Azure
diff --git a/‎src/azure-cli/azure/cli/command_modules/vm/_params.py‎
Lines changed: 1 addition & 1 deletion b/‎src/azure-cli/azure/cli/command_modules/vm/_params.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/azure-cli/azure/cli/command_modules/vm/_template_builder.py‎
Lines changed: 8 additions & 6 deletions b/‎src/azure-cli/azure/cli/command_modules/vm/_template_builder.py‎
Lines changed: 8 additions & 6 deletions
diff --git a/‎src/azure-cli/azure/cli/command_modules/vm/custom.py‎
Lines changed: 7 additions & 1 deletion b/‎src/azure-cli/azure/cli/command_modules/vm/custom.py‎
Lines changed: 7 additions & 1 deletion
@@ -442,7 +442,7 @@ def load_arguments(self, _):
         c.argument('ephemeral_os_disk_placement', arg_type=ephemeral_placement_type,
                    help='Only applicable when used with `--size`. Allows you to choose the Ephemeral OS disk provisioning location.')
         c.argument('enable_hibernation', arg_type=get_three_state_flag(), min_api='2021-03-01', help='The flag that enable or disable hibernation capability on the VM.')
-        c.argument('security_type', arg_type=get_enum_type(["TrustedLaunch"], default=None), min_api='2022-11-01', help='Specify the security type of the virtual machine.')
+        c.argument('security_type', arg_type=get_enum_type(["TrustedLaunch", "Standard"], default=None), min_api='2022-11-01', help='Specify the security type of the virtual machine.')
 
     with self.argument_context('vm create') as c:
         c.argument('name', name_arg_type, validator=_resource_not_exists(self.cli_ctx, 'Microsoft.Compute/virtualMachines'))
 
@@ -675,11 +675,12 @@ def _build_storage_profile():
 
     # The `Standard` is used for backward compatibility to allow customers to keep their current behavior
     # after changing the default values to Trusted Launch VMs in the future.
-    from ._constants import COMPATIBLE_SECURITY_TYPE_VALUE
-    if security_type is not None and security_type != COMPATIBLE_SECURITY_TYPE_VALUE:
+    if security_type is not None:
         vm_properties['securityProfile']['securityType'] = security_type
 
-    if enable_secure_boot is not None or enable_vtpm is not None:
+    from ._constants import COMPATIBLE_SECURITY_TYPE_VALUE
+    if security_type != COMPATIBLE_SECURITY_TYPE_VALUE and (
+            enable_secure_boot is not None or enable_vtpm is not None):
         vm_properties['securityProfile']['uefiSettings'] = {
             'secureBootEnabled': enable_secure_boot,
             'vTpmEnabled': enable_vtpm
@@ -1506,11 +1507,12 @@ def build_vmss_resource(cmd, name, computer_name_prefix, location, tags, overpro
 
     # The `Standard` is used for backward compatibility to allow customers to keep their current behavior
     # after changing the default values to Trusted Launch VMs in the future.
-    from ._constants import COMPATIBLE_SECURITY_TYPE_VALUE
-    if security_type is not None and security_type != COMPATIBLE_SECURITY_TYPE_VALUE:
+    if security_type is not None:
         security_profile['securityType'] = security_type
 
-    if enable_secure_boot is not None or enable_vtpm is not None:
+    from ._constants import COMPATIBLE_SECURITY_TYPE_VALUE
+    if security_type != COMPATIBLE_SECURITY_TYPE_VALUE and (
+            enable_secure_boot is not None or enable_vtpm is not None):
         security_profile['uefiSettings'] = {
             'secureBootEnabled': enable_secure_boot,
             'vTpmEnabled': enable_vtpm
 
@@ -1597,6 +1597,7 @@ def update_vm(cmd, resource_group_name, vm_name, os_disk=None, disk_caching=None
         vm.storage_profile.os_disk.managed_disk.id = disk_id
         vm.storage_profile.os_disk.name = disk_name
 
+    from ._constants import COMPATIBLE_SECURITY_TYPE_VALUE
     if security_type == "TrustedLaunch":
         from azure.cli.core.azclierror import InvalidArgumentValueError
         if vm.security_profile is not None and vm.security_profile.security_type == "ConfidentialVM":
@@ -1615,6 +1616,11 @@ def update_vm(cmd, resource_group_name, vm_name, os_disk=None, disk_caching=None
             if vm.security_profile is None:
                 vm.security_profile = SecurityProfile()
             vm.security_profile.security_type = security_type
+    elif security_type == COMPATIBLE_SECURITY_TYPE_VALUE:
+        if vm.security_profile is None:
+            vm.security_profile = SecurityProfile()
+        vm.security_profile.security_type = security_type
+        vm.security_profile.uefi_settings = None
 
     if write_accelerator is not None:
         update_write_accelerator_settings(vm.storage_profile, write_accelerator)
@@ -1683,7 +1689,7 @@ def update_vm(cmd, resource_group_name, vm_name, os_disk=None, disk_caching=None
     if proximity_placement_group is not None:
         vm.proximity_placement_group = {'id': proximity_placement_group}
 
-    if enable_secure_boot is not None or enable_vtpm is not None:
+    if security_type != COMPATIBLE_SECURITY_TYPE_VALUE and (enable_secure_boot is not None or enable_vtpm is not None):
         if vm.security_profile is None:
             vm.security_profile = SecurityProfile()