diff --git a/CHANGELOG.md b/CHANGELOG.md
index fcc8d8b3f..96dc357d6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -34,6 +34,7 @@ ENHANCEMENTS:
 * Update Guacamole dependencies ([[#4232](https://github.com/microsoft/AzureTRE/issues/4232)])
 * Add option to force tunnel TRE's Firewall ([#4237](https://github.com/microsoft/AzureTRE/issues/4237))
 * Add EventGrid diagnostics to identify airlock issues ([#4258](https://github.com/microsoft/AzureTRE/issues/4258))
+* Add Windows image field to the Admin VM template ([#TBC](https://github.com/microsoft/AzureTRE/pull/TBC))
 
 BUG FIXES:
 * Update KeyVault references in API to use the version so Terraform cascades the update ([#4112](https://github.com/microsoft/AzureTRE/pull/4112))
diff --git a/templates/shared_services/admin-vm/porter.yaml b/templates/shared_services/admin-vm/porter.yaml
index 4bab3df9c..334197bfa 100644
--- a/templates/shared_services/admin-vm/porter.yaml
+++ b/templates/shared_services/admin-vm/porter.yaml
@@ -1,11 +1,23 @@
 ---
 schemaVersion: 1.0.0
 name: tre-shared-service-admin-vm
-version: 0.5.1
+version: 0.5.2
 description: "An admin vm shared service"
 dockerfile: Dockerfile.tmpl
 registry: azuretre
 
+custom:
+  image_options:
+    "Windows 11":
+      source_image_reference:
+        publisher: MicrosoftWindowsDesktop
+        offer: windows-11
+        sku: win11-24h2-pro
+        version: latest
+    # For information on using custom images, see README.me in the guacamole/user-resources folder
+    # "Custom Image From Gallery":
+    #   source_image_name: your-image
+
 credentials:
   - name: azure_tenant_id
     env: ARM_TENANT_ID
@@ -50,6 +62,13 @@ parameters:
   - name: key_store_id
     type: string
     default: ""
+  - name: os_image
+    type: string
+    default: "Windows 11"
+  - name: image_gallery_id
+    type: string
+    description: Azure resource ID for the compute image gallery to pull images from (if specifying custom images by name)
+    default: ""
 
 mixins:
   - terraform:
@@ -64,6 +83,8 @@ install:
         admin_jumpbox_vm_sku: ${ bundle.parameters.admin_jumpbox_vm_sku }
         enable_cmk_encryption: ${ bundle.parameters.enable_cmk_encryption }
         key_store_id: ${ bundle.parameters.key_store_id }
+        image_gallery_id: ${ bundle.parameters.image_gallery_id }
+        image: ${ bundle.parameters.os_image }
       backendConfig:
         use_azuread_auth: "true"
         use_oidc: "true"
@@ -81,6 +102,8 @@ upgrade:
         admin_jumpbox_vm_sku: ${ bundle.parameters.admin_jumpbox_vm_sku }
         enable_cmk_encryption: ${ bundle.parameters.enable_cmk_encryption }
         key_store_id: ${ bundle.parameters.key_store_id }
+        image_gallery_id: ${ bundle.parameters.image_gallery_id }
+        image: ${ bundle.parameters.os_image }
       backendConfig:
         use_azuread_auth: "true"
         use_oidc: "true"
@@ -98,6 +121,8 @@ uninstall:
         admin_jumpbox_vm_sku: ${ bundle.parameters.admin_jumpbox_vm_sku }
         enable_cmk_encryption: ${ bundle.parameters.enable_cmk_encryption }
         key_store_id: ${ bundle.parameters.key_store_id }
+        image_gallery_id: ${ bundle.parameters.image_gallery_id }
+        image: ${ bundle.parameters.os_image }
       backendConfig:
         use_azuread_auth: "true"
         use_oidc: "true"
diff --git a/templates/shared_services/admin-vm/template_schema.json b/templates/shared_services/admin-vm/template_schema.json
index d644d49be..e0f08f17f 100644
--- a/templates/shared_services/admin-vm/template_schema.json
+++ b/templates/shared_services/admin-vm/template_schema.json
@@ -6,6 +6,16 @@
   "description": "Provides VM in the core network",
   "required": [],
   "properties": {
+    "os_image": {
+      "$id": "#/properties/os_image",
+      "type": "string",
+      "title": "Windows image",
+      "description": "Select Windows image to use for VM",
+      "enum": [
+        "Windows 11"
+      ],
+      "default": "Windows 11"
+    },
     "admin_jumpbox_vm_sku": {
       "$id": "#/properties/admin_jumpbox_vm_sku",
       "type": "string",
diff --git a/templates/shared_services/admin-vm/terraform/admin-jumpbox.tf b/templates/shared_services/admin-vm/terraform/admin-jumpbox.tf
index e89ff0520..70d860958 100644
--- a/templates/shared_services/admin-vm/terraform/admin-jumpbox.tf
+++ b/templates/shared_services/admin-vm/terraform/admin-jumpbox.tf
@@ -37,11 +37,16 @@ resource "azurerm_windows_virtual_machine" "jumpbox" {
   admin_password             = random_password.password.result
   tags                       = local.tre_shared_service_tags
 
-  source_image_reference {
-    publisher = "MicrosoftWindowsDesktop"
-    offer     = "windows-11"
-    sku       = "win11-24h2-pro"
-    version   = "latest"
+  # set source_image_id/reference depending on the config for the selected image
+  source_image_id = local.selected_image_source_id
+  dynamic "source_image_reference" {
+    for_each = local.selected_image_source_refs
+    content {
+      publisher = source_image_reference.value["publisher"]
+      offer     = source_image_reference.value["offer"]
+      sku       = source_image_reference.value["sku"]
+      version   = source_image_reference.value["version"]
+    }
   }
 
   os_disk {
diff --git a/templates/shared_services/admin-vm/terraform/locals.tf b/templates/shared_services/admin-vm/terraform/locals.tf
index 84c7fb8df..3636d4b70 100644
--- a/templates/shared_services/admin-vm/terraform/locals.tf
+++ b/templates/shared_services/admin-vm/terraform/locals.tf
@@ -8,4 +8,14 @@ locals {
   }
   cmk_name                 = "tre-encryption-${var.tre_id}"
   encryption_identity_name = "id-encryption-${var.tre_id}"
+
+  # Load image details from porter.yaml
+  porter_yaml   = yamldecode(file("${path.module}/../porter.yaml"))
+  image_details = local.porter_yaml["custom"]["image_options"]
+
+  # Create local variables to support the VM resource
+  selected_image = local.image_details[var.image]
+  # selected_image_source_refs is an array to enable easy use of a dynamic block
+  selected_image_source_refs = lookup(local.selected_image, "source_image_reference", null) == null ? [] : [local.selected_image.source_image_reference]
+  selected_image_source_id   = lookup(local.selected_image, "source_image_name", null) == null ? null : "${var.image_gallery_id}/images/${local.selected_image.source_image_name}"
 }
diff --git a/templates/shared_services/admin-vm/terraform/variables.tf b/templates/shared_services/admin-vm/terraform/variables.tf
index 69ba1e51b..2013b29dc 100644
--- a/templates/shared_services/admin-vm/terraform/variables.tf
+++ b/templates/shared_services/admin-vm/terraform/variables.tf
@@ -20,3 +20,12 @@ variable "enable_cmk_encryption" {
 variable "key_store_id" {
   type = string
 }
+
+variable "image_gallery_id" {
+  type    = string
+  default = ""
+}
+
+variable "image" {
+  type = string
+}