Scaled onboarding of VMware vSphere Linux VMs to Azure Arc using VMware PowerCLI

The following Jumpstart scenario will guide you on how to use the provided VMware PowerCLI script so you can perform an automated scaled deployment of the “Azure Arc Connected Machine Agent” in multiple VMware vSphere virtual machines and as a result, onboard these VMs as Azure Arc-enabled servers.

This guide assumes you already have an exiting inventory of VMware Virtual Machines and will leverage the PowerCLI PowerShell module to automate the onboarding process of the VMs to Azure Arc.


  • Clone the Azure Arc Jumpstart repository

    git clone
  • Install or update Azure CLI to version 2.36.0 and above. Use the below command to check your current installed version.

    az --version
  • Install VMware PowerCLI

    NOTE: This guide was tested with the latest version of PowerCLI as of date (12.0.0) but earlier versions are expected to work as well

    • Supported PowerShell Versions - VMware PowerCLI 12.0.0 is compatible with the following PowerShell versions:

      • Windows PowerShell 5.1
      • PowerShell 7
      • Detailed installation instructions can be found here but the easiest way is to use the VMware.PowerCLI module from the PowerShell Gallery using the below command.
      Install-Module -Name VMware.PowerCLI
  • To be able to read the VM inventory from vCenter as well as invoke a script on the VM OS-level, the following permissions are needed:

  • An operating system user account on the Linux guest VM. This user account must not prompt for password on sudo commands. To configure passwordless sudo:

    • Login to the linux VM.

    • Run the below command.

      sudo visudo

      Or you could also edit the /etc/sudoers file directly with the command:

      vi /etc/sudoers
    • Append the following line replacing with the appropriate user name.

      <username> ALL=(ALL) NOPASSWD:ALL
  • Create Azure service principal (SP)

    To connect the VMware vSphere virtual machine to Azure Arc, an Azure service principal assigned with the “Contributor” role is required. To create it, login to your Azure account run the below command (this can also be done in Azure Cloud Shell).

    az login
    subscriptionId=$(az account show --query id --output tsv)
    az ad sp create-for-rbac -n "<Unique SP Name>" --role "Contributor" --scopes /subscriptions/$subscriptionId

    For example:

    az login
    subscriptionId=$(az account show --query id --output tsv)
    az ad sp create-for-rbac -n "JumpstartArc" --role "Contributor" --scopes /subscriptions/$subscriptionId

    Output should look like this:

    "displayName": "JumpstartArc",

    NOTE: If you create multiple subsequent role assignments on the same service principal, your client secret (password) will be destroyed and recreated each time. Therefore, make sure you grab the correct password.

    NOTE: The Jumpstart scenarios are designed with as much ease of use in-mind and adhering to security-related best practices whenever possible. It is optional but highly recommended to scope the service principal to a specific Azure subscription and resource group as well considering using a less privileged service principal account

  • Azure Arc-enabled servers depends on the following Azure resource providers in your subscription in order to use this service. Registration is an asynchronous process, and registration may take approximately 10 minutes.

    • Microsoft.HybridCompute

    • Microsoft.GuestConfiguration

    • Microsoft.HybridConnectivity

      az provider register --namespace 'Microsoft.HybridCompute'
      az provider register --namespace 'Microsoft.GuestConfiguration'
      az provider register --namespace 'Microsoft.HybridConnectivity'

      You can monitor the registration process with the following commands:

      az provider show --namespace 'Microsoft.HybridCompute'
      az provider show --namespace 'Microsoft.GuestConfiguration'
      az provider show --namespace 'Microsoft.HybridConnectivity'

Automation Flow

Below you can find the automation flow for this scenario:

  1. User edit the vars.ps1 PowerCLI script

  2. Upon execution of the scale_deploy.ps1 PowerShell script:

    • The script will auto-generate a shell script with the user’s Azure environment variables.

    • The script execution will initiate authentication against vCenter and will scan the targeted VM folder where Azure Arc candidate VMs are located and will copy both the auto-generated and the shell scripts to VM Linux OS located in /vmware/scaled_deploy/powercli/linux to each VM in that VM folder.

  3. The shell script will run on the VM guest OS and will install the “Azure Arc Connected Machine Agent” in order to onboard the VM to Azure Arc


To demonstrate the before & after for this scenario, the below screenshots shows a dedicated, empty Azure resource group, a vCenter VM folder with candidate VMs and the /var/opt/ directory showing no agent is installed.

An empty Azure resource group

Vanilla VMware vSphere VM with no Azure Arc agent

Vanilla VMware vSphere VM with no Azure Arc agent


Before running the PowerCLI script, you must set the environment variables which will be used by the script. These variables are based on the Azure service principal you’ve just created, your Azure subscription and tenant, and your VMware vSphere credentials and data.

  • Retrieve your Azure subscription ID and tenant ID using the az account list command

  • Use the Azure service principal ID and password created in the prerequisites section

    Export environment variables

  • From the azure_arc_servers_jumpstart\vmware\scaled_deploy\powercli\linux folder, open PowerShell session as an Administrator and run the scale_deploy.ps1 script.

    scale_deploy PowerShell script

    scale_deploy PowerShell script

    scale_deploy PowerShell script

  • Upon completion, the VM will have the “Azure Arc Connected Machine Agent” installed as well as the Azure resource group populated with the new Azure Arc-enabled servers.

    Azure Arc Connected Machine Agent installed

    New Azure Arc-enabled servers in an Azure resource group

    New Azure Arc-enabled servers in an Azure resource group