Automating Azure Arc Onboarding at Scale

Petar Ivanov | Feb 10, 2026 min read
Automating Azure Arc Onboarding at Scale

Why Automate Azure Arc Onboarding?

Manually onboarding servers to Azure Arc is straightforward for a handful of machines — but at scale (hundreds or thousands of servers), it quickly becomes unmanageable. In this post, I walk through the approach I use to bulk-onboard servers with PowerShell and Azure Automation.

The Architecture

The solution consists of three main pieces:

  1. A Service Principal with Azure Connected Machine Onboarding rights scoped to the target subscription.
  2. A PowerShell runbook in Azure Automation that generates a scoped onboarding script for each server batch.
  3. A scheduled pipeline (via GitHub Actions or Azure Automation schedules) that drives the process.

Sample Onboarding Script

# Generate an Azure Arc onboarding script
$params = @{
    SubscriptionId    = "<subscription-id>"
    ResourceGroupName = "Arc-Servers-RG"
    Location          = "westeurope"
    TenantId          = "<tenant-id>"
    ServicePrincipalId     = $env:ARC_SP_ID
    ServicePrincipalSecret = $env:ARC_SP_SECRET
}

Invoke-WebRequest -Uri "https://aka.ms/azcmagent-windows" -OutFile "$env:TEMP\install_windows_azcmagent.ps1"
& "$env:TEMP\install_windows_azcmagent.ps1"

azcmagent connect @params

Tips for Production Deployments

  • Proxy environments: Use azcmagent config set proxy.url http://proxy:8080 before connecting.
  • Tagging: Pass --tags to azcmagent connect to apply environment, owner, and cost-centre tags at onboarding time.
  • Error handling: Wrap each connect call in try/catch and log failures to an Azure Storage table for easy tracking.

Next Steps

Once onboarded, you can apply Azure Policy, enable Defender for Servers, and manage patching via Azure Update Manager — all from a single pane of glass in the Azure portal.