Edit

Set up your Azure subscription for small form factor deployments of Azure Local (preview)

This article explains how to prepare your Azure subscription before deploying Azure Local on small form factor hardware.

You’ll register required features and resource providers, verify permissions, and confirm your directory and subscription settings.

Important

This feature is currently in PREVIEW. See the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

Register the machine provisioning feature

Register the Azure Local zero-touch provisioning (ZTP) feature by running the following Azure CLI command:

az feature register --subscription <SUBSCRIPTION_ID> --namespace Microsoft.DeviceOnboarding --name AzureLocalZTP

Register the required resource providers

Your subscription must have the following resource providers registered. Some providers are only needed for specific use cases.

Resource provider Necessary for Resources provided
Microsoft.Edge All use cases Site, site configuration
Microsoft.AzureStackHCI All use cases Edge machine (also known as provisioned machine)
Microsoft.HybridCompute All use cases Arc-connected machines in the managed resource group
Microsoft.GuestConfiguration All use cases Guest configuration assignments in the managed resource group
Microsoft.HybridConnectivity All use cases Connectivity endpoints for Arc-connected machines
Microsoft.KeyVault All use cases Key vault for managing secrets
Microsoft.Storage All use cases Storage account for holding ownership vouchers
Microsoft.Kubernetes Arc-enabled K3s Arc-connected cluster resources
Microsoft.KubernetesConfiguration Arc-enabled K3s Configuration and extension resources
Microsoft.ExtendedLocation Azure IoT Operations and/or AKS Arc Custom location and extended location resources
Microsoft.HybridContainerService AKS Arc Hybrid container service resources

To register a resource provider, run:

az provider register --namespace <RESOURCE_PROVIDER_NAME>

You can also register resource providers in the Azure portal. For step-by-step guidance, see Register resource provider.

Check subscription permissions

  1. Go to the Azure portal.
  2. Search for and select your subscription.
  3. In the subscription menu, select Access control (IAM).
  4. Verify that you have one of the following role combinations:
    • Owner
    • Contributor and Role Based Access Control Administrator
  5. Confirm that the role assignment is both Active and Permanent.

Important

If your role assignment isn’t active and permanent, you might need to temporarily elevate your permissions before running deployment commands. These permissions must apply to the resource group where you’ll provision machines.

Check directory and subscription settings

  1. In the Azure portal, select Settings > Directories + subscriptions.
  2. If you have more than one directory, select the directory you’re using for this deployment.
  3. Make sure your default subscription filter includes the subscription you’re using for testing.

For more information, see:

Prepare a Microsoft Entra ID security group

During machine provisioning, Azure uses a Microsoft Entra ID security group to authorize access to the provisioned machine and related Arc resources.

Before you start, identify or create an Entra ID security group that contains the users who need to manage, connect to, or troubleshoot the machines in this preview.

  1. In the Azure portal, search for and select Microsoft Entra ID.
  2. Select Groups.
  3. Create a new security group, or choose an existing security group that you use for preview operators.
  4. Add the users who need access to manage or connect to provisioned machines.
  5. Keep the group name available for later provisioning steps.

Tip

You can reuse an existing security group if it contains the right set of operators for your test environment. Avoid using broad groups unless everyone in the group should have access to the preview resources.

Review your setup

Before you continue, confirm that:

  • The machine provisioning feature is registered.
  • All required resource providers are registered.
  • You identified a Microsoft Entra ID security group for machine operators.
  • Your directory and subscription settings are correct.

Next steps