Provision an Azure virtual machine using an Azure RM template

Last Update: 6/14/2017

Team Services | TFS 2017 | TFS 2015 | Previous versions: XAML Build, Release

In just a few steps, you can provision Azure virtual machines (VMs) using Resource Manager (RM) templates. Managing the definitions for virtual machines in this way is considered Infrastructure as code and is a good DevOps practice.

Get set up

Begin with a CI build

Before you begin, you need a CI build that creates your Azure RM template. To set up CI, see:

Create an Azure RM connection

Follow these steps to establish a connection from Team Foundation Server or Visual Studio Team Services to Azure. You need an Azure subscription.

  1. Open your Team Services or TFS team project in a web browser. Choose the Settings icon in the menu bar and select Services.

  2. In the Services tab, choose New Service Endpoint and select Azure Resource Manager.

  3. Enter a user-friendly name for the connection and select your Azure subscription.

    If the subscription you require is not shown in the service endpoint dialog, see Azure Resource Manager service endpoint for more information and Troubleshoot Azure Resource Manager service endpoints.

    Or, if you prefer to use an existing service principal, use the link near the bottom to open the full version of the dialog and follow these steps:

    • Download and run this PowerShell script in an Azure PowerShell window.
    • Enter a user-friendly name for the connection.
    • Copy these fields from the output of the PowerShell script into the Azure subscription dialog textboxes:
      • Subscription ID
      • Subscription Name
      • Service Principal ID
      • Service Principal Key
      • Tenant ID

  4. Choose OK to save the Azure service endpoint.

Create the release definition

Carry out the following steps to deploy the Azure Resource Group.

  1. Open the Releases tab of the Build & Release hub and choose the "+" icon to create a new release definition.

  2. In the Create release definition dialog, select the Empty template and choose Next.

  3. In the next page, select the build definition you created earlier and choose Create. This creates a new release definition with one default environment.

  4. In the new release definition, select + Add tasks and add an Azure Resource Group Deployment task. Optionally edit the name to help identify the task, such as Provision Windows 2012 R2 VM.

  5. Configure the Azure Resource Group Deployment task as follows:

    Task step Parameters
    Azure Resource Group Deployment
    Deploy: Azure Resource Group Deployment
    Deploy files to an Azure Resource Group.
    Azure Subscription: Select the name of the Azure Resource Manager endpoint you defined earlier.
    Action: Create or Update Resource Group.
    Resource Group: Enter a name for a new resource group, or specify an existing resource group.
    Template location: The path of the Resource Manager template; for example: $(System.DefaultWorkingDirectory)\ASPNet4.CI\drop\HelloWorldARM\Templates\WindowsVirtualMachine.json.
    Template Parameters: The path of the Resource Manager template parameters file; for example $(System.DefaultWorkingDirectory)\ASPNet4.CI\drop\HelloWorldARM\Templates\WindowsVirtualMachine.parameters.json.
    Override Template Parameters: A list of values for the parameters in the template; for example: -adminUsername $(vmuser) -adminPassword (ConvertTo-SecureString -String $(vmpassword) -AsPlainText -Force) -dnsNameForPublicIP $(dns)'.
    Enable Deployment Prerequisites: Checked.
    Output - Resource Group: The name of the Resource Group output from the task as a value that can be used as an input to further deployment tasks.

    Checking the Enable Deployment Prerequisites checkbox configures WinRM on the virtual machine and enables execution of remote PowerShell scripts, which may be required to deploy an application. Also notice the use of ConvertTo-SecureString to specify the value for adminPassword. You must do this because adminPassword is defined as a SecureString type in the Resource Manager template file.

  6. If you used variables in the parameters of the Azure Resource Group Deployment task, such as vmuser, vmpassword, and dns, set the values for them in the environment configuration variables. Encrypt the value of vmpassword by selecting the "padlock" icon.

  7. Enter a name for the release definition and save it.

  8. Create a new release, select the latest build, and deploy it to the single environment.


I use Team Foundation Server on-premises and I don't see some of these features. Why not?

Some of these features are available only on Visual Studio Team Services and not yet available on-premises. Some features are available on-premises if you have upgraded to the latest version of TFS.

Help and support