Partner Hack

Two day Azure Arc for Servers Partner Hack.


This is a two day hack to get you skilled up in the various aspects of using Azure Arc to onboard VMs outside of Azure and leverage the management plane and range of services to transform how you manage your hybrid estates.

The hack is used in the UK to enable partners, but you are absolutely free to reuse the content yourself as it is 100% public. The hack is a challenge hack, so each section gives you a number of challenges to meet, plus a set of links for your reference. As you complete each section you will screen share with your proctor to confirm the success criteria has been met before moving on to the next section.

Please make sure that you have met the prereqs before attending.


You are working with a company called Wide World Importers. They are already using Azure with their identities synced to Azure AD. They have migrated a number of existing systems and deployed some new cloud native workloads. The cloud team has quickly skilled up on the platform and makes good use of the Azure’s management tooling, automation and governance.

The company also has a sizeable on prem estate which is mainly virtual machines plus a few physical x86 servers. They have concerns that they do not know the full inventory of these on prem systems. There is a growing focus on compliancy and governance and there is a business risk in being non-compliant on those legacy servers.

The imperative is to move to a more elegant hybrid management and operations model. The plan is to merge the teams and upskill those who have been working purely with the on prem systems.

You have been tasked to help work with them on a pilot of a few Windows and Linux (Ubuntu) servers to evaluate how the hybrid model could work from a deployment, configuration and management perspective, and whether there are opportunities to move away from some of the legacy management tooling. The outcome of the pilot will determine how the teams will initially work and scale from the small number of servers in the pilot to the wider estate.


Partner Hack

Two day Azure Arc for Servers Partner Hack.


Attending an Azure Arc for Servers hack? If so then complete these first. And please - do so before the start of the hack!

On Prem VMs

You will need some on prem servers to onboard and connect to Azure as part of the pilot. Create then on the platform of your choice, or spin them up in Azure using our Terraform repo.


Plan for deployment and prepare the target resource group for your Arc servers.

Scale Onboarding for Linux

Onboarding multiple Linux servers with a service principal, then connecting with the azcmagent.

Scale Onboarding for Windows

Onboarding multiple Windows servers using Windows Admin Center.


Configure the new Azure Monitor agent and Data Collection Rules. Optionally integrate with Azure Security Center and Azure Sentinel.


Use the preview Azure Automanage service to create a management baseline for the connected machines, enabling update management and inventory. Or use the services individually.


Use Azure Policy and the Guest Configuration policy definitions to govern your on prem resources and prove compliance.

Key Vault Extension

Rotating server certificates in a large estate has always been a administration hassle, so let this key vault extension take the heavy lifting for both Azure and Azure Arc-enabled VMs.

Custom Script Extension

The custom script extension opens up opportunities to automate PowerShell and Bash scripts at scale for both cloud and on prem servers.

Managed Identity

Each connected machine has a system assigned managed identity. This lab will walk through using the REST API calls on your Arc-enabled servers to get challenge tokens, resource tokens and access the ARM and PaaS API endpoints

Help us improve

Azure Citadel is a community site built on GitHub, please contribute and send a pull request

 Make a change