Microsoft.Compute virtualMachines/extensions

Bicep resource definition

The virtualMachines/extensions resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Compute/virtualMachines/extensions resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Compute/virtualMachines/extensions@2023-09-01' = {
  name: 'string'
  location: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  }
  parent: resourceSymbolicName
  properties: {
    autoUpgradeMinorVersion: bool
    enableAutomaticUpgrade: bool
    forceUpdateTag: 'string'
    instanceView: {
      name: 'string'
      statuses: [
        {
          code: 'string'
          displayStatus: 'string'
          level: 'string'
          message: 'string'
          time: 'string'
        }
      ]
      substatuses: [
        {
          code: 'string'
          displayStatus: 'string'
          level: 'string'
          message: 'string'
          time: 'string'
        }
      ]
      type: 'string'
      typeHandlerVersion: 'string'
    }
    protectedSettings: any()
    protectedSettingsFromKeyVault: {
      secretUrl: 'string'
      sourceVault: {
        id: 'string'
      }
    }
    provisionAfterExtensions: [
      'string'
    ]
    publisher: 'string'
    settings: any()
    suppressFailures: bool
    type: 'string'
    typeHandlerVersion: 'string'
  }
}

Property values

virtualMachines/extensions

Name Description Value
name The resource name

See how to set names and types for child resources in Bicep.
string (required)
location Resource location string
tags Resource tags Dictionary of tag names and values. See Tags in templates
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: virtualMachines
properties Describes the properties of a Virtual Machine Extension. VirtualMachineExtensionProperties

VirtualMachineExtensionProperties

Name Description Value
autoUpgradeMinorVersion Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. bool
enableAutomaticUpgrade Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. bool
forceUpdateTag How the extension handler should be forced to update even if the extension configuration has not changed. string
instanceView The virtual machine extension instance view. VirtualMachineExtensionInstanceView
protectedSettings The extension can contain either protectedSettings or protectedSettingsFromKeyVault or no protected settings at all. For Bicep, you can use the any() function.
protectedSettingsFromKeyVault The extensions protected settings that are passed by reference, and consumed from key vault KeyVaultSecretReference
provisionAfterExtensions Collection of extension names after which this extension needs to be provisioned. string[]
publisher The name of the extension handler publisher. string
settings Json formatted public settings for the extension. For Bicep, you can use the any() function.
suppressFailures Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. bool
type Specifies the type of the extension; an example is "CustomScriptExtension". string
typeHandlerVersion Specifies the version of the script handler. string

VirtualMachineExtensionInstanceView

Name Description Value
name The virtual machine extension name. string
statuses The resource status information. InstanceViewStatus[]
substatuses The resource status information. InstanceViewStatus[]
type Specifies the type of the extension; an example is "CustomScriptExtension". string
typeHandlerVersion Specifies the version of the script handler. string

InstanceViewStatus

Name Description Value
code The status code. string
displayStatus The short localizable label for the status. string
level The level code. 'Error'
'Info'
'Warning'
message The detailed status message, including for alerts and error messages. string
time The time of the status. string

KeyVaultSecretReference

Name Description Value
secretUrl The URL referencing a secret in a Key Vault. string (required)
sourceVault The relative URL of the Key Vault containing the secret. SubResource (required)

SubResource

Name Description Value
id Resource Id string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create a Windows VM with Anti-Malware extension enabled

Deploy to Azure
This template creates a Windows VM and sets up the Anti-Malware protection
IIS Server using DSC extension on a Windows VM

Deploy to Azure
This template creates a Windows VM and sets up an IIS server using the DSC extension. Note, the DSC configuration module needs a SAS token to be passed in if you are using Azure Storage. For DSC module link from GitHub (default in this template), this is not needed.
ESET VM Extension

Deploy to Azure
Creates a VM with ESET extension
McAfee Endpoint Security (trial license) on Windows VM

Deploy to Azure
This template creates a Windows VM and sets up a trial version of McAfee Endpoint Security
Deploy a Ubuntu VM with the OMS extension

Deploy to Azure
This template allows you to deploy a Ubuntu VM with the OMS extension installed and onboarded to a specified workspace
Deploy a Windows VM with the OMS extension

Deploy to Azure
This template allows you to deploy a Windows VM with the OMS extension installed and onboarded to a specified workspace
Symantec Endpoint Protection extension trial on Windows VM

Deploy to Azure
This template creates a Windows VM and sets up a trial version of Symantec Endpoint Protection
Custom Script extension on a Ubuntu VM

Deploy to Azure
This template creates a Ubuntu VM and installs the CustomScript extension
OS Patching extension on a Ubuntu VM

Deploy to Azure
This template creates a Ubuntu VM and installs the OSPatching extension
Deploy a Premium Windows VM with diagnostics

Deploy to Azure
This template allows you to deploy a Premium Windows VM using a few different options for the Windows version, using the latest patched version.
Deploy a simple Windows VM with monitoring and diagnostics

Deploy to Azure
This template allows you to deploy a simple Windows VM along with the diagnostics extension which enables monitoring and diagnostics for the VM
Use script extensions to install Mongo DB on Ubuntu VM

Deploy to Azure
This template deploys Configures and Installs Mongo DB on a Ubuntu Virtual Machine in two separate scripts. This template is a good example that showcases how to express dependencies between two scripts running on the same virtual machine. This template also deploys a Storage Account, Virtual Network, Public IP addresses and a Network Interface.

ARM template resource definition

The virtualMachines/extensions resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Compute/virtualMachines/extensions resource, add the following JSON to your template.

{
  "type": "Microsoft.Compute/virtualMachines/extensions",
  "apiVersion": "2023-09-01",
  "name": "string",
  "location": "string",
  "tags": {
    "tagName1": "tagValue1",
    "tagName2": "tagValue2"
  },
  "properties": {
    "autoUpgradeMinorVersion": "bool",
    "enableAutomaticUpgrade": "bool",
    "forceUpdateTag": "string",
    "instanceView": {
      "name": "string",
      "statuses": [
        {
          "code": "string",
          "displayStatus": "string",
          "level": "string",
          "message": "string",
          "time": "string"
        }
      ],
      "substatuses": [
        {
          "code": "string",
          "displayStatus": "string",
          "level": "string",
          "message": "string",
          "time": "string"
        }
      ],
      "type": "string",
      "typeHandlerVersion": "string"
    },
    "protectedSettings": {},
    "protectedSettingsFromKeyVault": {
      "secretUrl": "string",
      "sourceVault": {
        "id": "string"
      }
    },
    "provisionAfterExtensions": [ "string" ],
    "publisher": "string",
    "settings": {},
    "suppressFailures": "bool",
    "type": "string",
    "typeHandlerVersion": "string"
  }
}

Property values

virtualMachines/extensions

Name Description Value
type The resource type 'Microsoft.Compute/virtualMachines/extensions'
apiVersion The resource api version '2023-09-01'
name The resource name

See how to set names and types for child resources in JSON ARM templates.
string (required)
location Resource location string
tags Resource tags Dictionary of tag names and values. See Tags in templates
properties Describes the properties of a Virtual Machine Extension. VirtualMachineExtensionProperties

VirtualMachineExtensionProperties

Name Description Value
autoUpgradeMinorVersion Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. bool
enableAutomaticUpgrade Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. bool
forceUpdateTag How the extension handler should be forced to update even if the extension configuration has not changed. string
instanceView The virtual machine extension instance view. VirtualMachineExtensionInstanceView
protectedSettings The extension can contain either protectedSettings or protectedSettingsFromKeyVault or no protected settings at all.
protectedSettingsFromKeyVault The extensions protected settings that are passed by reference, and consumed from key vault KeyVaultSecretReference
provisionAfterExtensions Collection of extension names after which this extension needs to be provisioned. string[]
publisher The name of the extension handler publisher. string
settings Json formatted public settings for the extension.
suppressFailures Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. bool
type Specifies the type of the extension; an example is "CustomScriptExtension". string
typeHandlerVersion Specifies the version of the script handler. string

VirtualMachineExtensionInstanceView

Name Description Value
name The virtual machine extension name. string
statuses The resource status information. InstanceViewStatus[]
substatuses The resource status information. InstanceViewStatus[]
type Specifies the type of the extension; an example is "CustomScriptExtension". string
typeHandlerVersion Specifies the version of the script handler. string

InstanceViewStatus

Name Description Value
code The status code. string
displayStatus The short localizable label for the status. string
level The level code. 'Error'
'Info'
'Warning'
message The detailed status message, including for alerts and error messages. string
time The time of the status. string

KeyVaultSecretReference

Name Description Value
secretUrl The URL referencing a secret in a Key Vault. string (required)
sourceVault The relative URL of the Key Vault containing the secret. SubResource (required)

SubResource

Name Description Value
id Resource Id string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create a Windows VM with Anti-Malware extension enabled

Deploy to Azure
This template creates a Windows VM and sets up the Anti-Malware protection
IIS Server using DSC extension on a Windows VM

Deploy to Azure
This template creates a Windows VM and sets up an IIS server using the DSC extension. Note, the DSC configuration module needs a SAS token to be passed in if you are using Azure Storage. For DSC module link from GitHub (default in this template), this is not needed.
ESET VM Extension

Deploy to Azure
Creates a VM with ESET extension
McAfee Endpoint Security (trial license) on Windows VM

Deploy to Azure
This template creates a Windows VM and sets up a trial version of McAfee Endpoint Security
Deploy a Ubuntu VM with the OMS extension

Deploy to Azure
This template allows you to deploy a Ubuntu VM with the OMS extension installed and onboarded to a specified workspace
Deploy a Windows VM with the OMS extension

Deploy to Azure
This template allows you to deploy a Windows VM with the OMS extension installed and onboarded to a specified workspace
Symantec Endpoint Protection extension trial on Windows VM

Deploy to Azure
This template creates a Windows VM and sets up a trial version of Symantec Endpoint Protection
Custom Script extension on a Ubuntu VM

Deploy to Azure
This template creates a Ubuntu VM and installs the CustomScript extension
OS Patching extension on a Ubuntu VM

Deploy to Azure
This template creates a Ubuntu VM and installs the OSPatching extension
Deploy a Premium Windows VM with diagnostics

Deploy to Azure
This template allows you to deploy a Premium Windows VM using a few different options for the Windows version, using the latest patched version.
Deploy a simple Windows VM with monitoring and diagnostics

Deploy to Azure
This template allows you to deploy a simple Windows VM along with the diagnostics extension which enables monitoring and diagnostics for the VM
Use script extensions to install Mongo DB on Ubuntu VM

Deploy to Azure
This template deploys Configures and Installs Mongo DB on a Ubuntu Virtual Machine in two separate scripts. This template is a good example that showcases how to express dependencies between two scripts running on the same virtual machine. This template also deploys a Storage Account, Virtual Network, Public IP addresses and a Network Interface.

Terraform (AzAPI provider) resource definition

The virtualMachines/extensions resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Compute/virtualMachines/extensions resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Compute/virtualMachines/extensions@2023-09-01"
  name = "string"
  location = "string"
  parent_id = "string"
  tags = {
    tagName1 = "tagValue1"
    tagName2 = "tagValue2"
  }
  body = jsonencode({
    properties = {
      autoUpgradeMinorVersion = bool
      enableAutomaticUpgrade = bool
      forceUpdateTag = "string"
      instanceView = {
        name = "string"
        statuses = [
          {
            code = "string"
            displayStatus = "string"
            level = "string"
            message = "string"
            time = "string"
          }
        ]
        substatuses = [
          {
            code = "string"
            displayStatus = "string"
            level = "string"
            message = "string"
            time = "string"
          }
        ]
        type = "string"
        typeHandlerVersion = "string"
      }
      protectedSettingsFromKeyVault = {
        secretUrl = "string"
        sourceVault = {
          id = "string"
        }
      }
      provisionAfterExtensions = [
        "string"
      ]
      publisher = "string"
      suppressFailures = bool
      type = "string"
      typeHandlerVersion = "string"
    }
  })
}

Property values

virtualMachines/extensions

Name Description Value
type The resource type "Microsoft.Compute/virtualMachines/extensions@2023-09-01"
name The resource name string (required)
location Resource location string
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: virtualMachines
tags Resource tags Dictionary of tag names and values.
properties Describes the properties of a Virtual Machine Extension. VirtualMachineExtensionProperties

VirtualMachineExtensionProperties

Name Description Value
autoUpgradeMinorVersion Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. bool
enableAutomaticUpgrade Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. bool
forceUpdateTag How the extension handler should be forced to update even if the extension configuration has not changed. string
instanceView The virtual machine extension instance view. VirtualMachineExtensionInstanceView
protectedSettings The extension can contain either protectedSettings or protectedSettingsFromKeyVault or no protected settings at all.
protectedSettingsFromKeyVault The extensions protected settings that are passed by reference, and consumed from key vault KeyVaultSecretReference
provisionAfterExtensions Collection of extension names after which this extension needs to be provisioned. string[]
publisher The name of the extension handler publisher. string
settings Json formatted public settings for the extension.
suppressFailures Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. bool
type Specifies the type of the extension; an example is "CustomScriptExtension". string
typeHandlerVersion Specifies the version of the script handler. string

VirtualMachineExtensionInstanceView

Name Description Value
name The virtual machine extension name. string
statuses The resource status information. InstanceViewStatus[]
substatuses The resource status information. InstanceViewStatus[]
type Specifies the type of the extension; an example is "CustomScriptExtension". string
typeHandlerVersion Specifies the version of the script handler. string

InstanceViewStatus

Name Description Value
code The status code. string
displayStatus The short localizable label for the status. string
level The level code. "Error"
"Info"
"Warning"
message The detailed status message, including for alerts and error messages. string
time The time of the status. string

KeyVaultSecretReference

Name Description Value
secretUrl The URL referencing a secret in a Key Vault. string (required)
sourceVault The relative URL of the Key Vault containing the secret. SubResource (required)

SubResource

Name Description Value
id Resource Id string