Merge pull request #295334 from anishtrakru/dtl-vmdefaultsize

VM Default Size Enhancement Update

Author: Stacyrch140

articles/devtest-labs/TOC.yml

@@ -149,6 +149,8 @@
       href: devtest-lab-add-claimable-vm.md
     - name: Configure secrets
       href: devtest-lab-store-secrets-in-key-vault.md
+    - name: Configure lab level secrets
+      href: devtest-lab-configure-lab-level-secrets.md
     - name: Attach and detach data disks
       href: devtest-lab-attach-detach-data-disk.md
     - name: Define start order for lab VMs

articles/devtest-labs/devtest-lab-add-vm.md

@@ -34,9 +34,20 @@ You need at least [user](devtest-lab-add-devtest-user.md#devtest-labs-user) acce
    - **Use a saved secret**: Select this checkbox to use a secret from Azure Key Vault instead of a password to access the VM. If you select this option, under **Secret**, select the secret to use from the dropdown list. For more information, see [Store secrets in a key vault](devtest-lab-store-secrets-in-key-vault.md). 
    - **Password**: If you don't choose to use a secret, enter a VM password between 8 and 123 characters long.
    - **Save as default password**: Select this checkbox to save the password in the Key Vault associated with the lab.
-   - **Virtual machine size**: Keep the default value for the base, or select **Change Size** to select different sizes.
-   - **Hibernation**: Select **Enabled** to enable hibernation for this virtual machine. If you enable Hibernation, you also must select **Public IP** in the Advanced settings as Private and Shared IP are currently not supported if Hibernation is enabled.
+   - **Virtual machine size**: Keep the default value for the base, or select **Change Size** to select different sizes. Here is how the default VM Size is selected:
+       - If the **Configuration and policies** -> **Allowed virtual machine sizes** list has **All sizes** selected, then:
+           - If the **Image Base** selected during VM creation has x64 architecture, then the default size selected is **D4s_v5**.
+           - If the **Image Base** selected during VM creation has ARM64 architecture, then the default size selected is **D4pls_v5**.
+       - If the **Configuration and policies** -> **Allowed virtual machine sizes** list only has limited **Selected sizes**, then:
+           - If the **Image Base** selected during VM creation has x64 architecture and D4s_v5 VM size is selected in the **Allowed virtual machine sizes** list, then the default size selected is **D4s_v5**.
+           - If the **Image Base** selected during VM creation has ARM64 architecture and D4pls_v5 VM size is selected in the **Allowed virtual machine sizes** list, then the default size selected is **D4pls_v5**.
+           -  If the **Image Base** selected during VM creation has x64 architecture but D4s_v5 VM size is not selected in the **Allowed virtual machine sizes** list, or if the **Image Base** selected during VM creation has ARM64 architecture but D4pls_v5 VM size is not selected in the **Allowed virtual machine sizes** list, then:
+               - if a 4 core non-premium CPU size is available, then the first available 4 core non-premium CPU size is selected by default
+               - if no 4 core non-premium CPU size is available, then the first available 4 core CPU size is selected by default
+               - if no 4 core CPU size is available, then the first available CPU size is selected by default
+   - **Allow hibernation**: Select this option to enable hibernation for the virtual machine. If you enable Hibernation, you also must select **Public IP** in the Advanced settings as Private and Shared IP are currently not supported if Hibernation is enabled.
    - **OS disk type**: Keep the default value for the base, or select a different option from the dropdown list.
+   - **Security type**: Select **Trusted Launch** to enable it for Gen2 VMs. On selecting Trusted Launch When the options Secure boot, vTPM, and Integrity Monitoring appear, select the appropriate options for your deployment. For more information, see [Trusted Launch-enabled security features](https://learn.microsoft.com/azure/virtual-machines/trusted-launch#secure-boot).
    - **Artifacts**: This field shows the number of artifacts already configured for this VM base. Optionally, select **Add or Remove Artifacts** to select and configure artifacts to add to the VM.
 
    :::image type="content" source="./media/devtest-lab-add-vm/portal-lab-vm-basic-settings.png" alt-text="Virtual machine basic settings page.":::

articles/devtest-labs/devtest-lab-configure-lab-level-secrets.md

@@ -0,0 +1,48 @@
+---
+title: Configure Lab Level Secrets in Azure DevTest Labs
+description: Learn how to configure lab level secrets in Azure DevTest Labs.
+ms.topic: how-to
+ms.author: anishtrakru
+author: RoseHJM
+ms.date: 02/06/2025
+ms.custom: UpdateFrequency2
+---
+
+# Configure Lab Level Secrets in Azure DevTest Labs
+
+The lab level secrets in Azure DevTest Labs help streamline the creation and management of virtual machines (VMs). They are effective at reducing overhead on the lab users and can be leveraged while creating VMs,  creating formulas, and for use by certain artifacts.
+
+> [!IMPORTANT]
+> **Lab Level Secrets** is currently in preview in Azure DevTest Labs. For more information about the preview status, see the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). The document defines legal terms that apply to Azure features that are in beta, in preview, or otherwise not yet released into general availability.
+
+Security and simplicity remain a top priority for platform engineers and lab users in the ever-evolving landscape of cloud computing. Azure DevTest Labs has traditionally provided capabilities for lab users such as using their own secrets or passwords to access the VMs. This approach burdens the lab user with the responsibility to create and manage their own secrets and passwords. In scenarios in which all lab users use the same secret or password to access the VMs within a lab, the process of creating and managing the same secret or password by each user becomes redundant. That’s where lab level secrets fill the gap - it allows the lab users to use centralized lab secrets to access the VMs within the lab. If the common secret or password used across the lab needs to be updated at a later point in time, then that can be achieved seamlessly. Additionally, lab level secrets can also be used while creating formulas and by certain artifacts that require use of secrets, passwords or PATs for their execution.
+
+This article explains how to configure Lab Level Secrets in Azure DevTest Labs.
+
+## Configure a lab level secret
+
+### Prerequisite
+
+You need at least [owner](devtest-lab-add-devtest-user.md#owner) or [contributor](devtest-lab-add-devtest-user.md#contributor) access to a lab in DevTest Labs to configure a lab level secret.
+
+### Configure a lab level secret within a lab
+
+1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Search for **DevTest Labs**.
+1. From the list of labs, select the lab you want.
+1. Select **Configuration and policies** -> **Lab secrets**. 
+1. On the **Lab secrets** page, select **Add**.
+
+   :::image type="content" source="./media/devtest-lab-add-vm/portal-lab-add-vm.png" alt-text="Screenshot of lab overview page showing add button." lightbox="./media/devtest-lab-add-vm/portal-lab-add-vm.png":::
+
+1. On the **Create a lab secret** pane, provide the following information:
+    - **Name**: Enter a name for the secret.
+    - **Value**: Enter the value of the secret. You see this name in the drop-down list when creating a VM, formula, or while adding certain artifacts that require a token or password.
+    - **Scope**:
+        - **Formulas & virtual machines**: Select this option if you want to use the secret to access VMs.
+        If you select this option, another option to use this secret as default password will become visible. Select **Use this secret as default password** to use this secret as the default password
+        - **Artifacts**: Select this option if you want the secret to be used by certain artifacts.
+
+    :::image type="content" source="./media/devtest-lab-gen2-vm/dev-test-lab-gen-2-images.png" alt-text="Screenshot of list of available base images."  lightbox="./media/devtest-lab-gen2-vm/dev-test-lab-gen-2-images.png":::
+    
+    - Select **Create** to create the secret.

articles/devtest-labs/devtest-lab-gen2-vm.md

@@ -45,8 +45,9 @@ You need at least [user](devtest-lab-add-devtest-user.md#devtest-labs-user) acce
    - **Password**: If you don't choose to use a secret, enter a VM password between 8 and 123 characters long.
    - **Save as default password**: Select this checkbox to save the password in the Key Vault associated with the lab.
    - **Virtual machine size**: Keep the default value for the base, or select **Change Size** to select different sizes.
-   - **Hibernation**: Select **Enabled** to enable hibernation for this virtual machine, or select **Disabled** to disable hibernation for this virtual machine. If you enable Hibernation, you also must select **Public IP** in the Advanced settings as Private and Shared IP are currently not supported if Hibernation is enabled.
+   - **Allow hibernation**: Select this option to enable hibernation for the virtual machine. If you enable Hibernation, you also must select **Public IP** in the Advanced settings as Private and Shared IP are currently not supported if Hibernation is enabled.
    - **OS disk type**: Keep the default value for the base, or select a different option from the dropdown list.
+   - **Security type**: Select **Trusted Launch**. When the options Secure boot, vTPM, and Integrity Monitoring appear, select the appropriate options for your deployment. For more information, see [Trusted Launch-enabled security features](https://learn.microsoft.com/azure/virtual-machines/trusted-launch#secure-boot).
    - **Artifacts**: This field shows the number of artifacts already configured for this VM base. Optionally, select **Add or Remove Artifacts** to select and configure artifacts to add to the VM.
 
    :::image type="content" source="./media/devtest-lab-add-vm/portal-lab-vm-basic-settings.png" alt-text="Screenshot of virtual machine basic settings page." lightbox="./media/devtest-lab-add-vm/portal-lab-vm-basic-settings.png":::

articles/devtest-labs/devtest-lab-hibernate-vm.md

@@ -55,8 +55,9 @@ You need at least [user](devtest-lab-add-devtest-user.md#devtest-labs-user) acce
    - **Password**: If you don't choose to use a secret, enter a VM password between 8 and 123 characters long.
    - **Save as default password**: Select this checkbox to save the password in the Key Vault associated with the lab.
    - **Virtual machine size**: Keep the default value for the base, or select **Change Size** to select different sizes.
-   - **Hibernation**: Select **Enabled** to enable hibernation for this virtual machine. If you enable Hibernation, you also must select **Public IP** in the Advanced settings as Private and Shared IP are currently not supported if Hibernation is enabled.
+   - **Allow hibernation**: Select this option to enable hibernation for this virtual machine. Once you select Hibernation, you also must select **Public IP** in the Advanced settings as Private and Shared IP are currently not supported if Hibernation is enabled.
    - **OS disk type**: Keep the default value for the base, or select a different option from the dropdown list.
+   - **Security type**: Select **Trusted Launch** to enable it for Gen2 VMs. On selecting Trusted Launch When the options Secure boot, vTPM, and Integrity Monitoring appear, select the appropriate options for your deployment. For more information, see [Trusted Launch-enabled security features](https://learn.microsoft.com/azure/virtual-machines/trusted-launch#secure-boot).
    - **Artifacts**: This field shows the number of artifacts already configured for this VM base. Optionally, select **Add or Remove Artifacts** to select and configure artifacts to add to the VM.
 
    :::image type="content" source="./media/devtest-lab-add-vm/portal-lab-vm-basic-settings.png" alt-text="Screenshot showing virtual machine basic settings page.":::

articles/devtest-labs/devtest-lab-trusted-launch.md

@@ -0,0 +1,59 @@
+---
+title: Trusted Launch for Virtual Machines in Azure DevTest Labs
+description: Learn how to use Trusted Launch for Generation 2 virtual machines (VMs) in Azure DevTest Labs.
+ms.topic: how-to
+ms.author: anishtrakru
+author: RoseHJM
+ms.date: 02/13/2025
+ms.custom: UpdateFrequency2
+---
+
+# Trusted Launch for Generation 2 VMs in Azure DevTest Labs
+
+Trusted Launch provides a seamless solution to enhance the security of Generation 2 (Gen 2) virtual machines (VMs) by protecting against advanced and persistent attack techniques. This feature is composed of several coordinated infrastructure technologies that can be enabled independently, each adding an additional layer of defense against sophisticated threats. With Trusted Launch, you can securely deploy VMs with verified boot loaders, operating system (OS) kernels, and drivers, as well as protect keys, certificates, and secrets within the VMs. Additionally, it offers insights and confidence in the integrity of the entire boot chain, ensuring that workloads are trusted and verifiable.
+
+To learn more about Trusted Launch, please visit [Trusted Launch for Azure VMs](https://learn.microsoft.com/azure/virtual-machines/trusted-launch)
+
+This article explains how to use Trusted Launch for Gen 2 VMs in Azure DevTest Labs.
+
+> [!IMPORTANT]
+> **Trusted Launch** for Generation 2 VMs is currently in preview in Azure DevTest Labs. For more information about the preview status, see the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). The document defines legal terms that apply to Azure features that are in beta, in preview, or otherwise not yet released into general availability.
+
+## Create lab virtual machines with Trusted Launch for Generation 2 VMs
+
+### Prerequisite
+
+You need at least [user](devtest-lab-add-devtest-user.md#devtest-labs-user) access to a lab in DevTest Labs. For more information about creating labs, see [Create a lab in the Azure portal](devtest-lab-create-lab.md).
+
+### Create a Gen 2 VM with Trusted Launch
+
+1. In the [Azure portal](https://portal.azure.com), go to the **Overview** page for the lab.
+
+1. On the lab **Overview** page, select **Add**.
+
+   :::image type="content" source="./media/devtest-lab-add-vm/portal-lab-add-vm.png" alt-text="Screenshot of lab overview page showing add button." lightbox="./media/devtest-lab-add-vm/portal-lab-add-vm.png":::
+
+1. On the **Choose a base** page, select a Generation 2 image for the VM. The **Generation** column in the list of images displays whether it is a Generation 1 or Generation 2 image.
+
+    :::image type="content" source="./media/devtest-lab-gen2-vm/dev-test-lab-gen-2-images.png" alt-text="Screenshot of list of available base images."  lightbox="./media/devtest-lab-gen2-vm/dev-test-lab-gen-2-images.png":::
+
+1. On the **Basics Settings** tab of the **Create lab resource** screen, provide the following information:
+
+   - **Virtual machine name**: Keep the autogenerated name, or enter another unique VM name.
+   - **User name**: Keep the user name, or enter another user name to grant administrator privileges on the VM.
+   - **Use a saved secret**: Select this checkbox to use a secret from Azure Key Vault instead of a password to access the VM. If you select this option, under **Secret**, select the secret to use from the dropdown list. For more information, see [Store secrets in a key vault](devtest-lab-store-secrets-in-key-vault.md). 
+   - **Password**: If you don't choose to use a secret, enter a VM password between 8 and 123 characters long.
+   - **Save as default password**: Select this checkbox to save the password in the Key Vault associated with the lab.
+   - **Virtual machine size**: Keep the default value for the base, or select **Change Size** to select different sizes.
+   - **Allow hibernation**: Select this option to enable hibernation for this virtual machine. If you enable Hibernation, you also must select **Public IP** in the Advanced settings as Private and Shared IP are currently not supported if Hibernation is enabled.
+   - **OS disk type**: Keep the default value for the base, or select a different option from the dropdown list.
+   - **Security type**: Select **Trusted Launch**. When the options Secure boot, vTPM, and Integrity Monitoring appear, select the appropriate options for your deployment. For more information, see [Trusted Launch-enabled security features](https://learn.microsoft.com/azure/virtual-machines/trusted-launch#secure-boot).
+   - **Artifacts**: This field shows the number of artifacts already configured for this VM base. Optionally, select **Add or Remove Artifacts** to select and configure artifacts to add to the VM.
+
+   :::image type="content" source="./media/devtest-lab-add-vm/portal-lab-vm-basic-settings.png" alt-text="Screenshot of virtual machine basic settings page." lightbox="./media/devtest-lab-add-vm/portal-lab-vm-basic-settings.png":::
+
+1. After you configure all settings, on the **Basic Settings** tab of the **Create lab resource** screen, select **Create** to deploy the VM.
+
+During VM deployment, you can select the **Notifications** icon at the top of the screen to see progress. Creating a VM takes a while.
+
+When the deployment is complete, if you kept yourself as VM owner, the VM appears under **My virtual machines** on the lab **Overview** page. To connect to the VM, select it from the list, and then select **Connect** on the VM's **Overview** page. If the VM is stopped, select **Start** first to start the VM.