Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article explains how to prepare your Azure subscription before deploying Azure Local on small form factor hardware.
You’ll register required features and resource providers, verify permissions, and confirm your directory and subscription settings.
Important
This feature is currently in PREVIEW. See the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
Register the machine provisioning feature
Register the Azure Local zero-touch provisioning (ZTP) feature by running the following Azure CLI command:
az feature register --subscription <SUBSCRIPTION_ID> --namespace Microsoft.DeviceOnboarding --name AzureLocalZTP
Register the required resource providers
Your subscription must have the following resource providers registered. Some providers are only needed for specific use cases.
| Resource provider | Necessary for | Resources provided |
|---|---|---|
Microsoft.Edge |
All use cases | Site, site configuration |
Microsoft.AzureStackHCI |
All use cases | Edge machine (also known as provisioned machine) |
Microsoft.HybridCompute |
All use cases | Arc-connected machines in the managed resource group |
Microsoft.GuestConfiguration |
All use cases | Guest configuration assignments in the managed resource group |
Microsoft.HybridConnectivity |
All use cases | Connectivity endpoints for Arc-connected machines |
Microsoft.KeyVault |
All use cases | Key vault for managing secrets |
Microsoft.Storage |
All use cases | Storage account for holding ownership vouchers |
Microsoft.Kubernetes |
Arc-enabled K3s | Arc-connected cluster resources |
Microsoft.KubernetesConfiguration |
Arc-enabled K3s | Configuration and extension resources |
Microsoft.ExtendedLocation |
Azure IoT Operations and/or AKS Arc | Custom location and extended location resources |
Microsoft.HybridContainerService |
AKS Arc | Hybrid container service resources |
To register a resource provider, run:
az provider register --namespace <RESOURCE_PROVIDER_NAME>
You can also register resource providers in the Azure portal. For step-by-step guidance, see Register resource provider.
Check subscription permissions
- Go to the Azure portal.
- Search for and select your subscription.
- In the subscription menu, select Access control (IAM).
- Verify that you have one of the following role combinations:
- Owner
- Contributor and Role Based Access Control Administrator
- Confirm that the role assignment is both Active and Permanent.
Important
If your role assignment isn’t active and permanent, you might need to temporarily elevate your permissions before running deployment commands. These permissions must apply to the resource group where you’ll provision machines.
Check directory and subscription settings
- In the Azure portal, select Settings > Directories + subscriptions.
- If you have more than one directory, select the directory you’re using for this deployment.
- Make sure your default subscription filter includes the subscription you’re using for testing.
For more information, see:
Prepare a Microsoft Entra ID security group
During machine provisioning, Azure uses a Microsoft Entra ID security group to authorize access to the provisioned machine and related Arc resources.
Before you start, identify or create an Entra ID security group that contains the users who need to manage, connect to, or troubleshoot the machines in this preview.
- In the Azure portal, search for and select Microsoft Entra ID.
- Select Groups.
- Create a new security group, or choose an existing security group that you use for preview operators.
- Add the users who need access to manage or connect to provisioned machines.
- Keep the group name available for later provisioning steps.
Tip
You can reuse an existing security group if it contains the right set of operators for your test environment. Avoid using broad groups unless everyone in the group should have access to the preview resources.
Review your setup
Before you continue, confirm that:
- The machine provisioning feature is registered.
- All required resource providers are registered.
- You identified a Microsoft Entra ID security group for machine operators.
- Your directory and subscription settings are correct.
Next steps
- If you have supported hardware, continue to Machine installation.