Blog Post

Create Azure VM using template

Tuesday, December 6, 2016 1:23 PM

I will take you through the process. I have come across multiple blogs that do cover this topic, but they are mostly out of date. Curtesy of Microsoft Azure team, that is moving so fast, that we bloggers have hard time to keep up to date.


For this article I will assume that you are familiar with VSTS and you have basic knowledge of azure.

Possibilities that I know about

We have two options how to create a VM in Azure

  1. File definition of VM that gets applied.
  2. VM Image - (not covered in this article)

VSTS Setup

Follow these steps to establish a connection from Team Foundation Server or Visual Studio Team Services to Azure.

You need an Azure subscription to perform these steps.

  1. Open your Team Services or TFS team project in your web browser. Choose the settings icon Settings icon in the menu bar and select Services.

    Open the Services settings page

  2. In the Services tab, choose New Service Endpoint and select Azure Resource Manager.

    Adding a new Azure service endpoint

  3. Enter a user-friendly name for the connection such as WebSite-CI-Azure and select your Azure subscription.

    Configuring the service endpoint for Azure Active Directory

    If the subscription you require is not shown in the service endpoint dialog, see Azure Resource Manager service endpoint for more information and Troubleshoot Azure Resource Manager service endpoints.

    Or, if you prefer to use an existing service principal, use the link near the bottom to open the full version of the dialog and follow these steps:

    • Download and run this PowerShell in an Azure PowerShell window.
    • Enter a user-friendly name for the connection such as WebSite-CI-Azure. This is useful, when you have multiple subscriptions.
    • Copy these fields from the output of the PowerShell script into the Azure subscription dialog textboxes:
      • Subscription ID
      • Subscription Name
      • Service Principal ID
      • Service Principal Key
      • Tenant ID


    Configuring an Azure endpoint using a certificate

  4. Choose OK to save the Azure service endpoint.

Azure Multiple environment recomendation

Create new resource group for each environment that you are using. This way it is easier to tally up how much each environment costs.

Project setup

I have found online that configuration of the Azure VM is being defined in Project.

I have existing sample solution with simple website. Lets go and add Cloud Resource definition project.

Missing project template

Missing project template

This is not very helpful, I need the template in order to proceed with setup.

I have noticed that Visual Studio has updates pending. Lets have a look on what it is.


I need to run Azure, so lets install Azure SDK suggesting it will add some new features that we are interested in. So just proceed with the update. The installation exe file is just pointer for Web Platform Installer about 100K to download, of course the installation itself is bigger. In order to proceed with the installation, you will need to shut down your respective Visual Studio.


This version of SDK has new project templates. You can read the release notes here:


SDK installed

Successful installation

So after installation of new update for Azure we have missing project template defined.

Configuration and build

I have created a default configuration when prompted.

Note that the order of VM might be different at the point when you are working on this.


Also you will notice that once the project gets created, It will create multiple files inside.


Loads more templates and examples may be found here:

So the final project setup looks like this

Build and Azure deployment

So far we have spent all the time creating the configuration, setting up our solution, in order for us to have the definitions stored as code definition with our solution. Now we will need to modify the build steps to deploy our configuration into Azure.

Build setup

At this stage I assume that you know how to setup VSTS build for continuous integration.

Once you have defined the build configuration, we have to ensure that we have included Task:

Publish Artifact 

This step ensure that the compiled version is associated with successful build and should be last in task list

As we can see, we have successful (green) build.

One of the tabs we have with the build is Artifacts tab, with one directory called drop. This folder can be accessed using explorer(can preview the files only) or download the files as zip.


After completing this we can see that we have the new project being stored with the build.

Release configuration

Lets setup our variables, which we are going to use as part of our release process. 

Those variables cannot be used as part of our build stage and therefore we need to define the in release configuration.

Now we have variables we can use them


This syntax means we can store our variables separate from the steps process. Also you may have noticed that the vmpassword variable is obfuscated by stars. This is done by clicking on the lock icon on right side of the row. This does not mean is encrypted just obfuscated, how ever if you try to use the password in any script, it may be revealed in log.

Release artefact

In order for us to use the artefact from our build we need to associate it with the release.

In release configuration screen we need to setup the link using the Link an artifact source link.

Also If you link to wrong project or source you will not be able to trigger the build or paths will not match. I have found the hard way when I had linked to incorrect source.

Release tasks

Now I have everything I need in order to add a new task. Lets click on Add tasks and select the following 

Azure Deployment: Create or Update Resource Group

Follow the fields as given until the template.

Now my template fields are:




Template Parameters



Override Template Parameters

-adminUsername $(vmuser) -adminPassword (ConvertTo-SecureString -String $(vmpassword) -AsPlainText -Force) 


you might need the dns, which depends on what version of template you have

-dnsNameForPublicIP $(dns)

Checking the Enable Deployment Prerequisites checkbox configures WinRM on the virtual machine and enables execution of remote PowerShell scripts, which may be required to deploy an application.
Also notice the use of ConvertTo-SecureString to specify the value for adminPassword. You must do this because adminPassword is defined as a SecureString type in the Resource Manager template file.

Providing you have added correct paths and correct links, you will be able to trigger release build

One blog which covers most of the steps is