az disk

Manage Azure Managed Disks.

Azure Virtual Machines use disks as a place to store an operating system, applications, and data. All Azure virtual machines have at least two disks: An operating system disk, and a temporary disk. The operating system disk is created from an image, and both the operating system disk and the image are actually virtual hard disks (VHDs) stored in an Azure storage account. Virtual machines also can have one or more data disks, that are also stored as VHDs. Azure Unmanaged Data Disks have a maximum size of 4095 GB. To use didks larger than 4095 GB use Azure Managed Disks.

Commands

az disk create

Create a managed disk.

az disk delete

Delete a managed disk.

az disk grant-access

Grant a resource access to a managed disk.

az disk list

List managed disks.

az disk revoke-access

Revoke a resource's read access to a managed disk.

az disk show

Gets information about a disk.

az disk update

Update a managed disk.

az disk wait

Place the CLI in a waiting state until a condition of a managed disk is met.

az disk create

Create a managed disk.

az disk create --name
               --resource-group
               [--accelerated-network {false, true}]
               [--architecture {Arm64, x64}]
               [--data-access-auth-mode {AzureActiveDirectory, None}]
               [--disk-access]
               [--disk-encryption-set]
               [--disk-iops-read-only]
               [--disk-iops-read-write]
               [--disk-mbps-read-only]
               [--disk-mbps-read-write]
               [--edge-zone]
               [--enable-bursting {false, true}]
               [--encryption-type {EncryptionAtRestWithCustomerKey, EncryptionAtRestWithPlatformAndCustomerKeys, EncryptionAtRestWithPlatformKey}]
               [--for-upload {false, true}]
               [--gallery-image-reference]
               [--gallery-image-reference-lun]
               [--hyper-v-generation {V1, V2}]
               [--image-reference]
               [--image-reference-lun]
               [--location]
               [--logical-sector-size]
               [--max-shares]
               [--network-access-policy {AllowAll, AllowPrivate, DenyAll}]
               [--no-wait]
               [--os-type {Linux, Windows}]
               [--public-network-access {Disabled, Enabled}]
               [--secure-vm-disk-encryption-set]
               [--security-data-uri]
               [--security-type {ConfidentialVM_DiskEncryptedWithCustomerKey, ConfidentialVM_DiskEncryptedWithPlatformKey, ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey, TrustedLaunch}]
               [--size-gb]
               [--sku {PremiumV2_LRS, Premium_LRS, Premium_ZRS, StandardSSD_LRS, StandardSSD_ZRS, Standard_LRS, UltraSSD_LRS}]
               [--source]
               [--source-storage-account-id]
               [--support-hibernation {false, true}]
               [--tags]
               [--tier]
               [--upload-size-bytes]
               [--upload-type {Upload, UploadWithSecurityData}]
               [--zone {1, 2, 3}]

Examples

Create a managed disk by importing from a blob uri.

az disk create -g MyResourceGroup -n MyDisk --source https://vhd1234.blob.core.windows.net/vhds/osdisk1234.vhd

Create an empty managed disk.

az disk create -g MyResourceGroup -n MyDisk --size-gb 10

Create an empty managed disk with bursting enabled.

az disk create -g MyResourceGroup -n MyDisk --size-gb 1024 --location centraluseuap --enable-bursting

Create a managed disk by copying an existing disk or snapshot.

az disk create -g MyResourceGroup -n MyDisk2 --source MyDisk

Create a disk in an availability zone in the region of "East US 2"

az disk create -g MyResourceGroup -n MyDisk --size-gb 10 --location eastus2 --zone 1

Create a disk from image.

az disk create -g MyResourceGroup -n MyDisk --image-reference Canonical:UbuntuServer:18.04-LTS:18.04.202002180

Create a disk from the OS Disk of a compute gallery image version

az disk create -g MyResourceGroup -n MyDisk --gallery-image-reference /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Compute/galleries/myGallery/images/myImage/versions/1.0.0

Create a disk from the OS Disk of the latest version in a compute gallery image

az disk create -g MyResourceGroup -n MyDisk --gallery-image-reference /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Compute/galleries/myGallery/images/myImage

Create a disk from the OS Disk of a shared gallery image version

az disk create -g MyResourceGroup -n MyDisk --gallery-image-reference /SharedGalleries/sharedGalleryUniqueName/Images/imageName/Versions/1.0.0

Create a disk from the OS Disk of a community gallery image version

az disk create -g MyResourceGroup -n MyDisk --gallery-image-reference /CommunityGalleries/communityGalleryPublicGalleryName/Images/imageName/Versions/1.0.0

Create a disk from the Data Disk of a gallery image

az disk create -g MyResourceGroup -n MyDisk --gallery-image-reference /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Compute/galleries/myGallery/images/myImage/versions/1.0.0 --gallery-image-reference-lun 0

Create a disk with total number of IOPS and total throughput (MBps) limitation.

az disk create -g MyResourceGroup -n MyDisk --size-gb 10 --sku UltraSSD_LRS --disk-iops-read-only 200 --disk-mbps-read-only 30

Create a disk and specify maximum number of VMs that can attach to the disk at the same time.

az disk create -g MyResourceGroup -n MyDisk --size-gb 256 --max-shares 2 -l centraluseuap

Create a disk and associate it with a disk access resource.

az disk create -g MyResourceGroup -n MyDisk --size-gb 10 --network-access-policy AllowPrivate --disk-access MyDiskAccessID

Create a disk from the blob URI for VM guest state VHD.

az disk create -g MyResourceGroup -n MyDisk --size-gb 10 --security-data-uri GuestStateDiskVhdUri --security-type TrustedLaunch --hyper-v-generation V2

Create a standard disk for uploading blobs.

az disk create -g MyResourceGroup -n MyDisk --size-gb 10 --upload-type Upload

Create an OS disk for uploading along with VM guest state.

az disk create -g MyResourceGroup -n MyDisk --size-gb 10 --upload-type UploadWithSecurityData --security-type TrustedLaunch --hyper-v-generation V2

Required Parameters

--name -n

The name of the managed disk.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--accelerated-network

Customers can set on Managed Disks or Snapshots to enable the accelerated networking if the OS disk image support.

accepted values: false, true
--architecture

CPU architecture.

accepted values: Arm64, x64
--data-access-auth-mode

Specify the auth mode when exporting or uploading to a disk or snapshot.

accepted values: AzureActiveDirectory, None
--disk-access

Name or ID of the disk access resource for using private endpoints on disks.

--disk-encryption-set

Name or ID of disk encryption set that is used to encrypt the disk.

--disk-iops-read-only

The total number of IOPS that will be allowed across all VMs mounting the shared disk as ReadOnly. One operation can transfer between 4k and 256k bytes.

--disk-iops-read-write

The number of IOPS allowed for this disk. Only settable for UltraSSD disks. One operation can transfer between 4k and 256k bytes.

--disk-mbps-read-only

The total throughput (MBps) that will be allowed across all VMs mounting the shared disk as ReadOnly. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10.

--disk-mbps-read-write

The bandwidth allowed for this disk. Only settable for UltraSSD disks. MBps means millions of bytes per second with ISO notation of powers of 10.

--edge-zone

The name of edge zone.

--enable-bursting

Enable on-demand bursting beyond the provisioned performance target of the disk. On-demand bursting is disabled by default, and it does not apply to Ultra disks.

accepted values: false, true
--encryption-type

Encryption type. EncryptionAtRestWithPlatformKey: Disk is encrypted with XStore managed key at rest. It is the default encryption type. EncryptionAtRestWithCustomerKey: Disk is encrypted with Customer managed key at rest.

accepted values: EncryptionAtRestWithCustomerKey, EncryptionAtRestWithPlatformAndCustomerKeys, EncryptionAtRestWithPlatformKey
--for-upload

Create the disk for uploading blobs. Replaced by "--upload-type Upload".

accepted values: false, true
--gallery-image-reference

ID of the Compute, Shared or Community Gallery image version from which to create a disk. For details about valid format, please refer to the help sample.

--gallery-image-reference-lun

If the disk is created from an image's data disk, this is an index that indicates which of the data disks in the image to use. For OS disks, this field is null.

--hyper-v-generation

The hypervisor generation of the Virtual Machine. Applicable to OS disks only.

accepted values: V1, V2
default value: V1
--image-reference

ID or URN (publisher:offer:sku:version) of the image from which to create a disk.

--image-reference-lun

If the disk is created from an image's data disk, this is an index that indicates which of the data disks in the image to use. For OS disks, this field is null.

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>. If location is not specified and no default location specified, location will be automatically set as same as the resource group.

--logical-sector-size

Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. 4096 is the default.

--max-shares

The maximum number of VMs that can attach to the disk at the same time. Value greater than one indicates a disk that can be mounted on multiple VMs at the same time.

--network-access-policy

Policy for accessing the disk via network.

accepted values: AllowAll, AllowPrivate, DenyAll
--no-wait

Do not wait for the long-running operation to finish.

--os-type

The Operating System type of the Disk.

accepted values: Linux, Windows
--public-network-access

Customers can set on Managed Disks or Snapshots to control the export policy on the disk.

accepted values: Disabled, Enabled
--secure-vm-disk-encryption-set

Name or ID of disk encryption set created with ConfidentialVmEncryptedWithCustomerKey encryption type.

--security-data-uri

Please specify the blob URI of VHD to be imported into VM guest state.

--security-type

The security type of the VM. Applicable for OS disks only.

accepted values: ConfidentialVM_DiskEncryptedWithCustomerKey, ConfidentialVM_DiskEncryptedWithPlatformKey, ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey, TrustedLaunch
--size-gb -z

Size in GB. Max size: 4095 GB (certain preview disks can be larger).

--sku

Underlying storage SKU.

accepted values: PremiumV2_LRS, Premium_LRS, Premium_ZRS, StandardSSD_LRS, StandardSSD_ZRS, Standard_LRS, UltraSSD_LRS
default value: Premium_LRS
--source

Source to create the disk/snapshot from, including unmanaged blob uri, managed disk id or name, or snapshot id or name.

--source-storage-account-id

Used when source blob is in a different subscription.

--support-hibernation

Indicate the OS on a disk supports hibernation.

accepted values: false, true
--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--tier

Performance tier of the disk (e.g, P4, S10) as described here: https://azure.microsoft.com/pricing/details/managed-disks/. Does not apply to Ultra disks.

--upload-size-bytes

The size (in bytes) of the contents of the upload including the VHD footer. Min value: 20972032. Max value: 35183298347520.

--upload-type

Create the disk for upload scenario. 'Upload' is for Standard disk only upload. 'UploadWithSecurityData' is for OS Disk upload along with VM Guest State. Please note the 'UploadWithSecurityData' is not valid for data disk upload, it only to be used for OS Disk upload at present.

accepted values: Upload, UploadWithSecurityData
--zone

Availability zone into which to provision the resource.

accepted values: 1, 2, 3

az disk delete

Delete a managed disk.

az disk delete [--ids]
               [--name]
               [--no-wait]
               [--resource-group]
               [--yes]

Examples

Delete a managed disk. (autogenerated)

az disk delete --name MyManagedDisk --resource-group MyResourceGroup

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The name of the managed disk.

--no-wait

Do not wait for the long-running operation to finish.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--yes -y

Do not prompt for confirmation.

az disk grant-access

Grant a resource access to a managed disk.

az disk grant-access --duration-in-seconds
                     [--access-level {Read, Write}]
                     [--ids]
                     [--name]
                     [--resource-group]
                     [--secure-vm-guest-state-sas]

Examples

Grant a resource read access to a managed disk. (autogenerated)

az disk grant-access --access-level Read --duration-in-seconds 3600 --name MyManagedDisk --resource-group MyResourceGroup

Grant a resource read access to a disk to generate access SAS and security data access SAS

az disk grant-access --access-level Read --duration-in-seconds 3600 --name MyDisk --resource-group MyResourceGroup --secure-vm-guest-state-sas

Required Parameters

--duration-in-seconds

Time duration in seconds until the SAS access expires.

Optional Parameters

--access-level

Access level.

accepted values: Read, Write
default value: Read
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The name of the managed disk.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--secure-vm-guest-state-sas -s

Get SAS on managed disk with VM guest state. It will be used by default when the create option of disk is 'secureOSUpload'.

az disk list

List managed disks.

az disk list [--resource-group]

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az disk revoke-access

Revoke a resource's read access to a managed disk.

az disk revoke-access [--ids]
                      [--name]
                      [--resource-group]

Examples

Revoke a resource's read access to a managed disk. (autogenerated)

az disk revoke-access --ids $id

Revoke a resource's read access to a managed disk. (autogenerated)

az disk revoke-access --name MyManagedDisk --resource-group MyResourceGroup

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The name of the managed disk.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az disk show

Gets information about a disk.

az disk show [--ids]
             [--name]
             [--resource-group]

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The name of the managed disk.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az disk update

Update a managed disk.

az disk update [--accelerated-network {false, true}]
               [--add]
               [--architecture {Arm64, x64}]
               [--data-access-auth-mode {AzureActiveDirectory, None}]
               [--disk-access]
               [--disk-encryption-set]
               [--disk-iops-read-only]
               [--disk-iops-read-write]
               [--disk-mbps-read-only]
               [--disk-mbps-read-write]
               [--enable-bursting {false, true}]
               [--encryption-type {EncryptionAtRestWithCustomerKey, EncryptionAtRestWithPlatformAndCustomerKeys, EncryptionAtRestWithPlatformKey}]
               [--force-string]
               [--ids]
               [--max-shares]
               [--name]
               [--network-access-policy {AllowAll, AllowPrivate, DenyAll}]
               [--no-wait]
               [--public-network-access {Disabled, Enabled}]
               [--remove]
               [--resource-group]
               [--set]
               [--size-gb]
               [--sku {PremiumV2_LRS, Premium_LRS, Premium_ZRS, StandardSSD_LRS, StandardSSD_ZRS, Standard_LRS, UltraSSD_LRS}]

Examples

Update a managed disk and associate it with a disk access resource.

az disk update --name MyManagedDisk --resource-group MyResourceGroup --network-access-policy AllowPrivate --disk-access MyDiskAccessID

Update a managed disk. (autogenerated)

az disk update --name MyManagedDisk --resource-group MyResourceGroup --size-gb 20

Optional Parameters

--accelerated-network

Customers can set on Managed Disks or Snapshots to enable the accelerated networking if the OS disk image support.

accepted values: false, true
--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--architecture

CPU architecture.

accepted values: Arm64, x64
--data-access-auth-mode

Specify the auth mode when exporting or uploading to a disk or snapshot.

accepted values: AzureActiveDirectory, None
--disk-access

Name or ID of the disk access resource for using private endpoints on disks.

--disk-encryption-set

Name or ID of disk encryption set that is used to encrypt the disk.

--disk-iops-read-only

The total number of IOPS that will be allowed across all VMs mounting the shared disk as ReadOnly. One operation can transfer between 4k and 256k bytes.

--disk-iops-read-write

The number of IOPS allowed for this disk. Only settable for UltraSSD disks. One operation can transfer between 4k and 256k bytes.

--disk-mbps-read-only

The total throughput (MBps) that will be allowed across all VMs mounting the shared disk as ReadOnly. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10.

--disk-mbps-read-write

The bandwidth allowed for this disk. Only settable for UltraSSD disks. MBps means millions of bytes per second with ISO notation of powers of 10.

--enable-bursting

Enable on-demand bursting beyond the provisioned performance target of the disk. On-demand bursting is disabled by default, and it does not apply to Ultra disks.

accepted values: false, true
--encryption-type

Encryption type. EncryptionAtRestWithPlatformKey: Disk is encrypted with XStore managed key at rest. It is the default encryption type. EncryptionAtRestWithCustomerKey: Disk is encrypted with Customer managed key at rest.

accepted values: EncryptionAtRestWithCustomerKey, EncryptionAtRestWithPlatformAndCustomerKeys, EncryptionAtRestWithPlatformKey
--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--max-shares

The maximum number of VMs that can attach to the disk at the same time. Value greater than one indicates a disk that can be mounted on multiple VMs at the same time.

--name -n

The name of the managed disk.

--network-access-policy

Policy for accessing the disk via network.

accepted values: AllowAll, AllowPrivate, DenyAll
--no-wait

Do not wait for the long-running operation to finish.

--public-network-access

Customers can set on Managed Disks or Snapshots to control the export policy on the disk.

accepted values: Disabled, Enabled
--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

--size-gb -z

Size in GB. Max size: 4095 GB (certain preview disks can be larger).

--sku

Underlying storage SKU.

accepted values: PremiumV2_LRS, Premium_LRS, Premium_ZRS, StandardSSD_LRS, StandardSSD_ZRS, Standard_LRS, UltraSSD_LRS

az disk wait

Place the CLI in a waiting state until a condition of a managed disk is met.

az disk wait [--created]
             [--custom]
             [--deleted]
             [--exists]
             [--ids]
             [--interval]
             [--name]
             [--resource-group]
             [--timeout]
             [--updated]

Examples

Place the CLI in a waiting state until a condition of a managed disk is met. (autogenerated)

az disk wait --created --name MyManagedDisk --resource-group MyResourceGroup

Place the CLI in a waiting state until a condition of a managed disk is met. (autogenerated)

az disk wait --deleted --name MyManagedDisk --resource-group MyResourceGroup --subscription mysubscription

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

--exists

Wait until the resource exists.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--interval

Polling interval in seconds.

default value: 30
--name -n

The name of the managed disk.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--timeout

Maximum wait in seconds.

default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.