Skip to content

Add Trusted Launch security type support to New-AzMigrateServerReplication#29201

Open
shreyasmalims wants to merge 2 commits intoAzure:mainfrom
shreyasmalims:tvm-powershell
Open

Add Trusted Launch security type support to New-AzMigrateServerReplication#29201
shreyasmalims wants to merge 2 commits intoAzure:mainfrom
shreyasmalims:tvm-powershell

Conversation

@shreyasmalims
Copy link

@shreyasmalims shreyasmalims commented Feb 25, 2026

Description

This PR adds support for Trusted Launch security type for Azure Migrate server replication.

Changes made:

  • Added TargetSecurityType parameter to specify security type for Azure VM (Standard or TrustedLaunch)
  • Added TargetVMSecureBootEnabled parameter to control secure boot on target VM
  • Implemented security profile configuration logic that automatically enables TPM when TrustedLaunch is selected
  • Added validation to ensure SecureBoot is only used with TrustedLaunch security type
  • Removed unnecessary Az.Compute module import that was redundant
  • Removed disk encryption set configuration from data disks in DefaultUser mode

Design decisions:

  • When TargetSecurityType is set to "TrustedLaunch" without explicitly setting TargetVMSecureBootEnabled, secure boot is automatically enabled (defaults to "true")
  • TPM is automatically enabled when security type is TrustedLaunch
  • SecureBoot parameter throws an error if used without TrustedLaunch security type

This implementation is based on the changes from AsrOneSdk/azure-powershell PR #37 which was never merged.

ChangeLog:

* Added support for Trusted Launch security type in New-AzMigrateServerReplication
  - Added TargetSecurityType parameter to specify VM security type (Standard or TrustedLaunch)
  - Added TargetVMSecureBootEnabled parameter to control secure boot setting

Checklist

  • SHOULD select appropriate branch. Cmdlets from Autorest.PowerShell should go to generation branch.
  • SHOULD make the title of PR clear and informative, and in the present imperative tense.
  • SHOULD update ChangeLog.md file(s) appropriately
    • For any service, the ChangeLog.md file can be found at src/{{SERVICE}}/{{SERVICE}}/ChangeLog.md
    • A snippet outlining the change(s) made in the PR should be written under the ## Upcoming Release header in the past tense. Add changelog in description section if PR goes into generation branch.
    • Should not change ChangeLog.md if no new release is required, such as fixing test case only.
  • SHOULD have approved design review for the changes in this repository (Microsoft internal only) with following situations
    • Create new module from scratch
    • Create new resource types which are not easy to conform to Azure PowerShell Design Guidelines
    • Create new resource type which name doesn't use module name as prefix
    • Have design question before implementation
  • SHOULD regenerate markdown help files if there is cmdlet API change. Instruction
  • SHOULD have proper test coverage for changes in pull request.
  • SHOULD NOT introduce breaking changes in Az minor release except preview version.
  • SHOULD NOT adjust version of module manually in pull request

Copilot AI review requested due to automatic review settings February 25, 2026 08:09
@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Feb 25, 2026

Thanks for your contribution! The pull request validation has started. Please revisit this comment for updated status.

@isra-fel
Copy link
Member

isra-fel commented Feb 25, 2026

/azp run

@azure-pipelines
Copy link
Contributor

azure-pipelines bot commented Feb 25, 2026

Azure Pipelines successfully started running 3 pipeline(s).

@shreyasmalims
Copy link
Author

shreyasmalims commented Feb 25, 2026

@microsoft-github-policy-service agree company="Microsoft"

Copilot AI reviewed Feb 25, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request adds support for Trusted Launch security type to the New-AzMigrateServerReplication cmdlet in the Azure Migrate module. The feature enables users to configure Azure VMs with enhanced security capabilities during migration, including TPM and Secure Boot settings.

Changes:

  • Added two new parameters (TargetSecurityType and TargetVMSecureBootEnabled) to specify VM security configuration
  • Implemented logic to automatically enable TPM and default Secure Boot to "true" when TrustedLaunch is selected
  • Added validation to prevent using Secure Boot with non-TrustedLaunch security types

@NoriZC NoriZC self-assigned this Mar 2, 2026
@github-actions
Copy link

github-actions bot commented Mar 2, 2026

This PR was labeled "needs-revision" because it has unresolved review comments or CI failures.
Please resolve all open review comments and make sure all CI checks are green. Refer to our guide to troubleshoot common CI failures.

@isra-fel
Copy link
Member

isra-fel commented Mar 2, 2026

/azp run

@azure-pipelines
Copy link
Contributor

azure-pipelines bot commented Mar 2, 2026

Azure Pipelines successfully started running 3 pipeline(s).

@NoriZC
Copy link
Collaborator

NoriZC commented Mar 3, 2026
edited
Loading

@shreyasmalims please update the changelog and consider whether new examples are needed for generating a new doc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@NoriZC NoriZC NoriZC left review comments

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@NoriZC NoriZC

Labels

needs-revision

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@shreyasmalims @isra-fel @NoriZC