Azure VM Images Guide (2025): Marketplace, Custom Images, & Shared Image Gallery Explained
Every Azure VM starts with an image.
But here’s the catch — choosing the wrong image can cost you money, slow down your deployments, and create inconsistencies that haunt you in production.
I’ve seen teams struggle with VM sprawl because they didn’t have a proper image strategy.
I’ve also seen organizations cut deployment time from 30 minutes to under 3 minutes by switching to the right image approach.
In this guide, I’ll walk you through everything you need to know about Azure VM Images — from quick Marketplace deployments to enterprise-grade Shared Image Galleries.
Whether you’re preparing for AZ-104 certification or building production infrastructure, this is the foundation you need to get right.
Think of VM images as golden templates.
You wouldn’t build a house without blueprints, right?
Same logic applies here.
Your VM image is the blueprint that determines what every virtual machine looks like when it boots up.
Let me show you how to choose, create, and manage VM images like a pro.
What Are Azure VM Images?
An Azure VM Image is a pre-configured package that contains everything needed to create a virtual machine.
It’s not just an operating system — it’s a complete snapshot that includes the OS, configuration files, pre-installed software, and even custom scripts.
Every single VM you deploy in Azure starts from an image. No exceptions.
Here’s what makes an image powerful: consistency.
When you deploy 10 VMs from the same image, you get 10 identical machines.
Same patches, same tools, same configuration.
This is huge for DevOps teams managing infrastructure at scale.
Azure supports three main types of VM images, and understanding when to use each one separates beginners from experienced cloud engineers.
Platform Images come directly from Azure Marketplace.
These are maintained by Microsoft or verified publishers.
Think Windows Server 2022, Ubuntu 22.04 LTS, Red Hat Enterprise Linux — the standard stuff.
Custom Images are your golden images.
You take a VM, install everything your team needs, harden the security, apply patches, and then capture it as an image.
Now you can deploy that exact configuration repeatedly.
Shared Image Gallery (SIG) Images take custom images to the next level.
They add versioning, replication across regions, and enterprise-scale distribution.
This is what you use when you need the same image available in 10 different Azure regions.
Picture this workflow: You start with a Marketplace image to build your first VM.
You configure it perfectly — install Docker, Kubernetes tools, monitoring agents, security patches.
You capture that VM as a custom image.
Then you publish that custom image to a Shared Image Gallery so your entire organization can use it across multiple regions and subscriptions.
That’s the evolution path most DevOps teams follow.
Reflection Question: How many different base configurations are your teams deploying today? Are they truly consistent?
Azure Marketplace Images
The Azure Marketplace is your starting point.
It’s a curated collection of VM images, pre-configured solutions, and templates from Microsoft and trusted publishers.
When you create a VM through the Azure Portal and select an image, you’re browsing the Marketplace.
Behind the scenes, every Marketplace image has a URN (Uniform Resource Name) that uniquely identifies it.
A typical URN looks like this:
Canonical:0001-com-ubuntu-server-jammy:22_04-lts-gen2:latest
Let me break that down for you:
- Publisher: Canonical (Ubuntu’s publisher)
- Offer: 0001-com-ubuntu-server-jammy
- SKU: 22_04-lts-gen2
- Version: latest (or specific like 22.04.202401010)
You can list available images using Azure CLI:
az vm image list --output table --all --publisher Canonical
This command shows you every Ubuntu image available.
In production, always specify exact versions instead of using “latest” — you want predictable deployments.
Here’s a real-world scenario: You’re building a CI/CD pipeline that needs Ubuntu VMs with Azure CLI and kubectl pre-installed.
You could start from scratch every time, or you could use a Marketplace image as your base and layer your customizations on top.
Using Marketplace images via CLI is straightforward:
az vm create \
--resource-group my-rg \
--name build-server-01 \
--image Canonical:0001-com-ubuntu-server-jammy:22_04-lts-gen2:latest \
--admin-username azureuser \
--generate-ssh-keys
Marketplace images are perfect when:
- You need a VM right now for testing or POC work
- You’re deploying standard workloads without custom requirements
- You want Microsoft or the publisher to handle security patches for the base OS
The downside? Every time you deploy, you’re installing the same tools and running the same configuration scripts.
That’s wasted time and introduces drift — tiny differences that creep in over repeated deployments.
Mini Quiz: If you deploy 50 VMs from the same Marketplace image and run different configuration scripts on each, are those VMs truly identical?
(Hint: No, and that’s where custom images save you.)
Custom Images — The Golden Image Approach
This is where professional DevOps engineering begins.
Custom images solve the problem of deployment drift and slow provisioning.
A custom image is your pre-baked VM configuration.
Everything your application needs is already installed, configured, and tested.
When you deploy from a custom image, your VM boots up ready to go — no installation scripts, no waiting for package managers, no surprises.
I’ve built custom images for teams running containerized workloads.
The image included Docker, Kubernetes kubelet and kubectl, Helm, monitoring agents, security tooling, and hardened OS configurations.
Deployment time dropped from 25 minutes to under 4 minutes.
That’s the power of custom images.
How to Create a Custom Image
Here’s how you create one.
Start with a running VM that has everything configured exactly how you want it.
Before capturing the image, you must deprovision the VM to remove machine-specific data.
For Linux VMs, SSH in and run:
sudo waagent -deprovision+user -force
This removes user accounts, SSH keys, hostname, and other unique identifiers.
It’s critical — skip this step and your custom image will have the wrong hostname and SSH keys baked in.
For Windows VMs, you run Sysprep:
C:\Windows\System32\Sysprep\sysprep.exe /generalize /oobe /shutdown
Once the VM shuts down, capture it as an image using Azure CLI:
az vm deallocate --resource-group my-rg --name golden-vm
az vm generalize --resource-group my-rg --name golden-vm
az image create \
--resource-group my-rg \
--name my-golden-image-v1 \
--source golden-vm \
--location eastus
Now you have a reusable custom image.
Deploy new VMs from it:
az vm create \
--resource-group prod-rg \
--name web-server-01 \
--image my-golden-image-v1 \
--admin-username azureuser \
--generate-ssh-keys
Automating Image Creation
Another powerful approach: Azure Image Builder.
This is Microsoft’s managed service for building custom images using a declarative template.
You define what you want — base image, software to install, configuration scripts — and Image Builder handles the rest.
Even better, integrate Packer by HashiCorp into your CI/CD pipeline.
Packer lets you define images as code, version control them, and rebuild them automatically when your configuration changes.
Here’s a simplified Packer template for Ubuntu:
{
"builders": [{
"type": "azure-arm",
"subscription_id": "your-subscription-id",
"managed_image_name": "ubuntu-docker-image",
"location": "eastus",
"vm_size": "Standard_D2s_v3"
}],
"provisioners": [{
"type": "shell",
"inline": [
"sudo apt-get update",
"sudo apt-get install -y docker.io",
"sudo systemctl enable docker"
]
}]
}
Run packer build template.json and you get a production-ready custom image.
Real-World Scenario
Your company runs microservices on Azure VMs.
Every VM needs Docker, your custom logging agent, security policies, and approved SSL certificates.
Instead of running Ansible playbooks on every new VM (slow, error-prone), you bake everything into a custom image.
New VMs boot up production-ready in under 3 minutes.
Quiz Question: If you shut down a VM without running the deprovision command, can you still create a custom image?
Technically yes, but should you use it in production?
Absolutely not — it’ll have the original VM’s identity baked in, causing hostname conflicts and authentication issues.
Custom images give you speed and consistency.
But they create a new challenge — how do you manage versions, replicate across regions, and share with other teams?
That’s where Shared Image Gallery comes in.
Shared Image Gallery (SIG) — Enterprise-Scale Image Management
Shared Image Gallery is Microsoft’s answer to enterprise-scale VM image distribution.
If custom images are good, SIG is what makes them production-ready at scale.
Think of SIG as a Git repository for your VM images.
It adds versioning, replication, lifecycle management, and RBAC (role-based access control).
This is the tool large organizations use to maintain golden images across hundreds of subscriptions and dozens of regions.
SIG Architecture
Here’s the architecture: A Shared Image Gallery is a container that holds multiple Image Definitions.
Each Image Definition represents a type of image (like “Ubuntu-WebServer” or “Windows-AppServer”).
Within each Image Definition, you store multiple Image Versions (1.0.0, 1.1.0, 2.0.0).
When you publish an image version to SIG, you can replicate it to multiple Azure regions.
This means a team in East US and a team in West Europe both deploy from the exact same image — no manual copying, no drift.
Setting Up Shared Image Gallery
Let me show you how to set this up.
First, create a Shared Image Gallery:
az sig create \
--resource-group my-rg \
--gallery-name MyGoldenImages
Next, create an Image Definition (the logical grouping for your image versions):
az sig image-definition create \
--resource-group my-rg \
--gallery-name MyGoldenImages \
--gallery-image-definition Ubuntu-Docker-Base \
--publisher MyOrg \
--offer UbuntuWithDocker \
--sku 22.04-LTS \
--os-type Linux \
--os-state Generalized \
--hyper-v-generation V2
Now publish your custom image as a version in SIG:
az sig image-version create \
--resource-group my-rg \
--gallery-name MyGoldenImages \
--gallery-image-definition Ubuntu-Docker-Base \
--gallery-image-version 1.0.0 \
--managed-image /subscriptions/{sub-id}/resourceGroups/my-rg/providers/Microsoft.Compute/images/my-golden-image-v1 \
--target-regions "eastus=1" "westeurope=1" \
--replica-count 2
Notice the --target-regions parameter? That’s the magic.
You’re replicating this image version to East US and West Europe, with 2 replicas in each region for high availability.
When deploying VMs, reference the SIG image version:
az vm create \
--resource-group prod-rg \
--name app-server-01 \
--image /subscriptions/{sub-id}/resourceGroups/my-rg/providers/Microsoft.Compute/galleries/MyGoldenImages/images/Ubuntu-Docker-Base/versions/1.0.0 \
--admin-username azureuser
Why Enterprises Love SIG
Regional replication means faster VM deployments.
When you create a VM in West Europe, it pulls the image from a local replica instead of copying from another region.
That saves minutes on every deployment.
Versioning lets you roll forward and roll back.
Deploy version 1.0.0 to production. Test version 1.1.0 in staging.
Find a critical bug in 1.1.0? Keep running 1.0.0 in production while you fix it.
RBAC integration means you can control who can create, update, or use images.
Your security team can publish hardened images, and application teams can only consume them — they can’t modify or create new ones.
Real-World Use Case
You’re running Azure Virtual Machine Scale Sets (VMSS) for auto-scaling web applications.
Your VMSS configuration points to a SIG image version.
When traffic spikes and Azure spins up 20 new VMs, they all deploy from the same replicated image in under 2 minutes.
Without SIG, you’d either copy custom images manually or deal with slow Marketplace-based deployments.
Best Practices for SIG
Here’s a critical best practice: Always use semantic versioning for your SIG images.
Start with 1.0.0 for your initial production image.
When you add new software or patches that don’t break compatibility, increment to 1.1.0.
For major changes (like upgrading from Ubuntu 20.04 to 22.04), jump to 2.0.0.
Tag your image versions with metadata:
az sig image-version create \
... \
--tags environment=production app=webserver created-by=devops-team date=2025-01
This makes it easy to identify what’s in each version six months later.
Architecture Example
Your company has three environments — Dev, QA, and Production.
Each environment runs in a different Azure region.
You maintain one Shared Image Gallery with multiple image definitions (WebServer, AppServer, DatabaseServer).
Each definition has versions (1.0.0, 1.1.0, 1.2.0).
Dev uses 1.2.0 for testing new features.
QA validates 1.1.0 before promoting to production.
Production runs the stable 1.0.0 version.
All three environments use the exact same SIG, just different versions.
Callout: SIG is the recommended architecture for any organization deploying more than a handful of VMs. The upfront setup cost pays for itself in operational efficiency.
Marketplace vs Custom Image vs SIG — When to Use What?
Let me give you the decision framework I use in production environments.
Use Marketplace Images When
You need something quick for development, testing, or POC work.
They’re also fine for workloads where Microsoft or the publisher handles patching and you don’t need custom tooling.
Think basic Windows Server deployments or standard Linux VMs for non-critical workloads.
The trade-off? You sacrifice speed and consistency.
Every deployment takes longer because you’re installing software at runtime.
And unless you’re extremely disciplined with configuration management, you’ll get drift over time.
Use Custom Images When
You need consistent environments with pre-installed tooling, but you’re working in a single region or subscription.
Custom images are perfect for small to medium teams that want to eliminate deployment drift without the complexity of enterprise-scale distribution.
You can create custom images quickly, version them with naming conventions (my-image-v1, my-image-v2), and deploy faster than Marketplace-based approaches.
But custom images don’t replicate automatically across regions, and they lack the enterprise features of SIG.
Use Shared Image Gallery When
You’re operating at scale.
Multiple regions, multiple teams, multiple subscriptions.
SIG gives you versioning, replication, RBAC, and lifecycle management.
It’s what you need for production workloads in enterprise environments.
The cost is higher (replication storage, management overhead), and the setup is more complex.
But if you’re deploying dozens or hundreds of VMs regularly, SIG becomes essential infrastructure.
Comparison Framework
Here’s a comparison to make it concrete:
Speed of initial setup: Marketplace wins (zero setup). Custom images require building and capturing. SIG requires creating the gallery, definitions, and versions.
Speed of VM deployment: SIG wins (pre-replicated images). Custom images are second. Marketplace is slowest due to post-deployment configuration.
Consistency: SIG and Custom images tie (100% identical VMs). Marketplace loses due to configuration drift.
Multi-region support: SIG wins with automatic replication. Custom images require manual copying. Marketplace is available everywhere but doesn’t help with custom configurations.
Versioning and rollback: SIG has built-in versioning. Custom images need manual naming conventions. Marketplace versions are controlled by publishers.
Cost: Marketplace has the lowest infrastructure cost (no storage for images). Custom images add storage cost for each image. SIG adds replication and management costs, but reduces deployment time cost.
Real DevOps Guidance
Start every new project with a Marketplace image to get running quickly.
Once you know what tools and configurations you need, capture a custom image.
When your project moves to production or scales across regions, migrate that custom image to a Shared Image Gallery.
For compliance-heavy industries (healthcare, finance, government), custom images and SIG are mandatory.
You can’t rely on Marketplace images because you need to control exactly what’s in the OS, prove it in audits, and maintain that configuration across all environments.
For startups and small teams, custom images hit the sweet spot — better than Marketplace, simpler than SIG.
Reflection Prompt: Walk through your current VM deployments. How long does it take to provision a new VM and get it application-ready? If it’s more than 5 minutes, you need a better image strategy.
Best Practices for Azure VM Images
After years of building and managing VM infrastructure in Azure, here are the practices that actually matter in production.
Patch Your Base Images Regularly
Whether you’re using custom images or SIG, your images age like milk, not wine.
Security vulnerabilities are discovered monthly.
Set a schedule — monthly or quarterly — to rebuild your base images with the latest patches, then test and promote new versions.
Use Azure Image Builder or Packer to automate this.
Check your Marketplace image into a pipeline, apply patches, run security scans, and publish a new SIG version.
Automation here is non-negotiable for security compliance.
Always Deprovision Before Capturing
I can’t stress this enough.
For Linux, run sudo waagent -deprovision+user -force before capturing your VM as an image.
For Windows, run Sysprep with the generalize option.
Skipping this creates images with hardcoded hostnames, SSH keys, and machine identities that cause conflicts when you deploy multiple VMs.
Store Production Images in SIG
Even if you’re not using multi-region replication today, SIG gives you versioning and rollback capabilities that save you during incidents.
When version 2.0.0 of your image breaks production at 2 AM, you can instantly roll back to 1.9.0.
Try doing that with custom images named “my-image-final-v2-really-final.”
Follow Semantic Versioning
Use MAJOR.MINOR.PATCH format.
Increment MAJOR for breaking changes (OS version upgrades), MINOR for backward-compatible additions (new software packages), and PATCH for bug fixes and security patches.
Tag each version with deployment metadata.
Example versioning scheme:
1.0.0 - Initial production release with Ubuntu 22.04, Docker, Nginx
1.0.1 - Security patches applied, no functional changes
1.1.0 - Added Kubernetes tooling, backward compatible
2.0.0 - Upgraded to Ubuntu 24.04, major version bump
Tag Everything
Use Azure resource tags on your images and image versions:
--tags environment=production \
app=webserver \
os=ubuntu-22.04 \
team=platform-engineering \
created=$(date +%Y-%m-%d) \
approved-by=security-team
Six months from now, when someone asks “which image has the April security patches?” tags give you the answer instantly.
Test Images Before Production
Create a deployment pipeline: build image, deploy to test environment, run automated tests (security scans, functionality tests), promote to staging for manual validation, then push to production SIG.
Never deploy untested images directly to production, no matter how “simple” the change seems.
Document Your Image Contents
Maintain a README or Azure DevOps wiki page for each image definition.
List installed packages, configuration changes, security hardening applied, and known limitations.
Your future self (and your teammates) will thank you.
Use Separate Galleries for Environments
Don’t mix dev, staging, and production images in the same SIG.
Create separate galleries with appropriate RBAC.
This prevents accidents where someone accidentally deploys a development image to production.
Set Retention Policies
Don’t keep every image version forever.
Old versions consume storage and complicate your catalog.
Keep the current production version, the previous version for rollback, and maybe one or two older versions for emergency situations.
Delete the rest.
Monitor Image Deployment Metrics
Track how long it takes to deploy VMs from each image type.
If SIG deployments suddenly slow down, you might have replication issues or need more replicas.
Azure Monitor and Log Analytics can alert you to these problems.
Reflection Prompt: How often does your team update base VM images? If it’s less than quarterly, you’re accumulating security debt. If you don’t have a documented process, start building one today.
Real-World DevOps Example Architectures
Let me walk you through three production architectures I’ve implemented using Azure VM images.
Architecture 1: Auto-Scaling Web Application with VMSS and SIG
The scenario: An e-commerce platform needs to handle variable traffic.
During normal hours, 5 VMs are sufficient.
During flash sales, they scale to 50+ VMs in minutes.
The solution uses Azure Virtual Machine Scale Sets configured to deploy from a Shared Image Gallery.
The SIG image contains Ubuntu 22.04, Nginx, application runtime, monitoring agents, and SSL certificates.
Image version 1.2.0 is replicated to three Azure regions.
When traffic spikes, VMSS auto-scale rules trigger.
Azure spins up new VMs from the local SIG replica.
Because everything is pre-installed, VMs reach the load balancer pool in under 2 minutes.
The application scales smoothly without deployment delays.
The image pipeline: Developers commit application changes.
CI pipeline builds a new Docker image.
Separately, a monthly pipeline rebuilds the base VM image using Packer, applies security patches, and publishes version 1.3.0 to SIG.
After staging validation, VMSS configuration updates to use 1.3.0.
Auto-scale events now deploy the updated image.
This architecture eliminates the old problem where auto-scale was too slow to handle traffic spikes.
The pre-baked SIG image made scaling feel instant.
Architecture 2: Multi-Region DevOps Build Agents
The scenario: A development team spans North America, Europe, and Asia.
They need build agents in each region for fast CI/CD pipelines.
The solution uses a single Shared Image Gallery with one image definition: “BuildAgent-Ubuntu.”
This image contains Azure CLI, kubectl, Terraform, Docker, and all development tooling.
Version 1.0.0 is replicated to US East, West Europe, and Southeast Asia with 3 replicas per region.
When developers commit code, Azure DevOps triggers pipeline runs.
The pipeline requests a build agent in the developer’s closest region.
Azure provisions a VM from the local SIG replica.
The agent boots, registers with Azure DevOps, runs the build, and deallocates.
Because the build tools are pre-installed, the agent is online in under 90 seconds.
Compare that to installing tools at runtime (5-7 minutes).
Multiply by hundreds of daily builds, and you’ve saved hours of compute time and developer waiting.
The team maintains image versions for stability.
Version 1.0.0 runs production pipelines.
Version 1.1.0-beta tests new tooling.
When 1.1.0 proves stable, they update pipeline configurations to use it.
Architecture 3: Blue-Green Deployment Using Image Versions
The scenario: A financial services application must maintain 99.99% uptime during deployments.
Traditional rolling updates create too much risk.
The solution uses blue-green deployment with SIG image versions.
Production currently runs on version 1.5.0 behind a load balancer (the “blue” environment).
When it’s time to deploy changes, they build image version 1.6.0 and create a new scale set (the “green” environment).
The green environment deploys fully, running health checks and integration tests while blue handles production traffic.
Once green passes validation, they update the load balancer to route traffic to green.
Blue remains running for 24 hours as a rollback option.
If issues arise, they switch traffic back to blue instantly.
After the green environment runs successfully for a week, they deallocate the blue environment.
Version 1.6.0 becomes the new blue, and the cycle repeats for the next deployment.
This architecture uses SIG versioning as the foundation for zero-downtime deployments.
Each environment is a complete rebuild from a versioned image, eliminating the drift and state management issues of in-place updates.
Visual Suggestions
Diagram concept for Architecture 1: Show a Shared Image Gallery in the center with image replicas flowing to three regional VMSS deployments.
Auto-scale rules connect to Azure Monitor metrics.
New VMs deploy from local replicas, then join a load balancer pool.
Use dark navy background with cyan connection lines.
Diagram concept for Architecture 2: Show a horizontal pipeline: Code commit triggers pipeline, which requests build agent, Azure provisions VM from nearest SIG replica, VM runs build tasks, then deallocates.
Show three regions (US, EU, APAC) each with SIG replicas and build agent pools.
Diagram concept for Architecture 3: Show two parallel environments (blue and green) each deployed from different SIG image versions.
A load balancer sits above both, with a switching mechanism.
Show health check validation between green deployment and traffic cutover.
These architectures work because they treat VM images as code — versioned, tested, replicated, and deployed through automated pipelines.
Common Mistakes to Avoid
Learn from these mistakes so you don’t make them yourself.
I’ve seen each of these cause production incidents.
Mistake 1: Using Old Marketplace Images Without Version Control
Teams deploy from Marketplace using “latest” in their automation scripts.
Microsoft publishes a new Ubuntu LTS version with a kernel update that breaks their application.
All new VM deployments fail, and nobody knows what changed because “latest” moved under them.
Fix: Pin specific image versions in production infrastructure. Test new versions in staging before updating.
Mistake 2: Not Version-Controlling Custom Images
A team builds custom images and names them “app-server-image-final” and “app-server-image-final-v2” and eventually “app-server-image-final-v2-really-final-fixed.”
When they need to rollback after a bad deployment, nobody knows which image was actually in production last week.
Fix: Use semantic versioning from day one. Implement image-as-code workflows where image builds are tracked in Git alongside the scripts that create them.
Mistake 3: Not Replicating SIG Images to Target Regions
A team creates a Shared Image Gallery in East US and publishes images there.
They deploy VMs in West Europe.
Azure copies the image at deployment time, adding 10+ minutes to every VM creation.
Their auto-scale is useless because new VMs take too long to provision.
Fix: Replicate SIG image versions to every region where you deploy VMs. Use at least 2 replicas per region for high availability.
Mistake 4: Not Deprovisioning VMs Before Capturing Images
Someone captures a Linux VM as a custom image without running waagent deprovision.
They deploy 10 VMs from that image.
All 10 VMs have the same hostname and SSH host keys.
SSH throws warnings, monitoring systems can’t distinguish between instances, and networking breaks in subtle ways.
Fix: Always run deprovision commands before capturing. Document this in runbooks. Add automated checks in your image building pipelines.
Mistake 5: Using Unmanaged Images in Production
Azure supported unmanaged disks and images in the past, but they’re deprecated.
Teams still using unmanaged images face performance limitations, replication challenges, and eventual migration pain.
Fix: Use managed disks and managed images exclusively. If you have legacy unmanaged images, migrate them to SIG now before Azure forces the issue.
Mistake 6: Ignoring Image Storage Costs
A team builds custom images for every minor configuration change.
They store 50+ image versions across multiple regions without cleanup.
Storage costs balloon to thousands per month for images nobody uses.
Fix: Implement retention policies. Keep current production, previous version for rollback, and maybe 2-3 older versions for emergencies. Delete everything else.
Mistake 7: No Testing Pipeline for Images
Teams build images, publish to SIG, and immediately update production VMSS to use them.
An image with a bad configuration reaches production.
VMs fail to boot. Auto-scale creates more broken VMs. Incident escalates.
Fix: Test images in non-production environments first. Deploy to a test VMSS, run health checks, validate application functionality, then promote to production.
Every one of these mistakes is preventable with proper DevOps practices — version control, testing, documentation, and automation.
Cost and Performance Optimization Notes
Azure VM images impact both your Azure bill and your operational performance.
Let’s talk numbers.
Image Storage Costs
Image storage costs are based on managed disk snapshot pricing.
A typical custom image might be 30-50 GB.
In US regions, that’s roughly $2-3 per month per image.
Not expensive for a single image, but multiply by versions and regions and you can hit hundreds per month if you’re not cleaning up.
SIG replication adds cost.
Each replica is essentially a full copy of the image stored in that region.
If you replicate a 40 GB image to 5 regions with 2 replicas each, you’re storing 400 GB total.
That’s about $16-20 per month.
For organizations with dozens of image versions, this adds up.
The Business Case
Compare that $20/month for SIG replication against the time saved in deployments.
If pre-replicated images save 5 minutes per VM deployment, and you deploy 100 VMs per month, that’s 500 minutes of compute time saved.
At typical VM pricing, you’re saving more in compute costs than you’re spending on storage.
Deployment Performance
Deployment performance is where images really shine.
Marketplace-based deployment with post-configuration scripts: 15-20 minutes to fully provision.
Custom image deployment: 5-7 minutes.
SIG deployment with regional replicas: 2-3 minutes.
For auto-scaling scenarios, this is game-changing.
Imagine your web application suddenly gets featured on social media.
Traffic spikes 10x in 5 minutes.
With Marketplace images, your auto-scale can’t keep up — new VMs take too long to provision.
With SIG images, you scale from 5 VMs to 50 VMs in under 10 minutes total.
Your application stays responsive. You don’t lose customers.
Hidden Cost Savings
The hidden cost savings: failed deployments cost money.
Every time a VM deployment fails halfway through because a package repository is down or a script times out, you’ve burned compute time and engineer time.
Pre-baked images eliminate most deployment failures because everything is already installed and tested.
Pipeline Efficiency
Pipeline efficiency improves too.
Your CI/CD pipelines that spin up build agents or test environments run faster.
Faster pipelines mean developers get feedback quicker, ship features faster, and iterate more.
That’s velocity you can’t easily measure in dollars, but it’s real business value.
Real-World Impact
One team I worked with measured the impact:
Before custom images, they deployed about 200 VMs per week with a 12% failure rate and 18-minute average deployment time.
After migrating to SIG with tested images, failure rate dropped to under 2%, and deployment time fell to 4 minutes.
That’s approximately 2800 minutes saved per week, equivalent to almost 47 hours.
At burdened engineer cost of $75/hour, that’s $3500 per week in time savings, or over $180,000 annually.
Compare that to the SIG costs of maybe $500-1000/month for storage and replication.
The ROI is obvious.
Optimization Tips
Keep your images lean.
Don’t install software you don’t need.
Every GB adds storage cost and deployment time.
Audit your images regularly and remove unused packages.
Use SIG only for images you actually deploy from.
Development experiments and one-off configurations don’t need SIG — keep them as basic custom images.
Set lifecycle policies.
Azure doesn’t auto-delete old image versions, so implement a policy: keep current + previous + emergency rollback versions, delete everything else monthly.
Monitor deployment metrics.
Azure Monitor can track VM deployment success rates and times.
Set alerts for deployments taking longer than expected — that usually indicates replication issues or image problems.
For massive scale (thousands of VMs), work with Azure support on increasing SIG replica counts in regions where you deploy heavily.
More replicas mean more concurrent deployments without throttling.
The bottom line: Azure VM images are an upfront investment in infrastructure that pays continuous dividends in speed, reliability, and operational efficiency.
FAQ Section
What is an Azure VM Image?
An Azure VM Image is a pre-configured template that contains an operating system, configuration files, and optionally pre-installed software.
Every Azure Virtual Machine is deployed from an image, whether it’s a Marketplace image provided by Microsoft and publishers, a custom image you’ve created, or an image stored in a Shared Image Gallery.
The image acts as the blueprint that determines what your VM looks like when it first boots up.
What is the difference between Marketplace and Custom Images?
Marketplace Images are pre-built, ready-to-use templates provided by Microsoft and verified publishers like Canonical (Ubuntu), Red Hat, and others.
They contain standard operating system installations without custom configurations.
Custom Images are created by capturing a configured VM that you’ve set up with your specific tools, security settings, and applications.
Marketplace images are faster to start with but require additional configuration at deployment time.
Custom images take longer to create initially but deploy faster and ensure consistency across all your VMs.
What is Shared Image Gallery in Azure?
Shared Image Gallery (SIG) is Azure’s enterprise solution for managing, versioning, and distributing VM images at scale.
It provides versioning for images (similar to versioning code), replication across multiple Azure regions for faster deployments, and role-based access control for governance.
SIG is the recommended approach for organizations that need to deploy the same image across multiple regions, subscriptions, or teams while maintaining strict version control and compliance.
How do I create a custom VM image?
To create a custom VM image, start with a running VM that has your desired configuration.
For Linux, SSH into the VM and run sudo waagent -deprovision+user -force to remove machine-specific data.
For Windows, run Sysprep with the generalize option.
Then deallocate the VM using az vm deallocate, mark it as generalized with az vm generalize, and finally capture it as an image with az image create.
The resulting image can be used to deploy identical VMs.
For production workflows, consider using Azure Image Builder or Packer to automate image creation with repeatable, version-controlled processes.
Does SIG support versioning?
Yes, Shared Image Gallery has built-in versioning support.
Each image definition in SIG can have multiple versions, typically following semantic versioning (1.0.0, 1.1.0, 2.0.0).
You can maintain multiple versions simultaneously, allowing different environments to use different versions.
For example, development might test version 2.0.0 while production runs the stable 1.5.0.
This enables controlled rollouts, easy rollbacks when issues arise, and clear tracking of what changed between versions.
Each version can have its own tags and metadata describing the contents and deployment history.
How do you replicate VM images across regions?
VM image replication across regions is a core feature of Shared Image Gallery.
When you publish an image version to SIG, you specify target regions using the --target-regions parameter.
Azure automatically replicates the image to those regions, and you can specify the number of replicas per region for availability.
For example: --target-regions "eastus=2" "westeurope=2" "southeastasia=1" replicates the image to three regions with different replica counts.
Replicas are created asynchronously, and once complete, VMs deployed in those regions pull the image from local storage, dramatically reducing deployment time compared to cross-region copying at deployment time.
Conclusion
Your VM image strategy determines your deployment reliability, speed, compliance posture, and operational scalability in Azure.
Start with the basics: understand when Marketplace images are enough, when to invest in custom images, and when to adopt Shared Image Gallery for enterprise distribution.
Build images like you build code — version them, test them, document them, and automate their creation.
Your future self debugging a production incident at 3 AM will thank you for having clear version history and the ability to roll back instantly.
Remember that images are living infrastructure.
They age, accumulate security debt, and need regular updates.
Set a cadence for rebuilding and promoting new versions.
Make it part of your operational rhythm, not a quarterly fire drill.
The teams that master Azure VM images deploy faster, scale more reliably, and sleep better at night knowing their infrastructure is consistent across every environment.
👉 Ready to dive deeper into Azure Virtual Machines?
Check out the upcoming “Azure Virtual Machines — Zero to Hero” free course on TheDevOpsTooling, where we’ll cover everything from basic VM concepts to advanced scaling patterns, monitoring, and cost optimization.
We’ll build production-ready infrastructure together, one hands-on lesson at a time.
Until then, start small — capture one custom image this week.
Deploy from it.
See how much faster and more consistent your VMs become.
That’s your first step toward infrastructure excellence.
Written by Srikanth Ch, Senior DevOps Engineer at TheDevOpsTooling — making cloud infrastructure accessible through practical, experience-driven education.