Microsoft.Compute virtualMachineScaleSets 2021-04-01

The virtualMachineScaleSets resource type can be deployed to: Resource groups.

To learn about resource group deployments, see Bicep or ARM template.

Template format

To create a Microsoft.Compute/virtualMachineScaleSets resource, add the following Bicep or JSON to your template.

resource symbolicname 'Microsoft.Compute/virtualMachineScaleSets@2021-04-01' = {
  name: 'string'
  location: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  }
  sku: {
    capacity: int
    name: 'string'
    tier: 'string'
  }
  extendedLocation: {
    name: 'string'
    type: 'EdgeZone'
  }
  identity: {
    type: 'string'
    userAssignedIdentities: {}
  }
  plan: {
    name: 'string'
    product: 'string'
    promotionCode: 'string'
    publisher: 'string'
  }
  properties: {
    additionalCapabilities: {
      ultraSSDEnabled: bool
    }
    automaticRepairsPolicy: {
      enabled: bool
      gracePeriod: 'string'
    }
    doNotRunExtensionsOnOverprovisionedVMs: bool
    hostGroup: {
      id: 'string'
    }
    orchestrationMode: 'string'
    overprovision: bool
    platformFaultDomainCount: int
    proximityPlacementGroup: {
      id: 'string'
    }
    scaleInPolicy: {
      rules: [ 'string' ]
    }
    singlePlacementGroup: bool
    spotRestorePolicy: {
      enabled: bool
      restoreTimeout: 'string'
    }
    upgradePolicy: {
      automaticOSUpgradePolicy: {
        disableAutomaticRollback: bool
        enableAutomaticOSUpgrade: bool
      }
      mode: 'string'
      rollingUpgradePolicy: {
        enableCrossZoneUpgrade: bool
        maxBatchInstancePercent: int
        maxUnhealthyInstancePercent: int
        maxUnhealthyUpgradedInstancePercent: int
        pauseTimeBetweenBatches: 'string'
        prioritizeUnhealthyInstances: bool
      }
    }
    virtualMachineProfile: {
      billingProfile: {
        maxPrice: int
      }
      capacityReservation: {
        capacityReservationGroup: {
          id: 'string'
        }
      }
      diagnosticsProfile: {
        bootDiagnostics: {
          enabled: bool
          storageUri: 'string'
        }
      }
      evictionPolicy: 'string'
      extensionProfile: {
        extensions: [
          {
            name: 'string'
            properties: {
              autoUpgradeMinorVersion: bool
              enableAutomaticUpgrade: bool
              forceUpdateTag: 'string'
              protectedSettings: any()
              provisionAfterExtensions: [ 'string' ]
              publisher: 'string'
              settings: any()
              type: 'string'
              typeHandlerVersion: 'string'
            }
          }
        ]
        extensionsTimeBudget: 'string'
      }
      licenseType: 'string'
      networkProfile: {
        healthProbe: {
          id: 'string'
        }
        networkApiVersion: '2020-11-01'
        networkInterfaceConfigurations: [
          {
            id: 'string'
            name: 'string'
            properties: {
              deleteOption: 'string'
              dnsSettings: {
                dnsServers: [ 'string' ]
              }
              enableAcceleratedNetworking: bool
              enableFpga: bool
              enableIPForwarding: bool
              ipConfigurations: [
                {
                  id: 'string'
                  name: 'string'
                  properties: {
                    applicationGatewayBackendAddressPools: [
                      {
                        id: 'string'
                      }
                    ]
                    applicationSecurityGroups: [
                      {
                        id: 'string'
                      }
                    ]
                    loadBalancerBackendAddressPools: [
                      {
                        id: 'string'
                      }
                    ]
                    loadBalancerInboundNatPools: [
                      {
                        id: 'string'
                      }
                    ]
                    primary: bool
                    privateIPAddressVersion: 'string'
                    publicIPAddressConfiguration: {
                      name: 'string'
                      properties: {
                        deleteOption: 'string'
                        dnsSettings: {
                          domainNameLabel: 'string'
                        }
                        idleTimeoutInMinutes: int
                        ipTags: [
                          {
                            ipTagType: 'string'
                            tag: 'string'
                          }
                        ]
                        publicIPAddressVersion: 'string'
                        publicIPPrefix: {
                          id: 'string'
                        }
                      }
                      sku: {
                        name: 'string'
                        tier: 'string'
                      }
                    }
                    subnet: {
                      id: 'string'
                    }
                  }
                }
              ]
              networkSecurityGroup: {
                id: 'string'
              }
              primary: bool
            }
          }
        ]
      }
      osProfile: {
        adminPassword: 'string'
        adminUsername: 'string'
        computerNamePrefix: 'string'
        customData: 'string'
        linuxConfiguration: {
          disablePasswordAuthentication: bool
          patchSettings: {
            assessmentMode: 'string'
            patchMode: 'string'
          }
          provisionVMAgent: bool
          ssh: {
            publicKeys: [
              {
                keyData: 'string'
                path: 'string'
              }
            ]
          }
        }
        secrets: [
          {
            sourceVault: {
              id: 'string'
            }
            vaultCertificates: [
              {
                certificateStore: 'string'
                certificateUrl: 'string'
              }
            ]
          }
        ]
        windowsConfiguration: {
          additionalUnattendContent: [
            {
              componentName: 'Microsoft-Windows-Shell-Setup'
              content: 'string'
              passName: 'OobeSystem'
              settingName: 'string'
            }
          ]
          enableAutomaticUpdates: bool
          patchSettings: {
            assessmentMode: 'string'
            enableHotpatching: bool
            patchMode: 'string'
          }
          provisionVMAgent: bool
          timeZone: 'string'
          winRM: {
            listeners: [
              {
                certificateUrl: 'string'
                protocol: 'string'
              }
            ]
          }
        }
      }
      priority: 'string'
      scheduledEventsProfile: {
        terminateNotificationProfile: {
          enable: bool
          notBeforeTimeout: 'string'
        }
      }
      securityProfile: {
        encryptionAtHost: bool
        securityType: 'TrustedLaunch'
        uefiSettings: {
          secureBootEnabled: bool
          vTpmEnabled: bool
        }
      }
      storageProfile: {
        dataDisks: [
          {
            createOption: 'string'
            diskIOPSReadWrite: int
            diskMBpsReadWrite: int
            diskSizeGB: int
            lun: int
            managedDisk: {
              diskEncryptionSet: {
                id: 'string'
              }
              storageAccountType: 'string'
            }
            name: 'string'
            writeAcceleratorEnabled: bool
          }
        ]
        imageReference: {
          id: 'string'
          offer: 'string'
          publisher: 'string'
          sku: 'string'
          version: 'string'
        }
        osDisk: {
          createOption: 'string'
          diffDiskSettings: {
            option: 'Local'
            placement: 'string'
          }
          diskSizeGB: int
          image: {
            uri: 'string'
          }
          managedDisk: {
            diskEncryptionSet: {
              id: 'string'
            }
            storageAccountType: 'string'
          }
          name: 'string'
          osType: 'string'
          vhdContainers: [ 'string' ]
          writeAcceleratorEnabled: bool
        }
      }
      userData: 'string'
    }
    zoneBalance: bool
  }
  zones: [ 'string' ]
}

Property values

virtualMachineScaleSets

Name Description Value
type The resource type

For Bicep, set this value in the resource declaration.
'Microsoft.Compute/virtualMachineScaleSets'
apiVersion The resource api version

For Bicep, set this value in the resource declaration.
'2021-04-01'
name The resource name string (required)
location Resource location string (required)
tags Resource tags Dictionary of tag names and values. See Tags in templates
sku Describes a virtual machine scale set sku. NOTE: If the new VM SKU is not supported on the hardware the scale set is currently on, you need to deallocate the VMs in the scale set before you modify the SKU name. Sku
extendedLocation The complex type of the extended location. ExtendedLocation
identity Identity for the virtual machine scale set. VirtualMachineScaleSetIdentity
plan Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. In the Azure portal, find the marketplace image that you want to use and then click Want to deploy programmatically, Get Started ->. Enter any required information and then click Save. Plan
properties Describes the properties of a Virtual Machine Scale Set. VirtualMachineScaleSetProperties
zones The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set string[]

ExtendedLocation

Name Description Value
name The name of the extended location. string
type The type of extendedLocation. 'EdgeZone'

VirtualMachineScaleSetIdentity

Name Description Value
type The type of identity used for the virtual machine. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned'
userAssignedIdentities The list of user identities associated with the virtual machine scale set. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. object

Plan

Name Description Value
name The plan ID. string
product Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. string
promotionCode The promotion code. string
publisher The publisher ID. string

VirtualMachineScaleSetProperties

Name Description Value
additionalCapabilities Enables or disables a capability on the virtual machine or virtual machine scale set. AdditionalCapabilities
automaticRepairsPolicy Specifies the configuration parameters for automatic repairs on the virtual machine scale set. AutomaticRepairsPolicy
doNotRunExtensionsOnOverprovisionedVMs When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs. bool
hostGroup SubResource
orchestrationMode Specifies the orchestration mode for the virtual machine scale set. 'Flexible'
'Uniform'
overprovision Specifies whether the Virtual Machine Scale Set should be overprovisioned. bool
platformFaultDomainCount Fault Domain count for each placement group. int
proximityPlacementGroup SubResource
scaleInPolicy Describes a scale-in policy for a virtual machine scale set. ScaleInPolicy
singlePlacementGroup When true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true. bool
spotRestorePolicy Specifies the Spot-Try-Restore properties for the virtual machine scale set.

With this property customer can enable or disable automatic restore of the evicted Spot VMSS VM instances opportunistically based on capacity availability and pricing constraint.
SpotRestorePolicy
upgradePolicy Describes an upgrade policy - automatic, manual, or rolling. UpgradePolicy
virtualMachineProfile Describes a virtual machine scale set virtual machine profile. VirtualMachineScaleSetVMProfile
zoneBalance Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage. zoneBalance property can only be set if the zones property of the scale set contains more than one zone. If there are no zones or only one zone specified, then zoneBalance property should not be set. bool

AdditionalCapabilities

Name Description Value
ultraSSDEnabled The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. bool

AutomaticRepairsPolicy

Name Description Value
enabled Specifies whether automatic repairs should be enabled on the virtual machine scale set. The default value is false. bool
gracePeriod The amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 30 minutes (PT30M), which is also the default value. The maximum allowed grace period is 90 minutes (PT90M). string

SubResource

Name Description Value
id Resource Id string

ScaleInPolicy

Name Description Value
rules The rules to be followed when scaling-in a virtual machine scale set.

Possible values are:

Default When a virtual machine scale set is scaled in, the scale set will first be balanced across zones if it is a zonal scale set. Then, it will be balanced across Fault Domains as far as possible. Within each Fault Domain, the virtual machines chosen for removal will be the newest ones that are not protected from scale-in.

OldestVM When a virtual machine scale set is being scaled-in, the oldest virtual machines that are not protected from scale-in will be chosen for removal. For zonal virtual machine scale sets, the scale set will first be balanced across zones. Within each zone, the oldest virtual machines that are not protected will be chosen for removal.

NewestVM When a virtual machine scale set is being scaled-in, the newest virtual machines that are not protected from scale-in will be chosen for removal. For zonal virtual machine scale sets, the scale set will first be balanced across zones. Within each zone, the newest virtual machines that are not protected will be chosen for removal.

String array containing any of:
'Default'
'NewestVM'
'OldestVM'

SpotRestorePolicy

Name Description Value
enabled Enables the Spot-Try-Restore feature where evicted VMSS SPOT instances will be tried to be restored opportunistically based on capacity availability and pricing constraints bool
restoreTimeout Timeout value expressed as an ISO 8601 time duration after which the platform will not try to restore the VMSS SPOT instances string

UpgradePolicy

Name Description Value
automaticOSUpgradePolicy The configuration parameters used for performing automatic OS upgrade. AutomaticOSUpgradePolicy
mode Specifies the mode of an upgrade to virtual machines in the scale set.

Possible values are:

Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action.

Automatic - All virtual machines in the scale set are automatically updated at the same time.
'Automatic'
'Manual'
'Rolling'
rollingUpgradePolicy The configuration parameters used while performing a rolling upgrade. RollingUpgradePolicy

AutomaticOSUpgradePolicy

Name Description Value
disableAutomaticRollback Whether OS image rollback feature should be disabled. Default value is false. bool
enableAutomaticOSUpgrade Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false.

If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true.
bool

RollingUpgradePolicy

Name Description Value
enableCrossZoneUpgrade Allow VMSS to ignore AZ boundaries when constructing upgrade batches. Take into consideration the Update Domain and maxBatchInstancePercent to determine the batch size. bool
maxBatchInstancePercent The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. The default value for this parameter is 20%. int
maxUnhealthyInstancePercent The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. The default value for this parameter is 20%. int
maxUnhealthyUpgradedInstancePercent The maximum percentage of upgraded virtual machine instances that can be found to be in an unhealthy state. This check will happen after each batch is upgraded. If this percentage is ever exceeded, the rolling update aborts. The default value for this parameter is 20%. int
pauseTimeBetweenBatches The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. The default value is 0 seconds (PT0S). string
prioritizeUnhealthyInstances Upgrade all unhealthy instances in a scale set before any healthy instances. bool

VirtualMachineScaleSetVMProfile

Name Description Value
billingProfile Specifies the billing related details of a Azure Spot VM or VMSS.

Minimum api-version: 2019-03-01.
BillingProfile
capacityReservation The parameters of a capacity reservation Profile. CapacityReservationProfile
diagnosticsProfile Specifies the boot diagnostic settings state.

Minimum api-version: 2015-06-15.
DiagnosticsProfile
evictionPolicy Specifies the eviction policy for the Azure Spot VM/VMSS 'Deallocate'
'Delete'
extensionProfile Describes a virtual machine scale set extension profile. VirtualMachineScaleSetExtensionProfile
licenseType Specifies that the image or disk that is being used was licensed on-premises.

Possible values for Windows Server operating system are:

Windows_Client

Windows_Server

Possible values for Linux Server operating system are:

RHEL_BYOS (for RHEL)

SLES_BYOS (for SUSE)

For more information, see Azure Hybrid Use Benefit for Windows Server

Azure Hybrid Use Benefit for Linux Server

Minimum api-version: 2015-06-15
string
networkProfile Describes a virtual machine scale set network profile. VirtualMachineScaleSetNetworkProfile
osProfile Describes a virtual machine scale set OS profile. VirtualMachineScaleSetOSProfile
priority Specifies the priority for a standalone virtual machine or the virtual machines in the scale set.

'Low' enum will be deprecated in the future, please use 'Spot' as the enum to deploy Azure Spot VM/VMSS.
'Low'
'Regular'
'Spot'
scheduledEventsProfile ScheduledEventsProfile
securityProfile Specifies the Security profile settings for the virtual machine or virtual machine scale set. SecurityProfile
storageProfile Describes a virtual machine scale set storage profile. VirtualMachineScaleSetStorageProfile
userData UserData for the virtual machines in the scale set, which must be base-64 encoded. Customer should not pass any secrets in here.

Minimum api-version: 2021-03-01
string

BillingProfile

Name Description Value
maxPrice Specifies the maximum price you are willing to pay for a Azure Spot VM/VMSS. This price is in US Dollars.

This price will be compared with the current Azure Spot price for the VM size. Also, the prices are compared at the time of create/update of Azure Spot VM/VMSS and the operation will only succeed if the maxPrice is greater than the current Azure Spot price.

The maxPrice will also be used for evicting a Azure Spot VM/VMSS if the current Azure Spot price goes beyond the maxPrice after creation of VM/VMSS.

Possible values are:

- Any decimal value greater than zero. Example: 0.01538

-1 – indicates default price to be up-to on-demand.

You can set the maxPrice to -1 to indicate that the Azure Spot VM/VMSS should not be evicted for price reasons. Also, the default max price is -1 if it is not provided by you.

Minimum api-version: 2019-03-01.
int

CapacityReservationProfile

Name Description Value
capacityReservationGroup SubResource

DiagnosticsProfile

Name Description Value
bootDiagnostics Boot Diagnostics is a debugging feature which allows you to view Console Output and Screenshot to diagnose VM status.

You can easily view the output of your console log.

Azure also enables you to see a screenshot of the VM from the hypervisor.
BootDiagnostics

BootDiagnostics

Name Description Value
enabled Whether boot diagnostics should be enabled on the Virtual Machine. bool
storageUri Uri of the storage account to use for placing the console output and screenshot.

If storageUri is not specified while enabling boot diagnostics, managed storage will be used.
string

VirtualMachineScaleSetExtensionProfile

Name Description Value
extensions The virtual machine scale set child extension resources. VirtualMachineScaleSetExtension[]
extensionsTimeBudget Specifies the time alloted for all extensions to start. The time duration should be between 15 minutes and 120 minutes (inclusive) and should be specified in ISO 8601 format. The default value is 90 minutes (PT1H30M).

Minimum api-version: 2020-06-01
string

VirtualMachineScaleSetExtension

Name Description Value
name The name of the extension. string
properties Describes the properties of a Virtual Machine Scale Set Extension. VirtualMachineScaleSetExtensionProperties

VirtualMachineScaleSetExtensionProperties

Name Description Value
autoUpgradeMinorVersion Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. bool
enableAutomaticUpgrade Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. bool
forceUpdateTag If a value is provided and is different from the previous value, the extension handler will be forced to update even if the extension configuration has not changed. string
protectedSettings Any object For Bicep, you can use the any() function.
provisionAfterExtensions Collection of extension names after which this extension needs to be provisioned. string[]
publisher The name of the extension handler publisher. string
settings Any object For Bicep, you can use the any() function.
type Specifies the type of the extension; an example is "CustomScriptExtension". string
typeHandlerVersion Specifies the version of the script handler. string

VirtualMachineScaleSetNetworkProfile

Name Description Value
healthProbe The API entity reference. ApiEntityReference
networkApiVersion specifies the Microsoft.Network API version used when creating networking resources in the Network Interface Configurations '2020-11-01'
networkInterfaceConfigurations The list of network configurations. VirtualMachineScaleSetNetworkConfiguration[]

ApiEntityReference

Name Description Value
id The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/... string

VirtualMachineScaleSetNetworkConfiguration

Name Description Value
id Resource Id string
name The network configuration name. string (required)
properties Describes a virtual machine scale set network profile's IP configuration. VirtualMachineScaleSetNetworkConfigurationProperties

VirtualMachineScaleSetNetworkConfigurationProperties

Name Description Value
deleteOption Specify what happens to the network interface when the VM is deleted 'Delete'
'Detach'
dnsSettings Describes a virtual machines scale sets network configuration's DNS settings. VirtualMachineScaleSetNetworkConfigurationDnsSettings
enableAcceleratedNetworking Specifies whether the network interface is accelerated networking-enabled. bool
enableFpga Specifies whether the network interface is FPGA networking-enabled. bool
enableIPForwarding Whether IP forwarding enabled on this NIC. bool
ipConfigurations Specifies the IP configurations of the network interface. VirtualMachineScaleSetIPConfiguration[] (required)
networkSecurityGroup SubResource
primary Specifies the primary network interface in case the virtual machine has more than 1 network interface. bool

VirtualMachineScaleSetNetworkConfigurationDnsSettings

Name Description Value
dnsServers List of DNS servers IP addresses string[]

VirtualMachineScaleSetIPConfiguration

Name Description Value
id Resource Id string
name The IP configuration name. string (required)
properties Describes a virtual machine scale set network profile's IP configuration properties. VirtualMachineScaleSetIPConfigurationProperties

VirtualMachineScaleSetIPConfigurationProperties

Name Description Value
applicationGatewayBackendAddressPools Specifies an array of references to backend address pools of application gateways. A scale set can reference backend address pools of multiple application gateways. Multiple scale sets cannot use the same application gateway. SubResource[]
applicationSecurityGroups Specifies an array of references to application security group. SubResource[]
loadBalancerBackendAddressPools Specifies an array of references to backend address pools of load balancers. A scale set can reference backend address pools of one public and one internal load balancer. Multiple scale sets cannot use the same basic sku load balancer. SubResource[]
loadBalancerInboundNatPools Specifies an array of references to inbound Nat pools of the load balancers. A scale set can reference inbound nat pools of one public and one internal load balancer. Multiple scale sets cannot use the same basic sku load balancer. SubResource[]
primary Specifies the primary network interface in case the virtual machine has more than 1 network interface. bool
privateIPAddressVersion Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. 'IPv4'
'IPv6'
publicIPAddressConfiguration Describes a virtual machines scale set IP Configuration's PublicIPAddress configuration VirtualMachineScaleSetPublicIPAddressConfiguration
subnet The API entity reference. ApiEntityReference

VirtualMachineScaleSetPublicIPAddressConfiguration

Name Description Value
name The publicIP address configuration name. string (required)
properties Describes a virtual machines scale set IP Configuration's PublicIPAddress configuration VirtualMachineScaleSetPublicIPAddressConfigurationProperties
sku Describes the public IP Sku PublicIPAddressSku

VirtualMachineScaleSetPublicIPAddressConfigurationProperties

Name Description Value
deleteOption Specify what happens to the network interface when the VM is deleted 'Delete'
'Detach'
dnsSettings Describes a virtual machines scale sets network configuration's DNS settings. VirtualMachineScaleSetPublicIPAddressConfigurationDnsSettings
idleTimeoutInMinutes The idle timeout of the public IP address. int
ipTags The list of IP tags associated with the public IP address. VirtualMachineScaleSetIpTag[]
publicIPAddressVersion Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. 'IPv4'
'IPv6'
publicIPPrefix SubResource

VirtualMachineScaleSetPublicIPAddressConfigurationDnsSettings

Name Description Value
domainNameLabel The Domain name label.The concatenation of the domain name label and vm index will be the domain name labels of the PublicIPAddress resources that will be created string (required)

VirtualMachineScaleSetIpTag

Name Description Value
ipTagType IP tag type. Example: FirstPartyUsage. string
tag IP tag associated with the public IP. Example: SQL, Storage etc. string

PublicIPAddressSku

Name Description Value
name Specify public IP sku name 'Basic'
'Standard'
tier Specify public IP sku tier 'Global'
'Regional'

VirtualMachineScaleSetOSProfile

Name Description Value
adminPassword Specifies the password of the administrator account.

Minimum-length (Windows): 8 characters

Minimum-length (Linux): 6 characters

Max-length (Windows): 123 characters

Max-length (Linux): 72 characters

Complexity requirements: 3 out of 4 conditions below need to be fulfilled
Has lower characters
Has upper characters
Has a digit
Has a special character (Regex match [\W_])

Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!"

For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM

For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension
string
adminUsername Specifies the name of the administrator account.

Windows-only restriction: Cannot end in "."

Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5".

Minimum-length (Linux): 1 character

Max-length (Linux): 64 characters

Max-length (Windows): 20 characters
string
computerNamePrefix Specifies the computer name prefix for all of the virtual machines in the scale set. Computer name prefixes must be 1 to 15 characters long. string
customData Specifies a base-64 encoded string of custom data. The base-64 encoded string is decoded to a binary array that is saved as a file on the Virtual Machine. The maximum length of the binary array is 65535 bytes.

For using cloud-init for your VM, see Using cloud-init to customize a Linux VM during creation
string
linuxConfiguration Specifies the Linux operating system settings on the virtual machine.

For a list of supported Linux distributions, see Linux on Azure-Endorsed Distributions.
LinuxConfiguration
secrets Specifies set of certificates that should be installed onto the virtual machines in the scale set. To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows. VaultSecretGroup[]
windowsConfiguration Specifies Windows operating system settings on the virtual machine. WindowsConfiguration

LinuxConfiguration

Name Description Value
disablePasswordAuthentication Specifies whether password authentication should be disabled. bool
patchSettings Specifies settings related to VM Guest Patching on Linux. LinuxPatchSettings
provisionVMAgent Indicates whether virtual machine agent should be provisioned on the virtual machine.

When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later.
bool
ssh SSH configuration for Linux based VMs running on Azure SshConfiguration

LinuxPatchSettings

Name Description Value
assessmentMode Specifies the mode of VM Guest Patch Assessment for the IaaS virtual machine.

Possible values are:

ImageDefault - You control the timing of patch assessments on a virtual machine.

AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true.
'AutomaticByPlatform'
'ImageDefault'
patchMode Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible.

Possible values are:

ImageDefault - The virtual machine's default patching configuration is used.

AutomaticByPlatform - The virtual machine will be automatically updated by the platform. The property provisionVMAgent must be true
'AutomaticByPlatform'
'ImageDefault'

SshConfiguration

Name Description Value
publicKeys The list of SSH public keys used to authenticate with linux based VMs. SshPublicKey[]

SshPublicKey

Name Description Value
keyData SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format.

For creating ssh keys, see [Create SSH keys on Linux and Mac for Linux VMs in Azure]/azure/virtual-machines/linux/create-ssh-keys-detailed).
string
path Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys string

VaultSecretGroup

Name Description Value
sourceVault SubResource
vaultCertificates The list of key vault references in SourceVault which contain certificates. VaultCertificate[]

VaultCertificate

Name Description Value
certificateStore For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account.

For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted.
string
certificateUrl This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8:

{
"data":"{Base64-encoded-certificate}",
"dataType":"pfx",
"password":"{pfx-file-password}"
}
To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows.
string

WindowsConfiguration

Name Description Value
additionalUnattendContent Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. AdditionalUnattendContent[]
enableAutomaticUpdates Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true.

For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning.
bool
patchSettings Specifies settings related to VM Guest Patching on Windows. PatchSettings
provisionVMAgent Indicates whether virtual machine agent should be provisioned on the virtual machine.

When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later.
bool
timeZone Specifies the time zone of the virtual machine. e.g. "Pacific Standard Time".

Possible values can be TimeZoneInfo.Id value from time zones returned by TimeZoneInfo.GetSystemTimeZones.
string
winRM Describes Windows Remote Management configuration of the VM WinRMConfiguration

AdditionalUnattendContent

Name Description Value
componentName The component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup. 'Microsoft-Windows-Shell-Setup'
content Specifies the XML formatted content that is added to the unattend.xml file for the specified path and component. The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted. string
passName The pass name. Currently, the only allowable value is OobeSystem. 'OobeSystem'
settingName Specifies the name of the setting to which the content applies. Possible values are: FirstLogonCommands and AutoLogon. 'AutoLogon'
'FirstLogonCommands'

PatchSettings

Name Description Value
assessmentMode Specifies the mode of VM Guest patch assessment for the IaaS virtual machine.

Possible values are:

ImageDefault - You control the timing of patch assessments on a virtual machine.

AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true.
'AutomaticByPlatform'
'ImageDefault'
enableHotpatching Enables customers to patch their Azure VMs without requiring a reboot. For enableHotpatching, the 'provisionVMAgent' must be set to true and 'patchMode' must be set to 'AutomaticByPlatform'. bool
patchMode Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible.

Possible values are:

Manual - You control the application of patches to a virtual machine. You do this by applying patches manually inside the VM. In this mode, automatic updates are disabled; the property WindowsConfiguration.enableAutomaticUpdates must be false

AutomaticByOS - The virtual machine will automatically be updated by the OS. The property WindowsConfiguration.enableAutomaticUpdates must be true.

AutomaticByPlatform - the virtual machine will automatically updated by the platform. The properties provisionVMAgent and WindowsConfiguration.enableAutomaticUpdates must be true
'AutomaticByOS'
'AutomaticByPlatform'
'Manual'

WinRMConfiguration

Name Description Value
listeners The list of Windows Remote Management listeners WinRMListener[]

WinRMListener

Name Description Value
certificateUrl This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8:

{
"data":"{Base64-encoded-certificate}",
"dataType":"pfx",
"password":"{pfx-file-password}"
}
To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows.
string
protocol Specifies the protocol of WinRM listener.

Possible values are:
http

https
'Http'
'Https'

ScheduledEventsProfile

Name Description Value
terminateNotificationProfile TerminateNotificationProfile

TerminateNotificationProfile

Name Description Value
enable Specifies whether the Terminate Scheduled event is enabled or disabled. bool
notBeforeTimeout Configurable length of time a Virtual Machine being deleted will have to potentially approve the Terminate Scheduled Event before the event is auto approved (timed out). The configuration must be specified in ISO 8601 format, the default value is 5 minutes (PT5M) string

SecurityProfile

Name Description Value
encryptionAtHost This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself.

Default: The Encryption at host will be disabled unless this property is set to true for the resource.
bool
securityType Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings.

Default: UefiSettings will not be enabled unless this property is set as TrustedLaunch.
'TrustedLaunch'
uefiSettings Specifies the security settings like secure boot and vTPM used while creating the virtual machine.

Minimum api-version: 2020-12-01
UefiSettings

UefiSettings

Name Description Value
secureBootEnabled Specifies whether secure boot should be enabled on the virtual machine.

Minimum api-version: 2020-12-01
bool
vTpmEnabled Specifies whether vTPM should be enabled on the virtual machine.

Minimum api-version: 2020-12-01
bool

VirtualMachineScaleSetStorageProfile

Name Description Value
dataDisks Specifies the parameters that are used to add data disks to the virtual machines in the scale set.

For more information about disks, see About disks and VHDs for Azure virtual machines.
VirtualMachineScaleSetDataDisk[]
imageReference Specifies information about the image to use. You can specify information about platform images, marketplace images, or virtual machine images. This element is required when you want to use a platform image, marketplace image, or virtual machine image, but is not used in other creation operations. NOTE: Image reference publisher and offer can only be set when you create the scale set. ImageReference
osDisk Describes a virtual machine scale set operating system disk. VirtualMachineScaleSetOSDisk

VirtualMachineScaleSetDataDisk

Name Description Value
createOption Specifies how the virtual machine should be created.

Possible values are:

Attach \u2013 This value is used when you are using a specialized disk to create the virtual machine.

FromImage \u2013 This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described.
'Attach'
'Empty'
'FromImage'
diskIOPSReadWrite Specifies the Read-Write IOPS for the managed disk. Should be used only when StorageAccountType is UltraSSD_LRS. If not specified, a default value would be assigned based on diskSizeGB. int
diskMBpsReadWrite Specifies the bandwidth in MB per second for the managed disk. Should be used only when StorageAccountType is UltraSSD_LRS. If not specified, a default value would be assigned based on diskSizeGB. int
diskSizeGB Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image.

This value cannot be larger than 1023 GB
int
lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. int (required)
managedDisk Describes the parameters of a ScaleSet managed disk. VirtualMachineScaleSetManagedDiskParameters
name The disk name. string
writeAcceleratorEnabled Specifies whether writeAccelerator should be enabled or disabled on the disk. bool

VirtualMachineScaleSetManagedDiskParameters

Name Description Value
diskEncryptionSet Describes the parameter of customer managed disk encryption set resource id that can be specified for disk.

NOTE: The disk encryption set resource id can only be specified for managed disk. Please refer https://aka.ms/mdssewithcmkoverview for more details.
DiskEncryptionSetParameters
storageAccountType Specifies the storage account type for the managed disk. Managed OS disk storage account type can only be set when you create the scale set. NOTE: UltraSSD_LRS can only be used with data disks. It cannot be used with OS Disk. Standard_LRS uses Standard HDD. StandardSSD_LRS uses Standard SSD. Premium_LRS uses Premium SSD. UltraSSD_LRS uses Ultra disk. Premium_ZRS uses Premium SSD zone redundant storage. StandardSSD_ZRS uses Standard SSD zone redundant storage. For more information regarding disks supported for Windows Virtual Machines, refer to /azure/virtual-machines/windows/disks-types and, for Linux Virtual Machines, refer to /azure/virtual-machines/linux/disks-types 'Premium_LRS'
'Premium_ZRS'
'StandardSSD_LRS'
'StandardSSD_ZRS'
'Standard_LRS'
'UltraSSD_LRS'

DiskEncryptionSetParameters

Name Description Value
id Resource Id string

ImageReference

Name Description Value
id Resource Id string
offer Specifies the offer of the platform image or marketplace image used to create the virtual machine. string
publisher The image publisher. string
sku The image SKU. string
version Specifies the version of the platform image or marketplace image used to create the virtual machine. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available. string

VirtualMachineScaleSetOSDisk

Name Description Value
createOption Specifies how the virtual machine should be created.

Possible values are:

Attach \u2013 This value is used when you are using a specialized disk to create the virtual machine.

FromImage \u2013 This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described.
'Attach'
'Empty'
'FromImage'
diffDiskSettings Describes the parameters of ephemeral disk settings that can be specified for operating system disk.

NOTE: The ephemeral disk settings can only be specified for managed disk.
DiffDiskSettings
diskSizeGB Specifies the size of the operating system disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image.

This value cannot be larger than 1023 GB
int
image Describes the uri of a disk. VirtualHardDisk
managedDisk Describes the parameters of a ScaleSet managed disk. VirtualMachineScaleSetManagedDiskParameters
name The disk name. string
osType The Operating System type. 'Linux'
'Windows'
vhdContainers Specifies the container urls that are used to store operating system disks for the scale set. string[]
writeAcceleratorEnabled Specifies whether writeAccelerator should be enabled or disabled on the disk. bool

DiffDiskSettings

Name Description Value
option Specifies the ephemeral disk option for operating system disk. 'Local'
placement Specifies the ephemeral disk placement for operating system disk. This property can be used by user in the request to choose the location i.e, cache disk or resource disk space for Ephemeral OS disk provisioning. For more information on Ephemeral OS disk size requirements, please refer Ephemeral OS disk size requirements for Windows VM at /azure/virtual-machines/windows/ephemeral-os-disks#size-requirements and Linux VM at /azure/virtual-machines/linux/ephemeral-os-disks#size-requirements 'CacheDisk'
'ResourceDisk'

VirtualHardDisk

Name Description Value
uri Specifies the virtual hard disk's uri. string

Sku

Name Description Value
capacity Specifies the number of virtual machines in the scale set. int
name The sku name. string
tier Specifies the tier of virtual machines in a scale set.

Possible Values:

Standard

Basic
string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Deploy VM Scale Set with LB probe and automatic repairs

Deploy to Azure
This template allows you to deploy a VM scale set of Linux VMs behind a load balancer with health probe configured. The scale set also has automatic instance repairs policy enabled with a grace period of 30 minutes.
Deploy a VMSS that connects each VM to an Azure Files share

Deploy to Azure
This template deploys an Ubuntu Virtual Machine Scale Set and uses a custom script extension to connect each VM to an Azure Files share
Deploy a Windows VM Scale Set with a Custom Script Extension

Deploy to Azure
This template allows you to deploy a VM Scale Set of Windows VMs using the lastest patched version of various Windows Versions. These VMs have a custom script extension for customization and are behind a load balancer with NAT rules for rdp connections.
Deploy a Scale Set into an existing vnet

Deploy to Azure
This template deploys a VM Scale Set into an exsisting vnet.
Deploy a VM Scale Set with Linux VMs behind ILB

Deploy to Azure
This template allows you to deploy a VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 15.10 or 14.04.4-LTS. These VMs are behind an internal load balancer with NAT rules for ssh connections.
Deploy a VM Scale Set with a Linux custom image

Deploy to Azure
This template allows you to deploy a custom VM Linux image inside an Scale Set. These VMs are behind a load balancer with HTTP load balancing (by default on port 80). The example uses a custom script to do the application deployment and update, you may have to provide your custom script for your own update procedure. You will have to provide a generalized image of your VM in the same subscription and region where you create the VMSS.
Deploy a simple VM Scale Set with Linux VMs

Deploy to Azure
This template allows you to deploy a simple VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 14.04.4-LTS or 16.04-LTS. These VMs are behind a load balancer with NAT rules for ssh connections.
Deploy a VM Scale Set with Linux VMs in Availabilty Zones

Deploy to Azure
This template allows you to deploy a simple VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 14.04.4-LTS or 16.04-LTS. These VMs are behind a load balancer with NAT rules for ssh connections.
Deploy a Linux VMSS wth master/slave architecture

Deploy to Azure
This template allows you to deploy a Linux VMSS with a Custom Script Extension in master slave architecture
Simple VM Scale Set with Linux VMs and public IPv4 per VM

Deploy to Azure
This template demonstrates deploying a simple scale set with load balancer, inbound NAT rules, and public IP per VM.
Deploy an Ubuntu VM scale set with Azure Application Gateway

Deploy to Azure
This template allows you to deploy a simple Ubuntu VM Scale Set integrated with Azure Application Gateway, and supports up to 1000 VMs
Deploy a VM Scale Set with Linux VMs and Auto Scale

Deploy to Azure
This template allows you to deploy a simple VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 15.04 or 14.04.4-LTS. These VMs are behind a load balancer with NAT rules for ssh connections.They also have Auto Scale integrated
SSL enabled VM Scale Set

Deploy to Azure
Deploys web servers configures with SSL certificates deployed securely form Azure Key Vault
Deploy a Scale Set into an existing vnet

Deploy to Azure
This template deploys a Windows 2016 Datacenter VM Scale Set into an exsisting resource group, vnet and subnet.
Deploy a Windows VM scale set with Azure Application Gateway

Deploy to Azure
This template allows you to deploy a simple Windows VM Scale Set integrated with Azure Application Gateway, and supports up to 1000 VMs
Deploy a VM Scale Set with Windows VMs and Auto Scale

Deploy to Azure
This template allows you to deploy a simple VM Scale Set of Windows VMs using the latest patched version of Windows 2008-R2-SP1, 2012-Datacenter, or 2012-R2-Datacenter. These VMs are behind a load balancer with NAT rules for RDP connections. They also have Auto Scale integrated
Deploy a VM Scale Set with a Windows custom image

Deploy to Azure
This template allows you to deploy a simple VM Scale Set usng a custom Windows image. These VMs are behind a load balancer with HTTP load balancing (by default on port 80)
Deploy a simple VM Scale Set with Windows VMs

Deploy to Azure
This template allows you to deploy a simple VM Scale Set of Windows VMs using the lastest patched version of various Windows Versions. These VMs are behind a load balancer with NAT rules for rdp connections.
Deploy a VM Scale Set with Windows VMs in Availability Zones

Deploy to Azure
This template allows you to deploy a VM Scale Set of Windows VMs using the lastest patched version of various Windows Versions. These VMs are behind a load balancer with NAT rules for rdp connections.