Create a Windows virtual machine from a Resource Manager template
Applies to: ✔️ Windows VMs
Learn how to create a Windows virtual machine by using an Azure Resource Manager template and Azure PowerShell. The template used in this article deploys a single virtual machine running Windows Server in a new virtual network with a single subnet. For creating a Linux virtual machine, see How to create a Linux virtual machine with Azure Resource Manager templates.
An alternative is to deploy the template from the Azure portal. To open the template in the portal, select the Deploy to Azure button.
Create a virtual machine
Creating an Azure virtual machine usually includes two steps:
- Create a resource group. An Azure resource group is a logical container into which Azure resources are deployed and managed. A resource group must be created before a virtual machine.
- Create a virtual machine.
The following example creates a generation 2 VM with Trusted Launch enabled by default from an Azure Quickstart template. Here is a copy of the template:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.16.2.56959",
"templateHash": "14427937023370378081"
}
},
"parameters": {
"adminUsername": {
"type": "string",
"metadata": {
"description": "Username for the Virtual Machine."
}
},
"adminPassword": {
"type": "securestring",
"minLength": 12,
"metadata": {
"description": "Password for the Virtual Machine."
}
},
"dnsLabelPrefix": {
"type": "string",
"defaultValue": "[toLower(format('{0}-{1}', parameters('vmName'), uniqueString(resourceGroup().id, parameters('vmName'))))]",
"metadata": {
"description": "Unique DNS Name for the Public IP used to access the Virtual Machine."
}
},
"publicIpName": {
"type": "string",
"defaultValue": "myPublicIP",
"metadata": {
"description": "Name for the Public IP used to access the Virtual Machine."
}
},
"publicIPAllocationMethod": {
"type": "string",
"defaultValue": "Dynamic",
"allowedValues": [
"Dynamic",
"Static"
],
"metadata": {
"description": "Allocation method for the Public IP used to access the Virtual Machine."
}
},
"publicIpSku": {
"type": "string",
"defaultValue": "Basic",
"allowedValues": [
"Basic",
"Standard"
],
"metadata": {
"description": "SKU for the Public IP used to access the Virtual Machine."
}
},
"OSVersion": {
"type": "string",
"defaultValue": "2022-datacenter-azure-edition",
"allowedValues": [
"2016-datacenter-gensecond",
"2016-datacenter-server-core-g2",
"2016-datacenter-server-core-smalldisk-g2",
"2016-datacenter-smalldisk-g2",
"2016-datacenter-with-containers-g2",
"2016-datacenter-zhcn-g2",
"2019-datacenter-core-g2",
"2019-datacenter-core-smalldisk-g2",
"2019-datacenter-core-with-containers-g2",
"2019-datacenter-core-with-containers-smalldisk-g2",
"2019-datacenter-gensecond",
"2019-datacenter-smalldisk-g2",
"2019-datacenter-with-containers-g2",
"2019-datacenter-with-containers-smalldisk-g2",
"2019-datacenter-zhcn-g2",
"2022-datacenter-azure-edition",
"2022-datacenter-azure-edition-core",
"2022-datacenter-azure-edition-core-smalldisk",
"2022-datacenter-azure-edition-smalldisk",
"2022-datacenter-core-g2",
"2022-datacenter-core-smalldisk-g2",
"2022-datacenter-g2",
"2022-datacenter-smalldisk-g2"
],
"metadata": {
"description": "The Windows version for the VM. This will pick a fully patched image of this given Windows version."
}
},
"vmSize": {
"type": "string",
"defaultValue": "Standard_D2s_v5",
"metadata": {
"description": "Size of the virtual machine."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
},
"vmName": {
"type": "string",
"defaultValue": "simple-vm",
"metadata": {
"description": "Name of the virtual machine."
}
},
"securityType": {
"type": "string",
"defaultValue": "TrustedLaunch",
"allowedValues": [
"Standard",
"TrustedLaunch"
],
"metadata": {
"description": "Security Type of the Virtual Machine."
}
}
},
"variables": {
"storageAccountName": "[format('bootdiags{0}', uniqueString(resourceGroup().id))]",
"nicName": "myVMNic",
"addressPrefix": "10.0.0.0/16",
"subnetName": "Subnet",
"subnetPrefix": "10.0.0.0/24",
"virtualNetworkName": "MyVNET",
"networkSecurityGroupName": "default-NSG",
"securityProfileJson": {
"uefiSettings": {
"secureBootEnabled": true,
"vTpmEnabled": true
},
"securityType": "[parameters('securityType')]"
},
"extensionName": "GuestAttestation",
"extensionPublisher": "Microsoft.Azure.Security.WindowsAttestation",
"extensionVersion": "1.0",
"maaTenantName": "GuestAttestation",
"maaEndpoint": "[substring('emptyString', 0, 0)]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2022-05-01",
"name": "[variables('storageAccountName')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage"
},
{
"type": "Microsoft.Network/publicIPAddresses",
"apiVersion": "2022-05-01",
"name": "[parameters('publicIpName')]",
"location": "[parameters('location')]",
"sku": {
"name": "[parameters('publicIpSku')]"
},
"properties": {
"publicIPAllocationMethod": "[parameters('publicIPAllocationMethod')]",
"dnsSettings": {
"domainNameLabel": "[parameters('dnsLabelPrefix')]"
}
}
},
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2022-05-01",
"name": "[variables('networkSecurityGroupName')]",
"location": "[parameters('location')]",
"properties": {
"securityRules": [
{
"name": "default-allow-3389",
"properties": {
"priority": 1000,
"access": "Allow",
"direction": "Inbound",
"destinationPortRange": "3389",
"protocol": "Tcp",
"sourcePortRange": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*"
}
}
]
}
},
{
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2022-05-01",
"name": "[variables('virtualNetworkName')]",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[variables('addressPrefix')]"
]
},
"subnets": [
{
"name": "[variables('subnetName')]",
"properties": {
"addressPrefix": "[variables('subnetPrefix')]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]"
}
}
}
]
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]"
]
},
{
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "2022-05-01",
"name": "[variables('nicName')]",
"location": "[parameters('location')]",
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicIpName'))]"
},
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]"
}
}
}
]
},
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicIpName'))]",
"[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]"
]
},
{
"type": "Microsoft.Compute/virtualMachines",
"apiVersion": "2022-03-01",
"name": "[parameters('vmName')]",
"location": "[parameters('location')]",
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('vmSize')]"
},
"osProfile": {
"computerName": "[parameters('vmName')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"
},
"storageProfile": {
"imageReference": {
"publisher": "MicrosoftWindowsServer",
"offer": "WindowsServer",
"sku": "[parameters('OSVersion')]",
"version": "latest"
},
"osDisk": {
"createOption": "FromImage",
"managedDisk": {
"storageAccountType": "StandardSSD_LRS"
}
},
"dataDisks": [
{
"diskSizeGB": 1023,
"lun": 0,
"createOption": "Empty"
}
]
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true,
"storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2022-05-01').primaryEndpoints.blob]"
}
},
"securityProfile": "[if(equals(parameters('securityType'), 'TrustedLaunch'), variables('securityProfileJson'), null())]"
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]",
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
]
},
{
"condition": "[and(equals(parameters('securityType'), 'TrustedLaunch'), and(equals(variables('securityProfileJson').uefiSettings.secureBootEnabled, true()), equals(variables('securityProfileJson').uefiSettings.vTpmEnabled, true())))]",
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "2022-03-01",
"name": "[format('{0}/{1}', parameters('vmName'), variables('extensionName'))]",
"location": "[parameters('location')]",
"properties": {
"publisher": "[variables('extensionPublisher')]",
"type": "[variables('extensionName')]",
"typeHandlerVersion": "[variables('extensionVersion')]",
"autoUpgradeMinorVersion": true,
"enableAutomaticUpgrade": true,
"settings": {
"AttestationConfig": {
"MaaSettings": {
"maaEndpoint": "[variables('maaEndpoint')]",
"maaTenantName": "[variables('maaTenantName')]"
}
}
}
},
"dependsOn": [
"[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]"
]
}
],
"outputs": {
"hostname": {
"type": "string",
"value": "[reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('publicIpName')), '2022-05-01').dnsSettings.fqdn]"
}
}
}
To run the following PowerShell script on Azure local PowerShell console with Administrator priviledge.
Note
When we deploy resource with specified template file URI that starts with https://raw.githubusercontent.com/
, the console will run in error like Unable to download deployment content
sometime.
We can follow the actions below to resolve the corresponding issue.
Copy the template URI, convert the URI by changing the prefix, infix, and tempalte file name. For exsample: the origin URI is
https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/101-cosmosdb-sql-autoscale/azuredeploy.json
Category Original value Converted value Action Prefix https://raw.githubusercontent.com
https://github.com
Update Infix blob
Add before master
ormain
branch nameTemplate file name azuredeploy.json your download tempalte file name update After modified, the converted URI will show like
https://github.com/Azure/azure-quickstart-templates/blob/master/101-cosmosdb-sql-autoscale/azuredeploy.json
.Please be kindly noticed that some templates URI have been updated as https://github.com/Azure/azure-quickstart-template/quickstarts/{Microsoft_Resource_Provider_Name}/, you can follow the corresponding path regulation to update the original URI.
Copy the converted URI and download the specific template content in Internet browsers manully.
Modify the templates you downloaded or referenced from the GitHub Repo in order to fit in the Azure China 21Vianet Environment. For example, replace some endpoints -- "blob.core.windows.net" by "blob.core.chinacloudapi.cn", "cloudapp.azure.com" by "chinacloudapp.cn"; change some unsupported Location,VM images, VM sizes, SKU, and resource-provider's API Version when necessary.
Replace the parameter of
-TemplateUri
with-TemplateFile
for powershell or--template-uri
with--template-file
for CLI , then update the specified URI with the downloaded actual file name and run the script again.Language category Reference link Action PowerShell New-AzResourceGroupDeployment
Replace -TemplateUri
with-TemplateFile
Follow the previous steps to download the-TemplateParameterUri
content and repalce with-TemplateParameterFile
in cmdlet when necessary.Azure CLI az deployment group create
Replace --template-uri
with--template-file
$resourceGroupName = Read-Host -Prompt "Enter the Resource Group name"
$location = Read-Host -Prompt "Enter the location (i.e. chinanorth3)"
$adminUsername = Read-Host -Prompt "Enter the administrator username"
$adminPassword = Read-Host -Prompt "Enter the administrator password" -AsSecureString
$dnsLabelPrefix = Read-Host -Prompt "Enter an unique DNS name for the public IP"
New-AzResourceGroup -Name $resourceGroupName -Location "$location"
New-AzResourceGroupDeployment `
-ResourceGroupName $resourceGroupName `
-TemplateUri "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.compute/vm-simple-windows/azuredeploy.json" `
-adminUsername $adminUsername `
-adminPassword $adminPassword `
-dnsLabelPrefix $dnsLabelPrefix
(Get-AzVm -ResourceGroupName $resourceGroupName).name
If you choose to install and use the PowerShell locally , this tutorial requires the Azure PowerShell module. Run Get-Module -ListAvailable Az
to find the version. If you need to upgrade, see Install Azure PowerShell module. If you're running PowerShell locally, you also need to run Connect-AzAccount -Environment AzureChinaCloud
to create a connection with Azure.
In the previous example, you specified a template stored in GitHub. You can also download or create a template and specify the local path with the -template-file
parameter.
Here are some additional resources:
To learn how to develop Resource Manager templates, see Azure Resource Manager documentation.
To see more virtual machine template samples, see Azure Quickstart templates.
Connect to the virtual machine
The last PowerShell command from the previous script shows the virtual machine name. To connect to the virtual machine, see How to connect and sign on to an Azure virtual machine running Windows.
Next Steps
- If there were issues with the deployment, you might take a look at Troubleshoot common Azure deployment errors with Azure Resource Manager.
- Learn how to create and manage a virtual machine in Create and manage Windows VMs with the Azure PowerShell module.