New-AzVMConfig

Creates a configurable virtual machine object.

Syntax

New-AzVMConfig
   [-VMName] <String>
   [-VMSize] <String>
   [[-AvailabilitySetId] <String>]
   [[-LicenseType] <String>]
   [-Zone <String[]>]
   [-ProximityPlacementGroupId <String>]
   [-HostId <String>]
   [-VmssId <String>]
   [-MaxPrice <Double>]
   [-EvictionPolicy <String>]
   [-Priority <String>]
   [-Tags <Hashtable>]
   [-EnableUltraSSD]
   [-EncryptionAtHost]
   [-CapacityReservationGroupId <String>]
   [-ImageReferenceId <String>]
   [-DiskControllerType <String>]
   [-UserData <String>]
   [-PlatformFaultDomain <Int32>]
   [-HibernationEnabled]
   [-vCPUCountAvailable <Int32>]
   [-vCPUCountPerCore <Int32>]
   [-SharedGalleryImageId <String>]
   [-SecurityType <String>]
   [-EnableVtpm <Boolean>]
   [-EnableSecureBoot <Boolean>]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]
New-AzVMConfig
   [-VMName] <String>
   [-VMSize] <String>
   [[-AvailabilitySetId] <String>]
   [[-LicenseType] <String>]
   [-IdentityType] <ResourceIdentityType>
   [-IdentityId <String[]>]
   [-Zone <String[]>]
   [-ProximityPlacementGroupId <String>]
   [-HostId <String>]
   [-VmssId <String>]
   [-MaxPrice <Double>]
   [-EvictionPolicy <String>]
   [-Priority <String>]
   [-Tags <Hashtable>]
   [-EnableUltraSSD]
   [-EncryptionAtHost]
   [-CapacityReservationGroupId <String>]
   [-ImageReferenceId <String>]
   [-DiskControllerType <String>]
   [-UserData <String>]
   [-PlatformFaultDomain <Int32>]
   [-HibernationEnabled]
   [-vCPUCountAvailable <Int32>]
   [-vCPUCountPerCore <Int32>]
   [-SharedGalleryImageId <String>]
   [-SecurityType <String>]
   [-EnableVtpm <Boolean>]
   [-EnableSecureBoot <Boolean>]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]

Description

The New-AzVMConfig cmdlet creates a configurable local virtual machine object for Azure.

The following cmdlets are used to set different properties of the virtual machine object:

Examples

Example 1: Create a virtual machine resource

$rgname = "resourceGroupName";
$loc = "eastus";

New-AzResourceGroup -Name $rgname -Location $loc -Force;

# General Setup
$vmname = 'v' + $rgname;
$domainNameLabel = "d1" + $rgname;
$vmSize = 'Standard_DS3_v2';
$computerName = "c" + $rgname;
$securityTypeStnd = "Standard";
        
# Credential. Input Username and Password values
$user = "";
$securePassword = ConvertTo-SecureString -String "****" -AsPlainText -Force;  
$cred = New-Object System.Management.Automation.PSCredential ($user, $securePassword);
        
# Creating a VMConfig 
$vmconfig = New-AzVMConfig -VMName $vmname -vmsize $vmsize -SecurityType $securityTypeStnd;

# Set source image values
$publisherName = "MicrosoftWindowsServer";
$offer = "WindowsServer";
$sku = "2019-DataCenter";
$vmconfig = Set-AzVMSourceImage -VM $vmconfig -PublisherName $publisherName -Offer $offer -Skus $sku -Version 'latest';

# NRP Setup
$subnet = New-AzVirtualNetworkSubnetConfig -Name ('subnet' + $rgname) -AddressPrefix "10.0.0.0/24";
$vnet = New-AzVirtualNetwork -Force -Name ('vnet' + $rgname) -ResourceGroupName $rgname -Location $loc -AddressPrefix "10.0.0.0/16" -Subnet $subnet;
$vnet = Get-AzVirtualNetwork -Name ('vnet' + $rgname) -ResourceGroupName $rgname;
$subnetId = $vnet.Subnets[0].Id;
$pubip = New-AzPublicIpAddress -Force -Name ('pubip' + $rgname) -ResourceGroupName $rgname -Location $loc -AllocationMethod Static -DomainNameLabel $domainNameLabel;
$pubip = Get-AzPublicIpAddress -Name ('pubip' + $rgname) -ResourceGroupName $rgname;
$pubipId = $pubip.Id;
$nic = New-AzNetworkInterface -Force -Name ('nic' + $rgname) -ResourceGroupName $rgname -Location $loc -SubnetId $subnetId -PublicIpAddressId $pubip.Id;
$nic = Get-AzNetworkInterface -Name ('nic' + $rgname) -ResourceGroupName $rgname;
$nicId = $nic.Id;

$vmconfig = Add-AzVMNetworkInterface -VM $vmconfig -Id $nicId;
$vmconfig = Set-AzVMOperatingSystem -VM $vmconfig -Windows -ComputerName $computerName -Credential $cred;

# Create the VM
New-AzVM -ResourceGroupName $rgname -Location $loc -Vm $vmconfig;
$vm = Get-AzVM -ResourceGroupName $rgname -Name $vmname;

Example 2: Create a virtual machine object in a virtual machine scale set with fault domains setup

$rgname = "resourceGroupName";
$loc = "eastus";
$vmname = "vm" + $rgname;

New-AzResourceGroup -Name $rgname -Location $loc -Force;

$domainNameLabel = "d1" + $rgname;
$vmname = "v" + $rgname;
$vnetname = "myVnet";
$vnetAddress = "10.0.0.0/16";
$subnetname = "slb" + $rgname;
$subnetAddress = "10.0.2.0/24";
$vmssName = "vmss" + $rgname;
$faultDomainNumber = 2;
$vmssFaultDomain = 3;
$securityTypeStnd = "Standard";

$OSDiskName = $vmname + "-osdisk";
$NICName = $vmname+ "-nic";
$NSGName = $vmname + "-NSG";
$OSDiskSizeinGB = 128;
$VMSize = "Standard_DS2_v2";
$PublisherName = "MicrosoftWindowsServer";
$Offer = "WindowsServer";
$SKU = "2019-Datacenter";
        
# Credential. Input Username and Password values.
$user = "";
$securePassword = ConvertTo-SecureString -String "****" -AsPlainText -Force;  
$cred = New-Object System.Management.Automation.PSCredential ($user, $securePassword);

$frontendSubnet = New-AzVirtualNetworkSubnetConfig -Name $subnetname -AddressPrefix $subnetAddress;
$vnet = New-AzVirtualNetwork -Name $vnetname -ResourceGroupName $rgname -Location $loc -AddressPrefix $vnetAddress -Subnet $frontendSubnet;

$vmssConfig = New-AzVmssConfig -Location $loc -PlatformFaultDomainCount $vmssFaultDomain -SecurityType $securityTypeStnd;
$vmss = New-AzVmss -ResourceGroupName $RGName -Name $VMSSName -VirtualMachineScaleSet $vmssConfig;

$nsgRuleRDP = New-AzNetworkSecurityRuleConfig -Name RDP  -Protocol Tcp  -Direction Inbound -Priority 1001 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389 -Access Allow;
$nsg = New-AzNetworkSecurityGroup -ResourceGroupName $RGName -Location $loc -Name $NSGName  -SecurityRules $nsgRuleRDP;
$nic = New-AzNetworkInterface -Name $NICName -ResourceGroupName $RGName -Location $loc -SubnetId $vnet.Subnets[0].Id -NetworkSecurityGroupId $nsg.Id -EnableAcceleratedNetworking;

# VM
$vmConfig = New-AzVMConfig -VMName $vmName -VMSize $VMSize  -VmssId $vmss.Id -PlatformFaultDomain $faultDomainNumber -SecurityType $securityTypeStnd;
Set-AzVMOperatingSystem -VM $vmConfig -Windows -ComputerName $vmName -Credential $cred ;
Set-AzVMOSDisk -VM $vmConfig -StorageAccountType "Premium_LRS" -Caching ReadWrite -Name $OSDiskName -DiskSizeInGB $OSDiskSizeinGB -CreateOption FromImage ;
Set-AzVMSourceImage -VM $vmConfig -PublisherName $PublisherName -Offer $Offer -Skus $SKU -Version latest ;
Add-AzVMNetworkInterface -VM $vmConfig -Id $nic.Id;

New-AzVM -ResourceGroupName $RGName -Location $loc -VM $vmConfig;
$vm = Get-AzVM -ResourceGroupName $rgname -Name $vmName;

Example 2: Create a VM using Virtual Machine Config object for TrustedLaunch Security Type, flags Vtpm and Secure Boot are set to True by default.

$rgname = "rgname";
$loc = "eastus";
New-AzResourceGroup -Name $rgname -Location $loc -Force;    
 
# VM Profile & Hardware
$domainNameLabel = "d1" + $rgname;
$vmsize = 'Standard_D4s_v3';
$vmname = $rgname + 'Vm';
$securityType_TL = "TrustedLaunch";
$vnetname = "myVnet";
$vnetAddress = "10.0.0.0/16";
$subnetname = "slb" + $rgname;
$subnetAddress = "10.0.2.0/24";
$OSDiskName = $vmname + "-osdisk";
$NICName = $vmname+ "-nic";
$NSGName = $vmname + "-NSG";
$OSDiskSizeinGB = 128;
$PublisherName = "MicrosoftWindowsServer";
$Offer = "WindowsServer";
$SKU = "2016-datacenter-gensecond";
$disable = $false;
$enable = $true;
$extDefaultName = "GuestAttestation";
$vmGADefaultIDentity = "SystemAssigned";
# Credential
$securePassword = ConvertTo-SecureString -String "****" -AsPlainText -Force;  
$user = <Username>;
$cred = New-Object System.Management.Automation.PSCredential ($user, $securePassword);
# Network resources
$frontendSubnet = New-AzVirtualNetworkSubnetConfig -Name $subnetname -AddressPrefix $subnetAddress;
$vnet = New-AzVirtualNetwork -Name $vnetname -ResourceGroupName $rgname -Location $loc -AddressPrefix $vnetAddress -Subnet $frontendSubnet;
$nsgRuleRDP = New-AzNetworkSecurityRuleConfig -Name RDP  -Protocol Tcp  -Direction Inbound -Priority 1001 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389 -Access Allow;
$nsg = New-AzNetworkSecurityGroup -ResourceGroupName $rgname -Location $loc -Name $NSGName  -SecurityRules $nsgRuleRDP;
$nic = New-AzNetworkInterface -Name $NICName -ResourceGroupName $rgname -Location $loc -SubnetId $vnet.Subnets[0].Id -NetworkSecurityGroupId $nsg.Id -EnableAcceleratedNetworking;
# Configure Values using VMConfig Object
$vmConfig = New-AzVMConfig -VMName $vmname -VMSize $vmsize;
Set-AzVMOperatingSystem -VM $vmConfig -Windows -ComputerName $vmname -Credential $cred;
Set-AzVMSourceImage -VM $vmConfig -PublisherName $PublisherName -Offer $Offer -Skus $SKU -Version latest ;
Add-AzVMNetworkInterface -VM $vmConfig -Id $nic.Id;
  
# VM Creation using VMConfig for Trusted Launch SecurityType
$vmConfig = Set-AzVMSecurityProfile -VM $vmConfig -SecurityType $securityType_TL;
New-AzVM -ResourceGroupName $rgname -Location $loc -VM $vmConfig;
$vm = Get-AzVM -ResourceGroupName $rgname -Name $vmname;
# Validate that for -SecurityType "TrustedLaunch", "-Vtpm" and "-SecureBoot" are "Enabled/true"
#$vm.SecurityProfile.UefiSettings.VTpmEnabled $true;
#$vm.SecurityProfile.UefiSettings.SecureBootEnabled $true;

This example creates a VM using a VMConfig object for the TrustedLaunch Security Type and validates flags VtpmEnabled and SecureBootEnabled are true by default.

Parameters

-AvailabilitySetId

Specifies the ID of an availability set. To obtain an availability set object, use the Get-AzAvailabilitySet cmdlet. The availability set object contains an ID property.
Virtual machines specified in the same availability set are allocated to different nodes to maximize availability.
For more information about availability sets, see Manage the availability of virtual machines.
For more information on Azure planned maintenance, see Planned maintenance for virtual machines in Azure
Currently, a VM can only be added to availability set at creation time. The availability set to which the VM is being added should be under the same resource group as the availability set resource. An existing VM cannot be added to an availability set.
This property cannot exist along with a non-null properties.virtualMachineScaleSet reference.

Type:String
Position:2
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-CapacityReservationGroupId

Id of the capacity reservation Group that is used to allocate.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DiskControllerType

Specifies the disk controller type configured for the VM and VirtualMachineScaleSet. This property is only supported for virtual machines whose operating system disk and VM sku supports Generation 2 (https://zcusa.951200.xyz/en-us/azure/virtual-machines/generation-2), please check the HyperVGenerations capability returned as part of VM sku capabilities in the response of Microsoft.Compute SKUs api for the region contains V2 (https://zcusa.951200.xyz/rest/api/compute/resourceskus/list) .
For more information about Disk Controller Types supported please refer to https://aka.ms/azure-diskcontrollertypes.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EnableSecureBoot

Specifies whether secure boot should be enabled on the virtual machine.

Type:Nullable<T>[Boolean]
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-EnableUltraSSD

Enables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine only if this property is enabled.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-EnableVtpm

Specifies whether vTPM should be enabled on the virtual machine.

Type:Nullable<T>[Boolean]
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-EncryptionAtHost

EncryptionAtHost property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. Default: The Encryption at host will be disabled unless this property is set to true for the resource.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EvictionPolicy

The eviction policy for the Azure Spot virtual machine. Supported values are 'Deallocate' and 'Delete'.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-HibernationEnabled

The flag that enables or disables hibernation capability on the VM.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-HostId

The Id of Host

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-IdentityId

Specifies the list of user identities associated with the virtual machine scale set. The user identity references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/identities/{identityName}'

Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-IdentityType

The identity of the virtual machine, if configured.

Type:Nullable<T>[ResourceIdentityType]
Accepted values:SystemAssigned, UserAssigned, SystemAssignedUserAssigned, None
Position:4
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-ImageReferenceId

Specified the shared gallery image unique id for vm deployment. This can be fetched from shared gallery image GET call.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-LicenseType

Specifies a license type, which indicates that the image or disk for the virtual machine was licensed on-premises. Possible values for Windows Server are:

  • Windows_Client
  • Windows_Server

Possible values for Linux Server operating system are:

  • RHEL_BYOS (for RHEL)
  • SLES_BYOS (for SUSE)
Type:String
Position:3
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MaxPrice

Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. This price will be compared with the current low priority price for the VM size. Also, the prices are compared at the time of create/update of low priority VM/VMSS and the operation will only succeed if the maxPrice is greater than the current low priority price. The maxPrice will also be used for evicting a low priority VM/VMSS if the current low priority price goes beyond the maxPrice after creation of VM/VMSS. Possible values are: any decimal value greater than zero. Example: 0.01538. -1 indicates that the low priority VM/VMSS should not be evicted for price reasons. Also, the default max price is -1 if it is not provided by you.

Type:Double
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-PlatformFaultDomain

Specifies the fault domain of the virtual machine.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Priority

The priority for the virtual machine. Only supported values are 'Regular', 'Spot' and 'Low'. 'Regular' is for regular virtual machine. 'Spot' is for spot virtual machine. 'Low' is also for spot virtual machine but is replaced by 'Spot'. Please use 'Spot' instead of 'Low'.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ProximityPlacementGroupId

The resource id of the Proximity Placement Group to use with this virtual machine.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-SecurityType

Specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UefiSettings. By default, UefiSettings will not be enabled unless this property is set.

Type:String
Accepted values:TrustedLaunch, ConfidentialVM, Standard
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-SharedGalleryImageId

Specified the shared gallery image unique id for vm deployment. This can be fetched from shared gallery image GET call.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Tags

The tags attached to the resource.

Type:Hashtable
Aliases:Tag
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-UserData

UserData for the VM, which will be base-64 encoded. Customer should not pass any secrets in here.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-vCPUCountAvailable

Specifies the number of vCPUs available for the VM. When this property is not specified in the request body the default behavior is to set it to the value of vCPUs available for that VM size exposed in api response of List all available virtual machine sizes in a region.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-vCPUCountPerCore

Specifies the vCPU to physical core ratio. When this property is not specified in the request body the default behavior is set to the value of vCPUsPerCore for the VM Size exposed in api response of List all available virtual machine sizes in a region. Setting this property to 1 also means that hyper-threading is disabled.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-VMName

Specifies a name for the virtual machine.

Type:String
Aliases:ResourceName, Name
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-VMSize

Specifies the size for the virtual machine. Get-AzComputeResourceSku can be used to find out available sizes for your subscription and region.

Type:String
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-VmssId

The Id of virtual machine scale set

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Zone

Specifies the availability zone for the virtual machine. Although it takes in an array of zones, virtual machines do not support multiple availability zones. The allowed value depends on the capabilities of the region. Allowed value will normally be 1, 2, or 3. More information on Azure availability zones.

Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

Inputs

String

String[]

Hashtable

SwitchParameter

Outputs

PSVirtualMachine