New-AzVmss

New-AzVmss
    [-ResourceGroupName] <String>
    [-VMScaleSetName] <String>
    [-VirtualMachineScaleSet] <PSVirtualMachineScaleSet>
    [-AsJob]
    [-IfMatch <String>]
    [-IfNoneMatch <String>]
    [-EdgeZone <String>]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

New-AzVmss
    [[-ResourceGroupName] <String>]
    [-VMScaleSetName] <String>
    -Credential <PSCredential>
    [-AsJob]
    [-UserData <String>]
    [-EnableAutomaticOSUpgrade]
    [-IfMatch <String>]
    [-IfNoneMatch <String>]
    [-ImageName <String>]
    [-InstanceCount <Int32>]
    [-VirtualNetworkName <String>]
    [-SubnetName <String>]
    [-PublicIpAddressName <String>]
    [-DomainNameLabel <String>]
    [-SecurityGroupName <String>]
    [-LoadBalancerName <String>]
    [-BackendPort <Int32[]>]
    [-Location <String>]
    [-EdgeZone <String>]
    [-VmSize <String>]
    [-UpgradePolicyMode <UpgradeMode>]
    [-AllocationMethod <String>]
    [-VnetAddressPrefix <String>]
    [-SubnetAddressPrefix <String>]
    [-FrontendPoolName <String>]
    [-BackendPoolName <String>]
    [-SystemAssignedIdentity]
    [-UserAssignedIdentity <String>]
    [-EnableUltraSSD]
    [-Zone <System.Collections.Generic.List`1[System.String]>]
    [-NatBackendPort <Int32[]>]
    [-DataDiskSizeInGb <Int32[]>]
    [-ProximityPlacementGroupId <String>]
    [-HostGroupId <String>]
    [-Priority <String>]
    [-EvictionPolicy <String>]
    [-MaxPrice <Double>]
    [-ScaleInPolicy <String[]>]
    [-SkipExtensionsOnOverprovisionedVMs]
    [-EncryptionAtHost]
    [-PlatformFaultDomainCount <Int32>]
    [-OrchestrationMode <String>]
    [-CapacityReservationGroupId <String>]
    [-ImageReferenceId <String>]
    [-DiskControllerType <String>]
    [-SharedGalleryImageId <String>]
    [-SecurityType <String>]
    [-EnableVtpm <Boolean>]
    [-EnableSecureBoot <Boolean>]
    [-SecurityPostureId <String>]
    [-SecurityPostureExcludeExtension <String[]>]
    [-SkuProfileVmSize <String[]>]
    [-SkuProfileAllocationStrategy <String>]
    [-DefaultProfile <IAzureContextContainer>]
    [-SinglePlacementGroup]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

The New-AzVmss cmdlet creates a Virtual Machine Scale Set (VMSS) in Azure. Use the simple parameter set (SimpleParameterSet) to quickly create a pre-set VMSS and associated resources.

Use the default parameter set (DefaultParameter) for more advanced scenarios when you need to precisely configure each component of the VMSS and each associated resource before creation. For default parameter set, first use the New-AzVmssConfig cmdlet to create a virtual machine scale set object.

Then use the following cmdlets to set different properties of the virtual machine scale set object:

• Add-AzVmssNetworkInterfaceConfiguration to set the network profile.
  
• Set-AzVmssOsProfile to set the OS profile.
  
• Set-AzVmssStorageProfile to set the storage profile.
  
• Get-AzComputeResourceSku can also be used to find out available virtual machine sizes for your subscription and region.
  

See other cmdlets for virtual machine scale set here.

VMSS creation will default to OrchestrationMode:Flexible. Default parameter set will set properties in VirtualMachineScaleSetVMProfile by default. To create a VMSS with an empty VirtualMachineScaleSetVMProfile property, use simple parameter set by first creating a VirtualMachineScaleSet object with an empty VirtualMachineScaleSetVMProfile property using New-AzVmssConfig.

$vmssName = 'VMSSNAME'
# Create credentials, I am using one way to create credentials, there are others as well.
# Pick one that makes the most sense according to your use case.
$vmPassword = ConvertTo-SecureString -String "****" -AsPlainText -Force
$vmCred = New-Object System.Management.Automation.PSCredential('USERNAME', $vmPassword)
$securityTypeStnd = "Standard"

#Create a VMSS using the default settings
New-AzVmss -Credential $vmCred -VMScaleSetName $vmssName -SecurityType $securityTypeStnd

The command above creates the following with the name $vmssName :

• A Resource Group
• A virtual network
• A load balancer
• A public IP
• the VMSS with 2 instances

The default image chosen for the VMs in the VMSS is 2016-Datacenter Windows Server and the SKU is Standard_DS1_v2

# Common
$LOC = "WestUs";
$RGName = "rgkyvms";

New-AzResourceGroup -Name $RGName -Location $LOC -Force;

# SRP
$STOName = "sto" + $RGName;
$STOType = "Standard_GRS";
New-AzStorageAccount -ResourceGroupName $RGName -Name $STOName -Location $LOC -Type $STOType;
$STOAccount = Get-AzStorageAccount -ResourceGroupName $RGName -Name $STOName;

# NRP
$SubNet = New-AzVirtualNetworkSubnetConfig -Name ("subnet" + $RGName) -AddressPrefix "10.0.0.0/24";
$VNet = New-AzVirtualNetwork -Force -Name ("vnet" + $RGName) -ResourceGroupName $RGName -Location $LOC -AddressPrefix "10.0.0.0/16" -DnsServer "10.1.1.1" -Subnet $SubNet;
$VNet = Get-AzVirtualNetwork -Name ('vnet' + $RGName) -ResourceGroupName $RGName;
$SubNetId = $VNet.Subnets[0].Id;

$PubIP = New-AzPublicIpAddress -Force -Name ("pubip" + $RGName) -ResourceGroupName $RGName -Location $LOC -AllocationMethod Dynamic -DomainNameLabel ("pubip" + $RGName);
$PubIP = Get-AzPublicIpAddress -Name ("pubip"  + $RGName) -ResourceGroupName $RGName;

# Create LoadBalancer
$FrontendName = "fe" + $RGName
$BackendAddressPoolName = "bepool" + $RGName
$ProbeName = "vmssprobe" + $RGName
$InboundNatPoolName  = "innatpool" + $RGName
$LBRuleName = "lbrule" + $RGName
$LBName = "vmsslb" + $RGName

$Frontend = New-AzLoadBalancerFrontendIpConfig -Name $FrontendName -PublicIpAddress $PubIP
$BackendAddressPool = New-AzLoadBalancerBackendAddressPoolConfig -Name $BackendAddressPoolName
$Probe = New-AzLoadBalancerProbeConfig -Name $ProbeName -RequestPath healthcheck.aspx -Protocol http -Port 80 -IntervalInSeconds 15 -ProbeCount 2
$InboundNatPool = New-AzLoadBalancerInboundNatPoolConfig -Name $InboundNatPoolName  -FrontendIPConfigurationId `
    $Frontend.Id -Protocol Tcp -FrontendPortRangeStart 3360 -FrontendPortRangeEnd 3367 -BackendPort 3370;
$LBRule = New-AzLoadBalancerRuleConfig -Name $LBRuleName `
    -FrontendIPConfiguration $Frontend -BackendAddressPool $BackendAddressPool `
    -Probe $Probe -Protocol Tcp -FrontendPort 80 -BackendPort 80 `
    -IdleTimeoutInMinutes 15 -EnableFloatingIP -LoadDistribution SourceIP;
$ActualLb = New-AzLoadBalancer -Name $LBName -ResourceGroupName $RGName -Location $LOC `
    -FrontendIpConfiguration $Frontend -BackendAddressPool $BackendAddressPool `
    -Probe $Probe -LoadBalancingRule $LBRule -InboundNatPool $InboundNatPool;
$ExpectedLb = Get-AzLoadBalancer -Name $LBName -ResourceGroupName $RGName

# New VMSS Parameters
$VMSSName = "vmss" + $RGName;

$AdminUsername = "Admin01";
$AdminPassword = "p4ssw0rd@123" + $RGName;

$PublisherName = "MicrosoftWindowsServer"
$Offer         = "WindowsServer"
$Sku           = "2012-R2-Datacenter"
$Version       = "latest"

$VHDContainer = "https://" + $STOName + ".blob.core.windows.net/" + $VMSSName;

$ExtName = "CSETest";
$Publisher = "Microsoft.Compute";
$ExtType = "BGInfo";
$ExtVer = "2.1";

#IP Config for the NIC
$IPCfg = New-AzVmssIpConfig -Name "Test" `
    -LoadBalancerInboundNatPoolsId $ExpectedLb.InboundNatPools[0].Id `
    -LoadBalancerBackendAddressPoolsId $ExpectedLb.BackendAddressPools[0].Id `
    -SubnetId $SubNetId;

#VMSS Config
$securityTypeStnd = "Standard";
$VMSS = New-AzVmssConfig -Location $LOC -SkuCapacity 2 -SkuName "Standard_E4-2ds_v4" -UpgradePolicyMode "Automatic" -SecurityType $securityTypeStnd `
    | Add-AzVmssNetworkInterfaceConfiguration -Name "Test" -Primary $True -IPConfiguration $IPCfg `
    | Add-AzVmssNetworkInterfaceConfiguration -Name "Test2"  -IPConfiguration $IPCfg `
    | Set-AzVmssOsProfile -ComputerNamePrefix "Test"  -AdminUsername $AdminUsername -AdminPassword $AdminPassword `
    | Set-AzVmssStorageProfile -Name "Test"  -OsDiskCreateOption 'FromImage' -OsDiskCaching "None" `
    -ImageReferenceOffer $Offer -ImageReferenceSku $Sku -ImageReferenceVersion $Version `
    -ImageReferencePublisher $PublisherName -VhdContainer $VHDContainer `
    | Add-AzVmssExtension -Name $ExtName -Publisher $Publisher -Type $ExtType -TypeHandlerVersion $ExtVer -AutoUpgradeMinorVersion $True

#Create the VMSS
New-AzVmss -ResourceGroupName $RGName -Name $VMSSName -VirtualMachineScaleSet $VMSS;

The complex example above creates a VMSS, following is an explanation of what is happening:

• The first command creates a resource group with the specified name and location.
• The second command uses the New-AzStorageAccount cmdlet to create a storage account.
• The third command then uses the Get-AzStorageAccount cmdlet to get the storage account created in the second command and stores the result in the $STOAccount variable.
• The fifth command uses the New-AzVirtualNetworkSubnetConfig cmdlet to create a subnet and stores the result in the variable named $SubNet.
• The sixth command uses the New-AzVirtualNetwork cmdlet to create a virtual network and stores the result in the variable named $VNet.
• The seventh command uses the Get-AzVirtualNetwork to get information about the virtual network created in the sixth command and stores the information in the variable named $VNet.
• The eighth and ninth command uses the New-AzPublicIpAddress and Get- AzureRmPublicIpAddress to create and get information from that public IP address.
• The commands store the information in the variable named $PubIP.
• The tenth command uses the New- AzureRmLoadBalancerFrontendIpConfig cmdlet to create a frontend load balancer and stores the result in the variable named $Frontend.
• The eleventh command uses the New-AzLoadBalancerBackendAddressPoolConfig to create a backend address pool configuration and stores the result in the variable named $BackendAddressPool.
• The twelfth command uses the New-AzLoadBalancerProbeConfig to create a probe and stores the probe information in the variable named $Probe.
• The thirteenth command uses the New-AzLoadBalancerInboundNatPoolConfig cmdlet to create a load balancer inbound network address translation (NAT) pool configuration.
• The fourteenth command uses the New-AzLoadBalancerRuleConfig to create a load balancer rule configuration and stores the result in the variable named $LBRule.
• The fifteenth command uses the New-AzLoadBalancer cmdlet to create a load balancer and stores the result in the variable named $ActualLb.
• The sixteenth command uses the Get-AzLoadBalancer to get information about the load balancer that was created in the fifteenth command and stores the information in the variable named $ExpectedLb.
• The seventeenth command uses the New-AzVmssIpConfig cmdlet to create a VMSS IP configuration and stores the information in the variable named $IPCfg.
• The eighteenth command uses the New-AzVmssConfig cmdlet to create a VMSS configuration object and stores the result in the variable named $VMSS.
• The nineteenth command uses the New-AzVmss cmdlet to create the VMSS.

$ResourceGroupName = 'RESOURCE GROUP NAME';
$vmssName = 'VMSSNAME';
$domainNameLabel = "dnl" + $ResourceGroupName;
# Create credentials, I am using one way to create credentials, there are others as well.
# Pick one that makes the most sense according to your use case.
$vmPassword = ConvertTo-SecureString -String "****" -AsPlainText -Force;
$vmCred = New-Object System.Management.Automation.PSCredential('USERNAME', $vmPassword);

$text = "UserData value to encode";
$bytes = [System.Text.Encoding]::Unicode.GetBytes($text);
$userData = [Convert]::ToBase64String($bytes);
$securityTypeStnd = "Standard";

#Create a VMSS
New-AzVmss -ResourceGroupName $ResourceGroupName -Name $vmssName -Credential $vmCred -DomainNameLabel $domainNameLabel -Userdata $userData -SecurityType $securityTypeStnd;
$vmss = Get-AzVmss -ResourceGroupName $ResourceGroupName -VMScaleSetName $vmssName -InstanceView:$false -Userdata;

Create a VMSS with a UserData value

$rgname = "rgname";
$loc = "eastus";

# VMSS Profile & Hardware requirements for the TrustedLaunch default behavior.
$vmssSize = 'Standard_D4s_v3';
$vmssName1 = 'vmss1' + $rgname;
$imageName = "Win2022AzureEdition";
$adminUsername = "<Username>";
$adminPassword = ConvertTo-SecureString -String "****" -AsPlainText -Force;
$vmCred = New-Object System.Management.Automation.PSCredential ($adminUsername, $adminPassword);

# VMSS Creation
$result = New-AzVmss -Credential $vmCred -VMScaleSetName $vmssName1 -ImageName $imageName -SecurityType "TrustedLaunch";
# Validate that for -SecurityType "TrustedLaunch", "-Vtpm" and -"SecureBoot" are "Enabled/true"
# $result.VirtualMachineProfile.SecurityProfile.UefiSettings.VTpmEnabled;
# $result.VirtualMachineProfile.SecurityProfile.UefiSettings.SecureBootEnabled;

This example Creates a new VMSS with the new Security Type 'TrustedLaunch' and the necessary UEFISettings values, VTpmEnabled and SecureBootEnabled are true. Please check the Trusted Launch feature page for more information.

# Create configuration object
$vmssConfig = New-AzVmssConfig -Location EastUs2 -UpgradePolicyMode Manual -SinglePlacementGroup $true

# VMSS Creation
New-AzVmss -ResourceGroupName TestRg -VMScaleSetName myVMSS -VirtualMachineScaleSet $vmssConfig

This example Creates a new VMSS and it will default to OrchestrationMode Flexible.

$rgname = "<Resource Group>";
$loc = "<Azure Region>";
New-AzResourceGroup -Name $rgname -Location $loc -Force;

$vmssName = 'vmss' + $rgname;
$vmssSize = 'Standard_D4s_v3';
$imageName = "Win2022AzureEdition";
$publisherName = "MicrosoftWindowsServer";
$offer = "WindowsServer";
$sku = "2022-Datacenter-Azure-Edition";
$adminUsername = "<Username>";
$password = "<Password>";

# NRP
$vnetworkName = 'vnet' + $rgname;
$subnetName = 'subnet' + $rgname;
$subnet = New-AzVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix "10.0.0.0/24";
$vnet = New-AzVirtualNetwork -Name $vnetworkName -ResourceGroupName $rgname -Location $loc -AddressPrefix "10.0.0.0/16" -Subnet $subnet;
$vnet = Get-AzVirtualNetwork -Name $vnetworkName -ResourceGroupName $rgname;
$subnetId = $vnet.Subnets[0].Id;

$ipCfg = New-AzVmssIpConfig -Name 'test' -SubnetId $subnetId;

$vmss = New-AzVmssConfig -Location $loc -SkuCapacity 2 -SkuName $vmssSize -UpgradePolicyMode 'Manual' `
    | Add-AzVmssNetworkInterfaceConfiguration -Name 'test' -Primary $true -IPConfiguration $ipCfg `
    | Set-AzVmssOsProfile -ComputerNamePrefix 'test' -AdminUsername $adminUsername -AdminPassword $password;

# Create TL Vmss
$result = New-AzVmss -ResourceGroupName $rgname -VMScaleSetName $vmssName -VirtualMachineScaleSet $vmss;
$vmssGet = Get-AzVmss -ResourceGroupName $rgname -VMScaleSetName $vmssName;

# Verify $vmssGet.VirtualMachineProfile.SecurityProfile.SecurityType is TrustedLaunch.
# Verify $vmssGet.VirtualMachineProfile.SecurityProfile.UefiSettings.VTpmEnabled is True.
# Verify $vmssGet.VirtualMachineProfile.SecurityProfile.UefiSettings.SecureBootEnabled is True.
# Verify $vmssGet.VirtualMachineProfile.StorageProfile.ImageReference.Sku is 2022-Datacenter-Azure-Edition.

The virtual machine scale set above has Trusted Launch enabled by default. Please check the Trusted Launch feature page for more information.

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.