Title: Issue with Trusted Launch in Azure Fluent SDK

Question

I'm currently working on a C# application using the Azure Fluent SDK to create a virtual machine from a captured image. The code works well for standard scenarios, but I'm facing challenges when trying to set the Trusted Launch property for the virtual machine. I'm using azure fluent sdk and there is no security type for trusted launch in Microsoft azure management fluent sdk

     public void DOCreateVMFromImage()
    {
        string captureimage = "Image1";
        string vmName = "Test-4";
        string resourceGrp = "TESTVMGROUP";
        string resource = "TESTVMGROUP"; 
        string adminUsername = "Student1";
        string adminPassword = "student1Excel";
        var location = Region.USEast;
        var vNetName = "VNET-Fluent";
        var vNetAddress = "172.16.0.0/16";
        var subnetName = "Subnet-Fluent";
        var subnetAddress = "172.16.0.0/24";
        var nicName = "NICVM";
        var publicIPName = "Test4publicIp";
        var nsgName = "NSGi-Fluent";
        var sharedImageGalleryName = "NewImages";  // Replace with your actual gallery name
        var sharedImageDefinitionName = "Image1";  // Replace with your actual image definition name
        var sharedImageVersion = "0.0.1";

        var credentials = SdkContext.AzureCredentialsFactory
                .FromFile("../../../azure-configuration.json");

        var azure = Azure.Authenticate(credentials).WithDefaultSubscription();

        // Get the captured image
        var capturedImage = azure.GalleryImages.GetByGallery(resource, sharedImageGalleryName,                      sharedImageDefinitionName);
        
        if (capturedImage != null)
        {
            //  var resourceGroup = azure.ResourceGroups.Define(resource)
            //.WithRegion(capturedImage.Region)
            //.Create();
            //capturedImage.o
            Console.WriteLine($"Creating virtual network {vNetName} ...");
            var network = azure.Networks.Define(vNetName)
                .WithRegion(capturedImage.Location)
                .WithExistingResourceGroup(resource)
                .WithAddressSpace(vNetAddress)
                .WithSubnet(subnetName, subnetAddress)
                .Create();

            Console.WriteLine($"Creating public IP {publicIPName} ...");
            var publicIP = azure.PublicIPAddresses.Define(publicIPName)
                .WithRegion(capturedImage.Location)
                .WithExistingResourceGroup(resource)
                .Create();
            //You need a network security group for controlling the access to the VM
            Console.WriteLine($"Creating Network Security Group {nsgName} ...");
            Console.WriteLine($"Creating Network Security Group {nsgName} ...");
            var nsg = azure.NetworkSecurityGroups.Define(nsgName)
                .WithRegion(capturedImage.Location)
                .WithExistingResourceGroup(resource)
                
                .DefineRule("Allow-RDP")
                    .AllowInbound()
                    .FromAnyAddress()
                    .FromAnyPort()
                    .ToAnyAddress()
                    .ToPort(3389)
                    .WithProtocol(SecurityRuleProtocol.Tcp)
                    .WithPriority(100)
                    .Attach()
                .Create();

            Console.WriteLine($"Creating network interface {nicName} ...");
            var nic = azure.NetworkInterfaces.Define(nicName)
                     .WithRegion(capturedImage.Location)
                     .WithExistingResourceGroup(resource)
                     .WithExistingPrimaryNetwork(network)
                     .WithSubnet(subnetName)
                     .WithPrimaryPrivateIPAddressDynamic()
                     .WithExistingPrimaryPublicIPAddress(publicIP)
                     .WithExistingNetworkSecurityGroup(nsg)
                     
                     .Create();
            Console.WriteLine($"Creating a new VM using {captureimage}...");

            SecurityProfile objsec = new SecurityProfile();

           

        var newVM = azure.VirtualMachines.Define(vmName)
                                             .WithRegion(capturedImage.Location)
                                             .WithExistingResourceGroup(resource)
                                             .WithExistingPrimaryNetworkInterface(nic)
                                             .WithWindowsCustomImage(capturedImage.Id)
                                             .WithAdminUsername(adminUsername)
                                             .WithAdminPassword(adminPassword)
                                             .WithComputerName(vmName)
                                             .WithSize(VirtualMachineSizeTypes.StandardD2sV3)
                                             .Create();
            newVM.Restart();
            Console.WriteLine("Successfully created a new VM: {0}!", vmName);
            Console.WriteLine("Press any key to exit...");
            Console.ReadLine();
        }
    }

I'm using the Azure Fluent SDK to create a virtual machine from a captured image in C#. The code is working fine for standard scenarios, but I'm having trouble setting the Trusted Launch property for the virtual machine.

Answer 1

Issue with Trusted Launch in Azure Fluent SDK

According to this Document the Microsoft.Azure.Management.Fluent is deprecated. you need to use Azure.ResourceManager package to create a Azure VM with trusted launch enabled with Azure SDK in C#.

You can use the below C# sample code to create an Azure VM with trusted launch enabled.

Code:

using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Compute;
using Azure;
using Azure.ResourceManager.Compute.Models;


ArmClient armClient = new ArmClient(new DefaultAzureCredential());
SubscriptionResource subscription = await armClient.GetDefaultSubscriptionAsync();

string rgName = "your-resource-group-name";
ResourceGroupResource resourceGroup = await subscription.GetResourceGroups().GetAsync(rgName);
VirtualMachineCollection vmCollection = resourceGroup.GetVirtualMachines();
string vmName = "your-virtual-machine-name";
VirtualMachineData input = new VirtualMachineData(resourceGroup.Data.Location)
{
    HardwareProfile = new VirtualMachineHardwareProfile()
    {
        VmSize = VirtualMachineSizeType.StandardB2S
    },
    OSProfile = new VirtualMachineOSProfile()
    {
        AdminUsername = "xxx",
        AdminPassword = "xxx",
        ComputerName = "your-vm-name"

    },
    NetworkProfile = new VirtualMachineNetworkProfile()
    {
        NetworkInterfaces =
        {
            new VirtualMachineNetworkInterfaceReference()
            {
                Id = new ResourceIdentifier("/subscriptions/xxxx/resourceGroups/xxxx/providers/Microsoft.Network/networkInterfaces/xxxx"),
                Primary = true,
            }
        }
    },
    StorageProfile = new VirtualMachineStorageProfile()
    {
        OSDisk = new VirtualMachineOSDisk(DiskCreateOptionType.FromImage)
        {
            OSType = SupportedOperatingSystemType.Windows,
            Caching = CachingType.ReadWrite,
            ManagedDisk = new VirtualMachineManagedDisk()
            {
                StorageAccountType = StorageAccountType.StandardLrs
            }
        },
        ImageReference = new ImageReference()
        {
            Publisher = "xxx",
            Offer = "xxx",
            Sku = "xxxx",
            Version = "xxx",
        }
    },
    SecurityProfile = new SecurityProfile()
    {
        SecurityType = "TrustedLaunch",
        UefiSettings = new UefiSettings()
        {
            IsSecureBootEnabled = true,
            IsVirtualTpmEnabled = true,
        },
        EncryptionAtHost= true
    }
};
ArmOperation<VirtualMachineResource> lro = await vmCollection.CreateOrUpdateAsync(WaitUntil.Completed, vmName, input);
VirtualMachineResource vm = lro.Value

The above code executed and created the Azure VM with using identity and Azure.ResourceManager package.

Output:

Reference:

• Enable Trusted launch on existing VMs - Azure Virtual Machines | Microsoft Learn
• Azure-samples-net-management/samples/compute/create-virtual-machine at master · Azure-Samples/azure-samples-net-management · GitHub