion: 'string'
networkInterfaceConfigurations: [
{
name: 'string'
properties: {
auxiliaryMode: 'string'
auxiliarySku: 'string'
deleteOption: 'string'
disableTcpStateTracking: bool
dnsSettings: {
dnsServers: [
'string'
]
}
enableAcceleratedNetworking: bool
enableFpga: bool
enableIPForwarding: bool
ipConfigurations: [
{
name: 'string'
properties: {
applicationGatewayBackendAddressPools: [
{
id: 'string'
}
]
applicationSecurityGroups: [
{
id: 'string'
}
]
loadBalancerBackendAddressPools: [
{
id: 'string'
}
]
loadBalancerInboundNatPools: [
{
id: 'string'
}
]
primary: bool
privateIPAddressVersion: 'string'
publicIPAddressConfiguration: {
name: 'string'
properties: {
deleteOption: 'string'
dnsSettings: {
domainNameLabel: 'string'
domainNameLabelScope: 'string'
}
idleTimeoutInMinutes: int
ipTags: [
{
ipTagType: 'string'
tag: 'string'
}
]
publicIPAddressVersion: 'string'
publicIPPrefix: {
id: 'string'
}
}
sku: {
name: 'string'
tier: 'string'
}
}
subnet: {
id: 'string'
}
}
}
]
networkSecurityGroup: {
id: 'string'
}
primary: bool
}
}
]
}
osProfile: {
adminPassword: 'string'
adminUsername: 'string'
allowExtensionOperations: bool
computerNamePrefix: 'string'
customData: 'string'
linuxConfiguration: {
disablePasswordAuthentication: bool
enableVMAgentPlatformUpdates: bool
patchSettings: {
assessmentMode: 'string'
automaticByPlatformSettings: {
bypassPlatformSafetyChecksOnUserSchedule: bool
rebootSetting: 'string'
}
patchMode: 'string'
}
provisionVMAgent: bool
ssh: {
publicKeys: [
{
keyData: 'string'
path: 'string'
}
]
}
}
requireGuestProvisionSignal: bool
secrets: [
{
sourceVault: {
id: 'string'
}
vaultCertificates: [
{
certificateStore: 'string'
certificateUrl: 'string'
}
]
}
]
windowsConfiguration: {
additionalUnattendContent: [
{
componentName: 'Microsoft-Windows-Shell-Setup'
content: 'string'
passName: 'OobeSystem'
settingName: 'string'
}
]
enableAutomaticUpdates: bool
patchSettings: {
assessmentMode: 'string'
automaticByPlatformSettings: {
bypassPlatformSafetyChecksOnUserSchedule: bool
rebootSetting: 'string'
}
enableHotpatching: bool
patchMode: 'string'
}
provisionVMAgent: bool
timeZone: 'string'
winRM: {
listeners: [
{
certificateUrl: 'string'
protocol: 'string'
}
]
}
}
}
priority: 'string'
scheduledEventsProfile: {
osImageNotificationProfile: {
enable: bool
notBeforeTimeout: 'string'
}
terminateNotificationProfile: {
enable: bool
notBeforeTimeout: 'string'
}
}
securityPostureReference: {
excludeExtensions: [
'string'
]
id: 'string'
isOverridable: bool
}
securityProfile: {
encryptionAtHost: bool
encryptionIdentity: {
userAssignedIdentityResourceId: 'string'
}
proxyAgentSettings: {
enabled: bool
imds: {
inVMAccessControlProfileReferenceId: 'string'
mode: 'string'
}
keyIncarnationId: int
mode: 'string'
wireServer: {
inVMAccessControlProfileReferenceId: 'string'
mode: 'string'
}
}
securityType: 'string'
uefiSettings: {
secureBootEnabled: bool
vTpmEnabled: bool
}
}
serviceArtifactReference: {
id: 'string'
}
storageProfile: {
dataDisks: [
{
caching: 'string'
createOption: 'string'
deleteOption: 'string'
diskIOPSReadWrite: int
diskMBpsReadWrite: int
diskSizeGB: int
lun: int
managedDisk: {
diskEncryptionSet: {
id: 'string'
}
securityProfile: {
diskEncryptionSet: {
id: 'string'
}
securityEncryptionType: 'string'
}
storageAccountType: 'string'
}
name: 'string'
writeAcceleratorEnabled: bool
}
]
diskControllerType: 'string'
imageReference: {
communityGalleryImageId: 'string'
id: 'string'
offer: 'string'
publisher: 'string'
sharedGalleryImageId: 'string'
sku: 'string'
version: 'string'
}
osDisk: {
caching: 'string'
createOption: 'string'
deleteOption: 'string'
diffDiskSettings: {
option: 'string'
placement: 'string'
}
diskSizeGB: int
image: {
uri: 'string'
}
managedDisk: {
diskEncryptionSet: {
id: 'string'
}
securityProfile: {
diskEncryptionSet: {
id: 'string'
}
securityEncryptionType: 'string'
}
storageAccountType: 'string'
}
name: 'string'
osType: 'string'
vhdContainers: [
'string'
]
writeAcceleratorEnabled: bool
}
}
userData: 'string'
}
zonalPlatformFaultDomainAlignMode: 'string'
zoneBalance: bool
}
sku: {
capacity: int
name: 'string'
tier: 'string'
}
tags: {
{customized property}: 'string'
}
zones: [
'string'
]
}
Property Values
Microsoft.Compute/virtualMachineScaleSets
Name | Description | Value |
---|---|---|
extendedLocation | The extended ___location of the Virtual Machine Scale Set. | ExtendedLocation |
identity | The identity of the virtual machine scale set, if configured. | VirtualMachineScaleSetIdentity |
___location | The geo-___location where the resource lives | string (required) |
name | The resource name | string (required) |
plan | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. In the Azure portal, find the marketplace image that you want to use and then click Want to deploy programmatically, Get Started ->. Enter any required information and then click Save. | Plan |
properties | Describes the properties of a Virtual Machine Scale Set. | VirtualMachineScaleSetProperties |
scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the extension resource. |
sku | The virtual machine scale set sku. | Sku |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
zones | The availability zones. | string[] |
AdditionalCapabilities
Name | Description | Value |
---|---|---|
hibernationEnabled | The flag that enables or disables hibernation capability on the VM. | bool |
ultraSSDEnabled | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. | bool |
AdditionalUnattendContent
Name | Description | Value |
---|---|---|
componentName | The component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup. | 'Microsoft-Windows-Shell-Setup' |
content | Specifies the XML formatted content that is added to the unattend.xml file for the specified path and component. The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted. | string |
passName | The pass name. Currently, the only allowable value is OobeSystem. | 'OobeSystem' |
settingName | Specifies the name of the setting to which the content applies. Possible values are: FirstLogonCommands and AutoLogon. | 'AutoLogon' 'FirstLogonCommands' |
ApiEntityReference
Name | Description | Value |
---|---|---|
id | The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/... | string |
ApplicationProfile
Name | Description | Value |
---|---|---|
galleryApplications | Specifies the gallery applications that should be made available to the VM/VMSS | VMGalleryApplication[] |
AutomaticOSUpgradePolicy
Name | Description | Value |
---|---|---|
disableAutomaticRollback | Whether OS image rollback feature should be disabled. Default value is false. | bool |
enableAutomaticOSUpgrade | Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false. If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true. | bool |
osRollingUpgradeDeferral | Indicates whether Auto OS Upgrade should undergo deferral. Deferred OS upgrades will send advanced notifications on a per-VM basis that an OS upgrade from rolling upgrades is incoming, via the IMDS tag 'Platform.PendingOSUpgrade'. The upgrade then defers until the upgrade is approved via an ApproveRollingUpgrade call. | bool |
useRollingUpgradePolicy | Indicates whether rolling upgrade policy should be used during Auto OS Upgrade. Default value is false. Auto OS Upgrade will fallback to the default policy if no policy is defined on the VMSS. | bool |
AutomaticRepairsPolicy
Name | Description | Value |
---|---|---|
enabled | Specifies whether automatic repairs should be enabled on the virtual machine scale set. The default value is false. | bool |
gracePeriod | The amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 10 minutes (PT10M), which is also the default value. The maximum allowed grace period is 90 minutes (PT90M). | string |
repairAction | Type of repair action (replace, restart, reimage) that will be used for repairing unhealthy virtual machines in the scale set. Default value is replace. | 'Reimage' 'Replace' 'Restart' |
AutomaticZoneRebalancingPolicy
Name | Description | Value |
---|---|---|
enabled | Specifies whether Automatic AZ Balancing should be enabled on the virtual machine scale set. The default value is false. | bool |
rebalanceBehavior | Type of rebalance behavior that will be used for recreating virtual machines in the scale set across availability zones. Default and only supported value for now is CreateBeforeDelete. | 'CreateBeforeDelete' |
rebalanceStrategy | Type of rebalance strategy that will be used for rebalancing virtual machines in the scale set across availability zones. Default and only supported value for now is Recreate. | 'Recreate' |
BillingProfile
Name | Description | Value |
---|---|---|
maxPrice | Specifies the maximum price you are willing to pay for a Azure Spot VM/VMSS. This price is in US Dollars. This price will be compared with the current Azure Spot price for the VM size. Also, the prices are compared at the time of create/update of Azure Spot VM/VMSS and the operation will only succeed if the maxPrice is greater than the current Azure Spot price. The maxPrice will also be used for evicting a Azure Spot VM/VMSS if the current Azure Spot price goes beyond the maxPrice after creation of VM/VMSS. Possible values are: - Any decimal value greater than zero. Example: 0.01538 -1 – indicates default price to be up-to on-demand. You can set the maxPrice to -1 to indicate that the Azure Spot VM/VMSS should not be evicted for price reasons. Also, the default max price is -1 if it is not provided by you. Minimum api-version: 2019-03-01. |
int |
BootDiagnostics
Name | Description | Value |
---|---|---|
enabled | Whether boot diagnostics should be enabled on the Virtual Machine. | bool |
storageUri | Uri of the storage account to use for placing the console output and screenshot. If storageUri is not specified while enabling boot diagnostics, managed storage will be used. | string |
CapacityReservationProfile
Name | Description | Value |
---|---|---|
capacityReservationGroup | Specifies the capacity reservation group resource id that should be used for allocating the virtual machine or scaleset vm instances provided enough capacity has been reserved. Please refer to https://aka.ms/CapacityReservation for more details. | SubResource |
DiagnosticsProfile
Name | Description | Value |
---|---|---|
bootDiagnostics | Boot Diagnostics is a debugging feature which allows you to view Console Output and Screenshot to diagnose VM status. NOTE: If storageUri is being specified then ensure that the storage account is in the same region and subscription as the VM. You can easily view the output of your console log. Azure also enables you to see a screenshot of the VM from the hypervisor. | BootDiagnostics |
DiffDiskSettings
Name | Description | Value |
---|---|---|
option | Specifies the ephemeral disk settings for operating system disk. | 'Local' |
placement | Specifies the ephemeral disk placement for operating system disk. Possible values are: CacheDisk, ResourceDisk, NvmeDisk. The defaulting behavior is: CacheDisk if one is configured for the VM size otherwise ResourceDisk or NvmeDisk is used. Refer to the VM size documentation for Windows VM at /azure/virtual-machines/windows/sizes and Linux VM at /azure/virtual-machines/linux/sizes to check which VM sizes exposes a cache disk. Minimum api-version for NvmeDisk: 2024-03-01. | 'CacheDisk' 'NvmeDisk' 'ResourceDisk' |
DiskEncryptionSetParameters
Name | Description | Value |
---|---|---|
id | Resource Id | string |
EncryptionIdentity
Name | Description | Value |
---|---|---|
userAssignedIdentityResourceId | Specifies ARM Resource ID of one of the user identities associated with the VM. | string |
EventGridAndResourceGraph
Name | Description | Value |
---|---|---|
enable | Specifies if event grid and resource graph is enabled for Scheduled event related configurations. | bool |
ExtendedLocation
Name | Description | Value |
---|---|---|
name | The name of the extended ___location. | string |
type | The type of the extended ___location. | 'EdgeZone' |
HostEndpointSettings
Name | Description | Value |
---|---|---|
inVMAccessControlProfileReferenceId | Specifies the InVMAccessControlProfileVersion resource id in the format of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/inVMAccessControlProfiles/{profile}/versions/{version} | string |
mode | Specifies the execution mode. In Audit mode, the system acts as if it is enforcing the access control policy, including emitting access denial entries in the logs but it does not actually deny any requests to host endpoints. In Enforce mode, the system will enforce the access control and it is the recommended mode of operation. | 'Audit' 'Disabled' 'Enforce' |
ImageReference
Name | Description | Value |
---|---|---|
communityGalleryImageId | Specified the community gallery image unique id for vm deployment. This can be fetched from community gallery image GET call. | string |
id | Resource Id | string |
offer | Specifies the offer of the platform image or marketplace image used to create the virtual machine. | string |
publisher | The image publisher. | string |
sharedGalleryImageId | Specified the shared gallery image unique id for vm deployment. This can be fetched from shared gallery image GET call. | string |
sku | The image SKU. | string |
version | Specifies the version of the platform image or marketplace image used to create the virtual machine. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available. Please do not use field 'version' for gallery image deployment, gallery image should always use 'id' field for deployment, to use 'latest' version of gallery image, just set '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/images/{imageName}' in the 'id' field without version input. | string |
KeyVaultSecretReference
Name | Description | Value |
---|---|---|
secretUrl | The URL referencing a secret in a Key Vault. | string (required) |
sourceVault | The relative URL of the Key Vault containing the secret. | SubResource (required) |
LinuxConfiguration
Name | Description | Value |
---|---|---|
disablePasswordAuthentication | Specifies whether password authentication should be disabled. | bool |
enableVMAgentPlatformUpdates | Indicates whether VMAgent Platform Updates is enabled for the Linux virtual machine. Default value is false. | bool |
patchSettings | [Preview Feature] Specifies settings related to VM Guest Patching on Linux. | LinuxPatchSettings |
provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. | bool |
ssh | Specifies the ssh key configuration for a Linux OS. | SshConfiguration |
LinuxPatchSettings
Name | Description | Value |
---|---|---|
assessmentMode | Specifies the mode of VM Guest Patch Assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. |
'AutomaticByPlatform' 'ImageDefault' |
automaticByPlatformSettings | Specifies additional settings for patch mode AutomaticByPlatform in VM Guest Patching on Linux. | LinuxVMGuestPatchAutomaticByPlatformSettings |
patchMode | Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: ImageDefault - The virtual machine's default patching configuration is used. AutomaticByPlatform - The virtual machine will be automatically updated by the platform. The property provisionVMAgent must be true |
'AutomaticByPlatform' 'ImageDefault' |
LinuxVMGuestPatchAutomaticByPlatformSettings
Name | Description | Value |
---|---|---|
bypassPlatformSafetyChecksOnUserSchedule | Enables customer to schedule patching without accidental upgrades | bool |
rebootSetting | Specifies the reboot setting for all AutomaticByPlatform patch installation operations. | 'Always' 'IfRequired' 'Never' 'Unknown' |
OSImageNotificationProfile
Name | Description | Value |
---|---|---|
enable | Specifies whether the OS Image Scheduled event is enabled or disabled. | bool |
notBeforeTimeout | Length of time a Virtual Machine being reimaged or having its OS upgraded will have to potentially approve the OS Image Scheduled Event before the event is auto approved (timed out). The configuration is specified in ISO 8601 format, and the value must be 15 minutes (PT15M) | string |
PatchSettings
Name | Description | Value |
---|---|---|
assessmentMode | Specifies the mode of VM Guest patch assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. |
'AutomaticByPlatform' 'ImageDefault' |
automaticByPlatformSettings | Specifies additional settings for patch mode AutomaticByPlatform in VM Guest Patching on Windows. | WindowsVMGuestPatchAutomaticByPlatformSettings |
enableHotpatching | Enables customers to patch their Azure VMs without requiring a reboot. For enableHotpatching, the 'provisionVMAgent' must be set to true and 'patchMode' must be set to 'AutomaticByPlatform'. | bool |
patchMode | Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: Manual - You control the application of patches to a virtual machine. You do this by applying patches manually inside the VM. In this mode, automatic updates are disabled; the property WindowsConfiguration.enableAutomaticUpdates must be false AutomaticByOS - The virtual machine will automatically be updated by the OS. The property WindowsConfiguration.enableAutomaticUpdates must be true. AutomaticByPlatform - the virtual machine will automatically updated by the platform. The properties provisionVMAgent and WindowsConfiguration.enableAutomaticUpdates must be true |
'AutomaticByOS' 'AutomaticByPlatform' 'Manual' |
Plan
Name | Description | Value |
---|---|---|
name | The plan ID. | string |
product | Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. | string |
promotionCode | The promotion code. | string |
publisher | The publisher ID. | string |
PriorityMixPolicy
Name | Description | Value |
---|---|---|
baseRegularPriorityCount | The base number of regular priority VMs that will be created in this scale set as it scales out. | int |
regularPriorityPercentageAboveBase | The percentage of VM instances, after the base regular priority count has been reached, that are expected to use regular priority. | int Constraints: Max value = 100 |
ProxyAgentSettings
Name | Description | Value |
---|---|---|
enabled | Specifies whether ProxyAgent feature should be enabled on the virtual machine or virtual machine scale set. | bool |
imds | Specifies the IMDS endpoint settings while creating the virtual machine or virtual machine scale set. Minimum api-version: 2024-03-01. | HostEndpointSettings |
keyIncarnationId | Increase the value of this property allows users to reset the key used for securing communication channel between guest and host. | int |
mode | Specifies the mode that ProxyAgent will execute on. Warning: this property has been deprecated, please specify 'mode' under particular hostendpoint setting. | 'Audit' 'Enforce' |
wireServer | Specifies the Wire Server endpoint settings while creating the virtual machine or virtual machine scale set. Minimum api-version: 2024-03-01. | HostEndpointSettings |
PublicIPAddressSku
Name | Description | Value |
---|---|---|
name | Specify public IP sku name | 'Basic' 'Standard' |
tier | Specify public IP sku tier | 'Global' 'Regional' |
ResiliencyPolicy
Name | Description | Value |
---|---|---|
automaticZoneRebalancingPolicy | The configuration parameters used while performing automatic AZ balancing. | AutomaticZoneRebalancingPolicy |
resilientVMCreationPolicy | The configuration parameters used while performing resilient VM creation. | ResilientVMCreationPolicy |
resilientVMDeletionPolicy | The configuration parameters used while performing resilient VM deletion. | ResilientVMDeletionPolicy |
ResilientVMCreationPolicy
Name | Description | Value |
---|---|---|
enabled | Specifies whether resilient VM creation should be enabled on the virtual machine scale set. The default value is false. | bool |
ResilientVMDeletionPolicy
Name | Description | Value |
---|---|---|
enabled | Specifies whether resilient VM deletion should be enabled on the virtual machine scale set. The default value is false. | bool |
RollingUpgradePolicy
Name | Description | Value |
---|---|---|
enableCrossZoneUpgrade | Allow VMSS to ignore AZ boundaries when constructing upgrade batches. Take into consideration the Update Domain and maxBatchInstancePercent to determine the batch size. | bool |
maxBatchInstancePercent | The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. The default value for this parameter is 20%. | int Constraints: Min value = 5 Max value = 100 |
maxSurge | Create new virtual machines to upgrade the scale set, rather than updating the existing virtual machines. Existing virtual machines will be deleted once the new virtual machines are created for each batch. | bool |
maxUnhealthyInstancePercent | The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. The default value for this parameter is 20%. | int Constraints: Min value = 5 Max value = 100 |
maxUnhealthyUpgradedInstancePercent | The maximum percentage of upgraded virtual machine instances that can be found to be in an unhealthy state. This check will happen after each batch is upgraded. If this percentage is ever exceeded, the rolling update aborts. The default value for this parameter is 20%. | int Constraints: Max value = 100 |
pauseTimeBetweenBatches | The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. The default value is 0 seconds (PT0S). | string |
prioritizeUnhealthyInstances | Upgrade all unhealthy instances in a scale set before any healthy instances. | bool |
rollbackFailedInstancesOnPolicyBreach | Rollback failed instances to previous model if the Rolling Upgrade policy is violated. | bool |
ScaleInPolicy
Name | Description | Value |
---|---|---|
forceDeletion | This property allows you to specify if virtual machines chosen for removal have to be force deleted when a virtual machine scale set is being scaled-in.(Feature in Preview) | bool |
prioritizeUnhealthyVMs | This property allows you to prioritize the deletion of unhealthy and inactive VMs when a virtual machine scale set is being scaled-in.(Feature in Preview) | bool |
rules | The rules to be followed when scaling-in a virtual machine scale set. Possible values are: Default When a virtual machine scale set is scaled in, the scale set will first be balanced across zones if it is a zonal scale set. Then, it will be balanced across Fault Domains as far as possible. Within each Fault Domain, the virtual machines chosen for removal will be the newest ones that are not protected from scale-in. OldestVM When a virtual machine scale set is being scaled-in, the oldest virtual machines that are not protected from scale-in will be chosen for removal. For zonal virtual machine scale sets, the scale set will first be balanced across zones. Within each zone, the oldest virtual machines that are not protected will be chosen for removal. NewestVM When a virtual machine scale set is being scaled-in, the newest virtual machines that are not protected from scale-in will be chosen for removal. For zonal virtual machine scale sets, the scale set will first be balanced across zones. Within each zone, the newest virtual machines that are not protected will be chosen for removal. |
String array containing any of: 'Default' 'NewestVM' 'OldestVM' |
ScheduledEventsAdditionalPublishingTargets
Name | Description | Value |
---|---|---|
eventGridAndResourceGraph | The configuration parameters used while creating eventGridAndResourceGraph Scheduled Event setting. | EventGridAndResourceGraph |
ScheduledEventsPolicy
Name | Description | Value |
---|---|---|
scheduledEventsAdditionalPublishingTargets | The configuration parameters used while publishing scheduledEventsAdditionalPublishingTargets. | ScheduledEventsAdditionalPublishingTargets |
userInitiatedReboot | The configuration parameters used while creating userInitiatedReboot scheduled event setting creation. | UserInitiatedReboot |
userInitiatedRedeploy | The configuration parameters used while creating userInitiatedRedeploy scheduled event setting creation. | UserInitiatedRedeploy |
ScheduledEventsProfile
Name | Description | Value |
---|---|---|
osImageNotificationProfile | Specifies OS Image Scheduled Event related configurations. | OSImageNotificationProfile |
terminateNotificationProfile | Specifies Terminate Scheduled Event related configurations. | TerminateNotificationProfile |
SecurityPostureReference
Name | Description | Value |
---|---|---|
excludeExtensions | The list of virtual machine extension names to exclude when applying the security posture. | string[] |
id | The security posture reference id in the form of /CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|latest | string (required) |
isOverridable | Whether the security posture can be overridden by the user. | bool |
SecurityProfile
Name | Description | Value |
---|---|---|
encryptionAtHost | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. The default behavior is: The Encryption at host will be disabled unless this property is set to true for the resource. | bool |
encryptionIdentity | Specifies the Managed Identity used by ADE to get access token for keyvault operations. | EncryptionIdentity |
proxyAgentSettings | Specifies ProxyAgent settings while creating the virtual machine. Minimum api-version: 2023-09-01. | ProxyAgentSettings |
securityType | Specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UefiSettings. The default behavior is: UefiSettings will not be enabled unless this property is set. | 'ConfidentialVM' 'TrustedLaunch' |
uefiSettings | Specifies the security settings like secure boot and vTPM used while creating the virtual machine. Minimum api-version: 2020-12-01. | UefiSettings |
ServiceArtifactReference
Name | Description | Value |
---|---|---|
id | The service artifact reference id in the form of /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/galleries/{galleryName}/serviceArtifacts/{serviceArtifactName}/vmArtifactsProfiles/{vmArtifactsProfilesName} | string |
Sku
Name | Description | Value |
---|---|---|
capacity | Specifies the number of virtual machines in the scale set. | int |
name | The sku name. | string |
tier | Specifies the tier of virtual machines in a scale set. Possible Values: Standard Basic |
string |
SkuProfile
Name | Description | Value |
---|---|---|
allocationStrategy | Specifies the allocation strategy for the virtual machine scale set based on which the VMs will be allocated. | 'CapacityOptimized' 'LowestPrice' 'Prioritized' |
vmSizes | Specifies the VM sizes for the virtual machine scale set. | SkuProfileVMSize[] |
SkuProfileVMSize
Name | Description | Value |
---|---|---|
name | Specifies the name of the VM Size. | string |
rank | Specifies the rank (a.k.a priority) associated with the VM Size. | int |
SpotRestorePolicy
Name | Description | Value |
---|---|---|
enabled | Enables the Spot-Try-Restore feature where evicted VMSS SPOT instances will be tried to be restored opportunistically based on capacity availability and pricing constraints | bool |
restoreTimeout | Timeout value expressed as an ISO 8601 time duration after which the platform will not try to restore the VMSS SPOT instances | string |
SshConfiguration
Name | Description | Value |
---|---|---|
publicKeys | The list of SSH public keys used to authenticate with linux based VMs. | SshPublicKey[] |
SshPublicKey
Name | Description | Value |
---|---|---|
keyData | SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format. For creating ssh keys, see [Create SSH keys on Linux and Mac for Linux VMs in Azure]/azure/virtual-machines/linux/create-ssh-keys-detailed). | string |
path | Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys | string |
SubResource
Name | Description | Value |
---|---|---|
id | Resource Id | string |
TerminateNotificationProfile
Name | Description | Value |
---|---|---|
enable | Specifies whether the Terminate Scheduled event is enabled or disabled. | bool |
notBeforeTimeout | Configurable length of time a Virtual Machine being deleted will have to potentially approve the Terminate Scheduled Event before the event is auto approved (timed out). The configuration must be specified in ISO 8601 format, the default value is 5 minutes (PT5M) | string |
TrackedResourceTags
Name | Description | Value |
---|
UefiSettings
Name | Description | Value |
---|---|---|
secureBootEnabled | Specifies whether secure boot should be enabled on the virtual machine. Minimum api-version: 2020-12-01. | bool |
vTpmEnabled | Specifies whether vTPM should be enabled on the virtual machine. Minimum api-version: 2020-12-01. | bool |
UpgradePolicy
Name | Description | Value |
---|---|---|
automaticOSUpgradePolicy | Configuration parameters used for performing automatic OS Upgrade. | AutomaticOSUpgradePolicy |
mode | Specifies the mode of an upgrade to virtual machines in the scale set. Possible values are: Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. Automatic - All virtual machines in the scale set are automatically updated at the same time. |
'Automatic' 'Manual' 'Rolling' |
rollingUpgradePolicy | The configuration parameters used while performing a rolling upgrade. | RollingUpgradePolicy |
UserAssignedIdentitiesValue
Name | Description | Value |
---|
UserInitiatedReboot
Name | Description | Value |
---|---|---|
automaticallyApprove | Specifies Reboot Scheduled Event related configurations. | bool |
UserInitiatedRedeploy
Name | Description | Value |
---|---|---|
automaticallyApprove | Specifies Redeploy Scheduled Event related configurations. | bool |
VaultCertificate
Name | Description | Value |
---|---|---|
certificateStore | For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account. For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted. | string |
certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"<Base64-encoded-certificate>", "dataType":"pfx", "password":"<pfx-file-password>" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
string |
VaultSecretGroup
Name | Description | Value |
---|---|---|
sourceVault | The relative URL of the Key Vault containing all of the certificates in VaultCertificates. | SubResource |
vaultCertificates | The list of key vault references in SourceVault which contain certificates. | VaultCertificate[] |
VirtualHardDisk
Name | Description | Value |
---|---|---|
uri | Specifies the virtual hard disk's uri. | string |
VirtualMachineScaleSetDataDisk
Name | Description | Value |
---|---|---|
caching | Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The default values are: None for Standard storage. ReadOnly for Premium storage. | 'None' 'ReadOnly' 'ReadWrite' |
createOption | The create option. | 'Attach' 'Copy' 'Empty' 'FromImage' 'Restore' (required) |
deleteOption | Specifies whether data disk should be deleted or detached upon VMSS Flex deletion (This feature is available for VMSS with Flexible OrchestrationMode only). Possible values: Delete If this value is used, the data disk is deleted when the VMSS Flex VM is deleted. Detach If this value is used, the data disk is retained after VMSS Flex VM is deleted. The default value is set to Delete. |
'Delete' 'Detach' |
diskIOPSReadWrite | Specifies the Read-Write IOPS for the managed disk. Should be used only when StorageAccountType is UltraSSD_LRS. If not specified, a default value would be assigned based on diskSizeGB. | int |
diskMBpsReadWrite | Specifies the bandwidth in MB per second for the managed disk. Should be used only when StorageAccountType is UltraSSD_LRS. If not specified, a default value would be assigned based on diskSizeGB. | int |
diskSizeGB | Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property diskSizeGB is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023. | int |
lun | Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. | int (required) |
managedDisk | The managed disk parameters. | VirtualMachineScaleSetManagedDiskParameters |
name | The disk name. | string |
writeAcceleratorEnabled | Specifies whether writeAccelerator should be enabled or disabled on the disk. | bool |
VirtualMachineScaleSetExtension
Name | Description | Value |
---|---|---|
name | Resource name | string |
properties | Describes the properties of a Virtual Machine Scale Set Extension. | VirtualMachineScaleSetExtensionProperties |
VirtualMachineScaleSetExtensionProfile
Name | Description | Value |
---|---|---|
extensions | The virtual machine scale set child extension resources. | VirtualMachineScaleSetExtension[] |
extensionsTimeBudget | Specifies the time alloted for all extensions to start. The time duration should be between 15 minutes and 120 minutes (inclusive) and should be specified in ISO 8601 format. The default value is 90 minutes (PT1H30M). Minimum api-version: 2020-06-01. | string |
VirtualMachineScaleSetExtensionProperties
Name | Description | Value |
---|---|---|
autoUpgradeMinorVersion | Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. | bool |
enableAutomaticUpgrade | Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. | bool |
forceUpdateTag | If a value is provided and is different from the previous value, the extension handler will be forced to update even if the extension configuration has not changed. | string |
protectedSettings | The extension can contain either protectedSettings or protectedSettingsFromKeyVault or no protected settings at all. | any |
protectedSettingsFromKeyVault | The extensions protected settings that are passed by reference, and consumed from key vault | KeyVaultSecretReference |
provisionAfterExtensions | Collection of extension names after which this extension needs to be provisioned. | string[] |
publisher | The name of the extension handler publisher. | string |
settings | Json formatted public settings for the extension. | any |
suppressFailures | Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. | bool |
type | Specifies the type of the extension; an example is "CustomScriptExtension". | string |
typeHandlerVersion | Specifies the version of the script handler. | string |
VirtualMachineScaleSetHardwareProfile
Name | Description | Value |
---|---|---|
vmSizeProperties | Specifies the properties for customizing the size of the virtual machine. Minimum api-version: 2021-11-01. Please follow the instructions in VM Customization for more details. | VMSizeProperties |
VirtualMachineScaleSetIdentity
Name | Description | Value |
---|---|---|
type | The type of identity used for the virtual machine scale set. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine scale set. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
userAssignedIdentities | The list of user identities associated with the virtual machine scale set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | VirtualMachineScaleSetIdentityUserAssignedIdentities |
VirtualMachineScaleSetIdentityUserAssignedIdentities
Name | Description | Value |
---|
VirtualMachineScaleSetIPConfiguration
Name | Description | Value |
---|---|---|
name | The IP configuration name. | string (required) |
properties | Describes a virtual machine scale set network profile's IP configuration properties. | VirtualMachineScaleSetIPConfigurationProperties |
VirtualMachineScaleSetIPConfigurationProperties
Name | Description | Value |
---|---|---|
applicationGatewayBackendAddressPools | Specifies an array of references to backend address pools of application gateways. A scale set can reference backend address pools of multiple application gateways. Multiple scale sets cannot use the same application gateway. | SubResource[] |
applicationSecurityGroups | Specifies an array of references to application security group. | SubResource[] |
loadBalancerBackendAddressPools | Specifies an array of references to backend address pools of load balancers. A scale set can reference backend address pools of one public and one internal load balancer. Multiple scale sets cannot use the same basic sku load balancer. | SubResource[] |
loadBalancerInboundNatPools | Specifies an array of references to inbound Nat pools of the load balancers. A scale set can reference inbound nat pools of one public and one internal load balancer. Multiple scale sets cannot use the same basic sku load balancer. | SubResource[] |
primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
privateIPAddressVersion | Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | 'IPv4' 'IPv6' |
publicIPAddressConfiguration | The publicIPAddressConfiguration. | VirtualMachineScaleSetPublicIPAddressConfiguration |
subnet | Specifies the identifier of the subnet. | ApiEntityReference |
VirtualMachineScaleSetIpTag
Name | Description | Value |
---|---|---|
ipTagType | IP tag type. Example: FirstPartyUsage. | string |
tag | IP tag associated with the public IP. Example: SQL, Storage etc. | string |
VirtualMachineScaleSetManagedDiskParameters
Name | Description | Value |
---|---|---|
diskEncryptionSet | Specifies the customer managed disk encryption set resource id for the managed disk. | DiskEncryptionSetParameters |
securityProfile | Specifies the security profile for the managed disk. | VMDiskSecurityProfile |
storageAccountType | Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. | 'PremiumV2_LRS' 'Premium_LRS' 'Premium_ZRS' 'StandardSSD_LRS' 'StandardSSD_ZRS' 'Standard_LRS' 'UltraSSD_LRS' |
VirtualMachineScaleSetNetworkConfiguration
Name | Description | Value |
---|---|---|
name | The network configuration name. | string (required) |
properties | Describes a virtual machine scale set network profile's IP configuration. | VirtualMachineScaleSetNetworkConfigurationProperties |
VirtualMachineScaleSetNetworkConfigurationDnsSettings
Name | Description | Value |
---|---|---|
dnsServers | List of DNS servers IP addresses | string[] |
VirtualMachineScaleSetNetworkConfigurationProperties
Name | Description | Value |
---|---|---|
auxiliaryMode | Specifies whether the Auxiliary mode is enabled for the Network Interface resource. | 'AcceleratedConnections' 'Floating' 'None' |
auxiliarySku | Specifies whether the Auxiliary sku is enabled for the Network Interface resource. | 'A1' 'A2' 'A4' 'A8' 'None' |
deleteOption | Specify what happens to the network interface when the VM is deleted | 'Delete' 'Detach' |
disableTcpStateTracking | Specifies whether the network interface is disabled for tcp state tracking. | bool |
dnsSettings | The dns settings to be applied on the network interfaces. | VirtualMachineScaleSetNetworkConfigurationDnsSettings |
enableAcceleratedNetworking | Specifies whether the network interface is accelerated networking-enabled. | bool |
enableFpga | Specifies whether the network interface is FPGA networking-enabled. | bool |
enableIPForwarding | Whether IP forwarding enabled on this NIC. | bool |
ipConfigurations | Specifies the IP configurations of the network interface. | VirtualMachineScaleSetIPConfiguration[] (required) |
networkSecurityGroup | The network security group. | SubResource |
primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
VirtualMachineScaleSetNetworkProfile
Name | Description | Value |
---|---|---|
healthProbe | A reference to a load balancer probe used to determine the health of an instance in the virtual machine scale set. The reference will be in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/loadBalancers/{loadBalancerName}/probes/{probeName}'. | ApiEntityReference |
networkApiVersion | specifies the Microsoft.Network API version used when creating networking resources in the Network Interface Configurations for Virtual Machine Scale Set with orchestration mode 'Flexible' | '2020-11-01' '2022-11-01' |
networkInterfaceConfigurations | The list of network configurations. | VirtualMachineScaleSetNetworkConfiguration[] |
VirtualMachineScaleSetOSDisk
Name | Description | Value |
---|---|---|
caching | Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The default values are: None for Standard storage. ReadOnly for Premium storage. | 'None' 'ReadOnly' 'ReadWrite' |
createOption | Specifies how the virtual machines in the scale set should be created. The only allowed value is: FromImage. This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described. | 'Attach' 'Copy' 'Empty' 'FromImage' 'Restore' (required) |
deleteOption | Specifies whether OS Disk should be deleted or detached upon VMSS Flex deletion (This feature is available for VMSS with Flexible OrchestrationMode only). Possible values: Delete If this value is used, the OS disk is deleted when VMSS Flex VM is deleted. Detach If this value is used, the OS disk is retained after VMSS Flex VM is deleted. The default value is set to Delete. For an Ephemeral OS Disk, the default value is set to Delete. User cannot change the delete option for Ephemeral OS Disk. |
'Delete' 'Detach' |
diffDiskSettings | Specifies the ephemeral disk Settings for the operating system disk used by the virtual machine scale set. | DiffDiskSettings |
diskSizeGB | Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property 'diskSizeGB' is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023. | int |
image | Specifies information about the unmanaged user image to base the scale set on. | VirtualHardDisk |
managedDisk | The managed disk parameters. | VirtualMachineScaleSetManagedDiskParameters |
name | The disk name. | string |
osType | This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD. Possible values are: Windows, Linux. | 'Linux' 'Windows' |
vhdContainers | Specifies the container urls that are used to store operating system disks for the scale set. | string[] |
writeAcceleratorEnabled | Specifies whether writeAccelerator should be enabled or disabled on the disk. | bool |
VirtualMachineScaleSetOSProfile
Name | Description | Value |
---|---|---|
adminPassword | Specifies the password of the administrator account. Minimum-length (Windows): 8 characters Minimum-length (Linux): 6 characters Max-length (Windows): 123 characters Max-length (Linux): 72 characters Complexity requirements: 3 out of 4 conditions below need to be fulfilled Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_]) Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!" For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension |
string Constraints: Sensitive value. Pass in as a secure parameter. |
adminUsername | Specifies the name of the administrator account. Windows-only restriction: Cannot end in "." Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". Minimum-length (Linux): 1 character Max-length (Linux): 64 characters Max-length (Windows): 20 characters |
string |
allowExtensionOperations | Specifies whether extension operations should be allowed on the virtual machine scale set. This may only be set to False when no extensions are present on the virtual machine scale set. | bool |
computerNamePrefix | Specifies the computer name prefix for all of the virtual machines in the scale set. Computer name prefixes must be 1 to 15 characters long. | string |
customData | Specifies a base-64 encoded string of custom data. The base-64 encoded string is decoded to a binary array that is saved as a file on the Virtual Machine. The maximum length of the binary array is 65535 bytes. For using cloud-init for your VM, see Using cloud-init to customize a Linux VM during creation | string |
linuxConfiguration | Specifies the Linux operating system settings on the virtual machine. For a list of supported Linux distributions, see Linux on Azure-Endorsed Distributions. | LinuxConfiguration |
requireGuestProvisionSignal | Optional property which must either be set to True or omitted. | bool |
secrets | Specifies set of certificates that should be installed onto the virtual machines in the scale set. To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. | VaultSecretGroup[] |
windowsConfiguration | Specifies Windows operating system settings on the virtual machine. | WindowsConfiguration |
VirtualMachineScaleSetProperties
Name | Description | Value |
---|---|---|
additionalCapabilities | Specifies additional capabilities enabled or disabled on the Virtual Machines in the Virtual Machine Scale Set. For instance: whether the Virtual Machines have the capability to support attaching managed data disks with UltraSSD_LRS storage account type. | AdditionalCapabilities |
automaticRepairsPolicy | Policy for automatic repairs. | AutomaticRepairsPolicy |
constrainedMaximumCapacity | Optional property which must either be set to True or omitted. | bool |
doNotRunExtensionsOnOverprovisionedVMs | When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs. | bool |
hostGroup | Specifies information about the dedicated host group that the virtual machine scale set resides in. Minimum api-version: 2020-06-01. | SubResource |
orchestrationMode | Specifies the orchestration mode for the virtual machine scale set. | 'Flexible' 'Uniform' |
overprovision | Specifies whether the Virtual Machine Scale Set should be overprovisioned. | bool |
platformFaultDomainCount | Fault Domain count for each placement group. | int |
priorityMixPolicy | Specifies the desired targets for mixing Spot and Regular priority VMs within the same VMSS Flex instance. | PriorityMixPolicy |
proximityPlacementGroup | Specifies information about the proximity placement group that the virtual machine scale set should be assigned to. Minimum api-version: 2018-04-01. | SubResource |
resiliencyPolicy | Policy for Resiliency | ResiliencyPolicy |
scaleInPolicy | Specifies the policies applied when scaling in Virtual Machines in the Virtual Machine Scale Set. | ScaleInPolicy |
scheduledEventsPolicy | The ScheduledEventsPolicy. | ScheduledEventsPolicy |
singlePlacementGroup | When true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true. | bool |
skuProfile | Specifies the sku profile for the virtual machine scale set. | SkuProfile |
spotRestorePolicy | Specifies the Spot Restore properties for the virtual machine scale set. | SpotRestorePolicy |
upgradePolicy | The upgrade policy. | UpgradePolicy |
virtualMachineProfile | The virtual machine profile. | VirtualMachineScaleSetVMProfile |
zonalPlatformFaultDomainAlignMode | Specifies the align mode between Virtual Machine Scale Set compute and storage Fault Domain count. | 'Aligned' 'Unaligned' |
zoneBalance | Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage. zoneBalance property can only be set if the zones property of the scale set contains more than one zone. If there are no zones or only one zone specified, then zoneBalance property should not be set. | bool |
VirtualMachineScaleSetPublicIPAddressConfiguration
Name | Description | Value |
---|---|---|
name | The publicIP address configuration name. | string (required) |
properties | Describes a virtual machines scale set IP Configuration's PublicIPAddress configuration | VirtualMachineScaleSetPublicIPAddressConfigurationProperties |
sku | Describes the public IP Sku. It can only be set with OrchestrationMode as Flexible. | PublicIPAddressSku |
VirtualMachineScaleSetPublicIPAddressConfigurationDnsSettings
Name | Description | Value |
---|---|---|
domainNameLabel | The Domain name label.The concatenation of the ___domain name label and vm index will be the ___domain name labels of the PublicIPAddress resources that will be created | string (required) |
domainNameLabelScope | The Domain name label scope.The concatenation of the hashed ___domain name label that generated according to the policy from ___domain name label scope and vm index will be the ___domain name labels of the PublicIPAddress resources that will be created | 'NoReuse' 'ResourceGroupReuse' 'SubscriptionReuse' 'TenantReuse' |
VirtualMachineScaleSetPublicIPAddressConfigurationProperties
Name | Description | Value |
---|---|---|
deleteOption | Specify what happens to the public IP when the VM is deleted | 'Delete' 'Detach' |
dnsSettings | The dns settings to be applied on the publicIP addresses . | VirtualMachineScaleSetPublicIPAddressConfigurationDnsSettings |
idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
ipTags | The list of IP tags associated with the public IP address. | VirtualMachineScaleSetIpTag[] |
publicIPAddressVersion | Available from Api-Version 2019-07-01 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | 'IPv4' 'IPv6' |
publicIPPrefix | The PublicIPPrefix from which to allocate publicIP addresses. | SubResource |
VirtualMachineScaleSetStorageProfile
Name | Description | Value |
---|---|---|
dataDisks | Specifies the parameters that are used to add data disks to the virtual machines in the scale set. For more information about disks, see About disks and VHDs for Azure virtual machines. | VirtualMachineScaleSetDataDisk[] |
diskControllerType | Specifies the disk controller type configured for the virtual machines in the scale set. Minimum api-version: 2022-08-01 | 'NVMe' 'SCSI' |
imageReference | Specifies information about the image to use. You can specify information about platform images, marketplace images, or virtual machine images. This element is required when you want to use a platform image, marketplace image, or virtual machine image, but is not used in other creation operations. | ImageReference |
osDisk | Specifies information about the operating system disk used by the virtual machines in the scale set. For more information about disks, see About disks and VHDs for Azure virtual machines. | VirtualMachineScaleSetOSDisk |
VirtualMachineScaleSetVMProfile
Name | Description | Value |
---|---|---|
applicationProfile | Specifies the gallery applications that should be made available to the VM/VMSS | ApplicationProfile |
billingProfile | Specifies the billing related details of a Azure Spot VMSS. Minimum api-version: 2019-03-01. | BillingProfile |
capacityReservation | Specifies the capacity reservation related details of a scale set. Minimum api-version: 2021-04-01. | CapacityReservationProfile |
diagnosticsProfile | Specifies the boot diagnostic settings state. Minimum api-version: 2015-06-15. | DiagnosticsProfile |
evictionPolicy | Specifies the eviction policy for the Azure Spot virtual machine and Azure Spot scale set. For Azure Spot virtual machines, both 'Deallocate' and 'Delete' are supported and the minimum api-version is 2019-03-01. For Azure Spot scale sets, both 'Deallocate' and 'Delete' are supported and the minimum api-version is 2017-10-30-preview. | 'Deallocate' 'Delete' |
extensionProfile | Specifies a collection of settings for extensions installed on virtual machines in the scale set. | VirtualMachineScaleSetExtensionProfile |
hardwareProfile | Specifies the hardware profile related details of a scale set. Minimum api-version: 2021-11-01. | VirtualMachineScaleSetHardwareProfile |
licenseType | Specifies that the image or disk that is being used was licensed on-premises. Possible values for Windows Server operating system are: Windows_Client Windows_Server Possible values for Linux Server operating system are: RHEL_BYOS (for RHEL) SLES_BYOS (for SUSE) For more information, see Azure Hybrid Use Benefit for Windows Server Azure Hybrid Use Benefit for Linux Server Minimum api-version: 2015-06-15 |
string |
networkProfile | Specifies properties of the network interfaces of the virtual machines in the scale set. | VirtualMachineScaleSetNetworkProfile |
osProfile | Specifies the operating system settings for the virtual machines in the scale set. | VirtualMachineScaleSetOSProfile |
priority | Specifies the priority for the virtual machines in the scale set. Minimum api-version: 2017-10-30-preview. | 'Low' 'Regular' 'Spot' |
scheduledEventsProfile | Specifies Scheduled Event related configurations. | ScheduledEventsProfile |
securityPostureReference | Specifies the security posture to be used in the scale set. Minimum api-version: 2023-03-01 | SecurityPostureReference |
securityProfile | Specifies the Security related profile settings for the virtual machines in the scale set. | SecurityProfile |
serviceArtifactReference | Specifies the service artifact reference id used to set same image version for all virtual machines in the scale set when using 'latest' image version. Minimum api-version: 2022-11-01 | ServiceArtifactReference |
storageProfile | Specifies the storage settings for the virtual machine disks. | VirtualMachineScaleSetStorageProfile |
userData | UserData for the virtual machines in the scale set, which must be base-64 encoded. Customer should not pass any secrets in here. Minimum api-version: 2021-03-01. | string |
VMDiskSecurityProfile
Name | Description | Value |
---|---|---|
diskEncryptionSet | Specifies the customer managed disk encryption set resource id for the managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and VMGuest blob. | DiskEncryptionSetParameters |
securityEncryptionType | Specifies the EncryptionType of the managed disk. It is set to DiskWithVMGuestState for encryption of the managed disk along with VMGuestState blob, VMGuestStateOnly for encryption of just the VMGuestState blob, and NonPersistedTPM for not persisting firmware state in the VMGuestState blob.. Note: It can be set for only Confidential VMs. | 'DiskWithVMGuestState' 'NonPersistedTPM' 'VMGuestStateOnly' |
VMGalleryApplication
Name | Description | Value |
---|---|---|
configurationReference | Optional, Specifies the uri to an azure blob that will replace the default configuration for the package if provided | string |
enableAutomaticUpgrade | If set to true, when a new Gallery Application version is available in PIR/SIG, it will be automatically updated for the VM/VMSS | bool |
order | Optional, Specifies the order in which the packages have to be installed | int |
packageReferenceId | Specifies the GalleryApplicationVersion resource id on the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/applications/{application}/versions/{version} | string (required) |
tags | Optional, Specifies a passthrough value for more generic context. | string |
treatFailureAsDeploymentFailure | Optional, If true, any failure for any operation in the VmApplication will fail the deployment | bool |
VMSizeProperties
Name | Description | Value |
---|---|---|
vCPUsAvailable | Specifies the number of vCPUs available for the VM. When this property is not specified in the request body the default behavior is to set it to the value of vCPUs available for that VM size exposed in api response of List all available virtual machine sizes in a region. | int |
vCPUsPerCore | Specifies the vCPU to physical core ratio. When this property is not specified in the request body the default behavior is set to the value of vCPUsPerCore for the VM Size exposed in api response of List all available virtual machine sizes in a region. Setting this property to 1 also means that hyper-threading is disabled. | int |
WindowsConfiguration
Name | Description | Value |
---|---|---|
additionalUnattendContent | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. | AdditionalUnattendContent[] |
enableAutomaticUpdates | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. | bool |
patchSettings | [Preview Feature] Specifies settings related to VM Guest Patching on Windows. | PatchSettings |
provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, it is set to true by default. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. | bool |
timeZone | Specifies the time zone of the virtual machine. e.g. "Pacific Standard Time". Possible values can be TimeZoneInfo.Id value from time zones returned by TimeZoneInfo.GetSystemTimeZones. | string |
winRM | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. | WinRMConfiguration |
WindowsVMGuestPatchAutomaticByPlatformSettings
Name | Description | Value |
---|---|---|
bypassPlatformSafetyChecksOnUserSchedule | Enables customer to schedule patching without accidental upgrades | bool |
rebootSetting | Specifies the reboot setting for all AutomaticByPlatform patch installation operations. | 'Always' 'IfRequired' 'Never' 'Unknown' |
WinRMConfiguration
Name | Description | Value |
---|---|---|
listeners | The list of Windows Remote Management listeners | WinRMListener[] |
WinRMListener
Name | Description | Value |
---|---|---|
certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"<Base64-encoded-certificate>", "dataType":"pfx", "password":"<pfx-file-password>" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
string |
protocol | Specifies the protocol of WinRM listener. Possible values are: http, https. | 'Http' 'Https' |
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
Module | Description |
---|---|
Virtual Machine Scale Set | AVM Resource Module for Virtual Machine Scale Set |
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
Bicep File | Description |
---|---|
Azure Game Developer Virtual Machine Scale Set | Azure Game Developer Virtual Machine Scale Set includes Licencsed Engines like Unreal. |
Deploy a 5 Node Secure Cluster | This template allows you to deploy a secure 5 node Service Fabric Cluster running Windows Server 2019 Datacenter on a Standard_D2_v2 Size VMSS. |
Deploy a Nextflow genomics cluster | This template deploys a scalable Nextflow cluster with a Jumpbox, n cluster nodes, docker support and shared storage. |
Deploy a trusted launch capable Windows VM Scale Set | This template allows you to deploy a trusted launch capable VM Scale Set of Windows VMs using the latest patched version of Windows Server 2016, Windows Server 2019 or Windows Server 2022 Azure Edition. These VMs are behind a load balancer with NAT rules for RDP connections. If you enable Secureboot and vTPM, the Guest Attestation extension will be installed on your VMSS. This extension will perform remote attestation by the cloud. |
Deploy a VM Scale Set with Windows VMs and Auto Scale | This template allows you to deploy a simple VM Scale Set of Windows VMs using the latest patched version of Windows 2008-R2-SP1, 2012-Datacenter, or 2012-R2-Datacenter. These VMs are behind a load balancer with NAT rules for RDP connections. They also have Auto Scale integrated |
Deploy a VMSS that connects each VM to an Azure Files share | This template deploys an Ubuntu Virtual Machine Scale Set and uses a custom script extension to connect each VM to an Azure Files share |
Deploy a Windows VM scale set with Azure Application Gateway | This template allows you to deploy a simple Windows VM Scale Set integrated with Azure Application Gateway, and supports up to 1000 VMs |
Deploy VM Scale Set with Python Bottle server & AutoScale | Deploy a VM Scale Set behind a load balancer/NAT & each VM running a simple Python Bottle app that does work. With Autoscale configured Scale Set will scale out & in as needed |
VM Scale Set with autoscale running an IIS WebApp | Deploys a Windows VM Scale Set running IIS and a very basic .NET MVC web app. The VMSS PowerShell DSC Extension is leveraged to do the IIS install and WebDeploy package deployment. |
VMSS Flexible Orchestration Mode Quickstart Linux | This template deploys a simple VM Scale Set with instances behind an Azure Load Balancer. The VM Scale set is in Flexible Orchestration Mode. Use the os parameter to choose Linux (Ubuntu) or Windows (Windows Server Datacenter 2019) deployment. NOTE: This quickstart template enables network access to VM management ports (SSH, RDP) from any internet address, and should not be used for production deployments. |
VMSS with Public IP Prefix | Template for deploying VMSS with Public IP Prefix |
ARM template resource definition
The virtualMachineScaleSets resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Compute/virtualMachineScaleSets resource, add the following JSON to your template.
{
"type": "Microsoft.Compute/virtualMachineScaleSets",
"apiVersion": "2024-11-01",
"name": "string",
"extendedLocation": {
"name": "string",
"type": "string"
},
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {
}
}
},
"___location": "string",
"plan": {
"name": "string",
"product": "string",
"promotionCode": "string",
"publisher": "string"
},
"properties": {
"additionalCapabilities": {
"hibernationEnabled": "bool",
"ultraSSDEnabled": "bool"
},
"automaticRepairsPolicy": {
"enabled": "bool",
"gracePeriod": "string",
"repairAction": "string"
},
"constrainedMaximumCapacity": "bool",
"doNotRunExtensionsOnOverprovisionedVMs": "bool",
"hostGroup": {
"id": "string"
},
"orchestrationMode": "string",
"overprovision": "bool",
"platformFaultDomainCount": "int",
"priorityMixPolicy": {
"baseRegularPriorityCount": "int",
"regularPriorityPercentageAboveBase": "int"
},
"proximityPlacementGroup": {
"id": "string"
},
"resiliencyPolicy": {
"automaticZoneRebalancingPolicy": {
"enabled": "bool",
"rebalanceBehavior": "string",
"rebalanceStrategy": "string"
},
"resilientVMCreationPolicy": {
"enabled": "bool"
},
"resilientVMDeletionPolicy": {
"enabled": "bool"
}
},
"scaleInPolicy": {
"forceDeletion": "bool",
"prioritizeUnhealthyVMs": "bool",
"rules": [ "string" ]
},
"scheduledEventsPolicy": {
"scheduledEventsAdditionalPublishingTargets": {
"eventGridAndResourceGraph": {
"enable": "bool"
}
},
"userInitiatedReboot": {
"automaticallyApprove": "bool"
},
"userInitiatedRedeploy": {
"automaticallyApprove": "bool"
}
},
"singlePlacementGroup": "bool",
"skuProfile": {
"allocationStrategy": "string",
"vmSizes": [
{
"name": "string",
"rank": "int"
}
]
},
"spotRestorePolicy": {
"enabled": "bool",
"restoreTimeout": "string"
},
"upgradePolicy": {
"automaticOSUpgradePolicy": {
"disableAutomaticRollback": "bool",
"enableAutomaticOSUpgrade": "bool",
"osRollingUpgradeDeferral": "bool",
"useRollingUpgradePolicy": "bool"
},
"mode": "string",
"rollingUpgradePolicy": {
"enableCrossZoneUpgrade": "bool",
"maxBatchInstancePercent": "int",
"maxSurge": "bool",
"maxUnhealthyInstancePercent": "int",
"maxUnhealthyUpgradedInstancePercent": "int",
"pauseTimeBetweenBatches": "string",
"prioritizeUnhealthyInstances": "bool",
"rollbackFailedInstancesOnPolicyBreach": "bool"
}
},
"virtualMachineProfile": {
"applicationProfile": {
"galleryApplications": [
{
"configurationReference": "string",
"enableAutomaticUpgrade": "bool",
"order": "int",
"packageReferenceId": "string",
"tags": "string",
"treatFailureAsDeploymentFailure": "bool"
}
]
},
"billingProfile": {
"maxPrice": "int"
},
"capacityReservation": {
"capacityReservationGroup": {
"id": "string"
}
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": "bool",
"storageUri": "string"
}
},
"evictionPolicy": "string",
"extensionProfile": {
"extensions": [
{
"name": "string",
"properties": {
"autoUpgradeMinorVersion": "bool",
"enableAutomaticUpgrade": "bool",
"forceUpdateTag": "string",
"protectedSettings": {},
"protectedSettingsFromKeyVault": {
"secretUrl": "string",
"sourceVault": {
"id": "string"
}
},
"provisionAfterExtensions": [ "string" ],
"publisher": "string",
"settings": {},
"suppressFailures": "bool",
"type": "string",
"typeHandlerVersion": "string"
}
}
],
"extensionsTimeBudget": "string"
},
"hardwareProfile": {
"vmSizeProperties": {
"vCPUsAvailable": "int",
"vCPUsPerCore": "int"
}
},
"licenseType": "string",
"networkProfile": {
"healthProbe": {
"id": "string"
},
"networkApiVersion": "string",
"networkInterfaceConfigurations": [
{
"name": "string",
"properties": {
"auxiliaryMode": "string",
"auxiliarySku": "string",
"deleteOption": "string",
"disableTcpStateTracking": "bool",
"dnsSettings": {
"dnsServers": [ "string" ]
},
"enableAcceleratedNetworking": "bool",
"enableFpga": "bool",
"enableIPForwarding": "bool",
"ipConfigurations": [
{
"name": "string",
"properties": {
"applicationGatewayBackendAddressPools": [
{
"id": "string"
}
],
"applicationSecurityGroups": [
{
"id": "string"
}
],
"loadBalancerBackendAddressPools": [
{
"id": "string"
}
],
"loadBalancerInboundNatPools": [
{
"id": "string"
}
],
"primary": "bool",
"privateIPAddressVersion": "string",
"publicIPAddressConfiguration": {
"name": "string",
"properties": {
"deleteOption": "string",
"dnsSettings": {
"domainNameLabel": "string",
"domainNameLabelScope": "string"
},
"idleTimeoutInMinutes": "int",
"ipTags": [
{
"ipTagType": "string",
"tag": "string"
}
],
"publicIPAddressVersion": "string",
"publicIPPrefix": {
"id": "string"
}
},
"sku": {
"name": "string",
"tier": "string"
}
},
"subnet": {
"id": "string"
}
}
}
],
"networkSecurityGroup": {
"id": "string"
},
"primary": "bool"
}
}
]
},
"osProfile": {
"adminPassword": "string",
"adminUsername": "string",
"allowExtensionOperations": "bool",
"computerNamePrefix": "string",
"customData": "string",
"linuxConfiguration": {
"disablePasswordAuthentication": "bool",
"enableVMAgentPlatformUpdates": "bool",
"patchSettings": {
"assessmentMode": "string",
"automaticByPlatformSettings": {
"bypassPlatformSafetyChecksOnUserSchedule": "bool",
"rebootSetting": "string"
},
"patchMode": "string"
},
"provisionVMAgent": "bool",
"ssh": {
"publicKeys": [
{
"keyData": "string",
"path": "string"
}
]
}
},
"requireGuestProvisionSignal": "bool",
"secrets": [
{
"sourceVault": {
"id": "string"
},
"vaultCertificates": [
{
"certificateStore": "string",
"certificateUrl": "string"
}
]
}
],
"windowsConfiguration": {
"additionalUnattendContent": [
{
"componentName": "Microsoft-Windows-Shell-Setup",
"content": "string",
"passName": "OobeSystem",
"settingName": "string"
}
],
"enableAutomaticUpdates": "bool",
"patchSettings": {
"assessmentMode": "string",
"automaticByPlatformSettings": {
"bypassPlatformSafetyChecksOnUserSchedule": "bool",
"rebootSetting": "string"
},
"enableHotpatching": "bool",
"patchMode": "string"
},
"provisionVMAgent": "bool",
"timeZone": "string",
"winRM": {
"listeners": [
{
"certificateUrl": "string",
"protocol": "string"
}
]
}
}
},
"priority": "string",
"scheduledEventsProfile": {
"osImageNotificationProfile": {
"enable": "bool",
"notBeforeTimeout": "string"
},
"terminateNotificationProfile": {
"enable": "bool",
"notBeforeTimeout": "string"
}
},
"securityPostureReference": {
"excludeExtensions": [ "string" ],
"id": "string",
"isOverridable": "bool"
},
"securityProfile": {
"encryptionAtHost": "bool",
"encryptionIdentity": {
"userAssignedIdentityResourceId": "string"
},
"proxyAgentSettings": {
"enabled": "bool",
"imds": {
"inVMAccessControlProfileReferenceId": "string",
"mode": "string"
},
"keyIncarnationId": "int",
"mode": "string",
"wireServer": {
"inVMAccessControlProfileReferenceId": "string",
"mode": "string"
}
},
"securityType": "string",
"uefiSettings": {
"secureBootEnabled": "bool",
"vTpmEnabled": "bool"
}
},
"serviceArtifactReference": {
"id": "string"
},
"storageProfile": {
"dataDisks": [
{
"caching": "string",
"createOption": "string",
"deleteOption": "string",
"diskIOPSReadWrite": "int",
"diskMBpsReadWrite": "int",
"diskSizeGB": "int",
"lun": "int",
"managedDisk": {
"diskEncryptionSet": {
"id": "string"
},
"securityProfile": {
"diskEncryptionSet": {
"id": "string"
},
"securityEncryptionType": "string"
},
"storageAccountType": "string"
},
"name": "string",
"writeAcceleratorEnabled": "bool"
}
],
"diskControllerType": "string",
"imageReference": {
"communityGalleryImageId": "string",
"id": "string",
"offer": "string",
"publisher": "string",
"sharedGalleryImageId": "string",
"sku": "string",
"version": "string"
},
"osDisk": {
"caching": "string",
"createOption": "string",
"deleteOption": "string",
"diffDiskSettings": {
"option": "string",
"placement": "string"
},
"diskSizeGB": "int",
"image": {
"uri": "string"
},
"managedDisk": {
"diskEncryptionSet": {
"id": "string"
},
"securityProfile": {
"diskEncryptionSet": {
"id": "string"
},
"securityEncryptionType": "string"
},
"storageAccountType": "string"
},
"name": "string",
"osType": "string",
"vhdContainers": [ "string" ],
"writeAcceleratorEnabled": "bool"
}
},
"userData": "string"
},
"zonalPlatformFaultDomainAlignMode": "string",
"zoneBalance": "bool"
},
"sku": {
"capacity": "int",
"name": "string",
"tier": "string"
},
"tags": {
"{customized property}": "string"
},
"zones": [ "string" ]
}
Property Values
Microsoft.Compute/virtualMachineScaleSets
Name | Description | Value |
---|---|---|
apiVersion | The api version | '2024-11-01' |
extendedLocation | The extended ___location of the Virtual Machine Scale Set. | ExtendedLocation |
identity | The identity of the virtual machine scale set, if configured. | VirtualMachineScaleSetIdentity |
___location | The geo-___location where the resource lives | string (required) |
name | The resource name | string (required) |
plan | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. In the Azure portal, find the marketplace image that you want to use and then click Want to deploy programmatically, Get Started ->. Enter any required information and then click Save. | Plan |
properties | Describes the properties of a Virtual Machine Scale Set. | VirtualMachineScaleSetProperties |
sku | The virtual machine scale set sku. | Sku |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
type | The resource type | 'Microsoft.Compute/virtualMachineScaleSets' |
zones | The availability zones. | string[] |
AdditionalCapabilities
Name | Description | Value |
---|---|---|
hibernationEnabled | The flag that enables or disables hibernation capability on the VM. | bool |
ultraSSDEnabled | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. | bool |
AdditionalUnattendContent
Name | Description | Value |
---|---|---|
componentName | The component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup. | 'Microsoft-Windows-Shell-Setup' |
content | Specifies the XML formatted content that is added to the unattend.xml file for the specified path and component. The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted. | string |
passName | The pass name. Currently, the only allowable value is OobeSystem. | 'OobeSystem' |
settingName | Specifies the name of the setting to which the content applies. Possible values are: FirstLogonCommands and AutoLogon. | 'AutoLogon' 'FirstLogonCommands' |
ApiEntityReference
Name | Description | Value |
---|---|---|
id | The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/... | string |
ApplicationProfile
Name | Description | Value |
---|---|---|
galleryApplications | Specifies the gallery applications that should be made available to the VM/VMSS | VMGalleryApplication[] |
AutomaticOSUpgradePolicy
Name | Description | Value |
---|---|---|
disableAutomaticRollback | Whether OS image rollback feature should be disabled. Default value is false. | bool |
enableAutomaticOSUpgrade | Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false. If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true. | bool |
osRollingUpgradeDeferral | Indicates whether Auto OS Upgrade should undergo deferral. Deferred OS upgrades will send advanced notifications on a per-VM basis that an OS upgrade from rolling upgrades is incoming, via the IMDS tag 'Platform.PendingOSUpgrade'. The upgrade then defers until the upgrade is approved via an ApproveRollingUpgrade call. | bool |
useRollingUpgradePolicy | Indicates whether rolling upgrade policy should be used during Auto OS Upgrade. Default value is false. Auto OS Upgrade will fallback to the default policy if no policy is defined on the VMSS. | bool |
AutomaticRepairsPolicy
Name | Description | Value |
---|---|---|
enabled | Specifies whether automatic repairs should be enabled on the virtual machine scale set. The default value is false. | bool |
gracePeriod | The amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 10 minutes (PT10M), which is also the default value. The maximum allowed grace period is 90 minutes (PT90M). | string |
repairAction | Type of repair action (replace, restart, reimage) that will be used for repairing unhealthy virtual machines in the scale set. Default value is replace. | 'Reimage' 'Replace' 'Restart' |
AutomaticZoneRebalancingPolicy
Name | Description | Value |
---|---|---|
enabled | Specifies whether Automatic AZ Balancing should be enabled on the virtual machine scale set. The default value is false. | bool |
rebalanceBehavior | Type of rebalance behavior that will be used for recreating virtual machines in the scale set across availability zones. Default and only supported value for now is CreateBeforeDelete. | 'CreateBeforeDelete' |
rebalanceStrategy | Type of rebalance strategy that will be used for rebalancing virtual machines in the scale set across availability zones. Default and only supported value for now is Recreate. | 'Recreate' |
BillingProfile
Name | Description | Value |
---|---|---|
maxPrice | Specifies the maximum price you are willing to pay for a Azure Spot VM/VMSS. This price is in US Dollars. This price will be compared with the current Azure Spot price for the VM size. Also, the prices are compared at the time of create/update of Azure Spot VM/VMSS and the operation will only succeed if the maxPrice is greater than the current Azure Spot price. The maxPrice will also be used for evicting a Azure Spot VM/VMSS if the current Azure Spot price goes beyond the maxPrice after creation of VM/VMSS. Possible values are: - Any decimal value greater than zero. Example: 0.01538 -1 – indicates default price to be up-to on-demand. You can set the maxPrice to -1 to indicate that the Azure Spot VM/VMSS should not be evicted for price reasons. Also, the default max price is -1 if it is not provided by you. Minimum api-version: 2019-03-01. |
int |
BootDiagnostics
Name | Description | Value |
---|---|---|
enabled | Whether boot diagnostics should be enabled on the Virtual Machine. | bool |
storageUri | Uri of the storage account to use for placing the console output and screenshot. If storageUri is not specified while enabling boot diagnostics, managed storage will be used. | string |
CapacityReservationProfile
Name | Description | Value |
---|---|---|
capacityReservationGroup | Specifies the capacity reservation group resource id that should be used for allocating the virtual machine or scaleset vm instances provided enough capacity has been reserved. Please refer to https://aka.ms/CapacityReservation for more details. | SubResource |
DiagnosticsProfile
Name | Description | Value |
---|---|---|
bootDiagnostics | Boot Diagnostics is a debugging feature which allows you to view Console Output and Screenshot to diagnose VM status. NOTE: If storageUri is being specified then ensure that the storage account is in the same region and subscription as the VM. You can easily view the output of your console log. Azure also enables you to see a screenshot of the VM from the hypervisor. | BootDiagnostics |
DiffDiskSettings
Name | Description | Value |
---|---|---|
option | Specifies the ephemeral disk settings for operating system disk. | 'Local' |
placement | Specifies the ephemeral disk placement for operating system disk. Possible values are: CacheDisk, ResourceDisk, NvmeDisk. The defaulting behavior is: CacheDisk if one is configured for the VM size otherwise ResourceDisk or NvmeDisk is used. Refer to the VM size documentation for Windows VM at /azure/virtual-machines/windows/sizes and Linux VM at /azure/virtual-machines/linux/sizes to check which VM sizes exposes a cache disk. Minimum api-version for NvmeDisk: 2024-03-01. | 'CacheDisk' 'NvmeDisk' 'ResourceDisk' |
DiskEncryptionSetParameters
Name | Description | Value |
---|---|---|
id | Resource Id | string |
EncryptionIdentity
Name | Description | Value |
---|---|---|
userAssignedIdentityResourceId | Specifies ARM Resource ID of one of the user identities associated with the VM. | string |
EventGridAndResourceGraph
Name | Description | Value |
---|---|---|
enable | Specifies if event grid and resource graph is enabled for Scheduled event related configurations. | bool |
ExtendedLocation
Name | Description | Value |
---|---|---|
name | The name of the extended ___location. | string |
type | The type of the extended ___location. | 'EdgeZone' |
HostEndpointSettings
Name | Description | Value |
---|---|---|
inVMAccessControlProfileReferenceId | Specifies the InVMAccessControlProfileVersion resource id in the format of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/inVMAccessControlProfiles/{profile}/versions/{version} | string |
mode | Specifies the execution mode. In Audit mode, the system acts as if it is enforcing the access control policy, including emitting access denial entries in the logs but it does not actually deny any requests to host endpoints. In Enforce mode, the system will enforce the access control and it is the recommended mode of operation. | 'Audit' 'Disabled' 'Enforce' |
ImageReference
Name | Description | Value |
---|---|---|
communityGalleryImageId | Specified the community gallery image unique id for vm deployment. This can be fetched from community gallery image GET call. | string |
id | Resource Id | string |
offer | Specifies the offer of the platform image or marketplace image used to create the virtual machine. | string |
publisher | The image publisher. | string |
sharedGalleryImageId | Specified the shared gallery image unique id for vm deployment. This can be fetched from shared gallery image GET call. | string |
sku | The image SKU. | string |
version | Specifies the version of the platform image or marketplace image used to create the virtual machine. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available. Please do not use field 'version' for gallery image deployment, gallery image should always use 'id' field for deployment, to use 'latest' version of gallery image, just set '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/images/{imageName}' in the 'id' field without version input. | string |
KeyVaultSecretReference
Name | Description | Value |
---|---|---|
secretUrl | The URL referencing a secret in a Key Vault. | string (required) |
sourceVault | The relative URL of the Key Vault containing the secret. | SubResource (required) |
LinuxConfiguration
Name | Description | Value |
---|---|---|
disablePasswordAuthentication | Specifies whether password authentication should be disabled. | bool |
enableVMAgentPlatformUpdates | Indicates whether VMAgent Platform Updates is enabled for the Linux virtual machine. Default value is false. | bool |
patchSettings | [Preview Feature] Specifies settings related to VM Guest Patching on Linux. | LinuxPatchSettings |
provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. | bool |
ssh | Specifies the ssh key configuration for a Linux OS. | SshConfiguration |
LinuxPatchSettings
Name | Description | Value |
---|---|---|
assessmentMode | Specifies the mode of VM Guest Patch Assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. |
'AutomaticByPlatform' 'ImageDefault' |
automaticByPlatformSettings | Specifies additional settings for patch mode AutomaticByPlatform in VM Guest Patching on Linux. | LinuxVMGuestPatchAutomaticByPlatformSettings |
patchMode | Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: ImageDefault - The virtual machine's default patching configuration is used. AutomaticByPlatform - The virtual machine will be automatically updated by the platform. The property provisionVMAgent must be true |
'AutomaticByPlatform' 'ImageDefault' |
LinuxVMGuestPatchAutomaticByPlatformSettings
Name | Description | Value |
---|---|---|
bypassPlatformSafetyChecksOnUserSchedule | Enables customer to schedule patching without accidental upgrades | bool |
rebootSetting | Specifies the reboot setting for all AutomaticByPlatform patch installation operations. | 'Always' 'IfRequired' 'Never' 'Unknown' |
OSImageNotificationProfile
Name | Description | Value |
---|---|---|
enable | Specifies whether the OS Image Scheduled event is enabled or disabled. | bool |
notBeforeTimeout | Length of time a Virtual Machine being reimaged or having its OS upgraded will have to potentially approve the OS Image Scheduled Event before the event is auto approved (timed out). The configuration is specified in ISO 8601 format, and the value must be 15 minutes (PT15M) | string |
PatchSettings
Name | Description | Value |
---|---|---|
assessmentMode | Specifies the mode of VM Guest patch assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. |
'AutomaticByPlatform' 'ImageDefault' |
automaticByPlatformSettings | Specifies additional settings for patch mode AutomaticByPlatform in VM Guest Patching on Windows. | WindowsVMGuestPatchAutomaticByPlatformSettings |
enableHotpatching | Enables customers to patch their Azure VMs without requiring a reboot. For enableHotpatching, the 'provisionVMAgent' must be set to true and 'patchMode' must be set to 'AutomaticByPlatform'. | bool |
patchMode | Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: Manual - You control the application of patches to a virtual machine. You do this by applying patches manually inside the VM. In this mode, automatic updates are disabled; the property WindowsConfiguration.enableAutomaticUpdates must be false AutomaticByOS - The virtual machine will automatically be updated by the OS. The property WindowsConfiguration.enableAutomaticUpdates must be true. AutomaticByPlatform - the virtual machine will automatically updated by the platform. The properties provisionVMAgent and WindowsConfiguration.enableAutomaticUpdates must be true |
'AutomaticByOS' 'AutomaticByPlatform' 'Manual' |
Plan
Name | Description | Value |
---|---|---|
name | The plan ID. | string |
product | Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. | string |
promotionCode | The promotion code. | string |
publisher | The publisher ID. | string |
PriorityMixPolicy
Name | Description | Value |
---|---|---|
baseRegularPriorityCount | The base number of regular priority VMs that will be created in this scale set as it scales out. | int |
regularPriorityPercentageAboveBase | The percentage of VM instances, after the base regular priority count has been reached, that are expected to use regular priority. | int Constraints: Max value = 100 |
ProxyAgentSettings
Name | Description | Value |
---|---|---|
enabled | Specifies whether ProxyAgent feature should be enabled on the virtual machine or virtual machine scale set. | bool |
imds | Specifies the IMDS endpoint settings while creating the virtual machine or virtual machine scale set. Minimum api-version: 2024-03-01. | HostEndpointSettings |
keyIncarnationId | Increase the value of this property allows users to reset the key used for securing communication channel between guest and host. | int |
mode | Specifies the mode that ProxyAgent will execute on. Warning: this property has been deprecated, please specify 'mode' under particular hostendpoint setting. | 'Audit' 'Enforce' |
wireServer | Specifies the Wire Server endpoint settings while creating the virtual machine or virtual machine scale set. Minimum api-version: 2024-03-01. | HostEndpointSettings |
PublicIPAddressSku
Name | Description | Value |
---|---|---|
name | Specify public IP sku name | 'Basic' 'Standard' |
tier | Specify public IP sku tier | 'Global' 'Regional' |
ResiliencyPolicy
Name | Description | Value |
---|---|---|
automaticZoneRebalancingPolicy | The configuration parameters used while performing automatic AZ balancing. | AutomaticZoneRebalancingPolicy |
resilientVMCreationPolicy | The configuration parameters used while performing resilient VM creation. | ResilientVMCreationPolicy |
resilientVMDeletionPolicy | The configuration parameters used while performing resilient VM deletion. | ResilientVMDeletionPolicy |
ResilientVMCreationPolicy
Name | Description | Value |
---|---|---|
enabled | Specifies whether resilient VM creation should be enabled on the virtual machine scale set. The default value is false. | bool |
ResilientVMDeletionPolicy
Name | Description | Value |
---|---|---|
enabled | Specifies whether resilient VM deletion should be enabled on the virtual machine scale set. The default value is false. | bool |
RollingUpgradePolicy
Name | Description | Value |
---|---|---|
enableCrossZoneUpgrade | Allow VMSS to ignore AZ boundaries when constructing upgrade batches. Take into consideration the Update Domain and maxBatchInstancePercent to determine the batch size. | bool |
maxBatchInstancePercent | The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. The default value for this parameter is 20%. | int Constraints: Min value = 5 Max value = 100 |
maxSurge | Create new virtual machines to upgrade the scale set, rather than updating the existing virtual machines. Existing virtual machines will be deleted once the new virtual machines are created for each batch. | bool |
maxUnhealthyInstancePercent | The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. The default value for this parameter is 20%. | int Constraints: Min value = 5 Max value = 100 |
maxUnhealthyUpgradedInstancePercent | The maximum percentage of upgraded virtual machine instances that can be found to be in an unhealthy state. This check will happen after each batch is upgraded. If this percentage is ever exceeded, the rolling update aborts. The default value for this parameter is 20%. | int Constraints: Max value = 100 |
pauseTimeBetweenBatches | The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. The default value is 0 seconds (PT0S). | string |
prioritizeUnhealthyInstances | Upgrade all unhealthy instances in a scale set before any healthy instances. | bool |
rollbackFailedInstancesOnPolicyBreach | Rollback failed instances to previous model if the Rolling Upgrade policy is violated. | bool |
ScaleInPolicy
Name | Description | Value |
---|---|---|
forceDeletion | This property allows you to specify if virtual machines chosen for removal have to be force deleted when a virtual machine scale set is being scaled-in.(Feature in Preview) | bool |
prioritizeUnhealthyVMs | This property allows you to prioritize the deletion of unhealthy and inactive VMs when a virtual machine scale set is being scaled-in.(Feature in Preview) | bool |
rules | The rules to be followed when scaling-in a virtual machine scale set. Possible values are: Default When a virtual machine scale set is scaled in, the scale set will first be balanced across zones if it is a zonal scale set. Then, it will be balanced across Fault Domains as far as possible. Within each Fault Domain, the virtual machines chosen for removal will be the newest ones that are not protected from scale-in. OldestVM When a virtual machine scale set is being scaled-in, the oldest virtual machines that are not protected from scale-in will be chosen for removal. For zonal virtual machine scale sets, the scale set will first be balanced across zones. Within each zone, the oldest virtual machines that are not protected will be chosen for removal. NewestVM When a virtual machine scale set is being scaled-in, the newest virtual machines that are not protected from scale-in will be chosen for removal. For zonal virtual machine scale sets, the scale set will first be balanced across zones. Within each zone, the newest virtual machines that are not protected will be chosen for removal. |
String array containing any of: 'Default' 'NewestVM' 'OldestVM' |
ScheduledEventsAdditionalPublishingTargets
Name | Description | Value |
---|---|---|
eventGridAndResourceGraph | The configuration parameters used while creating eventGridAndResourceGraph Scheduled Event setting. | EventGridAndResourceGraph |
ScheduledEventsPolicy
Name | Description | Value |
---|---|---|
scheduledEventsAdditionalPublishingTargets | The configuration parameters used while publishing scheduledEventsAdditionalPublishingTargets. | ScheduledEventsAdditionalPublishingTargets |
userInitiatedReboot | The configuration parameters used while creating userInitiatedReboot scheduled event setting creation. | UserInitiatedReboot |
userInitiatedRedeploy | The configuration parameters used while creating userInitiatedRedeploy scheduled event setting creation. | UserInitiatedRedeploy |
ScheduledEventsProfile
Name | Description | Value |
---|---|---|
osImageNotificationProfile | Specifies OS Image Scheduled Event related configurations. | OSImageNotificationProfile |
terminateNotificationProfile | Specifies Terminate Scheduled Event related configurations. | TerminateNotificationProfile |
SecurityPostureReference
Name | Description | Value |
---|---|---|
excludeExtensions | The list of virtual machine extension names to exclude when applying the security posture. | string[] |
id | The security posture reference id in the form of /CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|latest | string (required) |
isOverridable | Whether the security posture can be overridden by the user. | bool |
SecurityProfile
Name | Description | Value |
---|---|---|
encryptionAtHost | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. The default behavior is: The Encryption at host will be disabled unless this property is set to true for the resource. | bool |
encryptionIdentity | Specifies the Managed Identity used by ADE to get access token for keyvault operations. | EncryptionIdentity |
proxyAgentSettings | Specifies ProxyAgent settings while creating the virtual machine. Minimum api-version: 2023-09-01. | ProxyAgentSettings |
securityType | Specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UefiSettings. The default behavior is: UefiSettings will not be enabled unless this property is set. | 'ConfidentialVM' 'TrustedLaunch' |
uefiSettings | Specifies the security settings like secure boot and vTPM used while creating the virtual machine. Minimum api-version: 2020-12-01. | UefiSettings |
ServiceArtifactReference
Name | Description | Value |
---|---|---|
id | The service artifact reference id in the form of /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/galleries/{galleryName}/serviceArtifacts/{serviceArtifactName}/vmArtifactsProfiles/{vmArtifactsProfilesName} | string |
Sku
Name | Description | Value |
---|---|---|
capacity | Specifies the number of virtual machines in the scale set. | int |
name | The sku name. | string |
tier | Specifies the tier of virtual machines in a scale set. Possible Values: Standard Basic |
string |
SkuProfile
Name | Description | Value |
---|---|---|
allocationStrategy | Specifies the allocation strategy for the virtual machine scale set based on which the VMs will be allocated. | 'CapacityOptimized' 'LowestPrice' 'Prioritized' |
vmSizes | Specifies the VM sizes for the virtual machine scale set. | SkuProfileVMSize[] |
SkuProfileVMSize
Name | Description | Value |
---|---|---|
name | Specifies the name of the VM Size. | string |
rank | Specifies the rank (a.k.a priority) associated with the VM Size. | int |
SpotRestorePolicy
Name | Description | Value |
---|---|---|
enabled | Enables the Spot-Try-Restore feature where evicted VMSS SPOT instances will be tried to be restored opportunistically based on capacity availability and pricing constraints | bool |
restoreTimeout | Timeout value expressed as an ISO 8601 time duration after which the platform will not try to restore the VMSS SPOT instances | string |
SshConfiguration
Name | Description | Value |
---|---|---|
publicKeys | The list of SSH public keys used to authenticate with linux based VMs. | SshPublicKey[] |
SshPublicKey
Name | Description | Value |
---|---|---|
keyData | SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format. For creating ssh keys, see [Create SSH keys on Linux and Mac for Linux VMs in Azure]/azure/virtual-machines/linux/create-ssh-keys-detailed). | string |
path | Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys | string |
SubResource
Name | Description | Value |
---|---|---|
id | Resource Id | string |
TerminateNotificationProfile
Name | Description | Value |
---|---|---|
enable | Specifies whether the Terminate Scheduled event is enabled or disabled. | bool |
notBeforeTimeout | Configurable length of time a Virtual Machine being deleted will have to potentially approve the Terminate Scheduled Event before the event is auto approved (timed out). The configuration must be specified in ISO 8601 format, the default value is 5 minutes (PT5M) | string |
TrackedResourceTags
Name | Description | Value |
---|
UefiSettings
Name | Description | Value |
---|---|---|
secureBootEnabled | Specifies whether secure boot should be enabled on the virtual machine. Minimum api-version: 2020-12-01. | bool |
vTpmEnabled | Specifies whether vTPM should be enabled on the virtual machine. Minimum api-version: 2020-12-01. | bool |
UpgradePolicy
Name | Description | Value |
---|---|---|
automaticOSUpgradePolicy | Configuration parameters used for performing automatic OS Upgrade. | AutomaticOSUpgradePolicy |
mode | Specifies the mode of an upgrade to virtual machines in the scale set. Possible values are: Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. Automatic - All virtual machines in the scale set are automatically updated at the same time. |
'Automatic' 'Manual' 'Rolling' |
rollingUpgradePolicy | The configuration parameters used while performing a rolling upgrade. | RollingUpgradePolicy |
UserAssignedIdentitiesValue
Name | Description | Value |
---|
UserInitiatedReboot
Name | Description | Value |
---|---|---|
automaticallyApprove | Specifies Reboot Scheduled Event related configurations. | bool |
UserInitiatedRedeploy
Name | Description | Value |
---|---|---|
automaticallyApprove | Specifies Redeploy Scheduled Event related configurations. | bool |
VaultCertificate
Name | Description | Value |
---|---|---|
certificateStore | For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account. For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted. | string |
certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"<Base64-encoded-certificate>", "dataType":"pfx", "password":"<pfx-file-password>" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
string |
VaultSecretGroup
Name | Description | Value |
---|---|---|
sourceVault | The relative URL of the Key Vault containing all of the certificates in VaultCertificates. | SubResource |
vaultCertificates | The list of key vault references in SourceVault which contain certificates. | VaultCertificate[] |
VirtualHardDisk
Name | Description | Value |
---|---|---|
uri | Specifies the virtual hard disk's uri. | string |
VirtualMachineScaleSetDataDisk
Name | Description | Value |
---|---|---|
caching | Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The default values are: None for Standard storage. ReadOnly for Premium storage. | 'None' 'ReadOnly' 'ReadWrite' |
createOption | The create option. | 'Attach' 'Copy' 'Empty' 'FromImage' 'Restore' (required) |
deleteOption | Specifies whether data disk should be deleted or detached upon VMSS Flex deletion (This feature is available for VMSS with Flexible OrchestrationMode only). Possible values: Delete If this value is used, the data disk is deleted when the VMSS Flex VM is deleted. Detach If this value is used, the data disk is retained after VMSS Flex VM is deleted. The default value is set to Delete. |
'Delete' 'Detach' |
diskIOPSReadWrite | Specifies the Read-Write IOPS for the managed disk. Should be used only when StorageAccountType is UltraSSD_LRS. If not specified, a default value would be assigned based on diskSizeGB. | int |
diskMBpsReadWrite | Specifies the bandwidth in MB per second for the managed disk. Should be used only when StorageAccountType is UltraSSD_LRS. If not specified, a default value would be assigned based on diskSizeGB. | int |
diskSizeGB | Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property diskSizeGB is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023. | int |
lun | Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. | int (required) |
managedDisk | The managed disk parameters. | VirtualMachineScaleSetManagedDiskParameters |
name | The disk name. | string |
writeAcceleratorEnabled | Specifies whether writeAccelerator should be enabled or disabled on the disk. | bool |
VirtualMachineScaleSetExtension
Name | Description | Value |
---|---|---|
name | Resource name | string |
properties | Describes the properties of a Virtual Machine Scale Set Extension. | VirtualMachineScaleSetExtensionProperties |
VirtualMachineScaleSetExtensionProfile
Name | Description | Value |
---|---|---|
extensions | The virtual machine scale set child extension resources. | VirtualMachineScaleSetExtension[] |
extensionsTimeBudget | Specifies the time alloted for all extensions to start. The time duration should be between 15 minutes and 120 minutes (inclusive) and should be specified in ISO 8601 format. The default value is 90 minutes (PT1H30M). Minimum api-version: 2020-06-01. | string |
VirtualMachineScaleSetExtensionProperties
Name | Description | Value |
---|---|---|
autoUpgradeMinorVersion | Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. | bool |
enableAutomaticUpgrade | Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. | bool |
forceUpdateTag | If a value is provided and is different from the previous value, the extension handler will be forced to update even if the extension configuration has not changed. | string |
protectedSettings | The extension can contain either protectedSettings or protectedSettingsFromKeyVault or no protected settings at all. | any |
protectedSettingsFromKeyVault | The extensions protected settings that are passed by reference, and consumed from key vault | KeyVaultSecretReference |
provisionAfterExtensions | Collection of extension names after which this extension needs to be provisioned. | string[] |
publisher | The name of the extension handler publisher. | string |
settings | Json formatted public settings for the extension. | any |
suppressFailures | Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. | bool |
type | Specifies the type of the extension; an example is "CustomScriptExtension". | string |
typeHandlerVersion | Specifies the version of the script handler. | string |
VirtualMachineScaleSetHardwareProfile
Name | Description | Value |
---|---|---|
vmSizeProperties | Specifies the properties for customizing the size of the virtual machine. Minimum api-version: 2021-11-01. Please follow the instructions in VM Customization for more details. | VMSizeProperties |
VirtualMachineScaleSetIdentity
Name | Description | Value |
---|---|---|
type | The type of identity used for the virtual machine scale set. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine scale set. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
userAssignedIdentities | The list of user identities associated with the virtual machine scale set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | VirtualMachineScaleSetIdentityUserAssignedIdentities |
VirtualMachineScaleSetIdentityUserAssignedIdentities
Name | Description | Value |
---|
VirtualMachineScaleSetIPConfiguration
Name | Description | Value |
---|---|---|
name | The IP configuration name. | string (required) |
properties | Describes a virtual machine scale set network profile's IP configuration properties. | VirtualMachineScaleSetIPConfigurationProperties |
VirtualMachineScaleSetIPConfigurationProperties
Name | Description | Value |
---|---|---|
applicationGatewayBackendAddressPools | Specifies an array of references to backend address pools of application gateways. A scale set can reference backend address pools of multiple application gateways. Multiple scale sets cannot use the same application gateway. | SubResource[] |
applicationSecurityGroups | Specifies an array of references to application security group. | SubResource[] |
loadBalancerBackendAddressPools | Specifies an array of references to backend address pools of load balancers. A scale set can reference backend address pools of one public and one internal load balancer. Multiple scale sets cannot use the same basic sku load balancer. | SubResource[] |
loadBalancerInboundNatPools | Specifies an array of references to inbound Nat pools of the load balancers. A scale set can reference inbound nat pools of one public and one internal load balancer. Multiple scale sets cannot use the same basic sku load balancer. | SubResource[] |
primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
privateIPAddressVersion | Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | 'IPv4' 'IPv6' |
publicIPAddressConfiguration | The publicIPAddressConfiguration. | VirtualMachineScaleSetPublicIPAddressConfiguration |
subnet | Specifies the identifier of the subnet. | ApiEntityReference |
VirtualMachineScaleSetIpTag
Name | Description | Value |
---|---|---|
ipTagType | IP tag type. Example: FirstPartyUsage. | string |
tag | IP tag associated with the public IP. Example: SQL, Storage etc. | string |
VirtualMachineScaleSetManagedDiskParameters
Name | Description | Value |
---|---|---|
diskEncryptionSet | Specifies the customer managed disk encryption set resource id for the managed disk. | DiskEncryptionSetParameters |
securityProfile | Specifies the security profile for the managed disk. | VMDiskSecurityProfile |
storageAccountType | Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. | 'PremiumV2_LRS' 'Premium_LRS' 'Premium_ZRS' 'StandardSSD_LRS' 'StandardSSD_ZRS' 'Standard_LRS' 'UltraSSD_LRS' |
VirtualMachineScaleSetNetworkConfiguration
Name | Description | Value |
---|---|---|
name | The network configuration name. | string (required) |
properties | Describes a virtual machine scale set network profile's IP configuration. | VirtualMachineScaleSetNetworkConfigurationProperties |
VirtualMachineScaleSetNetworkConfigurationDnsSettings
Name | Description | Value |
---|---|---|
dnsServers | List of DNS servers IP addresses | string[] |
VirtualMachineScaleSetNetworkConfigurationProperties
Name | Description | Value |
---|---|---|
auxiliaryMode | Specifies whether the Auxiliary mode is enabled for the Network Interface resource. | 'AcceleratedConnections' 'Floating' 'None' |
auxiliarySku | Specifies whether the Auxiliary sku is enabled for the Network Interface resource. | 'A1' 'A2' 'A4' 'A8' 'None' |
deleteOption | Specify what happens to the network interface when the VM is deleted | 'Delete' 'Detach' |
disableTcpStateTracking | Specifies whether the network interface is disabled for tcp state tracking. | bool |
dnsSettings | The dns settings to be applied on the network interfaces. | VirtualMachineScaleSetNetworkConfigurationDnsSettings |
enableAcceleratedNetworking | Specifies whether the network interface is accelerated networking-enabled. | bool |
enableFpga | Specifies whether the network interface is FPGA networking-enabled. | bool |
enableIPForwarding | Whether IP forwarding enabled on this NIC. | bool |
ipConfigurations | Specifies the IP configurations of the network interface. | VirtualMachineScaleSetIPConfiguration[] (required) |
networkSecurityGroup | The network security group. | SubResource |
primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
VirtualMachineScaleSetNetworkProfile
Name | Description | Value |
---|---|---|
healthProbe | A reference to a load balancer probe used to determine the health of an instance in the virtual machine scale set. The reference will be in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/loadBalancers/{loadBalancerName}/probes/{probeName}'. | ApiEntityReference |
networkApiVersion | specifies the Microsoft.Network API version used when creating networking resources in the Network Interface Configurations for Virtual Machine Scale Set with orchestration mode 'Flexible' | '2020-11-01' '2022-11-01' |
networkInterfaceConfigurations | The list of network configurations. | VirtualMachineScaleSetNetworkConfiguration[] |
VirtualMachineScaleSetOSDisk
Name | Description | Value |
---|---|---|
caching | Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The default values are: None for Standard storage. ReadOnly for Premium storage. | 'None' 'ReadOnly' 'ReadWrite' |
createOption | Specifies how the virtual machines in the scale set should be created. The only allowed value is: FromImage. This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described. | 'Attach' 'Copy' 'Empty' 'FromImage' 'Restore' (required) |
deleteOption | Specifies whether OS Disk should be deleted or detached upon VMSS Flex deletion (This feature is available for VMSS with Flexible OrchestrationMode only). Possible values: Delete If this value is used, the OS disk is deleted when VMSS Flex VM is deleted. Detach If this value is used, the OS disk is retained after VMSS Flex VM is deleted. The default value is set to Delete. For an Ephemeral OS Disk, the default value is set to Delete. User cannot change the delete option for Ephemeral OS Disk. |
'Delete' 'Detach' |
diffDiskSettings | Specifies the ephemeral disk Settings for the operating system disk used by the virtual machine scale set. | DiffDiskSettings |
diskSizeGB | Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property 'diskSizeGB' is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023. | int |
image | Specifies information about the unmanaged user image to base the scale set on. | VirtualHardDisk |
managedDisk | The managed disk parameters. | VirtualMachineScaleSetManagedDiskParameters |
name | The disk name. | string |
osType | This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD. Possible values are: Windows, Linux. | 'Linux' 'Windows' |
vhdContainers | Specifies the container urls that are used to store operating system disks for the scale set. | string[] |
writeAcceleratorEnabled | Specifies whether writeAccelerator should be enabled or disabled on the disk. | bool |
VirtualMachineScaleSetOSProfile
Name | Description | Value |
---|---|---|
adminPassword | Specifies the password of the administrator account. Minimum-length (Windows): 8 characters Minimum-length (Linux): 6 characters Max-length (Windows): 123 characters Max-length (Linux): 72 characters Complexity requirements: 3 out of 4 conditions below need to be fulfilled Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_]) Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!" For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension |
string Constraints: Sensitive value. Pass in as a secure parameter. |
adminUsername | Specifies the name of the administrator account. Windows-only restriction: Cannot end in "." Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". Minimum-length (Linux): 1 character Max-length (Linux): 64 characters Max-length (Windows): 20 characters |
string |
allowExtensionOperations | Specifies whether extension operations should be allowed on the virtual machine scale set. This may only be set to False when no extensions are present on the virtual machine scale set. | bool |
computerNamePrefix | Specifies the computer name prefix for all of the virtual machines in the scale set. Computer name prefixes must be 1 to 15 characters long. | string |
customData | Specifies a base-64 encoded string of custom data. The base-64 encoded string is decoded to a binary array that is saved as a file on the Virtual Machine. The maximum length of the binary array is 65535 bytes. For using cloud-init for your VM, see Using cloud-init to customize a Linux VM during creation | string |
linuxConfiguration | Specifies the Linux operating system settings on the virtual machine. For a list of supported Linux distributions, see Linux on Azure-Endorsed Distributions. | LinuxConfiguration |
requireGuestProvisionSignal | Optional property which must either be set to True or omitted. | bool |
secrets | Specifies set of certificates that should be installed onto the virtual machines in the scale set. To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. | VaultSecretGroup[] |
windowsConfiguration | Specifies Windows operating system settings on the virtual machine. | WindowsConfiguration |
VirtualMachineScaleSetProperties
Name | Description | Value |
---|---|---|
additionalCapabilities | Specifies additional capabilities enabled or disabled on the Virtual Machines in the Virtual Machine Scale Set. For instance: whether the Virtual Machines have the capability to support attaching managed data disks with UltraSSD_LRS storage account type. | AdditionalCapabilities |
automaticRepairsPolicy | Policy for automatic repairs. | AutomaticRepairsPolicy |
constrainedMaximumCapacity | Optional property which must either be set to True or omitted. | bool |
doNotRunExtensionsOnOverprovisionedVMs | When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs. | bool |
hostGroup | Specifies information about the dedicated host group that the virtual machine scale set resides in. Minimum api-version: 2020-06-01. | SubResource |
orchestrationMode | Specifies the orchestration mode for the virtual machine scale set. | 'Flexible' 'Uniform' |
overprovision | Specifies whether the Virtual Machine Scale Set should be overprovisioned. | bool |
platformFaultDomainCount | Fault Domain count for each placement group. | int |
priorityMixPolicy | Specifies the desired targets for mixing Spot and Regular priority VMs within the same VMSS Flex instance. | PriorityMixPolicy |
proximityPlacementGroup | Specifies information about the proximity placement group that the virtual machine scale set should be assigned to. Minimum api-version: 2018-04-01. | SubResource |
resiliencyPolicy | Policy for Resiliency | ResiliencyPolicy |
scaleInPolicy | Specifies the policies applied when scaling in Virtual Machines in the Virtual Machine Scale Set. | ScaleInPolicy |
scheduledEventsPolicy | The ScheduledEventsPolicy. | ScheduledEventsPolicy |
singlePlacementGroup | When true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true. | bool |
skuProfile | Specifies the sku profile for the virtual machine scale set. | SkuProfile |
spotRestorePolicy | Specifies the Spot Restore properties for the virtual machine scale set. | SpotRestorePolicy |
upgradePolicy | The upgrade policy. | UpgradePolicy |
virtualMachineProfile | The virtual machine profile. | VirtualMachineScaleSetVMProfile |
zonalPlatformFaultDomainAlignMode | Specifies the align mode between Virtual Machine Scale Set compute and storage Fault Domain count. | 'Aligned' 'Unaligned' |
zoneBalance | Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage. zoneBalance property can only be set if the zones property of the scale set contains more than one zone. If there are no zones or only one zone specified, then zoneBalance property should not be set. | bool |
VirtualMachineScaleSetPublicIPAddressConfiguration
Name | Description | Value |
---|---|---|
name | The publicIP address configuration name. | string (required) |
properties | Describes a virtual machines scale set IP Configuration's PublicIPAddress configuration | VirtualMachineScaleSetPublicIPAddressConfigurationProperties |
sku | Describes the public IP Sku. It can only be set with OrchestrationMode as Flexible. | PublicIPAddressSku |
VirtualMachineScaleSetPublicIPAddressConfigurationDnsSettings
Name | Description | Value |
---|---|---|
domainNameLabel | The Domain name label.The concatenation of the ___domain name label and vm index will be the ___domain name labels of the PublicIPAddress resources that will be created | string (required) |
domainNameLabelScope | The Domain name label scope.The concatenation of the hashed ___domain name label that generated according to the policy from ___domain name label scope and vm index will be the ___domain name labels of the PublicIPAddress resources that will be created | 'NoReuse' 'ResourceGroupReuse' 'SubscriptionReuse' 'TenantReuse' |
VirtualMachineScaleSetPublicIPAddressConfigurationProperties
Name | Description | Value |
---|---|---|
deleteOption | Specify what happens to the public IP when the VM is deleted | 'Delete' 'Detach' |
dnsSettings | The dns settings to be applied on the publicIP addresses . | VirtualMachineScaleSetPublicIPAddressConfigurationDnsSettings |
idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
ipTags | The list of IP tags associated with the public IP address. | VirtualMachineScaleSetIpTag[] |
publicIPAddressVersion | Available from Api-Version 2019-07-01 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | 'IPv4' 'IPv6' |
publicIPPrefix | The PublicIPPrefix from which to allocate publicIP addresses. | SubResource |
VirtualMachineScaleSetStorageProfile
Name | Description | Value |
---|---|---|
dataDisks | Specifies the parameters that are used to add data disks to the virtual machines in the scale set. For more information about disks, see About disks and VHDs for Azure virtual machines. | VirtualMachineScaleSetDataDisk[] |
diskControllerType | Specifies the disk controller type configured for the virtual machines in the scale set. Minimum api-version: 2022-08-01 | 'NVMe' 'SCSI' |
imageReference | Specifies information about the image to use. You can specify information about platform images, marketplace images, or virtual machine images. This element is required when you want to use a platform image, marketplace image, or virtual machine image, but is not used in other creation operations. | ImageReference |
osDisk | Specifies information about the operating system disk used by the virtual machines in the scale set. For more information about disks, see About disks and VHDs for Azure virtual machines. | VirtualMachineScaleSetOSDisk |
VirtualMachineScaleSetVMProfile
Name | Description | Value |
---|---|---|
applicationProfile | Specifies the gallery applications that should be made available to the VM/VMSS | ApplicationProfile |
billingProfile | Specifies the billing related details of a Azure Spot VMSS. Minimum api-version: 2019-03-01. | BillingProfile |
capacityReservation | Specifies the capacity reservation related details of a scale set. Minimum api-version: 2021-04-01. | CapacityReservationProfile |
diagnosticsProfile | Specifies the boot diagnostic settings state. Minimum api-version: 2015-06-15. | DiagnosticsProfile |
evictionPolicy | Specifies the eviction policy for the Azure Spot virtual machine and Azure Spot scale set. For Azure Spot virtual machines, both 'Deallocate' and 'Delete' are supported and the minimum api-version is 2019-03-01. For Azure Spot scale sets, both 'Deallocate' and 'Delete' are supported and the minimum api-version is 2017-10-30-preview. | 'Deallocate' 'Delete' |
extensionProfile | Specifies a collection of settings for extensions installed on virtual machines in the scale set. | VirtualMachineScaleSetExtensionProfile |
hardwareProfile | Specifies the hardware profile related details of a scale set. Minimum api-version: 2021-11-01. | VirtualMachineScaleSetHardwareProfile |
licenseType | Specifies that the image or disk that is being used was licensed on-premises. Possible values for Windows Server operating system are: Windows_Client Windows_Server Possible values for Linux Server operating system are: RHEL_BYOS (for RHEL) SLES_BYOS (for SUSE) For more information, see Azure Hybrid Use Benefit for Windows Server Azure Hybrid Use Benefit for Linux Server Minimum api-version: 2015-06-15 |
string |
networkProfile | Specifies properties of the network interfaces of the virtual machines in the scale set. | VirtualMachineScaleSetNetworkProfile |
osProfile | Specifies the operating system settings for the virtual machines in the scale set. | VirtualMachineScaleSetOSProfile |
priority | Specifies the priority for the virtual machines in the scale set. Minimum api-version: 2017-10-30-preview. | 'Low' 'Regular' 'Spot' |
scheduledEventsProfile | Specifies Scheduled Event related configurations. | ScheduledEventsProfile |
securityPostureReference | Specifies the security posture to be used in the scale set. Minimum api-version: 2023-03-01 | SecurityPostureReference |
securityProfile | Specifies the Security related profile settings for the virtual machines in the scale set. | SecurityProfile |
serviceArtifactReference | Specifies the service artifact reference id used to set same image version for all virtual machines in the scale set when using 'latest' image version. Minimum api-version: 2022-11-01 | ServiceArtifactReference |
storageProfile | Specifies the storage settings for the virtual machine disks. | VirtualMachineScaleSetStorageProfile |
userData | UserData for the virtual machines in the scale set, which must be base-64 encoded. Customer should not pass any secrets in here. Minimum api-version: 2021-03-01. | string |
VMDiskSecurityProfile
Name | Description | Value |
---|---|---|
diskEncryptionSet | Specifies the customer managed disk encryption set resource id for the managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and VMGuest blob. | DiskEncryptionSetParameters |
securityEncryptionType | Specifies the EncryptionType of the managed disk. It is set to DiskWithVMGuestState for encryption of the managed disk along with VMGuestState blob, VMGuestStateOnly for encryption of just the VMGuestState blob, and NonPersistedTPM for not persisting firmware state in the VMGuestState blob.. Note: It can be set for only Confidential VMs. | 'DiskWithVMGuestState' 'NonPersistedTPM' 'VMGuestStateOnly' |
VMGalleryApplication
Name | Description | Value |
---|---|---|
configurationReference | Optional, Specifies the uri to an azure blob that will replace the default configuration for the package if provided | string |
enableAutomaticUpgrade | If set to true, when a new Gallery Application version is available in PIR/SIG, it will be automatically updated for the VM/VMSS | bool |
order | Optional, Specifies the order in which the packages have to be installed | int |
packageReferenceId | Specifies the GalleryApplicationVersion resource id on the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/applications/{application}/versions/{version} | string (required) |
tags | Optional, Specifies a passthrough value for more generic context. | string |
treatFailureAsDeploymentFailure | Optional, If true, any failure for any operation in the VmApplication will fail the deployment | bool |
VMSizeProperties
Name | Description | Value |
---|---|---|
vCPUsAvailable | Specifies the number of vCPUs available for the VM. When this property is not specified in the request body the default behavior is to set it to the value of vCPUs available for that VM size exposed in api response of List all available virtual machine sizes in a region. | int |
vCPUsPerCore | Specifies the vCPU to physical core ratio. When this property is not specified in the request body the default behavior is set to the value of vCPUsPerCore for the VM Size exposed in api response of List all available virtual machine sizes in a region. Setting this property to 1 also means that hyper-threading is disabled. | int |
WindowsConfiguration
Name | Description | Value |
---|---|---|
additionalUnattendContent | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. | AdditionalUnattendContent[] |
enableAutomaticUpdates | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. | bool |
patchSettings | [Preview Feature] Specifies settings related to VM Guest Patching on Windows. | PatchSettings |
provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, it is set to true by default. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. | bool |
timeZone | Specifies the time zone of the virtual machine. e.g. "Pacific Standard Time". Possible values can be TimeZoneInfo.Id value from time zones returned by TimeZoneInfo.GetSystemTimeZones. | string |
winRM | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. | WinRMConfiguration |
WindowsVMGuestPatchAutomaticByPlatformSettings
Name | Description | Value |
---|---|---|
bypassPlatformSafetyChecksOnUserSchedule | Enables customer to schedule patching without accidental upgrades | bool |
rebootSetting | Specifies the reboot setting for all AutomaticByPlatform patch installation operations. | 'Always' 'IfRequired' 'Never' 'Unknown' |
WinRMConfiguration
Name | Description | Value |
---|---|---|
listeners | The list of Windows Remote Management listeners | WinRMListener[] |
WinRMListener
Name | Description | Value |
---|---|---|
certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"<Base64-encoded-certificate>", "dataType":"pfx", "password":"<pfx-file-password>" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
string |
protocol | Specifies the protocol of WinRM listener. Possible values are: http, https. | 'Http' 'Https' |
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
Template | Description |
---|---|
Add multiple VMs into a Virtual Machine Scale Set |
This template will create N number of VM's with managed disks, public IPs and network interfaces. It will create the VMs in a Virtual Machine Scale Set in Flexible Orchestration mode. They will be provisioned in a Virtual Network which will also be created as part of the deployment |
Autoscale LANSA Windows VM ScaleSet with Azure SQL Database |
The template deploys a Windows VMSS with a desired count of VMs in the scale set and a LANSA MSI to install into each VM. Once the VM Scale Set is deployed a custom script extension is used to install the LANSA MSI) |
Azure Container Service Engine (acs-engine) - Swarm Mode |
The Azure Container Service Engine (acs-engine) generates ARM (Azure Resource Manager) templates for Docker enabled clusters on Microsoft Azure with your choice of DC/OS, Kubernetes, Swarm Mode, or Swarm orchestrators. The input to the tool is a cluster definition. The cluster definition is very similar to (in many cases the same as) the ARM template syntax used to deploy a Microsoft Azure Container Service cluster. |
Azure Game Developer Virtual Machine Scale Set |
Azure Game Developer Virtual Machine Scale Set includes Licencsed Engines like Unreal. |
Azure VM Scale Set as clients of Intel Lustre |
This template creates a set of Intel Lustre 2.7 clients using Azure VM Scale Sets and Azure gallery OpenLogic CentOS 6.6 or 7.0 images and mounts an existing Intel Lustre filesystem |
Confidential VM Scale Set with confidential disk encryption |
This template allows you to deploy a confidential VM Scale Set with confidential OS disk encryption enabled using the latest patched version of several Windows and Linux image versions. |
Couchbase Enterprise |
Azure Resource Manager (ARM) templates to install Couchbase Enterprise |
Create and encrypt a new Linux VMSS with jumpbox |
This template deploys a Linux VMSS using the latest Linux image, adds data volumes, and then encrypts the data volumes of each Linux VMSS instance. It also deploys a jumpbox with a public IP address in the same virtual network as the Linux VMSS instances with private IP addresses. This allows connecting to the jumpbox via its public IP address, and then connecting to the Linux VMSS instances via private IP addresses. |
Create and encrypt a new Windows VMSS with jumpbox |
This template allows you to deploy a simple VM Scale Set of Windows VMs using the lastest patched version of serveral Windows versions. This template also deploys a jumpbox with a public IP address in the same virtual network. You can connect to the jumpbox via this public IP address, then connect from there to VMs in the scale set via private IP addresses.This template enables encryption on the VM Scale Set of Windows VMs. |
Deploy a 3 Nodetype Secure Cluster with NSGs enabled |
This template allows you to deploy a secure 3 nodetype Service fabric Cluster running Windows server 2016 Data center on a Standard_D2 Size VMs. Use this template allows you ro control the inbound and outbound network traffic using Network Security Groups. |
Deploy a 5 Node Secure Cluster |
This template allows you to deploy a secure 5 node Service Fabric Cluster running Windows Server 2019 Datacenter on a Standard_D2_v2 Size VMSS. |
Deploy a 5 Node Ubuntu Service Fabric Cluster |
This template allows you to deploy a secure 5 node Service Fabric Cluster running Ubuntu on a Standard_D2_V2 Size VMSS. |
Deploy a Linux VMSS wth primary/secondary architecture |
This template allows you to deploy a Linux VMSS with a Custom Script Extension in primary secondary architecture |
Deploy a Nextflow genomics cluster |
This template deploys a scalable Nextflow cluster with a Jumpbox, n cluster nodes, docker support and shared storage. |
Deploy a Scale Set into an existing vnet |
This template deploys a VM Scale Set into an exsisting vnet. |
Deploy a Scale Set into an existing vnet on Windows |
This template deploys a Windows 2016 Datacenter VM Scale Set into an exsisting resource group, vnet and subnet. |
Deploy a simple VM Scale Set with Linux VMs |
This template allows you to deploy a simple VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 14.04.4-LTS or 16.04-LTS. These VMs are behind a load balancer with NAT rules for ssh connections. |
Deploy a simple VM Scale Set with Linux VMs and a Jumpbox |
This template allows you to deploy a simple VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 15.10 or 14.04.4-LTS. There is also a jumpbox to enable connections from outside of the VNet the VMs are in. |
Deploy a simple VM Scale Set with Windows VMs |
This template allows you to deploy a simple VM Scale Set of Windows VMs using the lastest patched version of various Windows Versions. These VMs are behind a load balancer with NAT rules for rdp connections. |
Deploy a simple VM Scale Set with Windows VMs and a Jumpbox |
This template allows you to deploy a simple VM Scale Set of Windows VMs using the lastest patched version of serveral Windows versions. This template also deploys a jumpbox with a public IP address in the same virtual network. You can connect to the jumpbox via this public IP address, then connect from there to VMs in the scale set via private IP addresses. |
Deploy a trusted launch capable Windows VM Scale Set |
This template allows you to deploy a trusted launch capable VM Scale Set of Windows VMs using the latest patched version of Windows Server 2016, Windows Server 2019 or Windows Server 2022 Azure Edition. These VMs are behind a load balancer with NAT rules for RDP connections. If you enable Secureboot and vTPM, the Guest Attestation extension will be installed on your VMSS. This extension will perform remote attestation by the cloud. |
Deploy a VM Scale Set from the Azure Data Science VM |
These templates deploy VM scale sets, using the Azure Data Science VMs as a source image. |
Deploy a VM Scale Set with a Linux custom image |
This template allows you to deploy a custom VM Linux image inside an Scale Set. These VMs are behind a load balancer with HTTP load balancing (by default on port 80). The example uses a custom script to do the application deployment and update, you may have to provide your custom script for your own update procedure. You will have to provide a generalized image of your VM in the same subscription and region where you create the VMSS. |
Deploy a VM Scale Set with a Windows custom image |
This template allows you to deploy a simple VM Scale Set usng a custom Windows image. These VMs are behind a load balancer with HTTP load balancing (by default on port 80) |
Deploy a VM Scale Set with Linux VMs and Auto Scale |
This template allows you to deploy a simple VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 15.04 or 14.04.4-LTS. These VMs are behind a load balancer with NAT rules for ssh connections.They also have Auto Scale integrated |
Deploy a VM Scale Set with Linux VMs behind ILB |
This template allows you to deploy a VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 15.10 or 14.04.4-LTS. These VMs are behind an internal load balancer with NAT rules for ssh connections. |
Deploy a VM Scale Set with Linux VMs in Availabilty Zones |
This template allows you to deploy a simple VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 14.04.4-LTS or 16.04-LTS. These VMs are behind a load balancer with NAT rules for ssh connections. |
Deploy a VM Scale Set with Windows VMs and Auto Scale |
This template allows you to deploy a simple VM Scale Set of Windows VMs using the latest patched version of Windows 2008-R2-SP1, 2012-Datacenter, or 2012-R2-Datacenter. These VMs are behind a load balancer with NAT rules for RDP connections. They also have Auto Scale integrated |
Deploy a VM Scale Set with Windows VMs in Availability Zones |
This template allows you to deploy a VM Scale Set of Windows VMs using the lastest patched version of various Windows Versions. These VMs are behind a load balancer with NAT rules for rdp connections. |
Deploy a VMSS that connects each VM to an Azure Files share |
This template deploys an Ubuntu Virtual Machine Scale Set and uses a custom script extension to connect each VM to an Azure Files share |
Deploy a Windows VM Scale Set with a Custom Script Extension |
This template allows you to deploy a VM Scale Set of Windows VMs using the lastest patched version of various Windows Versions. These VMs have a custom script extension for customization and are behind a load balancer with NAT rules for rdp connections. |
Deploy a Windows VM scale set with Azure Application Gateway |
This template allows you to deploy a simple Windows VM Scale Set integrated with Azure Application Gateway, and supports up to 1000 VMs |
Deploy an Autoscale Setting for Virtual Machine ScaleSet |
This template allows you to deploy an autoscale policy for Virtual Machine ScaleSet resource. |
Deploy an Ubuntu VM scale set with Azure Application Gateway |
This template allows you to deploy a simple Ubuntu VM Scale Set integrated with Azure Application Gateway, and supports up to 1000 VMs |
Deploy Darktrace Autoscaling vSensors |
This template allows you to deploy an automatically autoscaling deployment of Darktrace vSensors |
Deploy Drupal with VM Scale Set, Azure Files and Mysql |
Deploy a VM Scale Set behind a load balancer/NAT & each VM running Drupal (Apache / PHP). All nodes share the created Azure file share storage and MySQL database |
Deploy VM Scale Set with LB probe and automatic repairs |
This template allows you to deploy a VM scale set of Linux VMs behind a load balancer with health probe configured. The scale set also has automatic instance repairs policy enabled with a grace period of 30 minutes. |
Deploy VM Scale Set with Python Bottle server & AutoScale |
Deploy a VM Scale Set behind a load balancer/NAT & each VM running a simple Python Bottle app that does work. With Autoscale configured Scale Set will scale out & in as needed |
Deploy Windows VMSS configure windows featurtes SSL DSC |
This template allows you to deploy two Windows VMSS, configure windows features like IIS/Web Role, .Net Framework 4.5, windows auth, application initialization, download application deployment packages, URL Rewrite & SSL configuration using DSC and Azure Key Vault |
Disable encryption on an existing Linux VMSS |
Disables encryption on an existing Linux VMSS |
Enable data volume encryption on a running Linux VMSS |
Enables data volume encryption on a running Linux VMSS |
Install Elasticsearch cluster on a Virtual Machine Scale Set |
This template deploys an Elasticsearch cluster on a Virtual Machine scale set. The template provisions 3 dedicated master nodes, with an optional number of data nodes, which run on managed disks. |
JBoss EAP on RHEL (clustered, VMSS) |
This template allows you to create RHEL 8.6 VMSS instances running JBoss EAP 7.4 cluster and also deploys a web application called eap-session-replication, you can log into the admin console using the JBoss EAP username and password configured at the time of the deployment. |
Kubernetes cluster with VMSS Cluster Autoscaler |
This template deploys a vanilla kubernetes cluster initialized using kubeadm. It deploys a configured master node with a cluster autoscaler. A pre-configured Virtual Machine Scale Set (VMSS) is also deployed and automatically attached to the cluster. The cluster autoscaler can then automatically scale up/down the cluster depending on the workload of the cluster. |
Simple VM Scale Set with Linux VMs and public IPv4 per VM |
This template demonstrates deploying a simple scale set with load balancer, inbound NAT rules, and public IP per VM. |
SSL enabled VM Scale Set |
Deploys web servers configures with SSL certificates deployed securely form Azure Key Vault |
Virtual Machine Scaleset example using Availability Zones |
This template creates a VMSS placed in separate Availability Zones with a load balancer. |
VM Scale Set with autoscale running an IIS WebApp |
Deploys a Windows VM Scale Set running IIS and a very basic .NET MVC web app. The VMSS PowerShell DSC Extension is leveraged to do the IIS install and WebDeploy package deployment. |
VMSS deploy of IPv6 in Azure Virtual Network (VNET) |
Create VM Scale Set with dual stack IPv4/IPv6 VNET and Std Load Balancer. |
VMSS Flexible Orchestration Mode Quickstart Linux |
This template deploys a simple VM Scale Set with instances behind an Azure Load Balancer. The VM Scale set is in Flexible Orchestration Mode. Use the os parameter to choose Linux (Ubuntu) or Windows (Windows Server Datacenter 2019) deployment. NOTE: This quickstart template enables network access to VM management ports (SSH, RDP) from any internet address, and should not be used for production deployments. |
VMSS with Public IP Prefix |
Template for deploying VMSS with Public IP Prefix |
Terraform (AzAPI provider) resource definition
The virtualMachineScaleSets resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Compute/virtualMachineScaleSets resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Compute/virtualMachineScaleSets@2024-11-01"
name = "string"
parent_id = "string"
identity {
type = "string"
identity_ids = [
"string"
]
}
___location = "string"
tags = {
{customized property} = "string"
}
body = {
extendedLocation = {
name = "string"
type = "string"
}
plan = {
name = "string"
product = "string"
promotionCode = "string"
publisher = "string"
}
properties = {
additionalCapabilities = {
hibernationEnabled = bool
ultraSSDEnabled = bool
}
automaticRepairsPolicy = {
enabled = bool
gracePeriod = "string"
repairAction = "string"
}
constrainedMaximumCapacity = bool
doNotRunExtensionsOnOverprovisionedVMs = bool
hostGroup = {
id = "string"
}
orchestrationMode = "string"
overprovision = bool
platformFaultDomainCount = int
priorityMixPolicy = {
baseRegularPriorityCount = int
regularPriorityPercentageAboveBase = int
}
proximityPlacementGroup = {
id = "string"
}
resiliencyPolicy = {
automaticZoneRebalancingPolicy = {
enabled = bool
rebalanceBehavior = "string"
rebalanceStrategy = "string"
}
resilientVMCreationPolicy = {
enabled = bool
}
resilientVMDeletionPolicy = {
enabled = bool
}
}
scaleInPolicy = {
forceDeletion = bool
prioritizeUnhealthyVMs = bool
rules = [
"string"
]
}
scheduledEventsPolicy = {
scheduledEventsAdditionalPublishingTargets = {
eventGridAndResourceGraph = {
enable = bool
}
}
userInitiatedReboot = {
automaticallyApprove = bool
}
userInitiatedRedeploy = {
automaticallyApprove = bool
}
}
singlePlacementGroup = bool
skuProfile = {
allocationStrategy = "string"
vmSizes = [
{
name = "string"
rank = int
}
]
}
spotRestorePolicy = {
enabled = bool
restoreTimeout = "string"
}
upgradePolicy = {
automaticOSUpgradePolicy = {
disableAutomaticRollback = bool
enableAutomaticOSUpgrade = bool
osRollingUpgradeDeferral = bool
useRollingUpgradePolicy = bool
}
mode = "string"
rollingUpgradePolicy = {
enableCrossZoneUpgrade = bool
maxBatchInstancePercent = int
maxSurge = bool
maxUnhealthyInstancePercent = int
maxUnhealthyUpgradedInstancePercent = int
pauseTimeBetweenBatches = "string"
prioritizeUnhealthyInstances = bool
rollbackFailedInstancesOnPolicyBreach = bool
}
}
virtualMachineProfile = {
applicationProfile = {
galleryApplications = [
{
configurationReference = "string"
enableAutomaticUpgrade = bool
order = int
packageReferenceId = "string"
tags = "string"
treatFailureAsDeploymentFailure = bool
}
]
}
billingProfile = {
maxPrice = int
}
capacityReservation = {
capacityReservationGroup = {
id = "string"
}
}
diagnosticsProfile = {
bootDiagnostics = {
enabled = bool
storageUri = "string"
}
}
evictionPolicy = "string"
extensionProfile = {
extensions = [
{
name = "string"
properties = {
autoUpgradeMinorVersion = bool
enableAutomaticUpgrade = bool
forceUpdateTag = "string"
protectedSettings = ?
protectedSettingsFromKeyVault = {
secretUrl = "string"
sourceVault = {
id = "string"
}
}
provisionAfterExtensions = [
"string"
]
publisher = "string"
settings = ?
suppressFailures = bool
type = "string"
typeHandlerVersion = "string"
}
}
]
extensionsTimeBudget = "string"
}
hardwareProfile = {
vmSizeProperties = {
vCPUsAvailable = int
vCPUsPerCore = int
}
}
licenseType = "string"
networkProfile = {
healthProbe = {
id = "string"
}
networkApiVersion = "string"
networkInterfaceConfigurations = [
{
name = "string"
properties = {
auxiliaryMode = "string"
auxiliarySku = "string"
deleteOption = "string"
disableTcpStateTracking = bool
dnsSettings = {
dnsServers = [
"string"
]
}
enableAcceleratedNetworking = bool
enableFpga = bool
enableIPForwarding = bool
ipConfigurations = [
{
name = "string"
properties = {
applicationGatewayBackendAddressPools = [
{
id = "string"
}
]
applicationSecurityGroups = [
{
id = "string"
}
]
loadBalancerBackendAddressPools = [
{
id = "string"
}
]
loadBalancerInboundNatPools = [
{
id = "string"
}
]
primary = bool
privateIPAddressVersion = "string"
publicIPAddressConfiguration = {
name = "string"
properties = {
deleteOption = "string"
dnsSettings = {
domainNameLabel = "string"
domainNameLabelScope = "string"
}
idleTimeoutInMinutes = int
ipTags = [
{
ipTagType = "string"
tag = "string"
}
]
publicIPAddressVersion = "string"
publicIPPrefix = {
id = "string"
}
}
sku = {
name = "string"
tier = "string"
}
}
subnet = {
id = "string"
}
}
}
]
networkSecurityGroup = {
id = "string"
}
primary = bool
}
}
]
}
osProfile = {
adminPassword = "string"
adminUsername = "string"
allowExtensionOperations = bool
computerNamePrefix = "string"
customData = "string"
linuxConfiguration = {
disablePasswordAuthentication = bool
enableVMAgentPlatformUpdates = bool
patchSettings = {
assessmentMode = "string"
automaticByPlatformSettings = {
bypassPlatformSafetyChecksOnUserSchedule = bool
rebootSetting = "string"
}
patchMode = "string"
}
provisionVMAgent = bool
ssh = {
publicKeys = [
{
keyData = "string"
path = "string"
}
]
}
}
requireGuestProvisionSignal = bool
secrets = [
{
sourceVault = {
id = "string"
}
vaultCertificates = [
{
certificateStore = "string"
certificateUrl = "string"
}
]
}
]
windowsConfiguration = {
additionalUnattendContent = [
{
componentName = "Microsoft-Windows-Shell-Setup"
content = "string"
passName = "OobeSystem"
settingName = "string"
}
]
enableAutomaticUpdates = bool
patchSettings = {
assessmentMode = "string"
automaticByPlatformSettings = {
bypassPlatformSafetyChecksOnUserSchedule = bool
rebootSetting = "string"
}
enableHotpatching = bool
patchMode = "string"
}
provisionVMAgent = bool
timeZone = "string"
winRM = {
listeners = [
{
certificateUrl = "string"
protocol = "string"
}
]
}
}
}
priority = "string"
scheduledEventsProfile = {
osImageNotificationProfile = {
enable = bool
notBeforeTimeout = "string"
}
terminateNotificationProfile = {
enable = bool
notBeforeTimeout = "string"
}
}
securityPostureReference = {
excludeExtensions = [
"string"
]
id = "string"
isOverridable = bool
}
securityProfile = {
encryptionAtHost = bool
encryptionIdentity = {
userAssignedIdentityResourceId = "string"
}
proxyAgentSettings = {
enabled = bool
imds = {
inVMAccessControlProfileReferenceId = "string"
mode = "string"
}
keyIncarnationId = int
mode = "string"
wireServer = {
inVMAccessControlProfileReferenceId = "string"
mode = "string"
}
}
securityType = "string"
uefiSettings = {
secureBootEnabled = bool
vTpmEnabled = bool
}
}
serviceArtifactReference = {
id = "string"
}
storageProfile = {
dataDisks = [
{
caching = "string"
createOption = "string"
deleteOption = "string"
diskIOPSReadWrite = int
diskMBpsReadWrite = int
diskSizeGB = int
lun = int
managedDisk = {
diskEncryptionSet = {
id = "string"
}
securityProfile = {
diskEncryptionSet = {
id = "string"
}
securityEncryptionType = "string"
}
storageAccountType = "string"
}
name = "string"
writeAcceleratorEnabled = bool
}
]
diskControllerType = "string"
imageReference = {
communityGalleryImageId = "string"
id = "string"
offer = "string"
publisher = "string"
sharedGalleryImageId = "string"
sku = "string"
version = "string"
}
osDisk = {
caching = "string"
createOption = "string"
deleteOption = "string"
diffDiskSettings = {
option = "string"
placement = "string"
}
diskSizeGB = int
image = {
uri = "string"
}
managedDisk = {
diskEncryptionSet = {
id = "string"
}
securityProfile = {
diskEncryptionSet = {
id = "string"
}
securityEncryptionType = "string"
}
storageAccountType = "string"
}
name = "string"
osType = "string"
vhdContainers = [
"string"
]
writeAcceleratorEnabled = bool
}
}
userData = "string"
}
zonalPlatformFaultDomainAlignMode = "string"
zoneBalance = bool
}
sku = {
capacity = int
name = "string"
tier = "string"
}
zones = [
"string"
]
}
}
Property Values
Microsoft.Compute/virtualMachineScaleSets
Name | Description | Value |
---|---|---|
extendedLocation | The extended ___location of the Virtual Machine Scale Set. | ExtendedLocation |
identity | The identity of the virtual machine scale set, if configured. | VirtualMachineScaleSetIdentity |
___location | The geo-___location where the resource lives | string (required) |
name | The resource name | string (required) |
parent_id | The ID of the resource to apply this extension resource to. | string (required) |
plan | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. In the Azure portal, find the marketplace image that you want to use and then click Want to deploy programmatically, Get Started ->. Enter any required information and then click Save. | Plan |
properties | Describes the properties of a Virtual Machine Scale Set. | VirtualMachineScaleSetProperties |
sku | The virtual machine scale set sku. | Sku |
tags | Resource tags | Dictionary of tag names and values. |
type | The resource type | "Microsoft.Compute/virtualMachineScaleSets@2024-11-01" |
zones | The availability zones. | string[] |
AdditionalCapabilities
Name | Description | Value |
---|---|---|
hibernationEnabled | The flag that enables or disables hibernation capability on the VM. | bool |
ultraSSDEnabled | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. | bool |
AdditionalUnattendContent
Name | Description | Value |
---|---|---|
componentName | The component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup. | 'Microsoft-Windows-Shell-Setup' |
content | Specifies the XML formatted content that is added to the unattend.xml file for the specified path and component. The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted. | string |
passName | The pass name. Currently, the only allowable value is OobeSystem. | 'OobeSystem' |
settingName | Specifies the name of the setting to which the content applies. Possible values are: FirstLogonCommands and AutoLogon. | 'AutoLogon' 'FirstLogonCommands' |
ApiEntityReference
Name | Description | Value |
---|---|---|
id | The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/... | string |
ApplicationProfile
Name | Description | Value |
---|---|---|
galleryApplications | Specifies the gallery applications that should be made available to the VM/VMSS | VMGalleryApplication[] |
AutomaticOSUpgradePolicy
Name | Description | Value |
---|---|---|
disableAutomaticRollback | Whether OS image rollback feature should be disabled. Default value is false. | bool |
enableAutomaticOSUpgrade | Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false. If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true. | bool |
osRollingUpgradeDeferral | Indicates whether Auto OS Upgrade should undergo deferral. Deferred OS upgrades will send advanced notifications on a per-VM basis that an OS upgrade from rolling upgrades is incoming, via the IMDS tag 'Platform.PendingOSUpgrade'. The upgrade then defers until the upgrade is approved via an ApproveRollingUpgrade call. | bool |
useRollingUpgradePolicy | Indicates whether rolling upgrade policy should be used during Auto OS Upgrade. Default value is false. Auto OS Upgrade will fallback to the default policy if no policy is defined on the VMSS. | bool |
AutomaticRepairsPolicy
Name | Description | Value |
---|---|---|
enabled | Specifies whether automatic repairs should be enabled on the virtual machine scale set. The default value is false. | bool |
gracePeriod | The amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 10 minutes (PT10M), which is also the default value. The maximum allowed grace period is 90 minutes (PT90M). | string |
repairAction | Type of repair action (replace, restart, reimage) that will be used for repairing unhealthy virtual machines in the scale set. Default value is replace. | 'Reimage' 'Replace' 'Restart' |
AutomaticZoneRebalancingPolicy
Name | Description | Value |
---|---|---|
enabled | Specifies whether Automatic AZ Balancing should be enabled on the virtual machine scale set. The default value is false. | bool |
rebalanceBehavior | Type of rebalance behavior that will be used for recreating virtual machines in the scale set across availability zones. Default and only supported value for now is CreateBeforeDelete. | 'CreateBeforeDelete' |
rebalanceStrategy | Type of rebalance strategy that will be used for rebalancing virtual machines in the scale set across availability zones. Default and only supported value for now is Recreate. | 'Recreate' |
BillingProfile
Name | Description | Value |
---|---|---|
maxPrice | Specifies the maximum price you are willing to pay for a Azure Spot VM/VMSS. This price is in US Dollars. This price will be compared with the current Azure Spot price for the VM size. Also, the prices are compared at the time of create/update of Azure Spot VM/VMSS and the operation will only succeed if the maxPrice is greater than the current Azure Spot price. The maxPrice will also be used for evicting a Azure Spot VM/VMSS if the current Azure Spot price goes beyond the maxPrice after creation of VM/VMSS. Possible values are: - Any decimal value greater than zero. Example: 0.01538 -1 – indicates default price to be up-to on-demand. You can set the maxPrice to -1 to indicate that the Azure Spot VM/VMSS should not be evicted for price reasons. Also, the default max price is -1 if it is not provided by you. Minimum api-version: 2019-03-01. |
int |
BootDiagnostics
Name | Description | Value |
---|---|---|
enabled | Whether boot diagnostics should be enabled on the Virtual Machine. | bool |
storageUri | Uri of the storage account to use for placing the console output and screenshot. If storageUri is not specified while enabling boot diagnostics, managed storage will be used. | string |
CapacityReservationProfile
Name | Description | Value |
---|---|---|
capacityReservationGroup | Specifies the capacity reservation group resource id that should be used for allocating the virtual machine or scaleset vm instances provided enough capacity has been reserved. Please refer to https://aka.ms/CapacityReservation for more details. | SubResource |
DiagnosticsProfile
Name | Description | Value |
---|---|---|
bootDiagnostics | Boot Diagnostics is a debugging feature which allows you to view Console Output and Screenshot to diagnose VM status. NOTE: If storageUri is being specified then ensure that the storage account is in the same region and subscription as the VM. You can easily view the output of your console log. Azure also enables you to see a screenshot of the VM from the hypervisor. | BootDiagnostics |
DiffDiskSettings
Name | Description | Value |
---|---|---|
option | Specifies the ephemeral disk settings for operating system disk. | 'Local' |
placement | Specifies the ephemeral disk placement for operating system disk. Possible values are: CacheDisk, ResourceDisk, NvmeDisk. The defaulting behavior is: CacheDisk if one is configured for the VM size otherwise ResourceDisk or NvmeDisk is used. Refer to the VM size documentation for Windows VM at /azure/virtual-machines/windows/sizes and Linux VM at /azure/virtual-machines/linux/sizes to check which VM sizes exposes a cache disk. Minimum api-version for NvmeDisk: 2024-03-01. | 'CacheDisk' 'NvmeDisk' 'ResourceDisk' |
DiskEncryptionSetParameters
Name | Description | Value |
---|---|---|
id | Resource Id | string |
EncryptionIdentity
Name | Description | Value |
---|---|---|
userAssignedIdentityResourceId | Specifies ARM Resource ID of one of the user identities associated with the VM. | string |
EventGridAndResourceGraph
Name | Description | Value |
---|---|---|
enable | Specifies if event grid and resource graph is enabled for Scheduled event related configurations. | bool |
ExtendedLocation
Name | Description | Value |
---|---|---|
name | The name of the extended ___location. | string |
type | The type of the extended ___location. | 'EdgeZone' |
HostEndpointSettings
Name | Description | Value |
---|---|---|
inVMAccessControlProfileReferenceId | Specifies the InVMAccessControlProfileVersion resource id in the format of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/inVMAccessControlProfiles/{profile}/versions/{version} | string |
mode | Specifies the execution mode. In Audit mode, the system acts as if it is enforcing the access control policy, including emitting access denial entries in the logs but it does not actually deny any requests to host endpoints. In Enforce mode, the system will enforce the access control and it is the recommended mode of operation. | 'Audit' 'Disabled' 'Enforce' |
ImageReference
Name | Description | Value |
---|---|---|
communityGalleryImageId | Specified the community gallery image unique id for vm deployment. This can be fetched from community gallery image GET call. | string |
id | Resource Id | string |
offer | Specifies the offer of the platform image or marketplace image used to create the virtual machine. | string |
publisher | The image publisher. | string |
sharedGalleryImageId | Specified the shared gallery image unique id for vm deployment. This can be fetched from shared gallery image GET call. | string |
sku | The image SKU. | string |
version | Specifies the version of the platform image or marketplace image used to create the virtual machine. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available. Please do not use field 'version' for gallery image deployment, gallery image should always use 'id' field for deployment, to use 'latest' version of gallery image, just set '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/images/{imageName}' in the 'id' field without version input. | string |
KeyVaultSecretReference
Name | Description | Value |
---|---|---|
secretUrl | The URL referencing a secret in a Key Vault. | string (required) |
sourceVault | The relative URL of the Key Vault containing the secret. | SubResource (required) |
LinuxConfiguration
Name | Description | Value |
---|---|---|
disablePasswordAuthentication | Specifies whether password authentication should be disabled. | bool |
enableVMAgentPlatformUpdates | Indicates whether VMAgent Platform Updates is enabled for the Linux virtual machine. Default value is false. | bool |
patchSettings | [Preview Feature] Specifies settings related to VM Guest Patching on Linux. | LinuxPatchSettings |
provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. | bool |
ssh | Specifies the ssh key configuration for a Linux OS. | SshConfiguration |
LinuxPatchSettings
Name | Description | Value |
---|---|---|
assessmentMode | Specifies the mode of VM Guest Patch Assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. |
'AutomaticByPlatform' 'ImageDefault' |
automaticByPlatformSettings | Specifies additional settings for patch mode AutomaticByPlatform in VM Guest Patching on Linux. | LinuxVMGuestPatchAutomaticByPlatformSettings |
patchMode | Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: ImageDefault - The virtual machine's default patching configuration is used. AutomaticByPlatform - The virtual machine will be automatically updated by the platform. The property provisionVMAgent must be true |
'AutomaticByPlatform' 'ImageDefault' |
LinuxVMGuestPatchAutomaticByPlatformSettings
Name | Description | Value |
---|---|---|
bypassPlatformSafetyChecksOnUserSchedule | Enables customer to schedule patching without accidental upgrades | bool |
rebootSetting | Specifies the reboot setting for all AutomaticByPlatform patch installation operations. | 'Always' 'IfRequired' 'Never' 'Unknown' |
OSImageNotificationProfile
Name | Description | Value |
---|---|---|
enable | Specifies whether the OS Image Scheduled event is enabled or disabled. | bool |
notBeforeTimeout | Length of time a Virtual Machine being reimaged or having its OS upgraded will have to potentially approve the OS Image Scheduled Event before the event is auto approved (timed out). The configuration is specified in ISO 8601 format, and the value must be 15 minutes (PT15M) | string |
PatchSettings
Name | Description | Value |
---|---|---|
assessmentMode | Specifies the mode of VM Guest patch assessment for the IaaS virtual machine. Possible values are: ImageDefault - You control the timing of patch assessments on a virtual machine. AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. |
'AutomaticByPlatform' 'ImageDefault' |
automaticByPlatformSettings | Specifies additional settings for patch mode AutomaticByPlatform in VM Guest Patching on Windows. | WindowsVMGuestPatchAutomaticByPlatformSettings |
enableHotpatching | Enables customers to patch their Azure VMs without requiring a reboot. For enableHotpatching, the 'provisionVMAgent' must be set to true and 'patchMode' must be set to 'AutomaticByPlatform'. | bool |
patchMode | Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. Possible values are: Manual - You control the application of patches to a virtual machine. You do this by applying patches manually inside the VM. In this mode, automatic updates are disabled; the property WindowsConfiguration.enableAutomaticUpdates must be false AutomaticByOS - The virtual machine will automatically be updated by the OS. The property WindowsConfiguration.enableAutomaticUpdates must be true. AutomaticByPlatform - the virtual machine will automatically updated by the platform. The properties provisionVMAgent and WindowsConfiguration.enableAutomaticUpdates must be true |
'AutomaticByOS' 'AutomaticByPlatform' 'Manual' |
Plan
Name | Description | Value |
---|---|---|
name | The plan ID. | string |
product | Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. | string |
promotionCode | The promotion code. | string |
publisher | The publisher ID. | string |
PriorityMixPolicy
Name | Description | Value |
---|---|---|
baseRegularPriorityCount | The base number of regular priority VMs that will be created in this scale set as it scales out. | int |
regularPriorityPercentageAboveBase | The percentage of VM instances, after the base regular priority count has been reached, that are expected to use regular priority. | int Constraints: Max value = 100 |
ProxyAgentSettings
Name | Description | Value |
---|---|---|
enabled | Specifies whether ProxyAgent feature should be enabled on the virtual machine or virtual machine scale set. | bool |
imds | Specifies the IMDS endpoint settings while creating the virtual machine or virtual machine scale set. Minimum api-version: 2024-03-01. | HostEndpointSettings |
keyIncarnationId | Increase the value of this property allows users to reset the key used for securing communication channel between guest and host. | int |
mode | Specifies the mode that ProxyAgent will execute on. Warning: this property has been deprecated, please specify 'mode' under particular hostendpoint setting. | 'Audit' 'Enforce' |
wireServer | Specifies the Wire Server endpoint settings while creating the virtual machine or virtual machine scale set. Minimum api-version: 2024-03-01. | HostEndpointSettings |
PublicIPAddressSku
Name | Description | Value |
---|---|---|
name | Specify public IP sku name | 'Basic' 'Standard' |
tier | Specify public IP sku tier | 'Global' 'Regional' |
ResiliencyPolicy
Name | Description | Value |
---|---|---|
automaticZoneRebalancingPolicy | The configuration parameters used while performing automatic AZ balancing. | AutomaticZoneRebalancingPolicy |
resilientVMCreationPolicy | The configuration parameters used while performing resilient VM creation. | ResilientVMCreationPolicy |
resilientVMDeletionPolicy | The configuration parameters used while performing resilient VM deletion. | ResilientVMDeletionPolicy |
ResilientVMCreationPolicy
Name | Description | Value |
---|---|---|
enabled | Specifies whether resilient VM creation should be enabled on the virtual machine scale set. The default value is false. | bool |
ResilientVMDeletionPolicy
Name | Description | Value |
---|---|---|
enabled | Specifies whether resilient VM deletion should be enabled on the virtual machine scale set. The default value is false. | bool |
RollingUpgradePolicy
Name | Description | Value |
---|---|---|
enableCrossZoneUpgrade | Allow VMSS to ignore AZ boundaries when constructing upgrade batches. Take into consideration the Update Domain and maxBatchInstancePercent to determine the batch size. | bool |
maxBatchInstancePercent | The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. The default value for this parameter is 20%. | int Constraints: Min value = 5 Max value = 100 |
maxSurge | Create new virtual machines to upgrade the scale set, rather than updating the existing virtual machines. Existing virtual machines will be deleted once the new virtual machines are created for each batch. | bool |
maxUnhealthyInstancePercent | The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. The default value for this parameter is 20%. | int Constraints: Min value = 5 Max value = 100 |
maxUnhealthyUpgradedInstancePercent | The maximum percentage of upgraded virtual machine instances that can be found to be in an unhealthy state. This check will happen after each batch is upgraded. If this percentage is ever exceeded, the rolling update aborts. The default value for this parameter is 20%. | int Constraints: Max value = 100 |
pauseTimeBetweenBatches | The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. The default value is 0 seconds (PT0S). | string |
prioritizeUnhealthyInstances | Upgrade all unhealthy instances in a scale set before any healthy instances. | bool |
rollbackFailedInstancesOnPolicyBreach | Rollback failed instances to previous model if the Rolling Upgrade policy is violated. | bool |
ScaleInPolicy
Name | Description | Value |
---|---|---|
forceDeletion | This property allows you to specify if virtual machines chosen for removal have to be force deleted when a virtual machine scale set is being scaled-in.(Feature in Preview) | bool |
prioritizeUnhealthyVMs | This property allows you to prioritize the deletion of unhealthy and inactive VMs when a virtual machine scale set is being scaled-in.(Feature in Preview) | bool |
rules | The rules to be followed when scaling-in a virtual machine scale set. Possible values are: Default When a virtual machine scale set is scaled in, the scale set will first be balanced across zones if it is a zonal scale set. Then, it will be balanced across Fault Domains as far as possible. Within each Fault Domain, the virtual machines chosen for removal will be the newest ones that are not protected from scale-in. OldestVM When a virtual machine scale set is being scaled-in, the oldest virtual machines that are not protected from scale-in will be chosen for removal. For zonal virtual machine scale sets, the scale set will first be balanced across zones. Within each zone, the oldest virtual machines that are not protected will be chosen for removal. NewestVM When a virtual machine scale set is being scaled-in, the newest virtual machines that are not protected from scale-in will be chosen for removal. For zonal virtual machine scale sets, the scale set will first be balanced across zones. Within each zone, the newest virtual machines that are not protected will be chosen for removal. |
String array containing any of: 'Default' 'NewestVM' 'OldestVM' |
ScheduledEventsAdditionalPublishingTargets
Name | Description | Value |
---|---|---|
eventGridAndResourceGraph | The configuration parameters used while creating eventGridAndResourceGraph Scheduled Event setting. | EventGridAndResourceGraph |
ScheduledEventsPolicy
Name | Description | Value |
---|---|---|
scheduledEventsAdditionalPublishingTargets | The configuration parameters used while publishing scheduledEventsAdditionalPublishingTargets. | ScheduledEventsAdditionalPublishingTargets |
userInitiatedReboot | The configuration parameters used while creating userInitiatedReboot scheduled event setting creation. | UserInitiatedReboot |
userInitiatedRedeploy | The configuration parameters used while creating userInitiatedRedeploy scheduled event setting creation. | UserInitiatedRedeploy |
ScheduledEventsProfile
Name | Description | Value |
---|---|---|
osImageNotificationProfile | Specifies OS Image Scheduled Event related configurations. | OSImageNotificationProfile |
terminateNotificationProfile | Specifies Terminate Scheduled Event related configurations. | TerminateNotificationProfile |
SecurityPostureReference
Name | Description | Value |
---|---|---|
excludeExtensions | The list of virtual machine extension names to exclude when applying the security posture. | string[] |
id | The security posture reference id in the form of /CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|latest | string (required) |
isOverridable | Whether the security posture can be overridden by the user. | bool |
SecurityProfile
Name | Description | Value |
---|---|---|
encryptionAtHost | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. The default behavior is: The Encryption at host will be disabled unless this property is set to true for the resource. | bool |
encryptionIdentity | Specifies the Managed Identity used by ADE to get access token for keyvault operations. | EncryptionIdentity |
proxyAgentSettings | Specifies ProxyAgent settings while creating the virtual machine. Minimum api-version: 2023-09-01. | ProxyAgentSettings |
securityType | Specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UefiSettings. The default behavior is: UefiSettings will not be enabled unless this property is set. | 'ConfidentialVM' 'TrustedLaunch' |
uefiSettings | Specifies the security settings like secure boot and vTPM used while creating the virtual machine. Minimum api-version: 2020-12-01. | UefiSettings |
ServiceArtifactReference
Name | Description | Value |
---|---|---|
id | The service artifact reference id in the form of /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/galleries/{galleryName}/serviceArtifacts/{serviceArtifactName}/vmArtifactsProfiles/{vmArtifactsProfilesName} | string |
Sku
Name | Description | Value |
---|---|---|
capacity | Specifies the number of virtual machines in the scale set. | int |
name | The sku name. | string |
tier | Specifies the tier of virtual machines in a scale set. Possible Values: Standard Basic |
string |
SkuProfile
Name | Description | Value |
---|---|---|
allocationStrategy | Specifies the allocation strategy for the virtual machine scale set based on which the VMs will be allocated. | 'CapacityOptimized' 'LowestPrice' 'Prioritized' |
vmSizes | Specifies the VM sizes for the virtual machine scale set. | SkuProfileVMSize[] |
SkuProfileVMSize
Name | Description | Value |
---|---|---|
name | Specifies the name of the VM Size. | string |
rank | Specifies the rank (a.k.a priority) associated with the VM Size. | int |
SpotRestorePolicy
Name | Description | Value |
---|---|---|
enabled | Enables the Spot-Try-Restore feature where evicted VMSS SPOT instances will be tried to be restored opportunistically based on capacity availability and pricing constraints | bool |
restoreTimeout | Timeout value expressed as an ISO 8601 time duration after which the platform will not try to restore the VMSS SPOT instances | string |
SshConfiguration
Name | Description | Value |
---|---|---|
publicKeys | The list of SSH public keys used to authenticate with linux based VMs. | SshPublicKey[] |
SshPublicKey
Name | Description | Value |
---|---|---|
keyData | SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format. For creating ssh keys, see [Create SSH keys on Linux and Mac for Linux VMs in Azure]/azure/virtual-machines/linux/create-ssh-keys-detailed). | string |
path | Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys | string |
SubResource
Name | Description | Value |
---|---|---|
id | Resource Id | string |
TerminateNotificationProfile
Name | Description | Value |
---|---|---|
enable | Specifies whether the Terminate Scheduled event is enabled or disabled. | bool |
notBeforeTimeout | Configurable length of time a Virtual Machine being deleted will have to potentially approve the Terminate Scheduled Event before the event is auto approved (timed out). The configuration must be specified in ISO 8601 format, the default value is 5 minutes (PT5M) | string |
TrackedResourceTags
Name | Description | Value |
---|
UefiSettings
Name | Description | Value |
---|---|---|
secureBootEnabled | Specifies whether secure boot should be enabled on the virtual machine. Minimum api-version: 2020-12-01. | bool |
vTpmEnabled | Specifies whether vTPM should be enabled on the virtual machine. Minimum api-version: 2020-12-01. | bool |
UpgradePolicy
Name | Description | Value |
---|---|---|
automaticOSUpgradePolicy | Configuration parameters used for performing automatic OS Upgrade. | AutomaticOSUpgradePolicy |
mode | Specifies the mode of an upgrade to virtual machines in the scale set. Possible values are: Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. Automatic - All virtual machines in the scale set are automatically updated at the same time. |
'Automatic' 'Manual' 'Rolling' |
rollingUpgradePolicy | The configuration parameters used while performing a rolling upgrade. | RollingUpgradePolicy |
UserAssignedIdentitiesValue
Name | Description | Value |
---|
UserInitiatedReboot
Name | Description | Value |
---|---|---|
automaticallyApprove | Specifies Reboot Scheduled Event related configurations. | bool |
UserInitiatedRedeploy
Name | Description | Value |
---|---|---|
automaticallyApprove | Specifies Redeploy Scheduled Event related configurations. | bool |
VaultCertificate
Name | Description | Value |
---|---|---|
certificateStore | For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account. For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted. | string |
certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"<Base64-encoded-certificate>", "dataType":"pfx", "password":"<pfx-file-password>" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
string |
VaultSecretGroup
Name | Description | Value |
---|---|---|
sourceVault | The relative URL of the Key Vault containing all of the certificates in VaultCertificates. | SubResource |
vaultCertificates | The list of key vault references in SourceVault which contain certificates. | VaultCertificate[] |
VirtualHardDisk
Name | Description | Value |
---|---|---|
uri | Specifies the virtual hard disk's uri. | string |
VirtualMachineScaleSetDataDisk
Name | Description | Value |
---|---|---|
caching | Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The default values are: None for Standard storage. ReadOnly for Premium storage. | 'None' 'ReadOnly' 'ReadWrite' |
createOption | The create option. | 'Attach' 'Copy' 'Empty' 'FromImage' 'Restore' (required) |
deleteOption | Specifies whether data disk should be deleted or detached upon VMSS Flex deletion (This feature is available for VMSS with Flexible OrchestrationMode only). Possible values: Delete If this value is used, the data disk is deleted when the VMSS Flex VM is deleted. Detach If this value is used, the data disk is retained after VMSS Flex VM is deleted. The default value is set to Delete. |
'Delete' 'Detach' |
diskIOPSReadWrite | Specifies the Read-Write IOPS for the managed disk. Should be used only when StorageAccountType is UltraSSD_LRS. If not specified, a default value would be assigned based on diskSizeGB. | int |
diskMBpsReadWrite | Specifies the bandwidth in MB per second for the managed disk. Should be used only when StorageAccountType is UltraSSD_LRS. If not specified, a default value would be assigned based on diskSizeGB. | int |
diskSizeGB | Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property diskSizeGB is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023. | int |
lun | Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. | int (required) |
managedDisk | The managed disk parameters. | VirtualMachineScaleSetManagedDiskParameters |
name | The disk name. | string |
writeAcceleratorEnabled | Specifies whether writeAccelerator should be enabled or disabled on the disk. | bool |
VirtualMachineScaleSetExtension
Name | Description | Value |
---|---|---|
name | Resource name | string |
properties | Describes the properties of a Virtual Machine Scale Set Extension. | VirtualMachineScaleSetExtensionProperties |
VirtualMachineScaleSetExtensionProfile
Name | Description | Value |
---|---|---|
extensions | The virtual machine scale set child extension resources. | VirtualMachineScaleSetExtension[] |
extensionsTimeBudget | Specifies the time alloted for all extensions to start. The time duration should be between 15 minutes and 120 minutes (inclusive) and should be specified in ISO 8601 format. The default value is 90 minutes (PT1H30M). Minimum api-version: 2020-06-01. | string |
VirtualMachineScaleSetExtensionProperties
Name | Description | Value |
---|---|---|
autoUpgradeMinorVersion | Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. | bool |
enableAutomaticUpgrade | Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. | bool |
forceUpdateTag | If a value is provided and is different from the previous value, the extension handler will be forced to update even if the extension configuration has not changed. | string |
protectedSettings | The extension can contain either protectedSettings or protectedSettingsFromKeyVault or no protected settings at all. | any |
protectedSettingsFromKeyVault | The extensions protected settings that are passed by reference, and consumed from key vault | KeyVaultSecretReference |
provisionAfterExtensions | Collection of extension names after which this extension needs to be provisioned. | string[] |
publisher | The name of the extension handler publisher. | string |
settings | Json formatted public settings for the extension. | any |
suppressFailures | Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. | bool |
type | Specifies the type of the extension; an example is "CustomScriptExtension". | string |
typeHandlerVersion | Specifies the version of the script handler. | string |
VirtualMachineScaleSetHardwareProfile
Name | Description | Value |
---|---|---|
vmSizeProperties | Specifies the properties for customizing the size of the virtual machine. Minimum api-version: 2021-11-01. Please follow the instructions in VM Customization for more details. | VMSizeProperties |
VirtualMachineScaleSetIdentity
Name | Description | Value |
---|---|---|
type | The type of identity used for the virtual machine scale set. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine scale set. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
userAssignedIdentities | The list of user identities associated with the virtual machine scale set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | VirtualMachineScaleSetIdentityUserAssignedIdentities |
VirtualMachineScaleSetIdentityUserAssignedIdentities
Name | Description | Value |
---|
VirtualMachineScaleSetIPConfiguration
Name | Description | Value |
---|---|---|
name | The IP configuration name. | string (required) |
properties | Describes a virtual machine scale set network profile's IP configuration properties. | VirtualMachineScaleSetIPConfigurationProperties |
VirtualMachineScaleSetIPConfigurationProperties
Name | Description | Value |
---|---|---|
applicationGatewayBackendAddressPools | Specifies an array of references to backend address pools of application gateways. A scale set can reference backend address pools of multiple application gateways. Multiple scale sets cannot use the same application gateway. | SubResource[] |
applicationSecurityGroups | Specifies an array of references to application security group. | SubResource[] |
loadBalancerBackendAddressPools | Specifies an array of references to backend address pools of load balancers. A scale set can reference backend address pools of one public and one internal load balancer. Multiple scale sets cannot use the same basic sku load balancer. | SubResource[] |
loadBalancerInboundNatPools | Specifies an array of references to inbound Nat pools of the load balancers. A scale set can reference inbound nat pools of one public and one internal load balancer. Multiple scale sets cannot use the same basic sku load balancer. | SubResource[] |
primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
privateIPAddressVersion | Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | 'IPv4' 'IPv6' |
publicIPAddressConfiguration | The publicIPAddressConfiguration. | VirtualMachineScaleSetPublicIPAddressConfiguration |
subnet | Specifies the identifier of the subnet. | ApiEntityReference |
VirtualMachineScaleSetIpTag
Name | Description | Value |
---|---|---|
ipTagType | IP tag type. Example: FirstPartyUsage. | string |
tag | IP tag associated with the public IP. Example: SQL, Storage etc. | string |
VirtualMachineScaleSetManagedDiskParameters
Name | Description | Value |
---|---|---|
diskEncryptionSet | Specifies the customer managed disk encryption set resource id for the managed disk. | DiskEncryptionSetParameters |
securityProfile | Specifies the security profile for the managed disk. | VMDiskSecurityProfile |
storageAccountType | Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. | 'PremiumV2_LRS' 'Premium_LRS' 'Premium_ZRS' 'StandardSSD_LRS' 'StandardSSD_ZRS' 'Standard_LRS' 'UltraSSD_LRS' |
VirtualMachineScaleSetNetworkConfiguration
Name | Description | Value |
---|---|---|
name | The network configuration name. | string (required) |
properties | Describes a virtual machine scale set network profile's IP configuration. | VirtualMachineScaleSetNetworkConfigurationProperties |
VirtualMachineScaleSetNetworkConfigurationDnsSettings
Name | Description | Value |
---|---|---|
dnsServers | List of DNS servers IP addresses | string[] |
VirtualMachineScaleSetNetworkConfigurationProperties
Name | Description | Value |
---|---|---|
auxiliaryMode | Specifies whether the Auxiliary mode is enabled for the Network Interface resource. | 'AcceleratedConnections' 'Floating' 'None' |
auxiliarySku | Specifies whether the Auxiliary sku is enabled for the Network Interface resource. | 'A1' 'A2' 'A4' 'A8' 'None' |
deleteOption | Specify what happens to the network interface when the VM is deleted | 'Delete' 'Detach' |
disableTcpStateTracking | Specifies whether the network interface is disabled for tcp state tracking. | bool |
dnsSettings | The dns settings to be applied on the network interfaces. | VirtualMachineScaleSetNetworkConfigurationDnsSettings |
enableAcceleratedNetworking | Specifies whether the network interface is accelerated networking-enabled. | bool |
enableFpga | Specifies whether the network interface is FPGA networking-enabled. | bool |
enableIPForwarding | Whether IP forwarding enabled on this NIC. | bool |
ipConfigurations | Specifies the IP configurations of the network interface. | VirtualMachineScaleSetIPConfiguration[] (required) |
networkSecurityGroup | The network security group. | SubResource |
primary | Specifies the primary network interface in case the virtual machine has more than 1 network interface. | bool |
VirtualMachineScaleSetNetworkProfile
Name | Description | Value |
---|---|---|
healthProbe | A reference to a load balancer probe used to determine the health of an instance in the virtual machine scale set. The reference will be in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/loadBalancers/{loadBalancerName}/probes/{probeName}'. | ApiEntityReference |
networkApiVersion | specifies the Microsoft.Network API version used when creating networking resources in the Network Interface Configurations for Virtual Machine Scale Set with orchestration mode 'Flexible' | '2020-11-01' '2022-11-01' |
networkInterfaceConfigurations | The list of network configurations. | VirtualMachineScaleSetNetworkConfiguration[] |
VirtualMachineScaleSetOSDisk
Name | Description | Value |
---|---|---|
caching | Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The default values are: None for Standard storage. ReadOnly for Premium storage. | 'None' 'ReadOnly' 'ReadWrite' |
createOption | Specifies how the virtual machines in the scale set should be created. The only allowed value is: FromImage. This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described. | 'Attach' 'Copy' 'Empty' 'FromImage' 'Restore' (required) |
deleteOption | Specifies whether OS Disk should be deleted or detached upon VMSS Flex deletion (This feature is available for VMSS with Flexible OrchestrationMode only). Possible values: Delete If this value is used, the OS disk is deleted when VMSS Flex VM is deleted. Detach If this value is used, the OS disk is retained after VMSS Flex VM is deleted. The default value is set to Delete. For an Ephemeral OS Disk, the default value is set to Delete. User cannot change the delete option for Ephemeral OS Disk. |
'Delete' 'Detach' |
diffDiskSettings | Specifies the ephemeral disk Settings for the operating system disk used by the virtual machine scale set. | DiffDiskSettings |
diskSizeGB | Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property 'diskSizeGB' is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023. | int |
image | Specifies information about the unmanaged user image to base the scale set on. | VirtualHardDisk |
managedDisk | The managed disk parameters. | VirtualMachineScaleSetManagedDiskParameters |
name | The disk name. | string |
osType | This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD. Possible values are: Windows, Linux. | 'Linux' 'Windows' |
vhdContainers | Specifies the container urls that are used to store operating system disks for the scale set. | string[] |
writeAcceleratorEnabled | Specifies whether writeAccelerator should be enabled or disabled on the disk. | bool |
VirtualMachineScaleSetOSProfile
Name | Description | Value |
---|---|---|
adminPassword | Specifies the password of the administrator account. Minimum-length (Windows): 8 characters Minimum-length (Linux): 6 characters Max-length (Windows): 123 characters Max-length (Linux): 72 characters Complexity requirements: 3 out of 4 conditions below need to be fulfilled Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_]) Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!" For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension |
string Constraints: Sensitive value. Pass in as a secure parameter. |
adminUsername | Specifies the name of the administrator account. Windows-only restriction: Cannot end in "." Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". Minimum-length (Linux): 1 character Max-length (Linux): 64 characters Max-length (Windows): 20 characters |
string |
allowExtensionOperations | Specifies whether extension operations should be allowed on the virtual machine scale set. This may only be set to False when no extensions are present on the virtual machine scale set. | bool |
computerNamePrefix | Specifies the computer name prefix for all of the virtual machines in the scale set. Computer name prefixes must be 1 to 15 characters long. | string |
customData | Specifies a base-64 encoded string of custom data. The base-64 encoded string is decoded to a binary array that is saved as a file on the Virtual Machine. The maximum length of the binary array is 65535 bytes. For using cloud-init for your VM, see Using cloud-init to customize a Linux VM during creation | string |
linuxConfiguration | Specifies the Linux operating system settings on the virtual machine. For a list of supported Linux distributions, see Linux on Azure-Endorsed Distributions. | LinuxConfiguration |
requireGuestProvisionSignal | Optional property which must either be set to True or omitted. | bool |
secrets | Specifies set of certificates that should be installed onto the virtual machines in the scale set. To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. | VaultSecretGroup[] |
windowsConfiguration | Specifies Windows operating system settings on the virtual machine. | WindowsConfiguration |
VirtualMachineScaleSetProperties
Name | Description | Value |
---|---|---|
additionalCapabilities | Specifies additional capabilities enabled or disabled on the Virtual Machines in the Virtual Machine Scale Set. For instance: whether the Virtual Machines have the capability to support attaching managed data disks with UltraSSD_LRS storage account type. | AdditionalCapabilities |
automaticRepairsPolicy | Policy for automatic repairs. | AutomaticRepairsPolicy |
constrainedMaximumCapacity | Optional property which must either be set to True or omitted. | bool |
doNotRunExtensionsOnOverprovisionedVMs | When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs. | bool |
hostGroup | Specifies information about the dedicated host group that the virtual machine scale set resides in. Minimum api-version: 2020-06-01. | SubResource |
orchestrationMode | Specifies the orchestration mode for the virtual machine scale set. | 'Flexible' 'Uniform' |
overprovision | Specifies whether the Virtual Machine Scale Set should be overprovisioned. | bool |
platformFaultDomainCount | Fault Domain count for each placement group. | int |
priorityMixPolicy | Specifies the desired targets for mixing Spot and Regular priority VMs within the same VMSS Flex instance. | PriorityMixPolicy |
proximityPlacementGroup | Specifies information about the proximity placement group that the virtual machine scale set should be assigned to. Minimum api-version: 2018-04-01. | SubResource |
resiliencyPolicy | Policy for Resiliency | ResiliencyPolicy |
scaleInPolicy | Specifies the policies applied when scaling in Virtual Machines in the Virtual Machine Scale Set. | ScaleInPolicy |
scheduledEventsPolicy | The ScheduledEventsPolicy. | ScheduledEventsPolicy |
singlePlacementGroup | When true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true. | bool |
skuProfile | Specifies the sku profile for the virtual machine scale set. | SkuProfile |
spotRestorePolicy | Specifies the Spot Restore properties for the virtual machine scale set. | SpotRestorePolicy |
upgradePolicy | The upgrade policy. | UpgradePolicy |
virtualMachineProfile | The virtual machine profile. | VirtualMachineScaleSetVMProfile |
zonalPlatformFaultDomainAlignMode | Specifies the align mode between Virtual Machine Scale Set compute and storage Fault Domain count. | 'Aligned' 'Unaligned' |
zoneBalance | Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage. zoneBalance property can only be set if the zones property of the scale set contains more than one zone. If there are no zones or only one zone specified, then zoneBalance property should not be set. | bool |
VirtualMachineScaleSetPublicIPAddressConfiguration
Name | Description | Value |
---|---|---|
name | The publicIP address configuration name. | string (required) |
properties | Describes a virtual machines scale set IP Configuration's PublicIPAddress configuration | VirtualMachineScaleSetPublicIPAddressConfigurationProperties |
sku | Describes the public IP Sku. It can only be set with OrchestrationMode as Flexible. | PublicIPAddressSku |
VirtualMachineScaleSetPublicIPAddressConfigurationDnsSettings
Name | Description | Value |
---|---|---|
domainNameLabel | The Domain name label.The concatenation of the ___domain name label and vm index will be the ___domain name labels of the PublicIPAddress resources that will be created | string (required) |
domainNameLabelScope | The Domain name label scope.The concatenation of the hashed ___domain name label that generated according to the policy from ___domain name label scope and vm index will be the ___domain name labels of the PublicIPAddress resources that will be created | 'NoReuse' 'ResourceGroupReuse' 'SubscriptionReuse' 'TenantReuse' |
VirtualMachineScaleSetPublicIPAddressConfigurationProperties
Name | Description | Value |
---|---|---|
deleteOption | Specify what happens to the public IP when the VM is deleted | 'Delete' 'Detach' |
dnsSettings | The dns settings to be applied on the publicIP addresses . | VirtualMachineScaleSetPublicIPAddressConfigurationDnsSettings |
idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
ipTags | The list of IP tags associated with the public IP address. | VirtualMachineScaleSetIpTag[] |
publicIPAddressVersion | Available from Api-Version 2019-07-01 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. | 'IPv4' 'IPv6' |
publicIPPrefix | The PublicIPPrefix from which to allocate publicIP addresses. | SubResource |
VirtualMachineScaleSetStorageProfile
Name | Description | Value |
---|---|---|
dataDisks | Specifies the parameters that are used to add data disks to the virtual machines in the scale set. For more information about disks, see About disks and VHDs for Azure virtual machines. | VirtualMachineScaleSetDataDisk[] |
diskControllerType | Specifies the disk controller type configured for the virtual machines in the scale set. Minimum api-version: 2022-08-01 | 'NVMe' 'SCSI' |
imageReference | Specifies information about the image to use. You can specify information about platform images, marketplace images, or virtual machine images. This element is required when you want to use a platform image, marketplace image, or virtual machine image, but is not used in other creation operations. | ImageReference |
osDisk | Specifies information about the operating system disk used by the virtual machines in the scale set. For more information about disks, see About disks and VHDs for Azure virtual machines. | VirtualMachineScaleSetOSDisk |
VirtualMachineScaleSetVMProfile
Name | Description | Value |
---|---|---|
applicationProfile | Specifies the gallery applications that should be made available to the VM/VMSS | ApplicationProfile |
billingProfile | Specifies the billing related details of a Azure Spot VMSS. Minimum api-version: 2019-03-01. | BillingProfile |
capacityReservation | Specifies the capacity reservation related details of a scale set. Minimum api-version: 2021-04-01. | CapacityReservationProfile |
diagnosticsProfile | Specifies the boot diagnostic settings state. Minimum api-version: 2015-06-15. | DiagnosticsProfile |
evictionPolicy | Specifies the eviction policy for the Azure Spot virtual machine and Azure Spot scale set. For Azure Spot virtual machines, both 'Deallocate' and 'Delete' are supported and the minimum api-version is 2019-03-01. For Azure Spot scale sets, both 'Deallocate' and 'Delete' are supported and the minimum api-version is 2017-10-30-preview. | 'Deallocate' 'Delete' |
extensionProfile | Specifies a collection of settings for extensions installed on virtual machines in the scale set. | VirtualMachineScaleSetExtensionProfile |
hardwareProfile | Specifies the hardware profile related details of a scale set. Minimum api-version: 2021-11-01. | VirtualMachineScaleSetHardwareProfile |
licenseType | Specifies that the image or disk that is being used was licensed on-premises. Possible values for Windows Server operating system are: Windows_Client Windows_Server Possible values for Linux Server operating system are: RHEL_BYOS (for RHEL) SLES_BYOS (for SUSE) For more information, see Azure Hybrid Use Benefit for Windows Server Azure Hybrid Use Benefit for Linux Server Minimum api-version: 2015-06-15 |
string |
networkProfile | Specifies properties of the network interfaces of the virtual machines in the scale set. | VirtualMachineScaleSetNetworkProfile |
osProfile | Specifies the operating system settings for the virtual machines in the scale set. | VirtualMachineScaleSetOSProfile |
priority | Specifies the priority for the virtual machines in the scale set. Minimum api-version: 2017-10-30-preview. | 'Low' 'Regular' 'Spot' |
scheduledEventsProfile | Specifies Scheduled Event related configurations. | ScheduledEventsProfile |
securityPostureReference | Specifies the security posture to be used in the scale set. Minimum api-version: 2023-03-01 | SecurityPostureReference |
securityProfile | Specifies the Security related profile settings for the virtual machines in the scale set. | SecurityProfile |
serviceArtifactReference | Specifies the service artifact reference id used to set same image version for all virtual machines in the scale set when using 'latest' image version. Minimum api-version: 2022-11-01 | ServiceArtifactReference |
storageProfile | Specifies the storage settings for the virtual machine disks. | VirtualMachineScaleSetStorageProfile |
userData | UserData for the virtual machines in the scale set, which must be base-64 encoded. Customer should not pass any secrets in here. Minimum api-version: 2021-03-01. | string |
VMDiskSecurityProfile
Name | Description | Value |
---|---|---|
diskEncryptionSet | Specifies the customer managed disk encryption set resource id for the managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and VMGuest blob. | DiskEncryptionSetParameters |
securityEncryptionType | Specifies the EncryptionType of the managed disk. It is set to DiskWithVMGuestState for encryption of the managed disk along with VMGuestState blob, VMGuestStateOnly for encryption of just the VMGuestState blob, and NonPersistedTPM for not persisting firmware state in the VMGuestState blob.. Note: It can be set for only Confidential VMs. | 'DiskWithVMGuestState' 'NonPersistedTPM' 'VMGuestStateOnly' |
VMGalleryApplication
Name | Description | Value |
---|---|---|
configurationReference | Optional, Specifies the uri to an azure blob that will replace the default configuration for the package if provided | string |
enableAutomaticUpgrade | If set to true, when a new Gallery Application version is available in PIR/SIG, it will be automatically updated for the VM/VMSS | bool |
order | Optional, Specifies the order in which the packages have to be installed | int |
packageReferenceId | Specifies the GalleryApplicationVersion resource id on the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/applications/{application}/versions/{version} | string (required) |
tags | Optional, Specifies a passthrough value for more generic context. | string |
treatFailureAsDeploymentFailure | Optional, If true, any failure for any operation in the VmApplication will fail the deployment | bool |
VMSizeProperties
Name | Description | Value |
---|---|---|
vCPUsAvailable | Specifies the number of vCPUs available for the VM. When this property is not specified in the request body the default behavior is to set it to the value of vCPUs available for that VM size exposed in api response of List all available virtual machine sizes in a region. | int |
vCPUsPerCore | Specifies the vCPU to physical core ratio. When this property is not specified in the request body the default behavior is set to the value of vCPUsPerCore for the VM Size exposed in api response of List all available virtual machine sizes in a region. Setting this property to 1 also means that hyper-threading is disabled. | int |
WindowsConfiguration
Name | Description | Value |
---|---|---|
additionalUnattendContent | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. | AdditionalUnattendContent[] |
enableAutomaticUpdates | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. | bool |
patchSettings | [Preview Feature] Specifies settings related to VM Guest Patching on Windows. | PatchSettings |
provisionVMAgent | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, it is set to true by default. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. | bool |
timeZone | Specifies the time zone of the virtual machine. e.g. "Pacific Standard Time". Possible values can be TimeZoneInfo.Id value from time zones returned by TimeZoneInfo.GetSystemTimeZones. | string |
winRM | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. | WinRMConfiguration |
WindowsVMGuestPatchAutomaticByPlatformSettings
Name | Description | Value |
---|---|---|
bypassPlatformSafetyChecksOnUserSchedule | Enables customer to schedule patching without accidental upgrades | bool |
rebootSetting | Specifies the reboot setting for all AutomaticByPlatform patch installation operations. | 'Always' 'IfRequired' 'Never' 'Unknown' |
WinRMConfiguration
Name | Description | Value |
---|---|---|
listeners | The list of Windows Remote Management listeners | WinRMListener[] |
WinRMListener
Name | Description | Value |
---|---|---|
certificateUrl | This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be the Base64 encoding of the following JSON Object which is encoded in UTF-8: { "data":"<Base64-encoded-certificate>", "dataType":"pfx", "password":"<pfx-file-password>" } To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. |
string |
protocol | Specifies the protocol of WinRM listener. Possible values are: http, https. | 'Http' 'Https' |
Usage Examples
Terraform Samples
A basic example of deploying Virtual Machine scale set.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
}
}
}
provider "azapi" {
skip_provider_registration = false
}
variable "resource_name" {
type = string
default = "acctest0001"
}
variable "___location" {
type = string
default = "westeurope"
}
resource "azapi_resource" "resourceGroup" {
type = "Microsoft.Resources/resourceGroups@2020-06-01"
name = var.resource_name
___location = var.___location
}
resource "azapi_resource" "virtualNetwork" {
type = "Microsoft.Network/virtualNetworks@2022-07-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
___location = var.___location
body = {
properties = {
addressSpace = {
addressPrefixes = [
"10.0.0.0/16",
]
}
dhcpOptions = {
dnsServers = [
]
}
subnets = [
]
}
}
schema_validation_enabled = false
response_export_values = ["*"]
lifecycle {
ignore_changes = [body.properties.subnets]
}
}
resource "azapi_resource" "subnet" {
type = "Microsoft.Network/virtualNetworks/subnets@2022-07-01"
parent_id = azapi_resource.virtualNetwork.id
name = "internal"
body = {
properties = {
addressPrefix = "10.0.2.0/24"
delegations = [
]
privateEndpointNetworkPolicies = "Enabled"
privateLinkServiceNetworkPolicies = "Enabled"
serviceEndpointPolicies = [
]
serviceEndpoints = [
]
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "virtualMachineScaleSet" {
type = "Microsoft.Compute/virtualMachineScaleSets@2023-03-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
___location = var.___location
body = {
properties = {
additionalCapabilities = {
}
doNotRunExtensionsOnOverprovisionedVMs = false
orchestrationMode = "Uniform"
overprovision = true
scaleInPolicy = {
forceDeletion = false
rules = [
"Default",
]
}
singlePlacementGroup = true
upgradePolicy = {
mode = "Manual"
}
virtualMachineProfile = {
diagnosticsProfile = {
bootDiagnostics = {
enabled = false
storageUri = ""
}
}
extensionProfile = {
extensionsTimeBudget = "PT1H30M"
}
networkProfile = {
networkInterfaceConfigurations = [
{
name = "example"
properties = {
dnsSettings = {
dnsServers = [
]
}
enableAcceleratedNetworking = false
enableIPForwarding = false
ipConfigurations = [
{
name = "internal"
properties = {
applicationGatewayBackendAddressPools = [
]
applicationSecurityGroups = [
]
loadBalancerBackendAddressPools = [
]
loadBalancerInboundNatPools = [
]
primary = true
privateIPAddressVersion = "IPv4"
subnet = {
id = azapi_resource.subnet.id
}
}
},
]
primary = true
}
},
]
}
osProfile = {
adminUsername = "adminuser"
computerNamePrefix = var.resource_name
linuxConfiguration = {
disablePasswordAuthentication = true
provisionVMAgent = true
ssh = {
publicKeys = [
{
keyData = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+wWK73dCr+jgQOAxNsHAnNNNMEMWOHYEccp6wJm2gotpr9katuF/ZAdou5AaW1C61slRkHRkpRRX9FA9CYBiitZgvCCz+3nWNN7l/Up54Zps/pHWGZLHNJZRYyAB6j5yVLMVHIHriY49d/GZTZVNB8GoJv9Gakwc/fuEZYYl4YDFiGMBP///TzlI4jhiJzjKnEvqPFki5p2ZRJqcbCiF4pJrxUQR/RXqVFQdbRLZgYfJ8xGB878RENq3yQ39d8dVOkq4edbkzwcUmwwwkYVPIoDGsYLaRHnG+To7FvMeyO7xDVQkMKzopTQV8AuKpyvpqu0a9pWOMaiCyDytO7GGN you@me.com"
path = "/home/adminuser/.ssh/authorized_keys"
},
]
}
}
secrets = [
]
}
priority = "Regular"
storageProfile = {
dataDisks = [
]
imageReference = {
offer = "UbuntuServer"
publisher = "Canonical"
sku = "16.04-LTS"
version = "latest"
}
osDisk = {
caching = "ReadWrite"
createOption = "FromImage"
managedDisk = {
storageAccountType = "Standard_LRS"
}
osType = "Linux"
writeAcceleratorEnabled = false
}
}
}
}
sku = {
capacity = 1
name = "Standard_F2"
tier = "Standard"
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
Module | Description |
---|---|
Virtual Machine Scale Set | AVM Resource Module for Virtual Machine Scale Set |