The azure-native:compute:VirtualMachine resource, part of the Pulumi Azure Native provider, defines an Azure Virtual Machine: its compute size, OS image, storage, networking, and security configuration. This guide focuses on four capabilities: custom and gallery image deployment, security features (Trusted Launch, Confidential VMs, encryption), patch management and scheduled events, and application deployment via Gallery Applications.
VMs require network interfaces, may reference custom images or encryption sets, and can be placed in availability sets or scale sets. The examples are intentionally small. Combine them with your own networking, security, and placement infrastructure.
Deploy from a custom managed image
Teams often capture generalized VM images for reuse across environments, packaging OS configuration and application state into reusable templates.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualMachine = new azure_native.compute.VirtualMachine("virtualMachine", {
hardwareProfile: {
vmSize: azure_native.compute.VirtualMachineSizeTypes.Standard_D1_v2,
},
location: "westus",
networkProfile: {
networkInterfaces: [{
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}",
primary: true,
}],
},
osProfile: {
adminPassword: "{your-password}",
adminUsername: "{your-username}",
computerName: "myVM",
},
resourceGroupName: "myResourceGroup",
storageProfile: {
imageReference: {
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/images/{existing-custom-image-name}",
},
osDisk: {
caching: azure_native.compute.CachingTypes.ReadWrite,
createOption: azure_native.compute.DiskCreateOptionTypes.FromImage,
managedDisk: {
storageAccountType: azure_native.compute.StorageAccountTypes.Standard_LRS,
},
name: "myVMosdisk",
},
},
vmName: "myVM",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_machine = azure_native.compute.VirtualMachine("virtualMachine",
hardware_profile={
"vm_size": azure_native.compute.VirtualMachineSizeTypes.STANDARD_D1_V2,
},
location="westus",
network_profile={
"network_interfaces": [{
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}",
"primary": True,
}],
},
os_profile={
"admin_password": "{your-password}",
"admin_username": "{your-username}",
"computer_name": "myVM",
},
resource_group_name="myResourceGroup",
storage_profile={
"image_reference": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/images/{existing-custom-image-name}",
},
"os_disk": {
"caching": azure_native.compute.CachingTypes.READ_WRITE,
"create_option": azure_native.compute.DiskCreateOptionTypes.FROM_IMAGE,
"managed_disk": {
"storage_account_type": azure_native.compute.StorageAccountTypes.STANDARD_LRS,
},
"name": "myVMosdisk",
},
},
vm_name="myVM")
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewVirtualMachine(ctx, "virtualMachine", &compute.VirtualMachineArgs{
HardwareProfile: &compute.HardwareProfileArgs{
VmSize: pulumi.String(compute.VirtualMachineSizeTypes_Standard_D1_v2),
},
Location: pulumi.String("westus"),
NetworkProfile: &compute.NetworkProfileArgs{
NetworkInterfaces: compute.NetworkInterfaceReferenceArray{
&compute.NetworkInterfaceReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}"),
Primary: pulumi.Bool(true),
},
},
},
OsProfile: &compute.OSProfileArgs{
AdminPassword: pulumi.String("{your-password}"),
AdminUsername: pulumi.String("{your-username}"),
ComputerName: pulumi.String("myVM"),
},
ResourceGroupName: pulumi.String("myResourceGroup"),
StorageProfile: &compute.StorageProfileArgs{
ImageReference: &compute.ImageReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/images/{existing-custom-image-name}"),
},
OsDisk: &compute.OSDiskArgs{
Caching: compute.CachingTypesReadWrite,
CreateOption: pulumi.String(compute.DiskCreateOptionTypesFromImage),
ManagedDisk: &compute.ManagedDiskParametersArgs{
StorageAccountType: pulumi.String(compute.StorageAccountTypes_Standard_LRS),
},
Name: pulumi.String("myVMosdisk"),
},
},
VmName: pulumi.String("myVM"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualMachine = new AzureNative.Compute.VirtualMachine("virtualMachine", new()
{
HardwareProfile = new AzureNative.Compute.Inputs.HardwareProfileArgs
{
VmSize = AzureNative.Compute.VirtualMachineSizeTypes.Standard_D1_v2,
},
Location = "westus",
NetworkProfile = new AzureNative.Compute.Inputs.NetworkProfileArgs
{
NetworkInterfaces = new[]
{
new AzureNative.Compute.Inputs.NetworkInterfaceReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}",
Primary = true,
},
},
},
OsProfile = new AzureNative.Compute.Inputs.OSProfileArgs
{
AdminPassword = "{your-password}",
AdminUsername = "{your-username}",
ComputerName = "myVM",
},
ResourceGroupName = "myResourceGroup",
StorageProfile = new AzureNative.Compute.Inputs.StorageProfileArgs
{
ImageReference = new AzureNative.Compute.Inputs.ImageReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/images/{existing-custom-image-name}",
},
OsDisk = new AzureNative.Compute.Inputs.OSDiskArgs
{
Caching = AzureNative.Compute.CachingTypes.ReadWrite,
CreateOption = AzureNative.Compute.DiskCreateOptionTypes.FromImage,
ManagedDisk = new AzureNative.Compute.Inputs.ManagedDiskParametersArgs
{
StorageAccountType = AzureNative.Compute.StorageAccountTypes.Standard_LRS,
},
Name = "myVMosdisk",
},
},
VmName = "myVM",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.VirtualMachine;
import com.pulumi.azurenative.compute.VirtualMachineArgs;
import com.pulumi.azurenative.compute.inputs.HardwareProfileArgs;
import com.pulumi.azurenative.compute.inputs.NetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.OSProfileArgs;
import com.pulumi.azurenative.compute.inputs.StorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.ImageReferenceArgs;
import com.pulumi.azurenative.compute.inputs.OSDiskArgs;
import com.pulumi.azurenative.compute.inputs.ManagedDiskParametersArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualMachine = new VirtualMachine("virtualMachine", VirtualMachineArgs.builder()
.hardwareProfile(HardwareProfileArgs.builder()
.vmSize("Standard_D1_v2")
.build())
.location("westus")
.networkProfile(NetworkProfileArgs.builder()
.networkInterfaces(NetworkInterfaceReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}")
.primary(true)
.build())
.build())
.osProfile(OSProfileArgs.builder()
.adminPassword("{your-password}")
.adminUsername("{your-username}")
.computerName("myVM")
.build())
.resourceGroupName("myResourceGroup")
.storageProfile(StorageProfileArgs.builder()
.imageReference(ImageReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/images/{existing-custom-image-name}")
.build())
.osDisk(OSDiskArgs.builder()
.caching("ReadWrite")
.createOption("FromImage")
.managedDisk(ManagedDiskParametersArgs.builder()
.storageAccountType("Standard_LRS")
.build())
.name("myVMosdisk")
.build())
.build())
.vmName("myVM")
.build());
}
}
resources:
virtualMachine:
type: azure-native:compute:VirtualMachine
properties:
hardwareProfile:
vmSize: Standard_D1_v2
location: westus
networkProfile:
networkInterfaces:
- id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}
primary: true
osProfile:
adminPassword: '{your-password}'
adminUsername: '{your-username}'
computerName: myVM
resourceGroupName: myResourceGroup
storageProfile:
imageReference:
id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/images/{existing-custom-image-name}
osDisk:
caching: ReadWrite
createOption: FromImage
managedDisk:
storageAccountType: Standard_LRS
name: myVMosdisk
vmName: myVM
The imageReference points to your custom image by resource ID. The storageProfile defines the OS disk created from that image. The managedDisk specifies the storage account type for the new disk.
Enable Trusted Launch with UEFI settings
Trusted Launch VMs provide foundational security through UEFI firmware, Secure Boot, and virtual TPM, protecting against boot kits and rootkits.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualMachine = new azure_native.compute.VirtualMachine("virtualMachine", {
hardwareProfile: {
vmSize: azure_native.compute.VirtualMachineSizeTypes.Standard_D2s_v3,
},
location: "westus",
networkProfile: {
networkInterfaces: [{
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}",
primary: true,
}],
},
osProfile: {
adminPassword: "{your-password}",
adminUsername: "{your-username}",
computerName: "myVM",
},
resourceGroupName: "myResourceGroup",
securityProfile: {
securityType: azure_native.compute.SecurityTypes.TrustedLaunch,
uefiSettings: {
secureBootEnabled: true,
vTpmEnabled: true,
},
},
storageProfile: {
imageReference: {
offer: "windowsserver-gen2preview-preview",
publisher: "MicrosoftWindowsServer",
sku: "windows10-tvm",
version: "18363.592.2001092016",
},
osDisk: {
caching: azure_native.compute.CachingTypes.ReadOnly,
createOption: azure_native.compute.DiskCreateOptionTypes.FromImage,
managedDisk: {
storageAccountType: azure_native.compute.StorageAccountTypes.StandardSSD_LRS,
},
name: "myVMosdisk",
},
},
vmName: "myVM",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_machine = azure_native.compute.VirtualMachine("virtualMachine",
hardware_profile={
"vm_size": azure_native.compute.VirtualMachineSizeTypes.STANDARD_D2S_V3,
},
location="westus",
network_profile={
"network_interfaces": [{
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}",
"primary": True,
}],
},
os_profile={
"admin_password": "{your-password}",
"admin_username": "{your-username}",
"computer_name": "myVM",
},
resource_group_name="myResourceGroup",
security_profile={
"security_type": azure_native.compute.SecurityTypes.TRUSTED_LAUNCH,
"uefi_settings": {
"secure_boot_enabled": True,
"v_tpm_enabled": True,
},
},
storage_profile={
"image_reference": {
"offer": "windowsserver-gen2preview-preview",
"publisher": "MicrosoftWindowsServer",
"sku": "windows10-tvm",
"version": "18363.592.2001092016",
},
"os_disk": {
"caching": azure_native.compute.CachingTypes.READ_ONLY,
"create_option": azure_native.compute.DiskCreateOptionTypes.FROM_IMAGE,
"managed_disk": {
"storage_account_type": azure_native.compute.StorageAccountTypes.STANDARD_SS_D_LRS,
},
"name": "myVMosdisk",
},
},
vm_name="myVM")
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewVirtualMachine(ctx, "virtualMachine", &compute.VirtualMachineArgs{
HardwareProfile: &compute.HardwareProfileArgs{
VmSize: pulumi.String(compute.VirtualMachineSizeTypes_Standard_D2s_v3),
},
Location: pulumi.String("westus"),
NetworkProfile: &compute.NetworkProfileArgs{
NetworkInterfaces: compute.NetworkInterfaceReferenceArray{
&compute.NetworkInterfaceReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}"),
Primary: pulumi.Bool(true),
},
},
},
OsProfile: &compute.OSProfileArgs{
AdminPassword: pulumi.String("{your-password}"),
AdminUsername: pulumi.String("{your-username}"),
ComputerName: pulumi.String("myVM"),
},
ResourceGroupName: pulumi.String("myResourceGroup"),
SecurityProfile: &compute.SecurityProfileArgs{
SecurityType: pulumi.String(compute.SecurityTypesTrustedLaunch),
UefiSettings: &compute.UefiSettingsArgs{
SecureBootEnabled: pulumi.Bool(true),
VTpmEnabled: pulumi.Bool(true),
},
},
StorageProfile: &compute.StorageProfileArgs{
ImageReference: &compute.ImageReferenceArgs{
Offer: pulumi.String("windowsserver-gen2preview-preview"),
Publisher: pulumi.String("MicrosoftWindowsServer"),
Sku: pulumi.String("windows10-tvm"),
Version: pulumi.String("18363.592.2001092016"),
},
OsDisk: &compute.OSDiskArgs{
Caching: compute.CachingTypesReadOnly,
CreateOption: pulumi.String(compute.DiskCreateOptionTypesFromImage),
ManagedDisk: &compute.ManagedDiskParametersArgs{
StorageAccountType: pulumi.String(compute.StorageAccountTypes_StandardSSD_LRS),
},
Name: pulumi.String("myVMosdisk"),
},
},
VmName: pulumi.String("myVM"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualMachine = new AzureNative.Compute.VirtualMachine("virtualMachine", new()
{
HardwareProfile = new AzureNative.Compute.Inputs.HardwareProfileArgs
{
VmSize = AzureNative.Compute.VirtualMachineSizeTypes.Standard_D2s_v3,
},
Location = "westus",
NetworkProfile = new AzureNative.Compute.Inputs.NetworkProfileArgs
{
NetworkInterfaces = new[]
{
new AzureNative.Compute.Inputs.NetworkInterfaceReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}",
Primary = true,
},
},
},
OsProfile = new AzureNative.Compute.Inputs.OSProfileArgs
{
AdminPassword = "{your-password}",
AdminUsername = "{your-username}",
ComputerName = "myVM",
},
ResourceGroupName = "myResourceGroup",
SecurityProfile = new AzureNative.Compute.Inputs.SecurityProfileArgs
{
SecurityType = AzureNative.Compute.SecurityTypes.TrustedLaunch,
UefiSettings = new AzureNative.Compute.Inputs.UefiSettingsArgs
{
SecureBootEnabled = true,
VTpmEnabled = true,
},
},
StorageProfile = new AzureNative.Compute.Inputs.StorageProfileArgs
{
ImageReference = new AzureNative.Compute.Inputs.ImageReferenceArgs
{
Offer = "windowsserver-gen2preview-preview",
Publisher = "MicrosoftWindowsServer",
Sku = "windows10-tvm",
Version = "18363.592.2001092016",
},
OsDisk = new AzureNative.Compute.Inputs.OSDiskArgs
{
Caching = AzureNative.Compute.CachingTypes.ReadOnly,
CreateOption = AzureNative.Compute.DiskCreateOptionTypes.FromImage,
ManagedDisk = new AzureNative.Compute.Inputs.ManagedDiskParametersArgs
{
StorageAccountType = AzureNative.Compute.StorageAccountTypes.StandardSSD_LRS,
},
Name = "myVMosdisk",
},
},
VmName = "myVM",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.VirtualMachine;
import com.pulumi.azurenative.compute.VirtualMachineArgs;
import com.pulumi.azurenative.compute.inputs.HardwareProfileArgs;
import com.pulumi.azurenative.compute.inputs.NetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.OSProfileArgs;
import com.pulumi.azurenative.compute.inputs.SecurityProfileArgs;
import com.pulumi.azurenative.compute.inputs.UefiSettingsArgs;
import com.pulumi.azurenative.compute.inputs.StorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.ImageReferenceArgs;
import com.pulumi.azurenative.compute.inputs.OSDiskArgs;
import com.pulumi.azurenative.compute.inputs.ManagedDiskParametersArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualMachine = new VirtualMachine("virtualMachine", VirtualMachineArgs.builder()
.hardwareProfile(HardwareProfileArgs.builder()
.vmSize("Standard_D2s_v3")
.build())
.location("westus")
.networkProfile(NetworkProfileArgs.builder()
.networkInterfaces(NetworkInterfaceReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}")
.primary(true)
.build())
.build())
.osProfile(OSProfileArgs.builder()
.adminPassword("{your-password}")
.adminUsername("{your-username}")
.computerName("myVM")
.build())
.resourceGroupName("myResourceGroup")
.securityProfile(SecurityProfileArgs.builder()
.securityType("TrustedLaunch")
.uefiSettings(UefiSettingsArgs.builder()
.secureBootEnabled(true)
.vTpmEnabled(true)
.build())
.build())
.storageProfile(StorageProfileArgs.builder()
.imageReference(ImageReferenceArgs.builder()
.offer("windowsserver-gen2preview-preview")
.publisher("MicrosoftWindowsServer")
.sku("windows10-tvm")
.version("18363.592.2001092016")
.build())
.osDisk(OSDiskArgs.builder()
.caching("ReadOnly")
.createOption("FromImage")
.managedDisk(ManagedDiskParametersArgs.builder()
.storageAccountType("StandardSSD_LRS")
.build())
.name("myVMosdisk")
.build())
.build())
.vmName("myVM")
.build());
}
}
resources:
virtualMachine:
type: azure-native:compute:VirtualMachine
properties:
hardwareProfile:
vmSize: Standard_D2s_v3
location: westus
networkProfile:
networkInterfaces:
- id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}
primary: true
osProfile:
adminPassword: '{your-password}'
adminUsername: '{your-username}'
computerName: myVM
resourceGroupName: myResourceGroup
securityProfile:
securityType: TrustedLaunch
uefiSettings:
secureBootEnabled: true
vTpmEnabled: true
storageProfile:
imageReference:
offer: windowsserver-gen2preview-preview
publisher: MicrosoftWindowsServer
sku: windows10-tvm
version: 18363.592.2001092016
osDisk:
caching: ReadOnly
createOption: FromImage
managedDisk:
storageAccountType: StandardSSD_LRS
name: myVMosdisk
vmName: myVM
The securityProfile sets securityType to TrustedLaunch. The uefiSettings enable secureBootEnabled and vTpmEnabled, which activate hardware-based security features. The image must support Gen2 VMs for these features to work.
Configure Confidential VM with customer-managed encryption
Confidential VMs encrypt data in use through hardware-based trusted execution environments, with customer-managed keys providing additional control over encryption.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualMachine = new azure_native.compute.VirtualMachine("virtualMachine", {
hardwareProfile: {
vmSize: "Standard_DC2as_v5",
},
location: "westus",
networkProfile: {
networkInterfaces: [{
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}",
primary: true,
}],
},
osProfile: {
adminPassword: "{your-password}",
adminUsername: "{your-username}",
computerName: "myVM",
},
resourceGroupName: "myResourceGroup",
securityProfile: {
securityType: azure_native.compute.SecurityTypes.ConfidentialVM,
uefiSettings: {
secureBootEnabled: true,
vTpmEnabled: true,
},
},
storageProfile: {
imageReference: {
offer: "2019-datacenter-cvm",
publisher: "MicrosoftWindowsServer",
sku: "windows-cvm",
version: "17763.2183.2109130127",
},
osDisk: {
caching: azure_native.compute.CachingTypes.ReadOnly,
createOption: azure_native.compute.DiskCreateOptionTypes.FromImage,
managedDisk: {
securityProfile: {
diskEncryptionSet: {
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/{existing-diskEncryptionSet-name}",
},
securityEncryptionType: azure_native.compute.SecurityEncryptionTypes.DiskWithVMGuestState,
},
storageAccountType: azure_native.compute.StorageAccountTypes.StandardSSD_LRS,
},
name: "myVMosdisk",
},
},
vmName: "myVM",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_machine = azure_native.compute.VirtualMachine("virtualMachine",
hardware_profile={
"vm_size": "Standard_DC2as_v5",
},
location="westus",
network_profile={
"network_interfaces": [{
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}",
"primary": True,
}],
},
os_profile={
"admin_password": "{your-password}",
"admin_username": "{your-username}",
"computer_name": "myVM",
},
resource_group_name="myResourceGroup",
security_profile={
"security_type": azure_native.compute.SecurityTypes.CONFIDENTIAL_VM,
"uefi_settings": {
"secure_boot_enabled": True,
"v_tpm_enabled": True,
},
},
storage_profile={
"image_reference": {
"offer": "2019-datacenter-cvm",
"publisher": "MicrosoftWindowsServer",
"sku": "windows-cvm",
"version": "17763.2183.2109130127",
},
"os_disk": {
"caching": azure_native.compute.CachingTypes.READ_ONLY,
"create_option": azure_native.compute.DiskCreateOptionTypes.FROM_IMAGE,
"managed_disk": {
"security_profile": {
"disk_encryption_set": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/{existing-diskEncryptionSet-name}",
},
"security_encryption_type": azure_native.compute.SecurityEncryptionTypes.DISK_WITH_VM_GUEST_STATE,
},
"storage_account_type": azure_native.compute.StorageAccountTypes.STANDARD_SS_D_LRS,
},
"name": "myVMosdisk",
},
},
vm_name="myVM")
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewVirtualMachine(ctx, "virtualMachine", &compute.VirtualMachineArgs{
HardwareProfile: &compute.HardwareProfileArgs{
VmSize: pulumi.String("Standard_DC2as_v5"),
},
Location: pulumi.String("westus"),
NetworkProfile: &compute.NetworkProfileArgs{
NetworkInterfaces: compute.NetworkInterfaceReferenceArray{
&compute.NetworkInterfaceReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}"),
Primary: pulumi.Bool(true),
},
},
},
OsProfile: &compute.OSProfileArgs{
AdminPassword: pulumi.String("{your-password}"),
AdminUsername: pulumi.String("{your-username}"),
ComputerName: pulumi.String("myVM"),
},
ResourceGroupName: pulumi.String("myResourceGroup"),
SecurityProfile: &compute.SecurityProfileArgs{
SecurityType: pulumi.String(compute.SecurityTypesConfidentialVM),
UefiSettings: &compute.UefiSettingsArgs{
SecureBootEnabled: pulumi.Bool(true),
VTpmEnabled: pulumi.Bool(true),
},
},
StorageProfile: &compute.StorageProfileArgs{
ImageReference: &compute.ImageReferenceArgs{
Offer: pulumi.String("2019-datacenter-cvm"),
Publisher: pulumi.String("MicrosoftWindowsServer"),
Sku: pulumi.String("windows-cvm"),
Version: pulumi.String("17763.2183.2109130127"),
},
OsDisk: &compute.OSDiskArgs{
Caching: compute.CachingTypesReadOnly,
CreateOption: pulumi.String(compute.DiskCreateOptionTypesFromImage),
ManagedDisk: &compute.ManagedDiskParametersArgs{
SecurityProfile: &compute.VMDiskSecurityProfileArgs{
DiskEncryptionSet: &compute.DiskEncryptionSetParametersArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/{existing-diskEncryptionSet-name}"),
},
SecurityEncryptionType: pulumi.String(compute.SecurityEncryptionTypesDiskWithVMGuestState),
},
StorageAccountType: pulumi.String(compute.StorageAccountTypes_StandardSSD_LRS),
},
Name: pulumi.String("myVMosdisk"),
},
},
VmName: pulumi.String("myVM"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualMachine = new AzureNative.Compute.VirtualMachine("virtualMachine", new()
{
HardwareProfile = new AzureNative.Compute.Inputs.HardwareProfileArgs
{
VmSize = "Standard_DC2as_v5",
},
Location = "westus",
NetworkProfile = new AzureNative.Compute.Inputs.NetworkProfileArgs
{
NetworkInterfaces = new[]
{
new AzureNative.Compute.Inputs.NetworkInterfaceReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}",
Primary = true,
},
},
},
OsProfile = new AzureNative.Compute.Inputs.OSProfileArgs
{
AdminPassword = "{your-password}",
AdminUsername = "{your-username}",
ComputerName = "myVM",
},
ResourceGroupName = "myResourceGroup",
SecurityProfile = new AzureNative.Compute.Inputs.SecurityProfileArgs
{
SecurityType = AzureNative.Compute.SecurityTypes.ConfidentialVM,
UefiSettings = new AzureNative.Compute.Inputs.UefiSettingsArgs
{
SecureBootEnabled = true,
VTpmEnabled = true,
},
},
StorageProfile = new AzureNative.Compute.Inputs.StorageProfileArgs
{
ImageReference = new AzureNative.Compute.Inputs.ImageReferenceArgs
{
Offer = "2019-datacenter-cvm",
Publisher = "MicrosoftWindowsServer",
Sku = "windows-cvm",
Version = "17763.2183.2109130127",
},
OsDisk = new AzureNative.Compute.Inputs.OSDiskArgs
{
Caching = AzureNative.Compute.CachingTypes.ReadOnly,
CreateOption = AzureNative.Compute.DiskCreateOptionTypes.FromImage,
ManagedDisk = new AzureNative.Compute.Inputs.ManagedDiskParametersArgs
{
SecurityProfile = new AzureNative.Compute.Inputs.VMDiskSecurityProfileArgs
{
DiskEncryptionSet = new AzureNative.Compute.Inputs.DiskEncryptionSetParametersArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/{existing-diskEncryptionSet-name}",
},
SecurityEncryptionType = AzureNative.Compute.SecurityEncryptionTypes.DiskWithVMGuestState,
},
StorageAccountType = AzureNative.Compute.StorageAccountTypes.StandardSSD_LRS,
},
Name = "myVMosdisk",
},
},
VmName = "myVM",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.VirtualMachine;
import com.pulumi.azurenative.compute.VirtualMachineArgs;
import com.pulumi.azurenative.compute.inputs.HardwareProfileArgs;
import com.pulumi.azurenative.compute.inputs.NetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.OSProfileArgs;
import com.pulumi.azurenative.compute.inputs.SecurityProfileArgs;
import com.pulumi.azurenative.compute.inputs.UefiSettingsArgs;
import com.pulumi.azurenative.compute.inputs.StorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.ImageReferenceArgs;
import com.pulumi.azurenative.compute.inputs.OSDiskArgs;
import com.pulumi.azurenative.compute.inputs.ManagedDiskParametersArgs;
import com.pulumi.azurenative.compute.inputs.VMDiskSecurityProfileArgs;
import com.pulumi.azurenative.compute.inputs.DiskEncryptionSetParametersArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualMachine = new VirtualMachine("virtualMachine", VirtualMachineArgs.builder()
.hardwareProfile(HardwareProfileArgs.builder()
.vmSize("Standard_DC2as_v5")
.build())
.location("westus")
.networkProfile(NetworkProfileArgs.builder()
.networkInterfaces(NetworkInterfaceReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}")
.primary(true)
.build())
.build())
.osProfile(OSProfileArgs.builder()
.adminPassword("{your-password}")
.adminUsername("{your-username}")
.computerName("myVM")
.build())
.resourceGroupName("myResourceGroup")
.securityProfile(SecurityProfileArgs.builder()
.securityType("ConfidentialVM")
.uefiSettings(UefiSettingsArgs.builder()
.secureBootEnabled(true)
.vTpmEnabled(true)
.build())
.build())
.storageProfile(StorageProfileArgs.builder()
.imageReference(ImageReferenceArgs.builder()
.offer("2019-datacenter-cvm")
.publisher("MicrosoftWindowsServer")
.sku("windows-cvm")
.version("17763.2183.2109130127")
.build())
.osDisk(OSDiskArgs.builder()
.caching("ReadOnly")
.createOption("FromImage")
.managedDisk(ManagedDiskParametersArgs.builder()
.securityProfile(VMDiskSecurityProfileArgs.builder()
.diskEncryptionSet(DiskEncryptionSetParametersArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/{existing-diskEncryptionSet-name}")
.build())
.securityEncryptionType("DiskWithVMGuestState")
.build())
.storageAccountType("StandardSSD_LRS")
.build())
.name("myVMosdisk")
.build())
.build())
.vmName("myVM")
.build());
}
}
resources:
virtualMachine:
type: azure-native:compute:VirtualMachine
properties:
hardwareProfile:
vmSize: Standard_DC2as_v5
location: westus
networkProfile:
networkInterfaces:
- id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}
primary: true
osProfile:
adminPassword: '{your-password}'
adminUsername: '{your-username}'
computerName: myVM
resourceGroupName: myResourceGroup
securityProfile:
securityType: ConfidentialVM
uefiSettings:
secureBootEnabled: true
vTpmEnabled: true
storageProfile:
imageReference:
offer: 2019-datacenter-cvm
publisher: MicrosoftWindowsServer
sku: windows-cvm
version: 17763.2183.2109130127
osDisk:
caching: ReadOnly
createOption: FromImage
managedDisk:
securityProfile:
diskEncryptionSet:
id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/diskEncryptionSets/{existing-diskEncryptionSet-name}
securityEncryptionType: DiskWithVMGuestState
storageAccountType: StandardSSD_LRS
name: myVMosdisk
vmName: myVM
The securityProfile sets securityType to ConfidentialVM and configures uefiSettings. The managedDisk includes a securityProfile that references a diskEncryptionSet for customer-managed key encryption. The VM size must support Confidential Computing.
Configure automatic patching with platform orchestration
Platform-managed patching automates OS updates while providing control over reboot behavior and maintenance windows, reducing operational overhead.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualMachine = new azure_native.compute.VirtualMachine("virtualMachine", {
hardwareProfile: {
vmSize: azure_native.compute.VirtualMachineSizeTypes.Standard_D2s_v3,
},
location: "westus",
networkProfile: {
networkInterfaces: [{
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}",
primary: true,
}],
},
osProfile: {
adminPassword: "{your-password}",
adminUsername: "{your-username}",
computerName: "myVM",
linuxConfiguration: {
patchSettings: {
assessmentMode: azure_native.compute.LinuxPatchAssessmentMode.AutomaticByPlatform,
automaticByPlatformSettings: {
bypassPlatformSafetyChecksOnUserSchedule: true,
rebootSetting: azure_native.compute.LinuxVMGuestPatchAutomaticByPlatformRebootSetting.Never,
},
patchMode: azure_native.compute.LinuxVMGuestPatchMode.AutomaticByPlatform,
},
provisionVMAgent: true,
},
},
resourceGroupName: "myResourceGroup",
storageProfile: {
imageReference: {
offer: "UbuntuServer",
publisher: "Canonical",
sku: "16.04-LTS",
version: "latest",
},
osDisk: {
caching: azure_native.compute.CachingTypes.ReadWrite,
createOption: azure_native.compute.DiskCreateOptionTypes.FromImage,
managedDisk: {
storageAccountType: azure_native.compute.StorageAccountTypes.Premium_LRS,
},
name: "myVMosdisk",
},
},
vmName: "myVM",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_machine = azure_native.compute.VirtualMachine("virtualMachine",
hardware_profile={
"vm_size": azure_native.compute.VirtualMachineSizeTypes.STANDARD_D2S_V3,
},
location="westus",
network_profile={
"network_interfaces": [{
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}",
"primary": True,
}],
},
os_profile={
"admin_password": "{your-password}",
"admin_username": "{your-username}",
"computer_name": "myVM",
"linux_configuration": {
"patch_settings": {
"assessment_mode": azure_native.compute.LinuxPatchAssessmentMode.AUTOMATIC_BY_PLATFORM,
"automatic_by_platform_settings": {
"bypass_platform_safety_checks_on_user_schedule": True,
"reboot_setting": azure_native.compute.LinuxVMGuestPatchAutomaticByPlatformRebootSetting.NEVER,
},
"patch_mode": azure_native.compute.LinuxVMGuestPatchMode.AUTOMATIC_BY_PLATFORM,
},
"provision_vm_agent": True,
},
},
resource_group_name="myResourceGroup",
storage_profile={
"image_reference": {
"offer": "UbuntuServer",
"publisher": "Canonical",
"sku": "16.04-LTS",
"version": "latest",
},
"os_disk": {
"caching": azure_native.compute.CachingTypes.READ_WRITE,
"create_option": azure_native.compute.DiskCreateOptionTypes.FROM_IMAGE,
"managed_disk": {
"storage_account_type": azure_native.compute.StorageAccountTypes.PREMIUM_LRS,
},
"name": "myVMosdisk",
},
},
vm_name="myVM")
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewVirtualMachine(ctx, "virtualMachine", &compute.VirtualMachineArgs{
HardwareProfile: &compute.HardwareProfileArgs{
VmSize: pulumi.String(compute.VirtualMachineSizeTypes_Standard_D2s_v3),
},
Location: pulumi.String("westus"),
NetworkProfile: &compute.NetworkProfileArgs{
NetworkInterfaces: compute.NetworkInterfaceReferenceArray{
&compute.NetworkInterfaceReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}"),
Primary: pulumi.Bool(true),
},
},
},
OsProfile: &compute.OSProfileArgs{
AdminPassword: pulumi.String("{your-password}"),
AdminUsername: pulumi.String("{your-username}"),
ComputerName: pulumi.String("myVM"),
LinuxConfiguration: &compute.LinuxConfigurationArgs{
PatchSettings: &compute.LinuxPatchSettingsArgs{
AssessmentMode: pulumi.String(compute.LinuxPatchAssessmentModeAutomaticByPlatform),
AutomaticByPlatformSettings: &compute.LinuxVMGuestPatchAutomaticByPlatformSettingsArgs{
BypassPlatformSafetyChecksOnUserSchedule: pulumi.Bool(true),
RebootSetting: pulumi.String(compute.LinuxVMGuestPatchAutomaticByPlatformRebootSettingNever),
},
PatchMode: pulumi.String(compute.LinuxVMGuestPatchModeAutomaticByPlatform),
},
ProvisionVMAgent: pulumi.Bool(true),
},
},
ResourceGroupName: pulumi.String("myResourceGroup"),
StorageProfile: &compute.StorageProfileArgs{
ImageReference: &compute.ImageReferenceArgs{
Offer: pulumi.String("UbuntuServer"),
Publisher: pulumi.String("Canonical"),
Sku: pulumi.String("16.04-LTS"),
Version: pulumi.String("latest"),
},
OsDisk: &compute.OSDiskArgs{
Caching: compute.CachingTypesReadWrite,
CreateOption: pulumi.String(compute.DiskCreateOptionTypesFromImage),
ManagedDisk: &compute.ManagedDiskParametersArgs{
StorageAccountType: pulumi.String(compute.StorageAccountTypes_Premium_LRS),
},
Name: pulumi.String("myVMosdisk"),
},
},
VmName: pulumi.String("myVM"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualMachine = new AzureNative.Compute.VirtualMachine("virtualMachine", new()
{
HardwareProfile = new AzureNative.Compute.Inputs.HardwareProfileArgs
{
VmSize = AzureNative.Compute.VirtualMachineSizeTypes.Standard_D2s_v3,
},
Location = "westus",
NetworkProfile = new AzureNative.Compute.Inputs.NetworkProfileArgs
{
NetworkInterfaces = new[]
{
new AzureNative.Compute.Inputs.NetworkInterfaceReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}",
Primary = true,
},
},
},
OsProfile = new AzureNative.Compute.Inputs.OSProfileArgs
{
AdminPassword = "{your-password}",
AdminUsername = "{your-username}",
ComputerName = "myVM",
LinuxConfiguration = new AzureNative.Compute.Inputs.LinuxConfigurationArgs
{
PatchSettings = new AzureNative.Compute.Inputs.LinuxPatchSettingsArgs
{
AssessmentMode = AzureNative.Compute.LinuxPatchAssessmentMode.AutomaticByPlatform,
AutomaticByPlatformSettings = new AzureNative.Compute.Inputs.LinuxVMGuestPatchAutomaticByPlatformSettingsArgs
{
BypassPlatformSafetyChecksOnUserSchedule = true,
RebootSetting = AzureNative.Compute.LinuxVMGuestPatchAutomaticByPlatformRebootSetting.Never,
},
PatchMode = AzureNative.Compute.LinuxVMGuestPatchMode.AutomaticByPlatform,
},
ProvisionVMAgent = true,
},
},
ResourceGroupName = "myResourceGroup",
StorageProfile = new AzureNative.Compute.Inputs.StorageProfileArgs
{
ImageReference = new AzureNative.Compute.Inputs.ImageReferenceArgs
{
Offer = "UbuntuServer",
Publisher = "Canonical",
Sku = "16.04-LTS",
Version = "latest",
},
OsDisk = new AzureNative.Compute.Inputs.OSDiskArgs
{
Caching = AzureNative.Compute.CachingTypes.ReadWrite,
CreateOption = AzureNative.Compute.DiskCreateOptionTypes.FromImage,
ManagedDisk = new AzureNative.Compute.Inputs.ManagedDiskParametersArgs
{
StorageAccountType = AzureNative.Compute.StorageAccountTypes.Premium_LRS,
},
Name = "myVMosdisk",
},
},
VmName = "myVM",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.VirtualMachine;
import com.pulumi.azurenative.compute.VirtualMachineArgs;
import com.pulumi.azurenative.compute.inputs.HardwareProfileArgs;
import com.pulumi.azurenative.compute.inputs.NetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.OSProfileArgs;
import com.pulumi.azurenative.compute.inputs.LinuxConfigurationArgs;
import com.pulumi.azurenative.compute.inputs.LinuxPatchSettingsArgs;
import com.pulumi.azurenative.compute.inputs.LinuxVMGuestPatchAutomaticByPlatformSettingsArgs;
import com.pulumi.azurenative.compute.inputs.StorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.ImageReferenceArgs;
import com.pulumi.azurenative.compute.inputs.OSDiskArgs;
import com.pulumi.azurenative.compute.inputs.ManagedDiskParametersArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualMachine = new VirtualMachine("virtualMachine", VirtualMachineArgs.builder()
.hardwareProfile(HardwareProfileArgs.builder()
.vmSize("Standard_D2s_v3")
.build())
.location("westus")
.networkProfile(NetworkProfileArgs.builder()
.networkInterfaces(NetworkInterfaceReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}")
.primary(true)
.build())
.build())
.osProfile(OSProfileArgs.builder()
.adminPassword("{your-password}")
.adminUsername("{your-username}")
.computerName("myVM")
.linuxConfiguration(LinuxConfigurationArgs.builder()
.patchSettings(LinuxPatchSettingsArgs.builder()
.assessmentMode("AutomaticByPlatform")
.automaticByPlatformSettings(LinuxVMGuestPatchAutomaticByPlatformSettingsArgs.builder()
.bypassPlatformSafetyChecksOnUserSchedule(true)
.rebootSetting("Never")
.build())
.patchMode("AutomaticByPlatform")
.build())
.provisionVMAgent(true)
.build())
.build())
.resourceGroupName("myResourceGroup")
.storageProfile(StorageProfileArgs.builder()
.imageReference(ImageReferenceArgs.builder()
.offer("UbuntuServer")
.publisher("Canonical")
.sku("16.04-LTS")
.version("latest")
.build())
.osDisk(OSDiskArgs.builder()
.caching("ReadWrite")
.createOption("FromImage")
.managedDisk(ManagedDiskParametersArgs.builder()
.storageAccountType("Premium_LRS")
.build())
.name("myVMosdisk")
.build())
.build())
.vmName("myVM")
.build());
}
}
resources:
virtualMachine:
type: azure-native:compute:VirtualMachine
properties:
hardwareProfile:
vmSize: Standard_D2s_v3
location: westus
networkProfile:
networkInterfaces:
- id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}
primary: true
osProfile:
adminPassword: '{your-password}'
adminUsername: '{your-username}'
computerName: myVM
linuxConfiguration:
patchSettings:
assessmentMode: AutomaticByPlatform
automaticByPlatformSettings:
bypassPlatformSafetyChecksOnUserSchedule: true
rebootSetting: Never
patchMode: AutomaticByPlatform
provisionVMAgent: true
resourceGroupName: myResourceGroup
storageProfile:
imageReference:
offer: UbuntuServer
publisher: Canonical
sku: 16.04-LTS
version: latest
osDisk:
caching: ReadWrite
createOption: FromImage
managedDisk:
storageAccountType: Premium_LRS
name: myVMosdisk
vmName: myVM
The linuxConfiguration includes patchSettings with patchMode set to AutomaticByPlatform. The automaticByPlatformSettings control reboot behavior through rebootSetting. The bypassPlatformSafetyChecksOnUserSchedule property allows custom maintenance windows.
Deploy VM Gallery Applications at provisioning
VM Gallery Applications package and deploy software alongside VM creation, enabling consistent application delivery across deployments.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualMachine = new azure_native.compute.VirtualMachine("virtualMachine", {
availabilitySet: {
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/availabilitySets/{existing-availability-set-name}",
},
hardwareProfile: {
vmSize: azure_native.compute.VirtualMachineSizeTypes.Standard_D1_v2,
},
location: "westus",
networkProfile: {
networkInterfaces: [{
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}",
primary: true,
}],
},
osProfile: {
adminPassword: "{your-password}",
adminUsername: "{your-username}",
computerName: "myVM",
},
resourceGroupName: "myResourceGroup",
storageProfile: {
imageReference: {
offer: "WindowsServer",
publisher: "MicrosoftWindowsServer",
sku: "2016-Datacenter",
version: "latest",
},
osDisk: {
caching: azure_native.compute.CachingTypes.ReadWrite,
createOption: azure_native.compute.DiskCreateOptionTypes.FromImage,
managedDisk: {
storageAccountType: azure_native.compute.StorageAccountTypes.Standard_LRS,
},
name: "myVMosdisk",
},
},
vmName: "myVM",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_machine = azure_native.compute.VirtualMachine("virtualMachine",
availability_set={
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/availabilitySets/{existing-availability-set-name}",
},
hardware_profile={
"vm_size": azure_native.compute.VirtualMachineSizeTypes.STANDARD_D1_V2,
},
location="westus",
network_profile={
"network_interfaces": [{
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}",
"primary": True,
}],
},
os_profile={
"admin_password": "{your-password}",
"admin_username": "{your-username}",
"computer_name": "myVM",
},
resource_group_name="myResourceGroup",
storage_profile={
"image_reference": {
"offer": "WindowsServer",
"publisher": "MicrosoftWindowsServer",
"sku": "2016-Datacenter",
"version": "latest",
},
"os_disk": {
"caching": azure_native.compute.CachingTypes.READ_WRITE,
"create_option": azure_native.compute.DiskCreateOptionTypes.FROM_IMAGE,
"managed_disk": {
"storage_account_type": azure_native.compute.StorageAccountTypes.STANDARD_LRS,
},
"name": "myVMosdisk",
},
},
vm_name="myVM")
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewVirtualMachine(ctx, "virtualMachine", &compute.VirtualMachineArgs{
AvailabilitySet: &compute.SubResourceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/availabilitySets/{existing-availability-set-name}"),
},
HardwareProfile: &compute.HardwareProfileArgs{
VmSize: pulumi.String(compute.VirtualMachineSizeTypes_Standard_D1_v2),
},
Location: pulumi.String("westus"),
NetworkProfile: &compute.NetworkProfileArgs{
NetworkInterfaces: compute.NetworkInterfaceReferenceArray{
&compute.NetworkInterfaceReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}"),
Primary: pulumi.Bool(true),
},
},
},
OsProfile: &compute.OSProfileArgs{
AdminPassword: pulumi.String("{your-password}"),
AdminUsername: pulumi.String("{your-username}"),
ComputerName: pulumi.String("myVM"),
},
ResourceGroupName: pulumi.String("myResourceGroup"),
StorageProfile: &compute.StorageProfileArgs{
ImageReference: &compute.ImageReferenceArgs{
Offer: pulumi.String("WindowsServer"),
Publisher: pulumi.String("MicrosoftWindowsServer"),
Sku: pulumi.String("2016-Datacenter"),
Version: pulumi.String("latest"),
},
OsDisk: &compute.OSDiskArgs{
Caching: compute.CachingTypesReadWrite,
CreateOption: pulumi.String(compute.DiskCreateOptionTypesFromImage),
ManagedDisk: &compute.ManagedDiskParametersArgs{
StorageAccountType: pulumi.String(compute.StorageAccountTypes_Standard_LRS),
},
Name: pulumi.String("myVMosdisk"),
},
},
VmName: pulumi.String("myVM"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualMachine = new AzureNative.Compute.VirtualMachine("virtualMachine", new()
{
AvailabilitySet = new AzureNative.Compute.Inputs.SubResourceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/availabilitySets/{existing-availability-set-name}",
},
HardwareProfile = new AzureNative.Compute.Inputs.HardwareProfileArgs
{
VmSize = AzureNative.Compute.VirtualMachineSizeTypes.Standard_D1_v2,
},
Location = "westus",
NetworkProfile = new AzureNative.Compute.Inputs.NetworkProfileArgs
{
NetworkInterfaces = new[]
{
new AzureNative.Compute.Inputs.NetworkInterfaceReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}",
Primary = true,
},
},
},
OsProfile = new AzureNative.Compute.Inputs.OSProfileArgs
{
AdminPassword = "{your-password}",
AdminUsername = "{your-username}",
ComputerName = "myVM",
},
ResourceGroupName = "myResourceGroup",
StorageProfile = new AzureNative.Compute.Inputs.StorageProfileArgs
{
ImageReference = new AzureNative.Compute.Inputs.ImageReferenceArgs
{
Offer = "WindowsServer",
Publisher = "MicrosoftWindowsServer",
Sku = "2016-Datacenter",
Version = "latest",
},
OsDisk = new AzureNative.Compute.Inputs.OSDiskArgs
{
Caching = AzureNative.Compute.CachingTypes.ReadWrite,
CreateOption = AzureNative.Compute.DiskCreateOptionTypes.FromImage,
ManagedDisk = new AzureNative.Compute.Inputs.ManagedDiskParametersArgs
{
StorageAccountType = AzureNative.Compute.StorageAccountTypes.Standard_LRS,
},
Name = "myVMosdisk",
},
},
VmName = "myVM",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.VirtualMachine;
import com.pulumi.azurenative.compute.VirtualMachineArgs;
import com.pulumi.azurenative.compute.inputs.SubResourceArgs;
import com.pulumi.azurenative.compute.inputs.HardwareProfileArgs;
import com.pulumi.azurenative.compute.inputs.NetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.OSProfileArgs;
import com.pulumi.azurenative.compute.inputs.StorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.ImageReferenceArgs;
import com.pulumi.azurenative.compute.inputs.OSDiskArgs;
import com.pulumi.azurenative.compute.inputs.ManagedDiskParametersArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualMachine = new VirtualMachine("virtualMachine", VirtualMachineArgs.builder()
.availabilitySet(SubResourceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/availabilitySets/{existing-availability-set-name}")
.build())
.hardwareProfile(HardwareProfileArgs.builder()
.vmSize("Standard_D1_v2")
.build())
.location("westus")
.networkProfile(NetworkProfileArgs.builder()
.networkInterfaces(NetworkInterfaceReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}")
.primary(true)
.build())
.build())
.osProfile(OSProfileArgs.builder()
.adminPassword("{your-password}")
.adminUsername("{your-username}")
.computerName("myVM")
.build())
.resourceGroupName("myResourceGroup")
.storageProfile(StorageProfileArgs.builder()
.imageReference(ImageReferenceArgs.builder()
.offer("WindowsServer")
.publisher("MicrosoftWindowsServer")
.sku("2016-Datacenter")
.version("latest")
.build())
.osDisk(OSDiskArgs.builder()
.caching("ReadWrite")
.createOption("FromImage")
.managedDisk(ManagedDiskParametersArgs.builder()
.storageAccountType("Standard_LRS")
.build())
.name("myVMosdisk")
.build())
.build())
.vmName("myVM")
.build());
}
}
resources:
virtualMachine:
type: azure-native:compute:VirtualMachine
properties:
availabilitySet:
id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/availabilitySets/{existing-availability-set-name}
hardwareProfile:
vmSize: Standard_D1_v2
location: westus
networkProfile:
networkInterfaces:
- id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}
primary: true
osProfile:
adminPassword: '{your-password}'
adminUsername: '{your-username}'
computerName: myVM
resourceGroupName: myResourceGroup
storageProfile:
imageReference:
offer: WindowsServer
publisher: MicrosoftWindowsServer
sku: 2016-Datacenter
version: latest
osDisk:
caching: ReadWrite
createOption: FromImage
managedDisk:
storageAccountType: Standard_LRS
name: myVMosdisk
vmName: myVM
The applicationProfile lists galleryApplications with packageReferenceId pointing to gallery application versions. The configurationReference provides application-specific settings. The order property controls installation sequence.
Configure scheduled events and maintenance notifications
Scheduled Events notify applications of upcoming maintenance, allowing graceful shutdown or state preservation during platform events.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualMachine = new azure_native.compute.VirtualMachine("virtualMachine", {
hardwareProfile: {
vmSize: azure_native.compute.VirtualMachineSizeTypes.Standard_DS1_v2,
},
location: "westus",
networkProfile: {
networkInterfaces: [{
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}",
primary: true,
}],
},
osProfile: {
adminPassword: "{your-password}",
adminUsername: "{your-username}",
computerName: "myVM",
},
plan: {
name: "windows2016",
product: "windows-data-science-vm",
publisher: "microsoft-ads",
},
resourceGroupName: "myResourceGroup",
securityProfile: {
encryptionAtHost: true,
},
storageProfile: {
imageReference: {
offer: "windows-data-science-vm",
publisher: "microsoft-ads",
sku: "windows2016",
version: "latest",
},
osDisk: {
caching: azure_native.compute.CachingTypes.ReadOnly,
createOption: azure_native.compute.DiskCreateOptionTypes.FromImage,
managedDisk: {
storageAccountType: azure_native.compute.StorageAccountTypes.Standard_LRS,
},
name: "myVMosdisk",
},
},
vmName: "myVM",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_machine = azure_native.compute.VirtualMachine("virtualMachine",
hardware_profile={
"vm_size": azure_native.compute.VirtualMachineSizeTypes.STANDARD_DS1_V2,
},
location="westus",
network_profile={
"network_interfaces": [{
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}",
"primary": True,
}],
},
os_profile={
"admin_password": "{your-password}",
"admin_username": "{your-username}",
"computer_name": "myVM",
},
plan={
"name": "windows2016",
"product": "windows-data-science-vm",
"publisher": "microsoft-ads",
},
resource_group_name="myResourceGroup",
security_profile={
"encryption_at_host": True,
},
storage_profile={
"image_reference": {
"offer": "windows-data-science-vm",
"publisher": "microsoft-ads",
"sku": "windows2016",
"version": "latest",
},
"os_disk": {
"caching": azure_native.compute.CachingTypes.READ_ONLY,
"create_option": azure_native.compute.DiskCreateOptionTypes.FROM_IMAGE,
"managed_disk": {
"storage_account_type": azure_native.compute.StorageAccountTypes.STANDARD_LRS,
},
"name": "myVMosdisk",
},
},
vm_name="myVM")
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewVirtualMachine(ctx, "virtualMachine", &compute.VirtualMachineArgs{
HardwareProfile: &compute.HardwareProfileArgs{
VmSize: pulumi.String(compute.VirtualMachineSizeTypes_Standard_DS1_v2),
},
Location: pulumi.String("westus"),
NetworkProfile: &compute.NetworkProfileArgs{
NetworkInterfaces: compute.NetworkInterfaceReferenceArray{
&compute.NetworkInterfaceReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}"),
Primary: pulumi.Bool(true),
},
},
},
OsProfile: &compute.OSProfileArgs{
AdminPassword: pulumi.String("{your-password}"),
AdminUsername: pulumi.String("{your-username}"),
ComputerName: pulumi.String("myVM"),
},
Plan: &compute.PlanArgs{
Name: pulumi.String("windows2016"),
Product: pulumi.String("windows-data-science-vm"),
Publisher: pulumi.String("microsoft-ads"),
},
ResourceGroupName: pulumi.String("myResourceGroup"),
SecurityProfile: &compute.SecurityProfileArgs{
EncryptionAtHost: pulumi.Bool(true),
},
StorageProfile: &compute.StorageProfileArgs{
ImageReference: &compute.ImageReferenceArgs{
Offer: pulumi.String("windows-data-science-vm"),
Publisher: pulumi.String("microsoft-ads"),
Sku: pulumi.String("windows2016"),
Version: pulumi.String("latest"),
},
OsDisk: &compute.OSDiskArgs{
Caching: compute.CachingTypesReadOnly,
CreateOption: pulumi.String(compute.DiskCreateOptionTypesFromImage),
ManagedDisk: &compute.ManagedDiskParametersArgs{
StorageAccountType: pulumi.String(compute.StorageAccountTypes_Standard_LRS),
},
Name: pulumi.String("myVMosdisk"),
},
},
VmName: pulumi.String("myVM"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualMachine = new AzureNative.Compute.VirtualMachine("virtualMachine", new()
{
HardwareProfile = new AzureNative.Compute.Inputs.HardwareProfileArgs
{
VmSize = AzureNative.Compute.VirtualMachineSizeTypes.Standard_DS1_v2,
},
Location = "westus",
NetworkProfile = new AzureNative.Compute.Inputs.NetworkProfileArgs
{
NetworkInterfaces = new[]
{
new AzureNative.Compute.Inputs.NetworkInterfaceReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}",
Primary = true,
},
},
},
OsProfile = new AzureNative.Compute.Inputs.OSProfileArgs
{
AdminPassword = "{your-password}",
AdminUsername = "{your-username}",
ComputerName = "myVM",
},
Plan = new AzureNative.Compute.Inputs.PlanArgs
{
Name = "windows2016",
Product = "windows-data-science-vm",
Publisher = "microsoft-ads",
},
ResourceGroupName = "myResourceGroup",
SecurityProfile = new AzureNative.Compute.Inputs.SecurityProfileArgs
{
EncryptionAtHost = true,
},
StorageProfile = new AzureNative.Compute.Inputs.StorageProfileArgs
{
ImageReference = new AzureNative.Compute.Inputs.ImageReferenceArgs
{
Offer = "windows-data-science-vm",
Publisher = "microsoft-ads",
Sku = "windows2016",
Version = "latest",
},
OsDisk = new AzureNative.Compute.Inputs.OSDiskArgs
{
Caching = AzureNative.Compute.CachingTypes.ReadOnly,
CreateOption = AzureNative.Compute.DiskCreateOptionTypes.FromImage,
ManagedDisk = new AzureNative.Compute.Inputs.ManagedDiskParametersArgs
{
StorageAccountType = AzureNative.Compute.StorageAccountTypes.Standard_LRS,
},
Name = "myVMosdisk",
},
},
VmName = "myVM",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.VirtualMachine;
import com.pulumi.azurenative.compute.VirtualMachineArgs;
import com.pulumi.azurenative.compute.inputs.HardwareProfileArgs;
import com.pulumi.azurenative.compute.inputs.NetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.OSProfileArgs;
import com.pulumi.azurenative.compute.inputs.PlanArgs;
import com.pulumi.azurenative.compute.inputs.SecurityProfileArgs;
import com.pulumi.azurenative.compute.inputs.StorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.ImageReferenceArgs;
import com.pulumi.azurenative.compute.inputs.OSDiskArgs;
import com.pulumi.azurenative.compute.inputs.ManagedDiskParametersArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualMachine = new VirtualMachine("virtualMachine", VirtualMachineArgs.builder()
.hardwareProfile(HardwareProfileArgs.builder()
.vmSize("Standard_DS1_v2")
.build())
.location("westus")
.networkProfile(NetworkProfileArgs.builder()
.networkInterfaces(NetworkInterfaceReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}")
.primary(true)
.build())
.build())
.osProfile(OSProfileArgs.builder()
.adminPassword("{your-password}")
.adminUsername("{your-username}")
.computerName("myVM")
.build())
.plan(PlanArgs.builder()
.name("windows2016")
.product("windows-data-science-vm")
.publisher("microsoft-ads")
.build())
.resourceGroupName("myResourceGroup")
.securityProfile(SecurityProfileArgs.builder()
.encryptionAtHost(true)
.build())
.storageProfile(StorageProfileArgs.builder()
.imageReference(ImageReferenceArgs.builder()
.offer("windows-data-science-vm")
.publisher("microsoft-ads")
.sku("windows2016")
.version("latest")
.build())
.osDisk(OSDiskArgs.builder()
.caching("ReadOnly")
.createOption("FromImage")
.managedDisk(ManagedDiskParametersArgs.builder()
.storageAccountType("Standard_LRS")
.build())
.name("myVMosdisk")
.build())
.build())
.vmName("myVM")
.build());
}
}
resources:
virtualMachine:
type: azure-native:compute:VirtualMachine
properties:
hardwareProfile:
vmSize: Standard_DS1_v2
location: westus
networkProfile:
networkInterfaces:
- id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/{existing-nic-name}
primary: true
osProfile:
adminPassword: '{your-password}'
adminUsername: '{your-username}'
computerName: myVM
plan:
name: windows2016
product: windows-data-science-vm
publisher: microsoft-ads
resourceGroupName: myResourceGroup
securityProfile:
encryptionAtHost: true
storageProfile:
imageReference:
offer: windows-data-science-vm
publisher: microsoft-ads
sku: windows2016
version: latest
osDisk:
caching: ReadOnly
createOption: FromImage
managedDisk:
storageAccountType: Standard_LRS
name: myVMosdisk
vmName: myVM
The scheduledEventsProfile includes terminateNotificationProfile and osImageNotificationProfile. The notBeforeTimeout specifies how much advance notice the VM receives before events. The scheduledEventsPolicy controls automatic approval of user-initiated operations.
Beyond these examples
These snippets focus on specific VM-level features: image sources and custom images, security configurations (Trusted Launch, Confidential VMs, encryption), patch management and scheduled events, and application deployment via Gallery Applications. They’re intentionally minimal rather than full VM deployments.
The examples may reference pre-existing infrastructure such as network interfaces and virtual networks, custom images or disk encryption sets, storage accounts for boot diagnostics, and availability sets or Virtual Machine Scale Sets for placement. They focus on configuring the VM rather than provisioning everything around it.
To keep things focused, common VM patterns are omitted, including:
- Data disk configuration and attachment
- Availability zones and fault domain placement
- Boot diagnostics and performance monitoring
- SSH keys and password authentication methods
- Marketplace image plans and licensing
- Network interface inline creation (networkInterfaceConfigurations)
These omissions are intentional: the goal is to illustrate how each VM feature is wired, not provide drop-in VM modules. See the Virtual Machine resource reference for all available configuration options.
Let's create and Configure Azure Virtual Machines
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Patch Management
How do I configure automatic patching for a Linux VM?
Set
linuxConfiguration.patchSettings.patchMode to AutomaticByPlatform and assessmentMode to AutomaticByPlatform for platform-managed patching. You can also configure automaticByPlatformSettings to control reboot behavior.How do I configure automatic patching for a Windows VM?
Set
windowsConfiguration.patchSettings.patchMode to AutomaticByPlatform and assessmentMode to AutomaticByPlatform. For hotpatching support, set enableHotpatching to true.What patch modes are available?
Windows VMs support
AutomaticByOS, AutomaticByPlatform, Manual, and ImageDefault. Linux VMs support AutomaticByPlatform and ImageDefault. AutomaticByPlatform provides the most control over patching schedules.Security & Encryption
How do I create a Confidential VM with customer-managed keys?
Set
securityProfile.securityType to ConfidentialVM, enable uefiSettings.secureBootEnabled and uefiSettings.vTpmEnabled, and configure osDisk.managedDisk.securityProfile.diskEncryptionSet with your encryption set ID and securityEncryptionType set to DiskWithVMGuestState.How do I enable Trusted Launch for a VM?
Set
securityProfile.securityType to TrustedLaunch and configure uefiSettings with secureBootEnabled and vTpmEnabled set to true.How do I enable host-based encryption?
Set
securityProfile.encryptionAtHost to true. This encrypts data at rest on the VM host.Image Sources
How do I use a shared gallery image?
Set
storageProfile.imageReference.id to the shared gallery image resource ID (e.g., /subscriptions/{id}/resourceGroups/{rg}/providers/Microsoft.Compute/galleries/{gallery}/images/{image}).How do I use a community gallery image?
Set
storageProfile.imageReference.communityGalleryImageId to the community gallery image path (e.g., /CommunityGalleries/{gallery}/Images/{image}/Versions/{version}).VM Placement & Availability
How do I configure automatic zone placement?
Set
placement.includeZones to an array of zone numbers (e.g., ["1", "3"]) and placement.zonePlacementPolicy to Any to allow Azure to select the best zone.How do I add a VM to an availability set?
Set
availabilitySet.id to the resource ID of an existing availability set.Advanced Features
How do I enable hibernation for a VM?
Set
additionalCapabilities.hibernationEnabled to true. The VM must use a supported size and image that supports hibernation.How do I configure scheduled events notifications?
Configure
scheduledEventsProfile with terminateNotificationProfile and osImageNotificationProfile. Set enable to true and specify notBeforeTimeout (e.g., PT10M for 10 minutes).