Scaled onboarding of VMware vSphere Windows Server VMs to Azure Arc using VMware PowerCLI

The following README will guide you on how to use the provided VMware PowerCLI script so you can perform an automated scaled deployment of the “Azure Arc Connected Machine Agent” in multiple VMware vSphere virtual machines and as a result, onboard these VMs as Azure Arc-enabled servers.

This guide assumes you already have an exiting inventory of VMware Virtual Machines and will leverage the PowerCLI PowerShell module to automate the onboarding process of the VMs to Azure Arc.


  • Clone the Azure Arc Jumpstart repository

    git clone
  • Install or update Azure CLI to version 2.15.0 and above. Use the below command to check your current installed version.

    az --version
  • Install VMware PowerCLI

    Note: This guide was tested with the latest version of PowerCLI as of date (12.0.0) but earlier versions are expected to work as well

    • Supported PowerShell Versions - VMware PowerCLI 12.0.0 is compatible with the following PowerShell versions:

      • Windows PowerShell 5.1
      • PowerShell 7
      • Detailed installation instructions can be found here but the easiest way is to use the VMware.PowerCLI module from the PowerShell Gallery using the below command.
      Install-Module -Name VMware.PowerCLI
  • To be able to read the VM inventory from vCenter as well as invoke a script on the VM OS-level, the following permissions are needed:

  • Create Azure service principal (SP)

    To connect the VMware vSphere virtual machine to Azure Arc, an Azure service principal assigned with the “Contributor” role is required. To create it, login to your Azure account run the below command (this can also be done in Azure Cloud Shell).

    az login
    az ad sp create-for-rbac -n "<Unique SP Name>" --role contributor

    For example:

    az ad sp create-for-rbac -n "http://AzureArcServers" --role contributor

    Output should look like this:

    "displayName": "AzureArcServers",
    "name": "http://AzureArcServers",

    Note: The Jumpstart scenarios are designed with as much ease of use in-mind and adhering to security-related best practices whenever possible. It is optional but highly recommended to scope the service principal to a specific Azure subscription and resource group as well considering using a less privileged service principal account

Automation Flow

Below you can find the automation flow for this scenario:

  1. User edit the vars.ps1 PowerCLI script

  2. The scale_deploy.ps1 script execution will initiate authentication against vCenter and will scan the targeted VM folder where Azure Arc candidate VMs are located and will copy both the vars.ps1 and the install_arc_agent.ps1 PowerCLI scripts to VM Windows OS located in this folder to each VM in that VM folder.

  3. The install_arc_agent.ps1 PowerCLI script will run on the VM guest OS and will install the “Azure Arc Connected Machine Agent” in order to onboard the VM to Azure Arc


To demonstrate the before & after for this scenario, the below screenshots shows a dedicated, empty Azure Resources Group, a vCenter VM folder with candidate VMs and the “Apps & features” view in Windows showing no agent is installed.

An empty Azure resource group

Vanilla VMware vSphere VM with no Azure Arc agent

Vanilla VMware vSphere VM with no Azure Arc agent


Before running the PowerCLI script, you must set the environment variables which will be used by the install_arc_agent.ps1 script. These variables are based on the Azure service principal you’ve just created, your Azure subscription and tenant, and your VMware vSphere credentials and data.

  • Retrieve your Azure subscription ID and tenant ID using the az account list command

  • Use the Azure service principal ID and password created in the prerequisites section

Export environment variables