Compute Disks and images field-manual-complete field-manual operator-field-manual

VM image offer

A VM image offer is one part of the name Azure uses to identify a Marketplace VM image. Think of the publisher as the company, the offer as the product family, the SKU as the specific edition or generation, and the version as the exact build. When automation creates VMs, the offer helps select the right operating system or appliance family. Using the wrong offer can deploy a different image than expected or fail because plan terms and SKUs do not match.

Back to glossary browser Open Microsoft Learn source
Aliases
image offer, Marketplace image offer, Azure VM offer, imageReference offer, VM offer
Difficulty
intermediate
CLI mappings
5
Last verified
2026-05-28

Microsoft Learn

A VM image offer is the Marketplace product family for related virtual machine images from one publisher. In an Azure image URN, the offer sits between publisher and SKU, helping teams choose the correct operating system, appliance, or vendor image family for repeatable deployments.

Microsoft Learn: Find Azure Marketplace image information using the Azure CLI2026-05-28

Technical context

Technically, the offer is a field in Marketplace image discovery and in URN-style image references: publisher:offer:sku:version. Azure CLI, ARM, Bicep, Terraform, and VM creation workflows use it when selecting marketplace images. Offers are location-aware and publisher-specific, so availability can vary by region and over time. The concept sits in the compute image supply chain, alongside publisher, SKU, version, purchase-plan metadata, policy allow lists, and Azure Compute Gallery image definitions used for private standardization.

Why it matters

VM image offers matter because image selection is a supply-chain decision, not just a convenience string. The offer helps automation distinguish Windows Server from SQL Server images, Ubuntu server families from appliance images, and vendor products that require purchase-plan acceptance. A wrong offer can break deployments, violate licensing expectations, miss a security baseline, or create inconsistent VM fleets across regions. For platform teams, tracking allowed offers is part of standard image governance. For application teams, it determines compatibility, patch cadence, support ownership, and whether the deployed VM matches the documented architecture. It also gives platform, security, finance, and application teams a shared checklist for ownership, evidence, rollback, and production readiness review.

Where you see it

Signals, screens, and Azure surfaces where this term usually becomes operational.

Signal 01

In Azure CLI image discovery, az vm image list-offers returns offer names for a selected publisher and region before SKU and version selection in automation.

Signal 02

In ARM, Bicep, or Terraform, imageReference.offer identifies the Marketplace image family used when creating a VM or scale set from a managed template or module.

Signal 03

In deployment errors, an invalid or unavailable offer often appears beside publisher, SKU, version, location, and purchase-plan details when image lookup fails during rollout validation.

When this becomes relevant

Specific situations where this term helps solve real Azure design, operations, migration, security, reliability, cost, or governance problems.

  • Choose the correct Marketplace image family for automated VM builds without guessing publisher-offer-SKU strings.
  • Standardize approved operating-system or appliance offers in platform templates and policy allow lists.
  • Diagnose regional deployment failures caused by an offer that is unavailable or spelled differently in that location.
  • Verify purchase-plan metadata before deploying paid or licensed Marketplace images in CI/CD pipelines.
  • Compare candidate image families during migration when teams must match OS generation, vendor support, and compliance baselines.

Real-world case studies

Different enterprise-style examples that show the term being used to hit measurable objectives.

Case study 01

SaaS provider removes image guesswork from regional rollout

SaaS provider removes image guesswork from regional rollout: The image offer is the product-family anchor that makes VM image references precise enough for reliable automation.

Scenario

A B2B SaaS provider failed VM deployments in a new region because engineers reused an old Ubuntu offer string from another environment.

Business/Technical Objectives
  • Discover the correct image offer for each target region.
  • Replace guessed image strings with reviewed URNs in infrastructure code.
  • Prevent pipeline failures caused by unavailable offer, SKU, or version combinations.
  • Create a repeatable process for future OS upgrades.
Solution Using VM image offer

The platform team made VM image offer discovery a required preflight step. CLI listed publishers, offers, SKUs, and versions in each target region, then image show verified the final URN. The chosen publisher:offer:sku:version values were committed to Bicep parameters with comments explaining support status and architecture. A pipeline check compared requested offers against an approved catalog and failed fast when a region did not expose the selected offer. Test VMs validated boot behavior, extension installation, and patch readiness before production rollout.

Results & Business Impact
  • Regional deployment failures from bad image references fell from seven per release to zero.
  • OS image approval time dropped from three days to one day because evidence was standardized.
  • The same offer catalog now supports production, staging, and disaster-recovery subscriptions.
  • Engineers stopped using undocumented latest examples from wiki pages.
Key Takeaway for Glossary Readers

The image offer is the product-family anchor that makes VM image references precise enough for reliable automation.

Case study 02

Manufacturing appliance migration validates paid image terms

Manufacturing appliance migration validates paid image terms: A VM image offer is often where marketplace licensing and regional availability become real deployment constraints.

Scenario

A manufacturing plant moved a vendor firewall appliance to Azure and hit CI/CD failures because the selected offer required marketplace terms.

Business/Technical Objectives
  • Identify the exact offer, SKU, version, and purchase-plan requirements.
  • Accept required terms once per subscription before automated deployment.
  • Confirm the offer existed in both primary and recovery regions.
  • Document license ownership before production cutover.
Solution Using VM image offer

Cloud engineering used VM image offer discovery to walk the Marketplace hierarchy. CLI listed offers under the vendor publisher, selected the appliance family, and ran image show to inspect plan metadata. Legal and procurement reviewed the licenseTextLink before the platform owner accepted terms in the production subscription. The same offer was checked in the recovery region, and deployment templates included matching plan parameters. A dry-run VM verified boot, extension compatibility, and network appliance initialization before traffic moved. The team also recorded ownership, approval history, rollback criteria, and verification evidence so later changes followed the same operating model.

Results & Business Impact
  • Pipeline deployment succeeded on the first production cutover attempt.
  • License approval happened five days before outage window instead of during it.
  • Recovery-region validation exposed one unsupported SKU, preventing a broken DR plan.
  • The final runbook included the exact offer and terms evidence for auditors.
Key Takeaway for Glossary Readers

A VM image offer is often where marketplace licensing and regional availability become real deployment constraints.

Case study 03

Public sector agency standardizes hardened Windows images

Public sector agency standardizes hardened Windows images: Offer governance keeps base-image variety from becoming a hidden reliability and compliance problem.

Scenario

A public sector agency had several teams deploying Windows Server images from different offers, creating inconsistent patch baselines and support questions.

Business/Technical Objectives
  • Define which Windows Server offers were approved for regulated workloads.
  • Block unapproved image families before VM creation.
  • Keep emergency rebuilds reproducible during incident response.
  • Reduce time spent reviewing one-off image exceptions.
Solution Using VM image offer

The cloud center of excellence used VM image offer values as policy inputs. CLI exported current publisher-offer-SKU usage from templates and live deployments. Security approved a short list of Windows Server offers and versions, then Azure Policy denied image references outside that list. For teams needing exceptions, the request had to include image show output, plan details, support justification, and a tested patch process. Approved Marketplace sources were later promoted into Azure Compute Gallery after hardening. The team also recorded ownership, approval history, rollback criteria, and verification evidence so later changes followed the same operating model.

Results & Business Impact
  • Unapproved Windows image deployments dropped from 19 in a quarter to one approved exception.
  • Emergency rebuild instructions now use pinned, tested offer and SKU values.
  • Security review time for standard VM requests fell 60 percent.
  • Patch compliance improved because fewer image families needed separate testing.
Key Takeaway for Glossary Readers

Offer governance keeps base-image variety from becoming a hidden reliability and compliance problem.

Why use Azure CLI for this?

I use Azure CLI for VM image offers because offer discovery is naturally command-line work. The portal is useful for browsing, but automation needs exact publisher, offer, SKU, and version values that can be pasted into templates and reviewed in pull requests. CLI also reveals regional availability and purchase-plan details before deployment fails in a pipeline. A ten-year Azure engineer learns to avoid guessing image strings from memory; instead, list publishers, list offers, list SKUs, show the image, and capture the chosen URN as evidence for governance and repeatable builds. It also gives platform, security, finance, and application teams a shared checklist for ownership, evidence, rollback, and production readiness review.

CLI use cases

  • List offers for a known publisher and region before selecting SKU and version.
  • Show the full image URN and plan information before adding it to a deployment template.
  • Compare image offers across regions to find deployment gaps before rollout.
  • Export allowed publisher-offer combinations for policy or pipeline validation.
  • Create a test VM from a selected offer to validate boot, agent, and extension behavior.

Before you run CLI

  • Confirm the target subscription, region, architecture, publisher, and whether Marketplace terms might be required.
  • Use live listing when cached results may be stale, but expect complete marketplace queries to take longer.
  • Check policy restrictions that may deny unapproved image offers before deployment reaches compute provisioning.
  • Record the exact offer with publisher, SKU, and version so templates are reproducible.
  • Avoid using latest in production unless patch strategy and rebuild testing explicitly allow it.

What output tells you

  • List-offers output shows product-family names available for the selected publisher in the chosen region.
  • Image show output confirms the complete URN, including publisher, offer, SKU, version, architecture, and plan metadata.
  • Terms output shows whether the subscription has accepted required marketplace terms for that image family.
  • Deployment errors reveal mismatched publisher, offer, SKU, or version values when the image reference is invalid.
  • Policy output can show whether an offer is denied by approved-image governance rules.

Mapped Azure CLI commands

VM image offer CLI discovery

direct
az vm image list-publishers --location <region> --output table
az vm imagediscoverCompute
read-only Microsoft docs
az vm image list-offers --location <region> --publisher <publisher> --output table
az vm imagediscoverCompute
read-only Microsoft docs
az vm image list-skus --location <region> --publisher <publisher> --offer <offer> --output table
az vm imagediscoverCompute
read-only Microsoft docs
az vm image show --location <region> --urn <publisher>:<offer>:<sku>:<version>
az vm imagediscoverCompute
read-only Microsoft docs
az vm image terms show --urn <publisher>:<offer>:<sku>:<version>
az vm image termsdiscoverCompute
read-only Microsoft docs

Architecture context

Architecturally, the image offer is part of the source image contract for virtual machines and scale sets. It helps define what operating system, appliance, or vendor platform enters the environment before extensions, custom data, patching, or application deployment begin. Mature Azure architectures often restrict offers through policy, golden-image catalogs, or Azure Compute Gallery replication so teams do not deploy unsupported images. The offer should be documented with SKU, version strategy, license terms, region availability, hardening steps, and migration implications because changing it can alter drivers, agents, boot behavior, and support boundaries. It also gives platform, security, finance, and application teams a shared checklist for ownership, evidence, rollback, and production readiness review.

Security

Security impact is direct because the offer helps decide which base software supply chain enters the VM. Trusted publishers may still provide many offers with different hardening, agents, licensing, and update behavior. Restrict who can choose arbitrary offers in production, and consider Azure Policy or deployment pipelines that allow only approved publisher-offer-SKU combinations. Check purchase-plan terms, image age, support status, and whether the offer includes extra software. A malicious or simply wrong offer can create unsupported operating systems, unexpected services, weak defaults, or unapproved vendor agents inside the environment. It also gives platform, security, finance, and application teams a shared checklist for ownership, evidence, rollback, and production readiness review.

Cost

The offer can affect cost through included software licensing, support plans, marketplace charges, and the VM sizes or storage options the image expects. Some vendor offers add plan terms or software fees beyond Azure infrastructure. Others lead to larger images, extra disks, or required agents that increase storage and monitoring costs. Standardizing approved offers helps avoid surprise marketplace charges and reduces engineering time wasted on unsupported images. Cost reviews should include the full URN and purchase-plan metadata, not just VM size, because the image family can change the bill and support model. It also gives platform, security, finance, and application teams a shared checklist for ownership, evidence, rollback, and production readiness review.

Reliability

Reliability depends on choosing an offer that is available in the target region, supported by the workload, and maintained by the publisher. Offers can have different generation support, kernel versions, drivers, agents, licensing requirements, and boot behavior. A deployment that works in one region may fail in another if the offer or SKU is unavailable. Reliability reviews should verify the exact URN, use tested versions where needed, document fallback images, and avoid blindly using latest when deterministic rebuilds matter. Private galleries can reduce drift after an approved Marketplace source is selected. It also gives platform, security, finance, and application teams a shared checklist for ownership, evidence, rollback, and production readiness review.

Performance

Performance impact is indirect but real. Different offers may ship different operating-system builds, kernels, drivers, agents, tuned settings, or appliance software that changes boot time, disk behavior, network throughput, and patch performance. An offer that looks equivalent in name can behave differently from another product family under load. For performance-sensitive workloads, benchmark the exact publisher, offer, SKU, and version combination. Also avoid uncontrolled latest references when performance baselines must be repeatable; a newer image version inside the same offer can change initialization time or bundled components. It also gives platform, security, finance, and application teams a shared checklist for ownership, evidence, rollback, and production readiness review.

Operations

Operators encounter image offers during VM creation failures, template reviews, marketplace term acceptance, patch planning, and migration standardization. They list available offers, compare them against approved catalogs, check whether plan metadata is required, and update templates when publishers rename or retire image families. Operational documentation should record why a specific offer was chosen, which regions support it, which SKU and version are approved, and who owns validation after image updates. When deployments fail, checking offer spelling and regional availability is often faster than debugging unrelated template code. It also gives platform, security, finance, and application teams a shared checklist for ownership, evidence, rollback, and production readiness review.

Common mistakes

  • Typing an offer from a blog post without checking whether it exists in the target region today.
  • Confusing offer with SKU and placing the product-family value in the wrong imageReference field.
  • Using latest for deterministic environments where a future image version could change behavior unexpectedly.
  • Ignoring purchase-plan requirements until automated deployment fails after template validation already passed.
  • Allowing any Marketplace offer in production instead of limiting builds to approved, supported image families.