Booting UEFI images in Azure right now means losing features, any gaining none, so I’ve not been terribly concerned about it.
I’m not likely to invest much additional effort in NixOS images on Azure until (1) there is a way that we can publish publicly-accessible images without having to create storage accounts (someone else can do the publish-via-storage-account work, I won’t), and (2) there is a documented way to boot an image in Azure without running Microsoft’s walinuxagent. These are things that I and others have been asking about for years. It’s enough work dealing with Azure without having to guess at things that they can’t document. Of course I am happy to review anything, though.
@toraritte Feel free to open an issue to discuss the “I am basically locked out after a rebuild”. It gets me when I stand up a new image sometimes, but I was reluctant to change the default image settings because they’re inherited by all running images as well (and it represents a change in security configuration). In reality, I doubt anyone is using nixpkgs’s Azure image infra if they’re actually using NixOS in Azure. Maybe we should just go ahead and set security.sudoNeedsPassword = false for the azure image.