# Create a new encrypted windows vm from gallery image.

Last updated: 10-11-2015

This template creates a new encrypted windows vm using the server 2k12 gallery image.

Parameter Name Description
vmName Name of the virtual machine
adminUsername Admin user name for the virtual machine
adminPassword Admin user password for virtual machine
newStorageAccountName Storage account to store os vhd
vmStorageContainerName Name of the storage account container to store os vhd
vmSize Size of VM
virtualNetworkName Name of VNET to which the VM NIC belongs to
subnetName Name of Subnet to which the VM NIC belongs to
aadClientID Client ID of AAD app which has permissions to KeyVault
aadClientSecret Client Secret of AAD app which has permissions to KeyVault
keyVaultName Name of the KeyVault to place the volume encryption key
keyVaultResourceGroup Resource group of the KeyVault
useExistingKek Select kek if the secret should be encrypted with a key encryption key and pass explicit keyEncryptionKeyURL. For nokek, you can keep keyEncryptionKeyURL empty.
keyEncryptionKeyURL URL of the KeyEncryptionKey used to encrypt the volume encryption key

Use the template


New-AzureRmResourceGroupDeployment -Name <deployment-name> -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/azure/azure-quickstart-templates/master/201-encrypt-create-new-vm-gallery-image/azuredeploy.json
Install and configure Azure PowerShell

Command line

azure config mode arm
azure group deployment create <my-resource-group> <my-deployment-name> --template-uri https://raw.githubusercontent.com/azure/azure-quickstart-templates/master/201-encrypt-create-new-vm-gallery-image/azuredeploy.json
Install and Configure the Azure Cross-Platform Command-Line Interface