--- myst: html_meta: "description lang=en": "Kasm Workspaces with Microsoft Windows in Azure." "keywords": "Kasm, Compute, Server, Configuration, RDP, Windows, Microsoft, Azure" "property=og:locale": "en_US" --- ```{title} Azure ``` #### Azure ```{important} The following instructions utilize the Azure CLI. You can open the CLI in the Azure web portal and run these commands directly. See Microsoft's [instructions](https://learn.microsoft.com/en-us/azure/cloud-shell/quickstart?source=recommendations&tabs=azurecli) for basic usage of the Azure Cloud Shell environment. ``` The next step in the AutoScale Configuration is the VM Provider Details page. 1. Select **Azure** from the Provider Drop Down. 2. Provide a name for your configuration. 3. Enter a Subscription ID, Resource Group, and Tenant ID. 4. Enter the Client ID and Client Secret created by following the [Azure App Registration](../../compute/pools.md#register-azure-app) instructions. 5. Select the Azure Authority from the drop down. Most users will select **Azure Public Cloud**. 6. Enter the region name, you can use the following Azure CLI command to list available regions, use the Name column. ```bash az account list-locations -o table ``` 7. Enter the **Maximum Instances**. This puts an upper limit on the number of VMs this auto scale configuration can create. 8. Enter a VM Size by name. Use the following Azure CLI command to list all VM sizes available in the desired region. ```bash az vm list-sizes --location "westus" ``` 9. Enter the OS [Disk Type](https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types), using the [Azure Disk Type SKU](https://learn.microsoft.com/en-us/rest/api/storagerp/srp_sku_types). The following is the current list of available type names. Not all disk SKUs are compatible with all VM size types. | Disk Type Name | |-----------------| | Standard_LRS | | Standard_GRS | | Standard_RAGRS | | Standard_ZRS | | Premium_LRS | | Premium_ZRS | | Standard_GZRS | | Standard_RAGZRS | 10. Enter the **OS Disk Size**, in gigabytes. The size need to be at least the size of the target OS Image Reference, defined in the next field. 11. Enter the **OS Image Reference** JSON. Use the following Azure CLI command to list images in the JSON format expected by Kasm. Note that these are default Azure provided images, however, you will most likely need to create a Custom Image. ```bash # List Windows Server Editions using the offline list (faster) az vm image list --architecture x64 --location westus --offer WindowsServer # Search the full Marketplace for Desktop versions of Windows az vm image list --architecture x64 --location westus --all --publisher MicrosoftWindowsDesktop ``` Here is an example of an OS Image Reference JSON value returned by one of the above queries that can be used. ```json { "architecture": "x64", "offer": "windows-ent-cpc", "publisher": "MicrosoftWindowsDesktop", "sku": "win11-22h2-ent-cpc-os", "urn": "MicrosoftWindowsDesktop:windows-ent-cpc:win11-22h2-ent-cpc-os:22621.963.221213", "version": "22621.963.221213" } ``` 12. Check the **Image is Windows** checkbox. 13. Enter the target **Network Security Group**. In the Azure portal, find your Network Security Group, go to Properties, and find the Resource ID field. 14. Enter the target **Subnet**. In the Azure portal, find your subnet, go to Properties, and find the Resource ID field. 15. Check the **Assign Public IP** box if you desire your VMs to have public IP addresses. It is more secure to not have public IP addresses assigned. Kasm will provide a secure way to provide access to private systems and therefore, it is not strictly necessary to have a public IP. 16. Optionally provide additional tags for the VM, use empty `{}` brackets if no additional tags are needed. 12. Enter a public SSH Key, this is required even for Windows systems. 13. Enter a PowerShell startup script. Azure does not automatically run this script on startup like other cloud providers. You will need to create Custom Image in order for the startup script to execute on boot. The following example will create a local user account using the **Connection Username** and **Connection Password** fields specified on the previous screen. This is only relevant if you are using static credentials and will not work [Active Directory](../authentication.md) integration. ```powershell $pass = ConvertTo-SecureString -String "{connection_password}" -AsPlainText -Force New-LocalUser -Name {connection_username} -Description 'Programatically generated Kasm user account' -Password $pass -PasswordNeverExpires -AccountNeverExpires | Add-LocalGroupMember -Group administrators | Add-LocalGroupMember -Group "Remote Desktop Users" Start-Service -Name "Audiosrv" ``` 14. Enter a **Config Override** as JSON. In the example we used Windows 11, which requires SecureBoot to be enabled an the securityType to be set to TrustedLaunch. This is not required for older versions of Windows such as Windows 10 and therefore it is not required to provide override settings for those cases. ```json { "virtual_machine": { "properties": { "securityProfile": { "uefiSettings": { "secureBootEnabled": true, "vTpmEnabled": true }, "securityType": "TrustedLaunch" } } } } ```