microsoft · lubaihua33 · Apr 28, 2026 · Copilot · Apr 28, 2026 · Copilot
@@ -211,7 +211,6 @@ def verify_deployment_provision_standard_ssd_disk(
         requirement=simple_requirement(
             environment_status=EnvironmentStatus.Deployed,
             disk=DiskEphemeral(),
-            supported_features=[CvmDisabled()],  # TODO: Fix disk deployment for CVM
         ),
     )
     def verify_deployment_provision_ephemeral_managed_disk(

@@ -111,6 +111,9 @@ func getLinuxConfiguration(keyPath string, publicKeyData string, disable_passwor
 
 func getEphemeralOSImage(node object) object => {
   name: '${node.name}-osDisk'
+  managedDisk: {
+    securityProfile: (empty(node.security_profile) || (node.security_profile.security_type != 'ConfidentialVM')) ? null : getSecurityProfileForOSDisk(node)
+  }
-  managedDisk: {
-    securityProfile: (empty(node.security_profile) || (node.security_profile.security_type != 'ConfidentialVM')) ? null : getSecurityProfileForOSDisk(node)
-  }
+  ...((empty(node.security_profile) || (node.security_profile.security_type != 'ConfidentialVM')) ? {} : {
+    managedDisk: {
+      securityProfile: getSecurityProfileForOSDisk(node)
+    }
+  })
-  managedDisk: {
-    securityProfile: (empty(node.security_profile) || (node.security_profile.security_type != 'ConfidentialVM')) ? null : getSecurityProfileForOSDisk(node)
-  }
+  ...((empty(node.security_profile) || (node.security_profile.security_type != 'ConfidentialVM')) ? {} : {
+    managedDisk: {
+      securityProfile: getSecurityProfileForOSDisk(node)
+    }
+  })
   diffDiskSettings: {
       option: 'local'
       placement: node.ephemeral_disk_placement_type

@@ -111,6 +111,9 @@
             "type": "object",
             "value": {
               "name": "[format('{0}-osDisk', parameters('node').name)]",
+              "managedDisk": {
+                "securityProfile": "[if(or(empty(parameters('node').security_profile), not(equals(parameters('node').security_profile.security_type, 'ConfidentialVM'))), null(), __bicep.getSecurityProfileForOSDisk(parameters('node')))]"
+              },
               "diffDiskSettings": {
                 "option": "local",
                 "placement": "[parameters('node').ephemeral_disk_placement_type]"