Docs update tracker

Updates from: 05/18/2023 01:06:24

Service	Microsoft Docs article	Related commit history on GitHub	Change details
azure-monitor	Data Collection Text Log	https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/data-collection-text-log.md	To create the data collection rule in the Azure portal: 1. Specify the following information: - - File Pattern - Identifies where the log files are located on the local disk. You can enter multiple file patterns separated by commas if your AMA is using Fluent Bit v1.5.1 or more. + - File Pattern - Identifies where the log files are located on the local disk. You can enter multiple file patterns separated by commas (on Linux, AMA version 1.26 or higher is required to collect from a comma-separated list of file patterns). Examples of valid inputs: - 20220122-MyLog.txt - ProcessA_MyLog.txt - - ErrorsOnly_MyLog.txt, WarningOnly_MyLog.txt + - ErrorsOnly_MyLog.txt, WarningOnly_MyLog.txt > [!NOTE] > Multiple log files of the same type commonly exist in the same directory. For example, a machine might create a new file every day to prevent the log file from growing too large. To collect log data in this scenario, you can use a file wildcard. Use the format `C:\directoryA\directoryB\MyLog.txt` for Windows and `/var/.log` for Linux. There is no support for directory wildcards.
azure-video-indexer	Release Notes	https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-video-indexer/release-notes.md	To stay up-to-date with the most recent Azure Video Indexer developments, this a ## May 2023 +### API breaking change + +We're introducing a change in behavior that may break your existing query logic. The change is in the List and Search APIs, find a detailed change between the current and the new behavior in a table that follows. You may need to update your code to utilize the [new APIs](https://api-portal.videoindexer.ai/). + +\|API \|Current\|New\|The breaking change\| +\|\|\|\|\| +\|List Videos\|ΓÇó List all videos/projects according to 'IsBase' boolean parameter. If 'IsBase' is not defined, list both.<br/>ΓÇó Returns videos in all states (In progress/Proccessed/Failed). \|ΓÇó List Videos API will Return only videos (with paging) in all states.<br/>ΓÇó List Projects API will return only projects (with paging).\|ΓÇó List videos API was divided into two new APIΓÇÖs List Videos and List Projects<br/>ΓÇó The 'IsBase' parameter no longer has a meaning. \| +\|Search Videos\|ΓÇó Search all videos/projects according to 'IsBase' boolean parameter. If 'IsBase' is not defined, search both. <br/>ΓÇó Search videos in all states (In progress/Proccessed/Failed). \|Search only processed videos.\|ΓÇó Search Videos API will only search videos and not projects.<br/>ΓÇó The 'IsBase' parameter no longer has a meaning.<br/>ΓÇó Search Videos API will only search Processed videos (and not Failed/InProgress ones.)\| + ### Support for HTTP/2 Added support for HTTP/2 for our [Data Plane API](https://api-portal.videoindexer.ai/). [HTTP/2](https://en.wikipedia.org/wiki/HTTP/2) offers several benefits over HTTP/1.1, which continues to be supported for backwards compatibility. One of the main benefits of HTTP/2 is increased performance, better reliability and reduced system resource requirements over HTTP/1.1. With this change we now support HTTP/2 for both the Video Indexer [Portal](https://videoindexer.ai/) and our Data Plane API. We advise to update your code to take advantage of this change.
energy-data-services	How To Use Managed Identity	https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/energy-data-services/how-to-use-managed-identity.md	To add the application ID: * [Access token](how-to-manage-users.md#prerequisites) * Application ID of the managed identity -2. Use the [Add Member API](https://microsoft.github.io/meds-samples/rest-apis/https://docsupdatetracker.net/index.html?page=/meds-samples/rest-apis/entitlements_openapi.yaml#/add-member-api/addMemberUsingPOST) to add the application ID of the user-assigned managed identity to the appropriate entitlement groups. +2. Use the [Add Member API](https://microsoft.github.io/adme-samples/rest-apis/https://docsupdatetracker.net/index.html?page=/adme-samples/rest-apis/M12/entitlements_openapi.yaml#/add-member-api) to add the application ID of the user-assigned managed identity to the appropriate entitlement groups. > [!NOTE] > In the following commands, be sure to use the application ID of the managed identity and not the object ID.
virtual-machines	Image Builder Api Update Release Notes	https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-machines/image-builder-api-update-release-notes.md	Previously updated : 04/04/2022 Last updated : 05/08/2023 Applies to: :heavy_check_mark: Linux VMs :heavy_check_mark: Windows VMs :heavy_check_mark: Flexible scale sets :heavy_check_mark: Uniform scale sets -This article contains all major API changes and feature updates for the Azure VM Image Builder service. +This article contains all major API changes and feature updates for the Azure VM Image Builder (AIB) service. ## API releases +### Version 2022-07-01 + +Improvements +- Added support to use the latest image version stored in Azure Compute Gallery as the source for the image template +- Added `versioning` to support generating version numbers for image distributions. For more information, see [properties: versioning](../virtual-machines/linux/image-builder-json.md#versioning) +- Added support for per region configuration when distributing to Azure Compute Gallery. For more information, see [Distribute:targetRegions](../virtual-machines/linux/image-builder-json.md#distribute-targetregions) +- Added new 'File' validation type. For more information, see [validate properties](../virtual-machines/linux/image-builder-json.md#properties-validate) +- VHDs can now be distributed to a custom blob or container in a custom storage account. For more information, see [Distribute: VHD](../virtual-machines/linux/image-builder-json.md#distribute-vhd) +- Added support for using a [Direct Shared Gallery](/azure/virtual-machines/shared-image-galleries?tabs=azure-cli#sharing) image as the source for the image template ++ +Changes +- `replicationRegions` is now deprecated for gallery distributions. For more information, use [gallery-replicated-regions](/cli/azure/image/builder/output?view=azure-cli-latest#az-image-builder-output-add-examples&preserve-view=true) +- VHDs can now be distributed to a custom blob or container in a custom storage account +- `targetRegions` array added and applied only to "SharedImage" type distribute. For more information on `targetRegions`, see [Azure Compute Gallery](../../articles/virtual-machines/azure-compute-gallery.md) +- Added support for using a [Direct Shared Gallery](/azure/virtual-machines/shared-image-galleries?tabs=azure-cli#sharing) image as the source for the image template. Direct Shared Gallery is currently in preview. +++ ### Version 2022-02-14 Improvements
virtual-machines	Image Builder Json	https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-machines/linux/image-builder-json.md	Title: Create an Azure Image Builder Bicep file or ARM JSON template -description: Learn how to create a Bicep file or ARM JSON template to use with Azure Image Builder. + Title: Create an Azure Image Builder Bicep file or ARM template JSON template +description: Learn how to create a Bicep file or ARM template JSON template to use with Azure Image Builder. Previously updated : 04/11/2023 Last updated : 05/17/2023 -# Create an Azure Image Builder Bicep or ARM JSON template +# Create an Azure Image Builder Bicep or ARM template JSON template Applies to: :heavy_check_mark: Linux VMs :heavy_check_mark: Windows VMs :heavy_check_mark: Flexible scale sets -Azure Image Builder uses a Bicep file or an ARM JSON template file to pass information into the Image Builder service. In this article we'll go over the sections of the files, so you can build your own. For latest API versions, see [template reference](/azure/templates/microsoft.virtualmachineimages/imagetemplates?tabs=bicep&pivots=deployment-language-bicep). To see examples of full .json files, see the [Azure Image Builder GitHub](https://github.com/Azure/azvmimagebuilder/tree/main/quickquickstarts). +Azure Image Builder uses a Bicep file or an ARM template JSON template file to pass information into the Image Builder service. In this article we go over the sections of the files, so you can build your own. For latest API versions, see [template reference](/azure/templates/microsoft.virtualmachineimages/imagetemplates?tabs=bicep&pivots=deployment-language-bicep). To see examples of full .json files, see the [Azure Image Builder GitHub](https://github.com/Azure/azvmimagebuilder/tree/main/quickquickstarts). The basic format is: resource azureImageBuilder 'Microsoft.VirtualMachineImages/imageTemplates@2022-0 ## Location -The location is the region where the custom image will be created. The following regions are supported: +The location is the region where the custom image is created. The following regions are supported: - East US - East US 2 The location is the region where the custom image will be created. The following > [!IMPORTANT] > Register the feature `Microsoft.VirtualMachineImages/MooncakePublicPreview` to access the Azure Image Builder public preview in the China North 3 region. -To access the Azure VM Image Builder public preview in the Fairfax regions (USGov Arizona and USGov Virginia), you must register the Microsoft.VirtualMachineImages/FairfaxPublicPreview feature. To do so, run the following command in either PowerShell or Azure CLI: +To access the Azure VM Image Builder public preview in the Azure Government regions (USGov Arizona and USGov Virginia), you must register the Microsoft.VirtualMachineImages/FairfaxPublicPreview feature. To do so, run the following command in either PowerShell or Azure CLI: ### [Azure PowerShell](#tab/azure-powershell) location: '<region>' ### Data residency -The Azure VM Image Builder service doesn't store or process customer data outside regions that have strict single region data residency requirements when a customer requests a build in that region. If a service outage for regions that have data residency requirements, you'll need to create Bicep files/templates in a different region and geography. +The Azure VM Image Builder service doesn't store or process customer data outside regions that have strict single region data residency requirements when a customer requests a build in that region. If a service outage for regions that have data residency requirements, you need to create Bicep files/templates in a different region and geography. ### Zone redundancy For more information on deploying this feature, see [Configure managed identitie This property is only available in API versions `2021-10-01` or newer. -Optional - The Image Builder Build VM, that is created by the Image Builder service in your subscription, is used to build and customize the image. For the Image Builder Build VM to have permissions to authenticate with other services like Azure Key Vault in your subscription, you must create one or more Azure User Assigned Identities that have permissions to the individual resources. Azure Image Builder can then associate these User Assigned Identities with the Build VM. Customizer scripts running inside the Build VM can then fetch tokens for these identities and interact with other Azure resources as needed. Be aware, the user assigned identity for Azure Image Builder must have the "Managed Identity Operator" role assignment on all the user assigned identities for Azure Image Builder to be able to associate them to the build VM. +Optional - The Image Builder Build VM that is created by the Image Builder service in your subscription is used to build and customize the image. For the Image Builder Build VM to have permissions to authenticate with other services like Azure Key Vault in your subscription, you must create one or more Azure User Assigned Identities that have permissions to the individual resources. Azure Image Builder can then associate these User Assigned Identities with the Build VM. Customizer scripts running inside the Build VM can then fetch tokens for these identities and interact with other Azure resources as needed. Be aware, the user assigned identity for Azure Image Builder must have the "Managed Identity Operator" role assignment on all the user assigned identities for Azure Image Builder to be able to associate them to the build VM. > [!NOTE] > Be aware that multiple identities can be specified for the Image Builder Build VM, including the identity you created for the [image template resource](#user-assigned-identity-for-azure-image-builder-image-template-resource). By default, the identity you created for the image template resource won't automatically be added to the build VM. To learn more, see: Maximum duration to wait while building the image template (includes all customizations, validations, and distributions). -If you don't specify the property or set the value to 0, the default value is used, which is 240 minutes or four hours. The minimum value is 6 minutes, and the maximum value is 960 minutes or 16 hours. When the timeout value is hit (whether or not the image build is complete), you'll see an error similar to: +If you don't specify the property or set the value to 0, the default value is used, which is 240 minutes or four hours. The minimum value is 6 minutes, and the maximum value is 960 minutes or 16 hours. When the timeout value is hit (whether or not the image build is complete), you see an error similar to: ```text [ERROR] Failed while waiting for packerizer: Timeout waiting for microservice to Customize properties: - Type: WindowsRestart. - restartCommand - Command to execute the restart (optional). The default is `'shutdown /r /f /t 0 /c \"packer restart\"'`. - restartCheckCommand ΓÇô Command to check if restart succeeded (optional).-- restartTimeout - Restart timeout specified as a string of magnitude and unit. For example, `5m` (5 minutes) or `2h` (2 hours). The default is: `5m`. +- restartTimeout - Restart time out specified as a string of magnitude and unit. For example, `5m` (5 minutes) or `2h` (2 hours). The default is: `5m`. > [!NOTE] > There is no Linux restart customizer. This customizer is supported by Windows directories and Linux paths, but there a - Linux ΓÇô the only path Image builder can write to is /tmp. - Windows ΓÇô No path restriction, but the path must exist. -If there's an error trying to download the file, or put it in a specified directory, then customize step will fail, and this error will be in the customization.log. +If there's an error trying to download the file, or put it in a specified directory, then customize step fails, and this error will be in the customization.log. > [!NOTE] > The file customizer is only suitable for small file downloads, < 20MB. For larger file downloads, use a script or inline command, then use code to download files, such as, Linux `wget` or `curl`, Windows, `Invoke-WebRequest`. For files that are in Azure storage, ensure that you assign an identity with permissions to view that file to the build VM by following the documentation here: [User Assigned Identity for the Image Builder Build VM](#user-assigned-identity-for-the-image-builder-build-vm). Any file that is not stored in Azure must be publicly accessible for Azure Image Builder to be able to download it. If there's an error trying to download the file, or put it in a specified direct ### Windows update customizer -The `WindowsUpdate` customizer is built on the [community Windows Update Provisioner](https://developer.hashicorp.com/packer/docs/provisioners/community-supported) for Packer, which is an open source project maintained by the Packer community. Microsoft tests and validate the provisioner with the Image Builder service, and will support investigating issues with it, and work to resolve issues, however the open source project isn't officially supported by Microsoft. For detailed documentation on and help with the Windows Update Provisioner, see the project repository. + +The `WindowsUpdate` customizer is built on the [community Windows Update Provisioner](https://github.com/rgl/packer-plugin-windows-update) for Packer, which is an open source project maintained by the Packer community. Microsoft tests and validate the provisioner with the Image Builder service, and will support investigating issues with it, and work to resolve issues, however the open source project isn't officially supported by Microsoft. For detailed documentation on and help with the Windows Update Provisioner, see the project repository. + # [JSON](#tab/json) Customizer properties: By default, Azure Image Builder will also run `deprovision` code at the end of each image customization phase, to generalize the image. Generalizing is a process where the image is set up so it can be reused to create multiple VMs. For Windows VMs, Azure Image Builder uses Sysprep. For Linux, Azure Image Builder runs `waagent -deprovision`. -The commands Image Builder users to generalize may not be suitable for every situation, so Azure Image Builder will allow you to customize this command, if needed. +The commands Image Builder users to generalize may not be suitable for every situation, so Azure Image Builder allows you to customize this command, if needed. If you're migrating existing customization, and you're using different Sysprep/waagent commands, you can use the Image Builder generic commands, and if the VM creation fails, use your own Sysprep or waagent commands. -If Azure Image Builder creates a Windows custom image successfully, and you create a VM from it, then find that the VM creation fails or doesn't complete successfully, you'll need to review the Windows Server Sysprep documentation or raise a support request with the Windows Server Sysprep Customer Services Support team, who can troubleshoot and advise on the correct Sysprep usage. +If Azure Image Builder creates a Windows custom image successfully, and you create a VM from it, then find that the VM creation fails or doesn't complete successfully, you need to review the Windows Server Sysprep documentation or raise a support request with the Windows Server Sysprep Customer Services Support team, who can troubleshoot and advise on the correct Sysprep usage. #### Default Sysprep command To override the commands, use the PowerShell or Shell script provisioners to cre - Windows: c:\DeprovisioningScript.ps1 - Linux: /tmp/DeprovisioningScript.sh -Image Builder will read these commands, these commands are written out to the AIB logs, `customization.log`. See [troubleshooting](image-builder-troubleshoot.md#customization-log) on how to collect logs. +Image Builder reads these commands, these commands are written out to the AIB logs, `customization.log`. See [troubleshooting](image-builder-troubleshoot.md#customization-log) on how to collect logs. ## Properties: distribute Output: ### Distribute: managedImage -The image output will be a managed image resource. +The image output is a managed image resource. # [JSON](#tab/json) Before you can distribute to the gallery, you must create a gallery and an image "artifactTags": { "<name>": "<value>", "<name>": "<value>" - }, - "replicationRegions": [ - "<region where the gallery is deployed>", - "<region>" - ] + } } ``` Before you can distribute to the gallery, you must create a gallery and an image <name>: '<value>' <name>: '<value>' } - replicationRegions: [ - '<region where the gallery is deployed>' - '<region>' - ] } ```++ +The following JSON is an example of how to use the `replicationRegions` field to distribute to an Azure Compute Gallery. + +# [JSON](#tab/json) +```json + "replicationRegions": [ + "<region where the gallery is deployed>", + "<region>" + ] +``` + +# [Bicep](#tab/bicep) +```bicep +replicationRegions: [ + '<region where the gallery is deployed>', + '<region>' +] +``` +> [!NOTE] +>`replicationRegions` is deprecated for gallery distributions as `targetRegions` is updated property. For more information, see [targetRegions](../image-builder-api-update-release-notes.md#version-2022-07-01). + +#### Distribute: targetRegions + +The following JSON is an example of how to use the targetRegions field to distribute to an Azure Compute Gallery. + +# [JSON](#tab/json) +```json +"distribute": [ + { + "type": "SharedImage", + "galleryImageId": "<resource ID>", + "runOutputName": "<name>", + "artifactTags": { + "<name>": "<value>", + "<name>": "<value>" + }, + "targetRegions": [ + { + "name": "eastus", + "replicaCount": 2, + "storageAccountType": "Standard_ZRS" + }, + { + "name": "eastus2", + "replicaCount": 3, + "storageAccountType": "Premium_LRS" + } + ] + }, + ] +``` +# [Bicep](#tab/bicep) +```bicep +distribute: [ + { + type: 'SharedImage' + galleryImageId: '<resource ID>' + runOutputName: '<name>' + artifactTags: { + '<name>': '<value>' + '<name>': '<value>' + } + targetRegions: [ + { + name: 'eastus' + replicaCount: 2 + storageAccountType: 'Standard_ZRS' + } + { + name: 'eastus2' + replicaCount: 3 + storageAccountType: 'Premium_LRS' + } + ] + } +] +``` +++ Distribute properties for galleries: - type - sharedImage - galleryImageId ΓÇô ID of the Azure Compute Gallery, this property can be specified in two formats: - - Automatic versioning - Image Builder will generate a monotonic version number for you, this property is useful for when you want to keep rebuilding images from the same template: The format is: `/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Compute/galleries/<sharedImageGalleryName>/images/<imageGalleryName>`. + - Automatic versioning - Image Builder generates a monotonic version number for you, this property is useful for when you want to keep rebuilding images from the same template: The format is: `/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Compute/galleries/<sharedImageGalleryName>/images/<imageGalleryName>`. - Explicit versioning - You can pass in the version number you want image builder to use. The format is: `/subscriptions/<subscriptionID>/resourceGroups/<rgName>/providers/Microsoft.Compute/galleries/<sharedImageGalName>/images/<imageDefName>/versions/<version - for example: 1.1.1>` - runOutputName ΓÇô unique name for identifying the distribution. - artifactTags - optional user specified key\value tags.-- replicationRegions - array of regions for replication. One of the regions must be the region where the Gallery is deployed. Adding regions will mean an increase of build time, as the build doesn't complete until the replication has completed. +- replicationRegions - array of regions for replication. One of the regions must be the region where the Gallery is deployed. Adding regions mean an increase of build time, as the build doesn't complete until the replication has completed. This field is deprecated as of API version 2022-07-01, please use `targetRegions` when distributing a "SharedImage" type. +- targetRegions - an array of regions for replication. It's newly introduced as part of the [2022-07-01 API](../../virtual-machines/image-builder-api-update-release-notes.md#version-2022-07-01) and applies only to the `SharedImage` type distribute. - excludeFromLatest (optional) - allows you to mark the image version you create not be used as the latest version in the gallery definition, the default is 'false'. - storageAccountType (optional) - AIB supports specifying these types of storage for the image version that is to be created: - "Standard_LRS" - - "Standard_ZRS""," + - "Standard_ZRS"," + > [!NOTE] > If the image template and referenced `image definition` aren't in the same location, you'll see additional time to create images. Image Builder currently doesn't have a `location` parameter for the image version resource, we take it from its parent `image definition`. For example, if an image definition is in `westus` and you want the image version replicated to `eastus`, a blob is copied to `westus`, an image version resource in `westus` is created, and then replicate to `eastus`. To avoid the additional replication time, ensure the `image definition` and image template are in the same location. +++ +## versioning + +The versioning property is for the `sharedImage` distribute type only. It's an enum with two possible values: +- latest - New strictly increasing schema per design +- source - Schema based upon the version number of the source image. + +The default version numbering schema is `latest`. The latest schema has an additional property, ΓÇ£majorΓÇ¥ which specifies the major version under which to generate the latest version. + +> [!NOTE] +> The existing version generation logic for `sharedImage` distribution is deprecated. Two new options are provided: monotonically increasing versions that are always the latest version in a gallery, and versions generated based on the version number of the source image. The enum specifying the version generation schema allows for expansion in the future with additional version generation schemas. +++ +```json + "distribute": [ + "versioning": { + "scheme": "Latest", + "major": 1 + } + ] +``` ++ +versioning properties: +- scheme - Generate new version number for distribution. `Latest` or `Source` are two possible values. +- major - Specifies the major version under which to generate the latest version. Only applicable when the `scheme` is set to `Latest`. For example, in a gallery with the following versions published: 0.1.1, 0.1.2, 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0, 2.0.0, 2.0.1, 2.1.0 + - With major not set or major set to 2, The `Latest` scheme generates version 2.1.1 + - With major set to 1, the Latest scheme generates version 1.1.2 + - With major set to 0, the Latest scheme generates version 0.1.3 + ### Distribute: VHD You can output to a VHD. You can then copy the VHD, and use it to publish to Azure MarketPlace, or use with Azure Stack. az resource show \ > [!NOTE] > Once the VHD has been created, copy it to a different location, as soon as possible. The VHD is stored in a storage account in the temporary resource group created when the image template is submitted to the Azure Image Builder service. If you delete the image template, then you'll lose the VHD. +The following JSON distributes the image as a VHD to a custom storage account. + +# [JSON](#tab/json) + +```json +"distribute": [ + { + "type": "VHD", + "runOutputName": "<VHD name>", + "artifactTags": { + "<name>": "<value>", + "<name>": "<value>" + }, + "uri": "<replace with Azure storage URI>" + } +] +``` + +# [Bicep](#tab/bicep) + +```bicep +resource distribute 'Microsoft.Compute/galleries/images/runOutputs' = { + name: '<VHD name>' + properties: { + type: 'VHD' + artifactTags: { + '<name>': '<value>' + '<name>': '<value>' + } + uri: '<replace with Azure storage URI>' + } +} +``` +++ +VHD distribute properties: + +uri - Optional Azure Storage URI for the distributed VHD blob. Omit to use the default (empty string) in which case VHD would be published to the storage account in the staging resource group. + ## Properties: source -The `source` section contains information about the source image that will be used by Image Builder. Azure Image Builder only supports generalized images as source images, specialized images are not supported at this time. +The `source` section contains information about the source image that will be used by Image Builder. Azure Image Builder only supports generalized images as source images, specialized images aren't supported at this time. The API requires a `SourceType` that defines the source for the image build, currently there are three types: Sets the source image as an existing image version in an Azure Compute Gallery. ```bicep source: { - type: 'SharedImageVersion', - imageVersionID: '/subscriptions/<subscriptionId>/resourceGroups/<resourceGroup>/providers/Microsoft.Compute/galleries/<sharedImageGalleryName>/images/<imageDefinitionName/versions/<imageVersion>' + type: 'SharedImageVersion' + imageVersionId: '/subscriptions/<subscriptionId>/resourceGroups/<resourceGroup>/providers/Microsoft.Compute/galleries/<sharedImageGalleryName>/images/<imageDefinitionName>/versions/<imageVersion>' } ``` +- imageVersionId - ARM template resource ID of the image version. When image version name is 'latest', the version is evaluated when the image build takes place. The `imageVersionId` should be the `ResourceId` of the image version. Use [az sig image-version list](/cli/azure/sig/image-version#az-sig-image-version-list) to list image versions. ++ +The following JSON sets the source image as an image stored in a [Direct Shared Gallery](/azure/virtual-machines/shared-image-galleries?tabs=azure-cli#sharing). + +> [!NOTE] +> The Direct Shared Gallery is currently in preview availability. + +# [JSON](#tab/json) + +```json + source: { + "type": "SharedImageVersion", + "imageVersionId": "<replace with resourceId of the image stored in the Direct Shared Gallery>" + }, +``` + +# [Bicep](#tab/bicep) + +```bicep +source: { + type: 'SharedImageVersion' + imageVersionId: '<replace with resourceId of the image stored in the Direct Shared Gallery>' +} +``` ++ +The following JSON sets the source image as the latest image version for an image stored in an Azure Compute Gallery. + +# [JSON](#tab/json) + +```json +"properties": { + "source": { + "type": "SharedImageVersion", + "imageVersionId": "/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Compute/galleries/<azureComputeGalleryName>/images/<imageDefinitionName>/versions/latest" + } +}, +``` + +# [Bicep](#tab/bicep) + +```bicep +properties: { + source: { + type: 'SharedImageVersion' + imageVersionId: '/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Compute/galleries/<azureComputeGalleryName>/images/<imageDefinitionName>/versions/latest' + } +} +``` ++ +SharedImageVersion properties: + +imageVersionId - ARM template resource ID of the image version. When the image version name is 'latest', the version is evaluated when the image build takes place. -The `imageVersionId` should be the ResourceId of the image version. Use [az sig image-version list](/cli/azure/sig/image-version#az-sig-image-version-list) to list image versions. ## Properties: stagingResourceGroup -The `stagingResourceGroup` property contains information about the staging resource group that the Image Builder service will create for use during the image build process. The `stagingResourceGroup` is an optional property for anyone who wants more control over the resource group created by Image Builder during the image build process. You can create your own resource group and specify it in the `stagingResourceGroup` section or have Image Builder create one on your behalf. +The `stagingResourceGroup` property contains information about the staging resource group that the Image Builder service creates for use during the image build process. The `stagingResourceGroup` is an optional property for anyone who wants more control over the resource group created by Image Builder during the image build process. You can create your own resource group and specify it in the `stagingResourceGroup` section or have Image Builder create one on your behalf. # [JSON](#tab/json) properties: { - The stagingResourceGroup property is left empty - If the `stagingResourceGroup` property isn't specified or specified with an empty string, the Image Builder service will create a staging resource group with the default name convention "IT_*". The staging resource group will have the default tags applied to it: `createdBy`, `imageTemplateName`, `imageTemplateResourceGroupName`. Also, the default RBAC will be applied to the identity assigned to the Azure Image Builder template resource, which is "Contributor". + If the `stagingResourceGroup` property isn't specified or specified with an empty string, the Image Builder service creates a staging resource group with the default name convention "IT_". The staging resource group has the default tags applied to it: `createdBy`, `imageTemplateName`, `imageTemplateResourceGroupName`. Also, the default RBAC is applied to the identity assigned to the Azure Image Builder template resource, which is "Contributor". - The stagingResourceGroup property is specified with a resource group that exists* - If the `stagingResourceGroup` property is specified with a resource group that does exist, then the Image Builder service will check to make sure the resource group isn't associated with another image template, is empty (no resources inside), in the same region as the image template, and has either "Contributor" or "Owner" RBAC applied to the identity assigned to the Azure Image Builder image template resource. If any of the aforementioned requirements aren't met, an error will be thrown. The staging resource group will have the following tags added to it: `usedBy`, `imageTemplateName`, `imageTemplateResourceGroupName`. Pre-existing tags aren't deleted. + If the `stagingResourceGroup` property is specified with a resource group that does exist, then the Image Builder service checks to make sure the resource group isn't associated with another image template, is empty (no resources inside), in the same region as the image template, and has either "Contributor" or "Owner" RBAC applied to the identity assigned to the Azure Image Builder image template resource. If any of the aforementioned requirements aren't met, an error is thrown. The staging resource group has the following tags added to it: `usedBy`, `imageTemplateName`, `imageTemplateResourceGroupName`. Pre-existing tags aren't deleted. > [!IMPORTANT] > You will need to assign the contributor role to the resource group for the service principal corresponding to Azure Image Builder's first party app when trying to specify a pre-existing resource group and VNet to the Azure Image Builder service with a Windows source image. For the CLI command and portal instructions on how to assign the contributor role to the resource group see the following documentation [Troubleshoot VM Azure Image Builder: Authorization error creating disk](./image-builder-troubleshoot.md#authorization-error-creating-disk) - The stagingResourceGroup property is specified with a resource group that doesn't exist - If the `stagingResourceGroup` property is specified with a resource group that doesn't exist, then the Image Builder service will create a staging resource group with the name provided in the `stagingResourceGroup` property. There will be an error if the given name doesn't meet Azure naming requirements for resource groups. The staging resource group will have the default tags applied to it: `createdBy`, `imageTemplateName`, `imageTemplateResourceGroupName`. By default the identity assigned to the Azure Image Builder image template resource will have the "Contributor" RBAC applied to it in the resource group. + If the `stagingResourceGroup` property is specified with a resource group that doesn't exist, then the Image Builder service creates a staging resource group with the name provided in the `stagingResourceGroup` property. There will be an error if the given name doesn't meet Azure naming requirements for resource groups. The staging resource group has the default tags applied to it: `createdBy`, `imageTemplateName`, `imageTemplateResourceGroupName`. By default the identity assigned to the Azure Image Builder image template resource has the "Contributor" RBAC applied to it in the resource group. ### Template deletion How to use the `validate` property to validate Windows images: - name - name of the validator - scriptUri - URI of the PowerShell script file. - inline ΓÇô array of commands to be run, separated by commas.-- validExitCodes ΓÇô Optional, valid codes that can be returned from the script/inline command, this will avoid reported failure of the script/inline command. +- validExitCodes ΓÇô Optional, valid codes that can be returned from the script/inline command, this avoids reported failure of the script/inline command. - runElevated ΓÇô Optional, boolean, support for running commands and scripts with elevated permissions. - sha256Checksum - Value of sha256 checksum of the file, you generate this locally, and then Image Builder will checksum and validate. How to use the `validate` property to validate Linux images: "name": "<name>", "scriptUri": "<path to script>", "sha256Checksum": "<sha256 checksum>" + }, + { + "type": "File", + "destination": "string", + "sha256Checksum": "string", + "sourceUri": "string" } ] } } - } +} ``` # [Bicep](#tab/bicep) How to use the `validate` property to validate Linux images: `inVMValidations` properties: -- type ΓÇô Shell +- type ΓÇô Shell or File specified as the validation type to be performed. - name - name of the validator - scriptUri - URI of the script file - inline - array of commands to be run, separated by commas. - sha256Checksum - Value of sha256 checksum of the file, you generate this locally, and then Image Builder will checksum and validate. To generate the sha256Checksum, using a terminal on Mac/Linux run: `sha256sum <fileName>` +- destination - Destination of the file. +- sha256Checksum - Specifies the SHA256 checksum of the file. +- sourceUri - The source URI of the file. <a id="vmprofile"></a> Image Builder uses a default SKU size of `Standard_D1_v2` for Gen1 images and `S - Running Windows builds, you should use "Standard_D2_v2" or equivalent VM size. - Require [VM isolation](../isolation.md). - Customize an image that requires specific hardware. For example, for a GPU VM, you need a GPU VM size.-- Require end to end encryption at rest of the build VM, you need to specify the support build [VM size](../azure-vms-no-temp-disk.yml) that don't use local temporary disks. +- Require end to end encryption at rest of the build VM, you need to specify the support build [VM size](../azure-vms-no-temp-disk.yml) that doesn't use local temporary disks. ### osDiskSizeGB By default, Image Builder doesn't change the size of the image, it uses the size ### vnetConfig (optional) -If you don't specify any VNet properties, Image Builder will create its own VNet, Public IP, and network security group (NSG). The Public IP is used for the service to communicate with the build VM. If you don't want to have a Public IP or you want Image Builder to have access to your existing VNet resources, such as configuration servers (DSC, Chef, Puppet, Ansible), file shares, then you can specify a VNet. For more information, review the [networking documentation](image-builder-networking.md). +If you don't specify any VNet properties, Image Builder creates its own VNet, Public IP, and network security group (NSG). The Public IP is used for the service to communicate with the build VM. If you don't want to have a Public IP or you want Image Builder to have access to your existing VNet resources, such as configuration servers (DSC, Chef, Puppet, Ansible), file shares, then you can specify a VNet. For more information, review the [networking documentation](image-builder-networking.md). # [JSON](#tab/json) az resource invoke-action \ If you're running an image build that you believe is incorrect, waiting for user input, or you feel will never complete successfully, then you can cancel the build. -The build can be canceled anytime. If the distribution phase has started you can still cancel, but you'll need to clean up any images that may not be completed. The cancel command doesn't wait for cancel to complete, monitor `lastrunstatus.runstate` for canceling progress, using these status [commands](image-builder-troubleshoot.md#customization-log). +The build can be canceled anytime. If the distribution phase has started you can still cancel, but you need to clean up any images that may not be completed. The cancel command doesn't wait for cancel to complete, monitor `lastrunstatus.runstate` for canceling progress, using these status [commands](image-builder-troubleshoot.md#customization-log). Examples of `cancel` commands:
virtual-machines	Image Builder Troubleshoot	https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-machines/linux/image-builder-troubleshoot.md	description: This article helps you troubleshoot common problems and errors you Previously updated : 04/12/2023 Last updated : 05/17/2023 The assigned managed identity cannot be used. Please remove the existing one and #### Cause -There are cases where [Managed Service Identities (MSI)](./image-builder-permissions-cli.md#create-a-user-assigned-managed-identity) assigned to the image template cannot be used: -1. The Image Builder template uses a customer provided staging resource group and the MSI is deleted before the image template is deleted ([staging resource group](./image-builder-json.md#properties-stagingresourcegroup) scenario) -1. The identity is deleted and attempted to recreate the identity with the same name, but without re-assigning the MSI. Though the resource ids are the same, the underlying service principal has been changed. +There are cases where [Managed Service Identities (MSI)](/azure/virtual-machines/linux/image-builder-permissions-cli#create-a-user-assigned-managed-identity) assigned to the image template cannot be used: ++ +- The Image Builder template uses a customer provided staging resource group and the MSI is deleted before the image template is deleted ([staging resource group](./image-builder-json.md#properties-stagingresourcegroup) scenario) +- The created [Managed Service Identities (MSI)](./image-builder-permissions-cli.md#create-a-user-assigned-managed-identity) assigned to the image template cannot be used + #### Solution + Use Azure CLI to reset identity on the image template. Ensure you [update](/cli/azure/update-azure-cli) Azure CLI to the 2.45.0 version or later. + Remove the managed identity from the target image builder template ```azurecli-interactive
virtual-machines	Trusted Launch Portal	https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-machines/trusted-launch-portal.md	You can deploy trusted launch VMs using a quickstart template: -## Deploy a trusted launch VM from an Azure Compute Gallery image +## Deploy a Trusted launch VM from an Azure Compute Gallery image -### [Portal](#tab/portal2) +[Azure trusted launch virtual machines](trusted-launch.md) supports the creation and sharing of custom images using Azure Compute Gallery. There are two types of images that you can create, based on the security types of the image: + +- [Trusted launch VM (`TrustedLaunch`) images](#trusted-launch-vm-images) are images where the source usually has [VM Guest state information](trusted-launch.md#what-is-vm-guest-state-vmgs) and can be used to create only Azure Trusted launch VMs. +- [Trusted launch VM Supported (`TrustedLaunchSupported`) images](#trusted-launch-vm-supported-images) are images where the source doesn't have VM Guest state information and can be used to create either Azure Gen2 VMs or Azure Trusted launch VMs. + +### Trusted launch VM Images + +For the following image sources, the security type on the image definition should be set to `TrustedLaunch` as the image source already has [VM Guest state information](trusted-launch.md#what-is-vm-guest-state-vmgs): +- Trusted launch VM capture +- Managed OS disk +- Managed OS disk snapshot + +The resulting image version can be used only to create Azure Trusted launch VMs. + +#### [Portal](#tab/portal2) 1. Sign in to the Azure [portal](https://portal.azure.com). 2. To create an Azure Compute Gallery Image from a VM, open an existing Trusted launch VM and select Capture. You can deploy trusted launch VMs using a quickstart template: 14. The image and the security type are already populated based on the selected image version. The Secure Boot and vTPM checkboxes are enabled by default. 15. Fill in the Administrator account information and then Inbound port rules. 16. At the bottom of the page, select Review + Create -17. On the Create a virtual machine page, you can see the details about the VM you are about to deploy. Once validation shows as passed, select Create. +1. On the validation page, review the details of the VM. +1. After the validation succeeds, select Create to finish creating the VM. In case you want to use either a managed disk or a managed disk snapshot as a source of the image version (instead of a trusted launch VM), then use the following steps In case you want to use either a managed disk or a managed disk snapshot as a so 10. The Encryption tab can also be used to provide SSE encryption related information, if required. 11. Select Create in the Review + create tab to create the image 12. Once the image version is successfully created, select the + Create VM to land on the Create a virtual machine page. -13. Please follow steps 12 to 17 as mentioned earlier to create a trusted launch VM using this image version +13. Follow steps 12 to 18 as mentioned earlier to create a trusted launch VM using this image version -### [CLI](#tab/cli2) +#### [CLI](#tab/cli2) Make sure you are running the latest version of Azure CLI az sig image-version create --resource-group MyResourceGroup \ In case a managed disk or a managed disk snapshot needs to be used as the image source for the image version, replace the --managed-image in the above command with --os-snapshot and provide the disk or the snapshot resource name -Create a Trusted Launch VM from the above image version +Create a Trusted launch VM from the above image version ```azurecli-interactive adminUsername=linuxvm az vm create --resource-group MyResourceGroup \ --name myTrustedLaunchVM \ --image "/subscriptions/00000000-0000-0000-0000-00000000xxxx/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/galleries/MyGallery/images/MyImageDef" \ + --size Standard_D2s_v5 \ --security-type TrustedLaunch \ --enable-secure-boot true \ --enable-vtpm true \ az vm create --resource-group MyResourceGroup \ --generate-ssh-keys ``` -### [PowerShell](#tab/powershell2) +#### [PowerShell](#tab/powershell2) Create an image definition with `TrustedLaunch` security type $galleryImageVersionName = "1.0.0" $sourceImageId = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myVMRG/providers/Microsoft.Compute/virtualMachines/myVM" New-AzGalleryImageVersion -ResourceGroupName $rgName -GalleryName $galleryName -GalleryImageDefinitionName $galleryImageDefinitionName -Name $galleryImageVersionName -Location $location -SourceImageId $sourceImageId ``` -Create a Trusted Launch VM from the above image version +Create a Trusted launch VM from the above image version + +```azurepowershell-interactive +$rgName = "MyResourceGroup" +$galleryName = "MyGallery" +$galleryImageDefinitionName = "MyImageDef" +$location = "eastus" +$vmName = "myVMfromImage" +$vmSize = "Standard_D2s_v5" +$imageDefinition = Get-AzGalleryImageDefinition ` + -GalleryName $galleryName ` + -ResourceGroupName $rgName ` + -Name $galleryImageDefinitionName +$cred = Get-Credential ` + -Message "Enter a username and password for the virtual machine" +# Network pieces +$subnetConfig = New-AzVirtualNetworkSubnetConfig ` + -Name mySubnet ` + -AddressPrefix 192.168.1.0/24 +$vnet = New-AzVirtualNetwork ` + -ResourceGroupName $rgName ` + -Location $location ` + -Name MYvNET ` + -AddressPrefix 192.168.0.0/16 ` + -Subnet $subnetConfig +$pip = New-AzPublicIpAddress ` + -ResourceGroupName $rgName ` + -Location $location ` + -Name "mypublicdns$(Get-Random)" ` + -AllocationMethod Static ` + -IdleTimeoutInMinutes 4 +$nsgRuleRDP = New-AzNetworkSecurityRuleConfig ` + -Name myNetworkSecurityGroupRuleRDP ` + -Protocol Tcp ` + -Direction Inbound ` + -Priority 1000 ` + -SourceAddressPrefix * ` + -SourcePortRange * ` + -DestinationAddressPrefix * ` + -DestinationPortRange 3389 ` + -Access Deny +$nsg = New-AzNetworkSecurityGroup ` + -ResourceGroupName $rgName ` + -Location $location ` + -Name myNetworkSecurityGroup ` + -SecurityRules $nsgRuleRDP +$nic = New-AzNetworkInterface ` + -Name myNic ` + -ResourceGroupName $rgName ` + -Location $location ` + -SubnetId $vnet.Subnets[0].Id ` + -PublicIpAddressId $pip.Id ` + -NetworkSecurityGroupId $nsg.Id +$vmΓÇ»=ΓÇ»New-AzVMConfigΓÇ»-vmNameΓÇ»$vmNameΓÇ»-vmSize $vmSize \| ` + Set-AzVMOperatingSystem -Windows -ComputerName $vmName -Credential $cred \| ` + Set-AzVMSourceImage -Id $imageDefinition.Id \| ` + Add-AzVMNetworkInterface -Id $nic.Id +$vmΓÇ»=ΓÇ»Set-AzVMSecurityProfile -SecurityType "TrustedLaunch" -VM $vm +$vmΓÇ»=ΓÇ»Set-AzVmUefiΓÇ»-VMΓÇ»$vmΓÇ»` + -EnableVtpmΓÇ»$trueΓÇ»` + -EnableSecureBootΓÇ»$true +New-AzVM ` + -ResourceGroupName $rgName ` + -Location $location ` + -VM $vm +``` ++ +### Trusted launch VM Supported Images + +For the following image sources, the security type on the image definition should be set to `TrustedLaunchsupported` as the image source does not have VM Guest state information: +- Gen2 OS Disk VHD +- Gen2 Managed Image +- Gen2 Gallery Image Version + +The resulting image version can be used to create either Azure Gen2 VMs or Trusted launch VMs. + +These images can be shared with specific subscriptions or tenants through [Azure Compute Gallery - Direct Shared Gallery](../virtual-machines/azure-compute-gallery.md#shared-directly-to-a-tenant-or-subscription) and with all Azure users using [Azure Compute Gallery - Community Gallery](../virtual-machines/azure-compute-gallery.md#community-gallery) + +> [!NOTE] +> The OS disk VHD, Managed Image or Gallery Image Version should be created from a [Gen2 image that is compatible with Trusted launch VMs](trusted-launch.md#limitations). + +#### [Portal](#tab/portal3) + +1. Sign in to the [Azure portal](https://portal.azure.com). +1. Search for and select VM image versions in the search bar +1. On the VM image versions page, select Create. +1. On the Create VM image version page, on the Basics tab: + 1. Select the Azure subscription. + 1. Select an existing resource group or create a new resource group. + 1. Select the Azure region. + 1. Enter an image version number. + 1. For Source, select either Storage Blobs (VHD) or Managed Image or another VM Image Version + 1. If you selected Storage Blobs (VHD), enter an OS disk VHD (without the VM Guest state). Make sure to use a Gen 2 VHD. + 1. If you selected Managed Image, select an existing managed image of a Gen 2 VM. + 1. If you selected VM Image Version, select an existing Gallery Image Version of a Gen2 VM. + 1. For Target Azure compute gallery, select or create a gallery to share the image. + 1. For Operating system state, select either Generalized or Specialized depending on your use case. If you're using a managed image as the source, always select Generalized. If you're using a storage blob (VHD) and want to select Generalized, follow the steps to [generalize a Linux VHD](../virtual-machines/linux/create-upload-generic.md) or [generalize a Windows VHD](../virtual-machines/windows/upload-generalized-managed.md) before you continue. If you're using an existing VM Image Version, select either Generalized or Specialized based on what is used in the source VM image definition. + 1. For Target VM Image Definition, select Create new. + 1. In the Create a VM image definition pane, enter a name for the definition. Make sure the security type is set to Trustedlaunch Supported. Enter publisher, offer, and SKU information. Then, select Ok. +1. On the Replication tab, enter the replica count and target regions for image replication, if required. +1. On the Encryption tab, enter SSE encryption-related information, if required. +1. Select Review + Create. +1. After the configuration is successfully validated, select Create to finish creating the image. +1. After the image version is created, select Create VM. +12. In the Create a virtual machine page, under Resource group, select Create new and type a name for your resource group or select an existing resource group from the dropdown. +13. Under Instance details, type a name for the virtual machine name and choose a region that supports [trusted launch](trusted-launch.md#limitations). +14. Select Trusted launch virtual machines as the security type. The Secure Boot and vTPM checkboxes are enabled by default. +15. Fill in the Administrator account information and then Inbound port rules. +1. On the validation page, review the details of the VM. +1. After the validation succeeds, select Create to finish creating the VM. ++ +#### [CLI](#tab/cli3) + +Make sure you are running the latest version of Azure CLI + +Sign in to Azure using `az login`. + +```azurecli-interactive +az login +``` + +Create an image definition with `TrustedLaunchSupported` security type + +```azurecli-interactive +az sig image-definition create --resource-group MyResourceGroup --location eastus \ +--gallery-name MyGallery --gallery-image-definition MyImageDef \ +--publisher TrustedLaunchPublisher --offer TrustedLaunchOffer --sku TrustedLaunchSku \ +--os-type Linux --os-state Generalized \ +--hyper-v-generation V2 \ +--features SecurityType=TrustedLaunchSupported +``` + +Use an OS disk VHD to create an image version. Ensure that the Linux VHD was generalized before uploading to an Azure storage account blob using steps outlined [here](../virtual-machines/linux/create-upload-generic.md) + +```azurecli-interactive +az sig image-version create --resource-group MyResourceGroup \ +--gallery-name MyGallery --gallery-image-definition MyImageDef \ +--gallery-image-version 1.0.0 \ +--os-vhd-storage-account /subscriptions/00000000-0000-0000-0000-00000000xxxx/resourceGroups/imageGroups/providers/Microsoft.Storage/storageAccounts/mystorageaccount \ +--os-vhd-uri https://mystorageaccount.blob.core.windows.net/container/path_to_vhd_file +``` + +Create a Trusted launch VM from the above image version + +```azurecli-interactive +adminUsername=linuxvm +az vm create --resource-group MyResourceGroup \ + --name myTrustedLaunchVM \ + --image "/subscriptions/00000000-0000-0000-0000-00000000xxxx/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/galleries/MyGallery/images/MyImageDef" \ + --size Standard_D2s_v5 \ + --security-type TrustedLaunch \ + --enable-secure-boot true \ + --enable-vtpm true \ + --admin-username $adminUsername \ + --generate-ssh-keys +``` + +#### [PowerShell](#tab/powershell3) + +Create an image definition with `TrustedLaunch` security type + +```azurepowershell-interactive +$rgName = "MyResourceGroup" +$galleryName = "MyGallery" +$galleryImageDefinitionName = "MyImageDef" +$location = "eastus" +$publisherName = "TrustedlaunchPublisher" +$offerName = "TrustedlaunchOffer" +$skuName = "TrustedlaunchSku" +$description = "My gallery" +$SecurityType = @{Name='SecurityType';Value='TrustedLaunchSupported'} +$features = @($SecurityType) +New-AzGalleryImageDefinition -ResourceGroupName $rgName -GalleryName $galleryName -Name $galleryImageDefinitionName -Location $location -Publisher $publisherName -Offer $offerName -Sku $skuName -HyperVGeneration "V2" -OsState "Generalized" -OsType "Windows" -Description $description -Feature $features +``` + +To create an image version, we can use an existing Gen2 Gallery Image Version which was generalized during creation. + +```azurepowershell-interactive +$rgName = "MyResourceGroup" +$galleryName = "MyGallery" +$galleryImageDefinitionName = "MyImageDef" +$location = "eastus" +$galleryImageVersionName = "1.0.0" +$sourceImageId = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myVMRG/providers/Microsoft.Compute/galleries/MyGallery/images/Gen2VMImageDef/versions/0.0.1" +New-AzGalleryImageVersion -ResourceGroupName $rgName -GalleryName $galleryName -GalleryImageDefinitionName $galleryImageDefinitionName -Name $galleryImageVersionName -Location $location -SourceImageId $sourceImageId +``` +Create a Trusted launch VM from the above image version ```azurepowershell-interactive $rgName = "MyResourceGroup" $galleryName = "MyGallery" $galleryImageDefinitionName = "MyImageDef" $location = "eastus" $vmName = "myVMfromImage" -$vmSize = "Standard_D2s_v3" +$vmSize = "Standard_D2s_v5" $imageDefinition = Get-AzGalleryImageDefinition ` -GalleryName $galleryName ` -ResourceGroupName $rgName ` New-AzVM ` -VM $vm ``` + ## Verify or update your settings For VMs created with trusted launch enabled, you can view the trusted launch configuration by visiting theΓÇ»OverviewΓÇ»page for the VM in the portal. The Properties tab will show the status of Trusted Launch features: