PUT /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/virtualMachineScaleSets/{vmScaleSetName}/?api-version=2023-09-01

The name of the VM scale set to create or update.

Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.

The name of the resource group.

Default value: "application/json"

Set to '*' to allow a new record set to be created, but to prevent updating an existing record set. Other values will result in error from server as they are not supported.

The ETag of the transformation. Omit this value to always overwrite the current resource. Specify the last-seen ETag value to prevent accidentally overwriting concurrent changes.

Resource Id

The complex type of the extended location.

The name of the extended location.

The type of extendedLocation.

Possible values:

• "EdgeZone"

Describes a virtual machine scale set sku. NOTE: If the new VM SKU is not supported on the hardware the scale set is currently on, you need to deallocate the VMs in the scale set before you modify the SKU name.

Specifies the tier of virtual machines in a scale set.

Possible Values:

Standard

Basic

The sku name.

Specifies the number of virtual machines in the scale set.

Resource name

Describes the properties of a Virtual Machine Scale Set.

Resource Id

Specifies the configuration parameters for automatic repairs on the virtual machine scale set.

Type of repair action (replace, restart, reimage) that will be used for repairing unhealthy virtual machines in the scale set. Default value is replace.

Possible values:

• "Replace"
• "Reimage"
• "Restart"

The amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 10 minutes (PT10M), which is also the default value. The maximum allowed grace period is 90 minutes (PT90M).

Specifies whether automatic repairs should be enabled on the virtual machine scale set. The default value is false.

Optional property which must either be set to True or omitted.

When true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true.

Fault Domain count for each placement group.

Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage. zoneBalance property can only be set if the zones property of the scale set contains more than one zone. If there are no zones or only one zone specified, then zoneBalance property should not be set.

Enables or disables a capability on the virtual machine or virtual machine scale set.

The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled.

The flag that enables or disables hibernation capability on the VM.

Describes a scale-in policy for a virtual machine scale set.

The rules to be followed when scaling-in a virtual machine scale set.

Possible values are:

Default When a virtual machine scale set is scaled in, the scale set will first be balanced across zones if it is a zonal scale set. Then, it will be balanced across Fault Domains as far as possible. Within each Fault Domain, the virtual machines chosen for removal will be the newest ones that are not protected from scale-in.

OldestVM When a virtual machine scale set is being scaled-in, the oldest virtual machines that are not protected from scale-in will be chosen for removal. For zonal virtual machine scale sets, the scale set will first be balanced across zones. Within each zone, the oldest virtual machines that are not protected will be chosen for removal.

NewestVM When a virtual machine scale set is being scaled-in, the newest virtual machines that are not protected from scale-in will be chosen for removal. For zonal virtual machine scale sets, the scale set will first be balanced across zones. Within each zone, the newest virtual machines that are not protected will be chosen for removal.

This property allows you to specify if virtual machines chosen for removal have to be force deleted when a virtual machine scale set is being scaled-in.(Feature in Preview)

Specifies the time at which the Virtual Machine Scale Set resource was created. Minimum api-version: 2021-11-01.

Describes a virtual machine scale set virtual machine profile.

Describes a virtual machine scale set OS profile.

Specifies Windows operating system settings on the virtual machine.

Describes Windows Remote Management configuration of the VM

The list of Windows Remote Management listeners

Specifies the protocol of WinRM listener. Possible values are: http, https.

Possible values:

• "Https"
• "Http"

This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be the Base64 encoding of the following JSON Object which is encoded in UTF-8:

{
"data":"",
"dataType":"pfx",
"password":""
}
To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows.

Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, it is set to true by default. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later.

Specifies settings related to VM Guest Patching on Windows.

Specifies the mode of VM Guest patch assessment for the IaaS virtual machine.

Possible values are:

ImageDefault - You control the timing of patch assessments on a virtual machine.

AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true.

Possible values:

• "ImageDefault"
• "AutomaticByPlatform"

Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible.

Possible values are:

Manual - You control the application of patches to a virtual machine. You do this by applying patches manually inside the VM. In this mode, automatic updates are disabled; the property WindowsConfiguration.enableAutomaticUpdates must be false

AutomaticByOS - The virtual machine will automatically be updated by the OS. The property WindowsConfiguration.enableAutomaticUpdates must be true.

AutomaticByPlatform - the virtual machine will automatically updated by the platform. The properties provisionVMAgent and WindowsConfiguration.enableAutomaticUpdates must be true

Possible values:

• "Manual"
• "AutomaticByPlatform"
• "AutomaticByOS"

Enables customers to patch their Azure VMs without requiring a reboot. For enableHotpatching, the 'provisionVMAgent' must be set to true and 'patchMode' must be set to 'AutomaticByPlatform'.

Specifies additional settings to be applied when patch mode AutomaticByPlatform is selected in Windows patch settings.

Enables customer to schedule patching without accidental upgrades

Specifies the reboot setting for all AutomaticByPlatform patch installation operations.

Possible values:

• "Always"
• "Unknown"
• "IfRequired"
• "Never"

Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning.

Indicates whether VMAgent Platform Updates is enabled for the Windows virtual machine. Default value is false.

Specifies the time zone of the virtual machine. e.g. "Pacific Standard Time". Possible values can be TimeZoneInfo.Id value from time zones returned by TimeZoneInfo.GetSystemTimeZones.

Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup.

Specifies the name of the setting to which the content applies. Possible values are: FirstLogonCommands and AutoLogon.

Possible values:

• "AutoLogon"
• "FirstLogonCommands"

The pass name. Currently, the only allowable value is OobeSystem.

Possible values:

• "OobeSystem"

Specifies the XML formatted content that is added to the unattend.xml file for the specified path and component. The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted.

The component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup.

Possible values:

• "Microsoft-Windows-Shell-Setup"

Specifies a base-64 encoded string of custom data. The base-64 encoded string is decoded to a binary array that is saved as a file on the Virtual Machine. The maximum length of the binary array is 65535 bytes. For using cloud-init for your VM, see Using cloud-init to customize a Linux VM during creation

Specifies the Linux operating system settings on the virtual machine. For a list of supported Linux distributions, see Linux on Azure-Endorsed Distributions.

Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later.

Specifies settings related to VM Guest Patching on Linux.

Specifies the mode of VM Guest Patch Assessment for the IaaS virtual machine.

Possible values are:

ImageDefault - You control the timing of patch assessments on a virtual machine.

AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true.

Possible values:

• "ImageDefault"
• "AutomaticByPlatform"

Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible.

Possible values are:

ImageDefault - The virtual machine's default patching configuration is used.

AutomaticByPlatform - The virtual machine will be automatically updated by the platform. The property provisionVMAgent must be true

Possible values:

• "ImageDefault"
• "AutomaticByPlatform"

Specifies additional settings to be applied when patch mode AutomaticByPlatform is selected in Linux patch settings.

Enables customer to schedule patching without accidental upgrades

Specifies the reboot setting for all AutomaticByPlatform patch installation operations.

Possible values:

• "Always"
• "Unknown"
• "IfRequired"
• "Never"

Specifies whether password authentication should be disabled.

Indicates whether VMAgent Platform Updates is enabled for the Linux virtual machine. Default value is false.

SSH configuration for Linux based VMs running on Azure

The list of SSH public keys used to authenticate with linux based VMs.

SSH public key certificate used to authenticate with the VM through ssh. The key needs to be at least 2048-bit and in ssh-rsa format. For creating ssh keys, see [Create SSH keys on Linux and Mac for Linux VMs in Azure]https://docs.microsoft.com/azure/virtual-machines/linux/create-ssh-keys-detailed).

Specifies the full path on the created VM where ssh public key is stored. If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys

Specifies whether extension operations should be allowed on the virtual machine scale set. This may only be set to False when no extensions are present on the virtual machine scale set.

Specifies set of certificates that should be installed onto the virtual machines in the scale set. To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows.

Resource Id

The list of key vault references in SourceVault which contain certificates.

For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account. For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted.

This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8:

{
"data":"",
"dataType":"pfx",
"password":""
}
To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the Azure Key Vault virtual machine extension for Windows.

Specifies the password of the administrator account.

Minimum-length (Windows): 8 characters

Minimum-length (Linux): 6 characters

Max-length (Windows): 123 characters

Max-length (Linux): 72 characters

Complexity requirements: 3 out of 4 conditions below need to be fulfilled
Has lower characters
Has upper characters
Has a digit
Has a special character (Regex match [\W_])

Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!"

For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM

For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension

Specifies the computer name prefix for all of the virtual machines in the scale set. Computer name prefixes must be 1 to 15 characters long.

Optional property which must either be set to True or omitted.

Specifies the name of the administrator account.

Windows-only restriction: Cannot end in "."

Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5".

Minimum-length (Linux): 1 character

Max-length (Linux): 64 characters

Max-length (Windows): 20 characters

The parameters of a capacity reservation Profile.

Resource Id

Specifies the Security profile settings for the virtual machine or virtual machine scale set.

This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. The default behavior is: The Encryption at host will be disabled unless this property is set to true for the resource.

Specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UefiSettings. The default behavior is: UefiSettings will not be enabled unless this property is set.

Possible values:

• "ConfidentialVM"
• "TrustedLaunch"

Specifies ProxyAgent settings while creating the virtual machine. Minimum api-version: 2023-09-01.

Specifies whether ProxyAgent feature should be enabled on the virtual machine or virtual machine scale set.

Specifies the mode that ProxyAgent will execute on if the feature is enabled. ProxyAgent will start to audit or monitor but not enforce access control over requests to host endpoints in Audit mode, while in Enforce mode it will enforce access control. The default value is Enforce mode.

Possible values:

• "Audit"
• "Enforce"

Increase the value of this property allows user to reset the key used for securing communication channel between guest and host.

Specifies the security settings like secure boot and vTPM used while creating the virtual machine. Minimum api-version: 2020-12-01.

Specifies whether secure boot should be enabled on the virtual machine. Minimum api-version: 2020-12-01.

Specifies whether vTPM should be enabled on the virtual machine. Minimum api-version: 2020-12-01.

Specifies the Managed Identity used by ADE to get access token for keyvault operations.

Specifies ARM Resource ID of one of the user identities associated with the VM.

Length of time a Virtual Machine being reimaged or having its OS upgraded will have to potentially approve the OS Image Scheduled Event before the event is auto approved (timed out). The configuration is specified in ISO 8601 format, and the value must be 15 minutes (PT15M)

Specifies whether the OS Image Scheduled event is enabled or disabled.

Configurable length of time a Virtual Machine being deleted will have to potentially approve the Terminate Scheduled Event before the event is auto approved (timed out). The configuration must be specified in ISO 8601 format, the default value is 5 minutes (PT5M)

Specifies whether the Terminate Scheduled event is enabled or disabled.

Describes a virtual machine scale set extension profile.

Specifies the time alloted for all extensions to start. The time duration should be between 15 minutes and 120 minutes (inclusive) and should be specified in ISO 8601 format. The default value is 90 minutes (PT1H30M). Minimum api-version: 2020-06-01.

The virtual machine scale set child extension resources.

Resource Id

The name of the extension.

Describes the properties of a Virtual Machine Scale Set Extension.

Collection of extension names after which this extension needs to be provisioned.

If a value is provided and is different from the previous value, the extension handler will be forced to update even if the extension configuration has not changed.

The name of the extension handler publisher.

The extension can contain either protectedSettings or protectedSettingsFromKeyVault or no protected settings at all.

The provisioning state, which only appears in the response.

Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available.

Specifies the type of the extension; an example is "CustomScriptExtension".

Json formatted public settings for the extension.

Specifies the version of the script handler.

Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true.

Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false.

Describes a reference to Key Vault Secret

Resource Id

The URL referencing a secret in a Key Vault.

Resource type

Specifies the eviction policy for the Azure Spot VM/VMSS

Possible values:

• "Deallocate"
• "Delete"

Contains the list of gallery applications that should be made available to the VM/VMSS

Specifies the gallery applications that should be made available to the VM/VMSS

Optional, Specifies the order in which the packages have to be installed

Specifies the GalleryApplicationVersion resource id on the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/applications/{application}/versions/{version}

Optional, Specifies the uri to an azure blob that will replace the default configuration for the package if provided

Optional, If true, any failure for any operation in the VmApplication will fail the deployment

Optional, Specifies a passthrough value for more generic context.

If set to true, when a new Gallery Application version is available in PIR/SIG, it will be automatically updated for the VM/VMSS

Specifies the service artifact reference id used to set same image version for all virtual machines in the scale set when using 'latest' image version. Minimum api-version: 2022-11-01

The service artifact reference id in the form of /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/galleries/{galleryName}/serviceArtifacts/{serviceArtifactName}/vmArtifactsProfiles/{vmArtifactsProfilesName}

Specifies the priority for a standalone virtual machine or the virtual machines in the scale set. 'Low' enum will be deprecated in the future, please use 'Spot' as the enum to deploy Azure Spot VM/VMSS.

Possible values:

• "Low"
• "Spot"
• "Regular"

Specifies the time in which this VM profile for the Virtual Machine Scale Set was created. Minimum API version for this property is 2023-09-01. This value will be added to VMSS Flex VM tags when creating/updating the VMSS VM Profile with minimum api-version 2023-09-01.

Describes a virtual machine scale set network profile.

The list of network configurations.

The network configuration name.

Describes a virtual machine scale set network profile's IP configuration.

Specify what happens to the network interface when the VM is deleted

Possible values:

• "Detach"
• "Delete"

Specifies whether the network interface is disabled for tcp state tracking.

Whether IP forwarding enabled on this NIC.

Resource Id

Specifies whether the Auxiliary mode is enabled for the Network Interface resource.

Possible values:

• "AcceleratedConnections"
• "None"
• "Floating"

Specifies whether the Auxiliary sku is enabled for the Network Interface resource.

Possible values:

• "A1"
• "A8"
• "None"
• "A4"
• "A2"

Specifies the primary network interface in case the virtual machine has more than 1 network interface.

Specifies whether the network interface is accelerated networking-enabled.

Specifies the IP configurations of the network interface.

The IP configuration name.

Describes a virtual machine scale set network profile's IP configuration properties.

Specifies an array of references to backend address pools of load balancers. A scale set can reference backend address pools of one public and one internal load balancer. Multiple scale sets cannot use the same basic sku load balancer.

Resource Id

Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'.

Possible values:

• "IPv4"
• "IPv6"

Specifies an array of references to application security group.

Resource Id

Specifies the primary network interface in case the virtual machine has more than 1 network interface.

Specifies an array of references to backend address pools of application gateways. A scale set can reference backend address pools of multiple application gateways. Multiple scale sets cannot use the same application gateway.

Resource Id

Specifies an array of references to inbound Nat pools of the load balancers. A scale set can reference inbound nat pools of one public and one internal load balancer. Multiple scale sets cannot use the same basic sku load balancer.

Resource Id

Describes a virtual machines scale set IP Configuration's PublicIPAddress configuration

The publicIP address configuration name.

Describes the public IP Sku. It can only be set with OrchestrationMode as Flexible.

Specify public IP sku tier

Possible values:

• "Regional"
• "Global"

Specify public IP sku name

Possible values:

• "Basic"
• "Standard"

Describes a virtual machines scale set IP Configuration's PublicIPAddress configuration

Specify what happens to the public IP when the VM is deleted

Possible values:

• "Detach"
• "Delete"

The idle timeout of the public IP address.

Resource Id

The list of IP tags associated with the public IP address.

IP tag type. Example: FirstPartyUsage.

IP tag associated with the public IP. Example: SQL, Storage etc.

Describes a virtual machines scale sets network configuration's DNS settings.

The Domain name label scope.The concatenation of the hashed domain name label that generated according to the policy from domain name label scope and vm index will be the domain name labels of the PublicIPAddress resources that will be created

Possible values:

• "SubscriptionReuse"
• "NoReuse"
• "TenantReuse"
• "ResourceGroupReuse"

The Domain name label.The concatenation of the domain name label and vm index will be the domain name labels of the PublicIPAddress resources that will be created

Available from Api-Version 2019-07-01 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'.

Possible values:

• "IPv4"
• "IPv6"

The API entity reference.

The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/...

Specifies whether the network interface is FPGA networking-enabled.

Describes a virtual machines scale sets network configuration's DNS settings.

List of DNS servers IP addresses

specifies the Microsoft.Network API version used when creating networking resources in the Network Interface Configurations for Virtual Machine Scale Set with orchestration mode 'Flexible'

Possible values:

• "2020-11-01"

The API entity reference.

The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/...

Specifies the hardware settings for the virtual machine scale set.

Specifies VM Size Property settings on the virtual machine.

Specifies the vCPU to physical core ratio. When this property is not specified in the request body the default behavior is set to the value of vCPUsPerCore for the VM Size exposed in api response of List all available virtual machine sizes in a region. Setting this property to 1 also means that hyper-threading is disabled.

Specifies the number of vCPUs available for the VM. When this property is not specified in the request body the default behavior is to set it to the value of vCPUs available for that VM size exposed in api response of List all available virtual machine sizes in a region.

Specifies the boot diagnostic settings state. Minimum api-version: 2015-06-15.

Boot Diagnostics is a debugging feature which allows you to view Console Output and Screenshot to diagnose VM status. You can easily view the output of your console log. Azure also enables you to see a screenshot of the VM from the hypervisor.

Whether boot diagnostics should be enabled on the Virtual Machine.

Uri of the storage account to use for placing the console output and screenshot. If storageUri is not specified while enabling boot diagnostics, managed storage will be used.

Describes a virtual machine scale set storage profile.

Specifies the parameters that are used to add data disks to the virtual machines in the scale set. For more information about disks, see About disks and VHDs for Azure virtual machines.

Specifies the behavior of the managed disk when the VM gets deleted, for example whether the managed disk is deleted or detached. Supported values are: Delete. If this value is used, the managed disk is deleted when VM gets deleted. Detach. If this value is used, the managed disk is retained after VM gets deleted. Minimum api-version: 2021-03-01.

Possible values:

• "Detach"
• "Delete"

The disk name.

Specifies the Read-Write IOPS for the managed disk. Should be used only when StorageAccountType is UltraSSD_LRS. If not specified, a default value would be assigned based on diskSizeGB.

Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The default values are: None for Standard storage. ReadOnly for Premium storage

Possible values:

• "None"
• "ReadOnly"
• "ReadWrite"

Specifies whether writeAccelerator should be enabled or disabled on the disk.

Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property diskSizeGB is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023.

Specifies how the virtual machine should be created. Possible values are: Attach. This value is used when you are using a specialized disk to create the virtual machine. FromImage. This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described.

Possible values:

• "Empty"
• "FromImage"
• "Attach"

Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM.

Describes the parameters of a ScaleSet managed disk.

Specifies the security profile settings for the managed disk. Note: It can only be set for Confidential VMs.

Describes the parameter of customer managed disk encryption set resource id that can be specified for disk. Note: The disk encryption set resource id can only be specified for managed disk. Please refer https://aka.ms/mdssewithcmkoverview for more details.

Resource Id

Specifies the EncryptionType of the managed disk. It is set to DiskWithVMGuestState for encryption of the managed disk along with VMGuestState blob, VMGuestStateOnly for encryption of just the VMGuestState blob, and NonPersistedTPM for not persisting firmware state in the VMGuestState blob.. Note: It can be set for only Confidential VMs.

Possible values:

• "VMGuestStateOnly"
• "NonPersistedTPM"
• "DiskWithVMGuestState"

Specifies the storage account type for the managed disk. Managed OS disk storage account type can only be set when you create the scale set. NOTE: UltraSSD_LRS can only be used with data disks. It cannot be used with OS Disk. Standard_LRS uses Standard HDD. StandardSSD_LRS uses Standard SSD. Premium_LRS uses Premium SSD. UltraSSD_LRS uses Ultra disk. Premium_ZRS uses Premium SSD zone redundant storage. StandardSSD_ZRS uses Standard SSD zone redundant storage. For more information regarding disks supported for Windows Virtual Machines, refer to https://docs.microsoft.com/azure/virtual-machines/windows/disks-types and, for Linux Virtual Machines, refer to https://docs.microsoft.com/azure/virtual-machines/linux/disks-types

Possible values:

• "PremiumV2_LRS"
• "UltraSSD_LRS"
• "StandardSSD_LRS"
• "Standard_LRS"
• "Premium_ZRS"
• "StandardSSD_ZRS"
• "Premium_LRS"

Describes the parameter of customer managed disk encryption set resource id that can be specified for disk. Note: The disk encryption set resource id can only be specified for managed disk. Please refer https://aka.ms/mdssewithcmkoverview for more details.

Resource Id

Specifies the bandwidth in MB per second for the managed disk. Should be used only when StorageAccountType is UltraSSD_LRS. If not specified, a default value would be assigned based on diskSizeGB.

Specifies information about the image to use. You can specify information about platform images, marketplace images, or virtual machine images. This element is required when you want to use a platform image, marketplace image, or virtual machine image, but is not used in other creation operations. NOTE: Image reference publisher and offer can only be set when you create the scale set.

Resource Id

The image SKU.

Specified the shared gallery image unique id for vm deployment. This can be fetched from shared gallery image GET call.

The image publisher.

Specifies in decimal numbers, the version of platform image or marketplace image used to create the virtual machine. This readonly field differs from 'version', only if the value specified in 'version' field is 'latest'.

Specifies the version of the platform image or marketplace image used to create the virtual machine. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available. Please do not use field 'version' for gallery image deployment, gallery image should always use 'id' field for deployment, to use 'latest' version of gallery image, just set '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/images/{imageName}' in the 'id' field without version input.

Specifies the offer of the platform image or marketplace image used to create the virtual machine.

Specified the community gallery image unique id for vm deployment. This can be fetched from community gallery image GET call.

Describes a virtual machine scale set operating system disk.

Specifies the behavior of the managed disk when the VM gets deleted, for example whether the managed disk is deleted or detached. Supported values are: Delete. If this value is used, the managed disk is deleted when VM gets deleted. Detach. If this value is used, the managed disk is retained after VM gets deleted. Minimum api-version: 2021-03-01.

Possible values:

• "Detach"
• "Delete"

The disk name.

Describes the parameters of ephemeral disk settings that can be specified for operating system disk. Note: The ephemeral disk settings can only be specified for managed disk.

Specifies the ephemeral disk option for operating system disk.

Possible values:

• "Local"

Specifies the ephemeral disk placement for operating system disk. This property can be used by user in the request to choose the location i.e, cache disk or resource disk space for Ephemeral OS disk provisioning. For more information on Ephemeral OS disk size requirements, please refer Ephemeral OS disk size requirements for Windows VM at https://docs.microsoft.com/azure/virtual-machines/windows/ephemeral-os-disks#size-requirements and Linux VM at https://docs.microsoft.com/azure/virtual-machines/linux/ephemeral-os-disks#size-requirements

Possible values:

• "ResourceDisk"
• "CacheDisk"

This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD. Possible values are: Windows, Linux.

Possible values:

• "Windows"
• "Linux"

Specifies the caching requirements. Possible values are: None, ReadOnly, ReadWrite. The default values are: None for Standard storage. ReadOnly for Premium storage

Possible values:

• "None"
• "ReadOnly"
• "ReadWrite"

Specifies whether writeAccelerator should be enabled or disabled on the disk.

Specifies the size of an empty data disk in gigabytes. This element can be used to overwrite the size of the disk in a virtual machine image. The property 'diskSizeGB' is the number of bytes x 1024^3 for the disk and the value cannot be larger than 1023.

Specifies how the virtual machine should be created. Possible values are: Attach. This value is used when you are using a specialized disk to create the virtual machine. FromImage. This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described.

Possible values:

• "Empty"
• "FromImage"
• "Attach"

Specifies the container urls that are used to store operating system disks for the scale set.

Describes the uri of a disk.

Specifies the virtual hard disk's uri.

Describes the parameters of a ScaleSet managed disk.

Specifies the security profile settings for the managed disk. Note: It can only be set for Confidential VMs.

Describes the parameter of customer managed disk encryption set resource id that can be specified for disk. Note: The disk encryption set resource id can only be specified for managed disk. Please refer https://aka.ms/mdssewithcmkoverview for more details.

Resource Id

Specifies the EncryptionType of the managed disk. It is set to DiskWithVMGuestState for encryption of the managed disk along with VMGuestState blob, VMGuestStateOnly for encryption of just the VMGuestState blob, and NonPersistedTPM for not persisting firmware state in the VMGuestState blob.. Note: It can be set for only Confidential VMs.

Possible values:

• "VMGuestStateOnly"
• "NonPersistedTPM"
• "DiskWithVMGuestState"

Specifies the storage account type for the managed disk. Managed OS disk storage account type can only be set when you create the scale set. NOTE: UltraSSD_LRS can only be used with data disks. It cannot be used with OS Disk. Standard_LRS uses Standard HDD. StandardSSD_LRS uses Standard SSD. Premium_LRS uses Premium SSD. UltraSSD_LRS uses Ultra disk. Premium_ZRS uses Premium SSD zone redundant storage. StandardSSD_ZRS uses Standard SSD zone redundant storage. For more information regarding disks supported for Windows Virtual Machines, refer to https://docs.microsoft.com/azure/virtual-machines/windows/disks-types and, for Linux Virtual Machines, refer to https://docs.microsoft.com/azure/virtual-machines/linux/disks-types

Possible values:

• "PremiumV2_LRS"
• "UltraSSD_LRS"
• "StandardSSD_LRS"
• "Standard_LRS"
• "Premium_ZRS"
• "StandardSSD_ZRS"
• "Premium_LRS"

Describes the parameter of customer managed disk encryption set resource id that can be specified for disk. Note: The disk encryption set resource id can only be specified for managed disk. Please refer https://aka.ms/mdssewithcmkoverview for more details.

Resource Id

Specifies that the image or disk that is being used was licensed on-premises.

Possible values for Windows Server operating system are:

Windows_Client

Windows_Server

Possible values for Linux Server operating system are:

RHEL_BYOS (for RHEL)

SLES_BYOS (for SUSE)

For more information, see Azure Hybrid Use Benefit for Windows Server

Azure Hybrid Use Benefit for Linux Server

Minimum api-version: 2015-06-15

Specifies the billing related details of a Azure Spot VM or VMSS. Minimum api-version: 2019-03-01.

Specifies the maximum price you are willing to pay for a Azure Spot VM/VMSS. This price is in US Dollars.

This price will be compared with the current Azure Spot price for the VM size. Also, the prices are compared at the time of create/update of Azure Spot VM/VMSS and the operation will only succeed if the maxPrice is greater than the current Azure Spot price.

The maxPrice will also be used for evicting a Azure Spot VM/VMSS if the current Azure Spot price goes beyond the maxPrice after creation of VM/VMSS.

Possible values are:

- Any decimal value greater than zero. Example: 0.01538

-1 – indicates default price to be up-to on-demand.

You can set the maxPrice to -1 to indicate that the Azure Spot VM/VMSS should not be evicted for price reasons. Also, the default max price is -1 if it is not provided by you.

Minimum api-version: 2019-03-01.

UserData for the virtual machines in the scale set, which must be base-64 encoded. Customer should not pass any secrets in here. Minimum api-version: 2021-03-01.

Specifies the security posture to be used for all virtual machines in the scale set. Minimum api-version: 2023-03-01

The security posture reference id in the form of /CommunityGalleries/{communityGalleryName}/securityPostures/{securityPostureName}/versions/{major.minor.patch}|{major.*}|latest

List of virtual machine extensions to exclude when applying the Security Posture.

Resource Id

Resource name

Describes the properties of a Virtual Machine Extension.

Collection of extension names after which this extension needs to be provisioned.

How the extension handler should be forced to update even if the extension configuration has not changed.

The extension can contain either protectedSettings or protectedSettingsFromKeyVault or no protected settings at all.

The instance view of a virtual machine extension.

The virtual machine extension name.

Specifies the type of the extension; an example is "CustomScriptExtension".

Specifies the version of the script handler.

The resource status information.

The time of the status.

The short localizable label for the status.

The detailed status message, including for alerts and error messages.

The level code.

Possible values:

• "Error"
• "Warning"
• "Info"

The status code.

The resource status information.

The time of the status.

The short localizable label for the status.

The detailed status message, including for alerts and error messages.

The level code.

Possible values:

• "Error"
• "Warning"
• "Info"

The status code.

Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available.

Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false.

The name of the extension handler publisher.

The provisioning state, which only appears in the response.

Specifies the type of the extension; an example is "CustomScriptExtension".

Json formatted public settings for the extension.

Specifies the version of the script handler.

Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true.

Describes a reference to Key Vault Secret

Resource Id

The URL referencing a secret in a Key Vault.

Resource location

Resource tags

Resource type

Specifies whether the Virtual Machine Scale Set should be overprovisioned.

Describes an resiliency policy - resilientVMCreationPolicy and/or resilientVMDeletionPolicy.

The configuration parameters used while performing resilient VM creation.

Specifies whether resilient VM creation should be enabled on the virtual machine scale set. The default value is false.

The configuration parameters used while performing resilient VM deletion.

Specifies whether resilient VM deletion should be enabled on the virtual machine scale set. The default value is false.

Specifies the ID which uniquely identifies a Virtual Machine Scale Set.

Specifies the target splits for Spot and Regular priority VMs within a scale set with flexible orchestration mode. With this property the customer is able to specify the base number of regular priority VMs created as the VMSS flex instance scales out and the split between Spot and Regular priority VMs after this base target has been reached.

The percentage of VM instances, after the base regular priority count has been reached, that are expected to use regular priority.

The base number of regular priority VMs that will be created in this scale set as it scales out.

The provisioning state, which only appears in the response.

When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs.

Specifies the orchestration mode for the virtual machine scale set.

Possible values:

• "Flexible"
• "Uniform"

Describes an upgrade policy - automatic, manual, or rolling.

The configuration parameters used while performing a rolling upgrade.

The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. The default value for this parameter is 20%.

Allow VMSS to ignore AZ boundaries when constructing upgrade batches. Take into consideration the Update Domain and maxBatchInstancePercent to determine the batch size.

Create new virtual machines to upgrade the scale set, rather than updating the existing virtual machines. Existing virtual machines will be deleted once the new virtual machines are created for each batch.

Upgrade all unhealthy instances in a scale set before any healthy instances.

The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. The default value is 0 seconds (PT0S).

Rollback failed instances to previous model if the Rolling Upgrade policy is violated.

The maximum percentage of upgraded virtual machine instances that can be found to be in an unhealthy state. This check will happen after each batch is upgraded. If this percentage is ever exceeded, the rolling update aborts. The default value for this parameter is 20%.

The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. The default value for this parameter is 20%.

Specifies the mode of an upgrade to virtual machines in the scale set.

Possible values are:

Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action.

Automatic - All virtual machines in the scale set are automatically updated at the same time.

Possible values:

• "Rolling"
• "Manual"
• "Automatic"

The configuration parameters used for performing automatic OS upgrade.

Indicates whether rolling upgrade policy should be used during Auto OS Upgrade. Default value is false. Auto OS Upgrade will fallback to the default policy if no policy is defined on the VMSS.

Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false. If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true.

Indicates whether Auto OS Upgrade should undergo deferral. Deferred OS upgrades will send advanced notifications on a per-VM basis that an OS upgrade from rolling upgrades is incoming, via the IMDS tag 'Platform.PendingOSUpgrade'. The upgrade then defers until the upgrade is approved via an ApproveRollingUpgrade call.

Whether OS image rollback feature should be disabled. Default value is false.

Specifies the Spot-Try-Restore properties for the virtual machine scale set. With this property customer can enable or disable automatic restore of the evicted Spot VMSS VM instances opportunistically based on capacity availability and pricing constraint.

Enables the Spot-Try-Restore feature where evicted VMSS SPOT instances will be tried to be restored opportunistically based on capacity availability and pricing constraints

Timeout value expressed as an ISO 8601 time duration after which the platform will not try to restore the VMSS SPOT instances

Resource Id

Etag is property returned in Create/Update/Get response of the VMSS, so that customer can supply it in the header to ensure optimistic updates

Resource location

The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set

Resource tags

Resource type

Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. In the Azure portal, find the marketplace image that you want to use and then click Want to deploy programmatically, Get Started ->. Enter any required information and then click Save.

The plan ID.

The publisher ID.

Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element.

The promotion code.

Identity for the virtual machine scale set.

The tenant id associated with the virtual machine scale set. This property will only be provided for a system assigned identity.

The type of identity used for the virtual machine scale set. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine scale set.

Possible values:

• "SystemAssigned"
• "UserAssigned"
• "None"
• "SystemAssigned, UserAssigned"

The list of user identities associated with the Virtual Machine. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

The principal id of virtual machine scale set identity. This property will only be provided for a system assigned identity.