Create a shared image gallery using the Azure portal

A Shared Image Gallery simplifies custom image sharing across your organization. Custom images are like marketplace images, but you create them yourself. Custom images can be used to bootstrap deployment tasks like preloading applications, application configurations, and other OS configurations.

The Shared Image Gallery lets you share your custom VM images with others in your organization, within or across regions, within an AAD tenant. Choose which images you want to share, which regions you want to make them available in, and who you want to share them with. You can create multiple galleries so that you can logically group shared images.

The gallery is a top-level resource that provides full role-based access control (RBAC). Images can be versioned, and you can choose to replicate each image version to a different set of Azure regions. The gallery only works with Managed Images.

The Shared Image Gallery feature has multiple resource types. We will be using or building these in this article:

Resource Description
Managed image This is a basic image that can be used alone or used to create an image version in an image gallery. Managed images are created from generalized VMs. A managed image is a special type of VHD that can be used to make multiple VMs and can now be used to create shared image versions.
Image gallery Like the Azure Marketplace, an image gallery is a repository for managing and sharing images, but you control who has access.
Image definition Images are defined within a gallery and carry information about the image and requirements for using it internally. This includes whether the image is Windows or Linux, release notes, and minimum and maximum memory requirements. It is a definition of a type of image.
Image version An image version is what you use to create a VM when using a gallery. You can have multiple versions of an image as needed for your environment. Like a managed image, when you use an image version to create a VM, the image version is used to create new disks for the VM. Image versions can be used multiple times.

Before you begin

To complete the example in this article, you must have an existing managed image. You can follow Tutorial: Create a custom image of an Azure VM with Azure PowerShell to create one if needed. If the managed image contains a data disk, the data disk size cannot be more than 1 TB.

When working through this article, replace the resource group and VM names where needed.

Sign in to Azure

Sign in to the Azure portal at


If you registered to use Shared Image Galleries during the preview, you might need to re-register the Microsoft.Compute provider. Open Cloud Shell and type: az provider register -n Microsoft.Compute

An image gallery is the primary resource used for enabling image sharing. Allowed characters for Gallery name are uppercase or lowercase letters, digits, dots, and periods. The gallery name cannot contain dashes. Gallery names must be unique within your subscription.

The following example creates a gallery named myGallery in the myGalleryRG resource group.

  1. Select Create a resource in the upper left-hand corner of the Azure portal.
  2. Use the type Shared image gallery in the search box and select Shared image gallery in the results.
  3. In the Shared image gallery page, click Create.
  4. Select the correct subscription.
  5. In Resource group, select Create new and type myGalleryRG for the name.
  6. In Name, type myGallery for the name of the gallery.
  7. Leave the default for Region.
  8. You can type a short description of the gallery, like My image gallery for testing. and then click Review + create.
  9. After validation passes, select Create.
  10. When the deployment is finished, select Go to resource.

Create an image definition

Image definitions create a logical grouping for images. They are used to manage information about the image versions that are created within them. Image definition names can be made up of uppercase or lowercase letters, digits, dots, dashes and periods. For more information about the values you can specify for an image definition, see Image definitions.

Create the gallery image definition inside of your gallery. In this example, the gallery image is named myImageDefinition.

  1. On the page for your new image gallery, select Add a new image definition from the top of the page.
  2. For Image definition name, type myImageDefinition.
  3. For Operating system, select the correct option based on your source image.
  4. For Publisher, type myPublisher.
  5. For Offer, type myOffer.
  6. For SKU, type mySKU.
  7. When finished, select Review + create.
  8. After the image definition passes validation, select Create.
  9. When the deployment is finished, select Go to resource.

Create an image version

Create an image version from a managed image. In this example, the image version is 1.0.0 and it's replicated to both West Central US and South Central US datacenters. When choosing target regions for replication, remember that you also have to include the source region as a target for replication.

Allowed characters for image version are numbers and periods. Numbers must be within the range of a 32-bit integer. Format: MajorVersion.MinorVersion.Patch.

  1. In the page for your image definition, select Add version from the top of the page.
  2. In Region, select the region where your managed image is stored. Image versions need to be created in the same region as the managed image they are created from.
  3. For Name, type 1.0.0. The image version name should follow major.minor.patch format using integers.
  4. In Source image, select your source managed image from the drop-down.
  5. In Exclude from latest, leave the default value of No.
  6. For End of life date, select a date from the calendar that is a couple of months in the future.
  7. In Replication, leave the Default replica count as 1. You need to replicate to the source region, so leave the first replica as the default and then pick a second replica region to be East US.
  8. When you are done, select Review + create. Azure will validate the configuration.
  9. When image version passes validation, select Create.
  10. When the deployment is finished, select Go to resource.

It can take a while to replicate the image to all of the target regions.

We recommend that you share access at the image gallery level. The following walks you through sharing the gallery that you just created.

  1. Open the Azure portal.
  2. In the menu at the left, select Resource groups.
  3. In the list of resource groups, select myGalleryRG. The blade for your resource group will open.
  4. In the menu on the left of the myGalleryRG page, select Access control (IAM).
  5. Under Add a role assignment, select Add. The Add a role assignment pane will open.
  6. Under Role, select Reader.
  7. Under assign access to, leave the default of Azure AD user, group, or service principal.
  8. Under Select, type in the email address of the person that you would like to invite.
  9. If the user is outside of your organization, you will see the message This user will be sent an email that enables them to collaborate with Microsoft. Select the user with the email address and then click Save.

If the user is outside of your organization, they will get an email invitation to join the organization. The user needs to accept the invitation, then they will be able to see the gallery and all of the image definitions and versions in their list of resources.

Create VMs from an image

Once the image version is complete, you can create one or more new VMs.


You cannot use the portal to deploy a VM from an image in another azure tenant. To create a VM from an image shared between tenants, you must use the Azure CLI or Powershell.

This example creates a VM named myVMfromImage, in the myResourceGroup in the East US datacenter.

  1. On the page for your image version, select Create VM from the menu at the top of the page.
  2. For Resource group, select Create new and type myResourceGroup for the name.
  3. In Virtual machine name, type myVM.
  4. For Region, select East US.
  5. For Availability options, leave the default of No infrastructure redundancy required.
  6. The value for Image should be automatically filled in if you started from the page for the image version.
  7. For Size, choose a VM size from the list of available sizes and then click "Select".
  8. Under Administrator account, provide a username, such as azureuser and a password. The password must be at least 12 characters long and meet the defined complexity requirements.
  9. If you want to allow remote access to the VM, under Public inbound ports, choose Allow selected ports and then select RDP (3389) from the drop-down. If you don't want to allow remote access to the VM, leave None selected for Public inbound ports.
  10. When you are finished, select the Review + create button at the bottom of the page.
  11. After the VM passes validation, select Create at the bottom of the page to start the deployment.

Clean up resources

When no longer needed, you can delete the resource group, virtual machine, and all related resources. To do so, select the resource group for the virtual machine, select Delete, then confirm the name of the resource group to delete.

If you want to delete individual resources, you need to delete them in reverse order. For example, to delete an image definition, you need to delete all of the image versions created from that image.

Next steps

You can also create Shared Image Gallery resource using templates. There are several Azure Quickstart Templates available:

For more information about Shared Image Galleries, see the Overview. If you run into issues, see Troubleshooting shared image galleries.