Background
It is not possible to change the security type of an existing Azure VM back to standard. The only known way to achieve this is to setup a new standard VM and attaching the old OS disk to it.
This process appears to be suitable for domain joined production environments as well, however, it may depend on the complexities of your own environment.
1. Stop the target VM.
2. Export the current OS disk as VHD. Run the following script in cloud shell bash.
#Provide the subscription Id where managed disk is created
subscriptionId="your sub ID"
#Provide the name of your resource group where managed disk is created
resourceGroupName="rg name"
#Provide the managed disk name
diskName="current OS disk"
#Provide Shared Access Signature (SAS) expiry duration in seconds e.g. 3600.
#Know more about SAS here: https://docs.microsoft.com/en-us/azure/storage/storage-dotnet-shared-access-signature-part-1
sasExpiryDuration=3600
#Provide storage account name where you want to copy the underlying VHD file of the managed disk.
storageAccountName="sa name"
#Name of the storage container where the downloaded VHD will be stored
storageContainerName="blob container for storing disks"
#Provide the key of the storage account where you want to copy the VHD
storageAccountKey="sa key"
#Provide the name of the destination VHD file to which the VHD of the managed disk will be copied.
destinationVHDFileName="name of VHD"
az account set --subscription $subscriptionId
sas=$(az disk grant-access --resource-group $resourceGroupName --name $diskName --duration-in-seconds $sasExpiryDuration --query [accessSas] -o tsv)
az storage blob copy start --destination-blob $destinationVHDFileName --destination-container $storageContainerName --account-name $storageAccountName --account-key $storageAccountKey --source-uri $sas
3. Create managed disk from the exported VHD by running the following script in PowerShell Cloud Shell.
Make sure HyperVGeneration and Zone match the new VM that will be created in the next step.
#Provide the subscription Id
$subscriptionId = 'your sub ID'
#Provide the name of your resource group
$resourceGroupName ='rg name'
#Provide the name of the Managed Disk
$diskName = 'name of VHD'
#Provide the size of the disks in GB. It should be greater than the VHD file size.
$diskSize = '127'
#Provide the URI of the VHD file that will be used to create Managed Disk.
# VHD file can be deleted as soon as Managed Disk is created.
# e.g. https://contosostorageaccount1.blob.core.windows.net/vhds/contoso-um-vm120170302230408.vhd
$vhdUri = 'https://<your sa>.blob.core.windows.net/<container name>/VHDfilename.vhd'
#Provide the resource Id of the storage account where VHD file is stored.
#e.g. /subscriptions/6472s1g8-h217-446b-b509-314e17e1efb0/resourceGroups/MDDemo/providers/Microsoft.Storage/storageAccounts/contosostorageaccount
$storageAccountId = '/subscriptions/<your sub id>/resourceGroups/<rg name>/providers/Microsoft.Storage/storageAccounts/<sa name>'
#Provide the storage type for the Managed Disk. PremiumLRS or StandardLRS.
$sku = 'StandardSSD_LRS'
#Provide the Azure location (e.g. westus) where Managed Disk will be located.
#The location should be same as the location of the storage account where VHD file is stored.
#Get all the Azure location using command below:
#Get-AzureRmLocation
$location = 'your location'
#Set the context to the subscription Id where Managed Disk will be created
Set-AzContext -Subscription $subscriptionId
#If you're creating an OS disk, add the following lines
#Acceptable values are either Windows or Linux
#$OSType = 'yourOSType'
#Acceptable values are either V1 or V2
#$HyperVGeneration = 'yourHyperVGen'
#Specify Zone
#Zone = 1
#If you're creating an OS disk, add -HyperVGeneration and -OSType parameters
$diskConfig = New-AzDiskConfig -SkuName $sku -Location $location -DiskSizeGB $diskSize -SourceUri $vhdUri -StorageAccountId $storageAccountId -Zone 2 -OsType Windows -HyperVGeneration "v2" -CreateOption Import
#Create Managed disk
New-AzDisk -DiskName $diskName -Disk $diskConfig -ResourceGroupName $resourceGroupName
4. Delete current VM while retaining OS Disk (just in case).
Make sure new VM uses dsv4 series of Azure VMs that support nested virtualisation.
5. Go to the new VM -> Disks, and choose Swap OS Disk. Choose the managed disk created in step 3.
6. Re-assign IP on the new NIC on Azure
7. Start new VM and connect using local administrator account
After this step, OS disk provisioned along with new VM can be deleted.
8. Remove old and hidden NICs in Device Manager (Select Show hidden devices under View menu)
9. Edit Ethernet adapter by re-assigning IP along with default gateway and DNS server
You should now be able to install Hyper-V role on your Azure VM
