Share via

Azure Image builder failure when preparing an image update for my VMSS

Martin Madanski 0 Reputation points
2026-02-11T13:22:06.48+00:00

Hi,

I have created VMSS to run and scale my Windows services application.

Now I'm trying to automate the process of rolling updates for the application using the Azure Image Builder. A did all prerequisites steps - settings permissions, etc. registering services.

I prepared a json template that uses my current image used for the VMSS, update it with some powershell commands (for now I just create a folder to have a proofe-of-concept that everything works).

I create an image build template - RestApiUpdateTemplate, then start the image build process whick unfortunately fails.

In the Activity logs of the temporary staging resource group (IT_rg-we-scalable-convert_RestApiUpdateTemp_b486fb06-4d79-4170-bab6-965ed5e492e7) the step that fails is Create Deployment/Create or Update Virtual Machine with Bad Request with status message:

The provided gallery image only supports creation of VMs and VM Scale Sets with 'TrustedLaunch' security type.

Can you help me sort this problem.

Best Regards,

Martin Madanski.

Azure Virtual Machine Scale Sets
Azure Virtual Machine Scale Sets

Azure compute resources that are used to create and manage groups of heterogeneous load-balanced virtual machines.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jilakara Hemalatha 11,600 Reputation points Microsoft External Staff Moderator
    2026-02-11T13:42:12.4966667+00:00

    Hello Martin,

    Thank you for reaching out Q/A. The failure you are encountering is caused by a security-type mismatch between the source Azure Compute Gallery image and the temporary virtual machine that Azure Image Builder creates during the build process.

    Your current gallery image was created with Trusted Launch enabled. Images with this security type can only be used to create VMs or VM Scale Sets that also explicitly request Trusted Launch. When Azure Image Builder attempts to deploy its staging VM without those settings, the platform blocks the deployment with the error:

    “The provided gallery image only supports creation of VMs and VM Scale Sets with ‘TrustedLaunch’ security type.”

    This is expected behavior, as Trusted Launch images contain security state (Secure Boot / vTPM) and must remain aligned with the VM security profile.

    To resolve the issue, you can use one of the following supported approaches:

    Recommended: Recreate the image definition as TrustedLaunchSupported (Gen2). This allows Azure Image Builder to use the image for customization workflows while still enabling Trusted Launch when deploying the VM Scale Set.

    Configure the build VM to explicitly use Trusted Launch (securityType=TrustedLaunch, Secure Boot, and vTPM enabled) so that it matches the source image requirements.

    If the image was captured from an already Trusted Launch–enabled VM, rebuild it from a Gen2 base image without embedded guest state so it can be used as a TrustedLaunchSupported image in automated pipelines.

    This behavior aligns with current Azure platform security requirements and recent changes that increasingly default Gen2 deployments to Trusted Launch for enhanced protection.

    Reference: Enable Trusted launch on existing Azure Gen2 VMs

    Trusted Launch for Azure virtual machines

    Enable Trusted launch on existing Uniform scale set

    Hope this helps! Please let me know if you have any queries in comments.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.