Install Arc agents on SCVMM VMs

2025-06-12

In this article, you learn how to install Azure connected machine agents for SCVMM VMs which is a prerequisite to use Azure services for securing, patching, monitoring your VMs and leverage Azure Arc benefits such as Extended Security Updates, pay-as-you-go licensing for Windows Server and SQL servers, and Software Attestation benefits.

There are multiple avenues available to install Arc agents on SCVMM VMs which you can leverage based on your deployment preferences:

Azure portal
Script-based manual installation
Programmatic methods such as Azure CLI, Azure PowerShell, Azure REST APIs, Azure SDKs, Terraform, Bicep and ARM templates. The reference section of this documentation repository has information on the exact syntax.
Out-of-band methods such as using a Service Principal, System Center Configuration Manager script, System Center Configuration Manager custom task sequence, Group policy and Ansible playbook.

Prerequisites

Ensure the following before you install Arc agents at scale for SCVMM VMs:

The SCVMM management server and the SCVMM console must be in the same Long-Term Servicing Channel (LTSC) and Update Rollup (UR) version.
The SCVMM management server must be in a Connected state and its associated Azure Arc resource bridge in a Running state.
Azure Arc SCVMM VM Contributor role or a custom Azure role with permissions to install Arc agents on the target machines.
All the target machines are:
- Powered on.
- Running a supported operating system.
- Able to connect through the firewall to communicate over the internet and these URLs aren't blocked.

Note

Automatic connection for SQL Server: When you connect a Windows or Linux server to Azure Arc that also has Microsoft SQL Server installed, the SQL Server instances will automatically be connected to Azure Arc as well. SQL Server enabled by Azure Arc provides a detailed inventory and additional management capabilities for your SQL Server instances and databases. As part of the connection process, an extension is deployed to your Azure Arc-enabled server and new roles will be applied to your SQL Server and databases. If you don't want to automatically connect your SQL Servers to Azure Arc, you can opt out by adding a tag to the Windows or Linux server with the name ArcSQLServerExtensionDeployment and value Disabled when it's connected to Azure Arc. For more information, see Manage automatic connection for SQL Server enabled by Azure Arc.

Install Arc agents

This method is applicable only if you are running:

SCVMM 2025, 2022 UR1 or later, and 2019 UR5 or later versions of SCVMM server or console.
VMs running Windows Server 2012 R2, 2016, 2019, 2022, 2025, Windows 10, and Windows 11.
For other SCVMM versions, Linux VMs or Windows VMs running WS 2012 or earlier, install Arc agents through the script or out-of-band methods.

An administrator can install agents for multiple machines from the Azure portal if the machines share the same administrator credentials.

Navigate to the SCVMM management servers blade on Azure Arc Center, and select the SCVMM management server resource.
Select the machines you want to onboard to Arc at-scale and choose the Enable in Azure option.
Optionally, select Enable guest management checkbox to install Arc agents on the selected machines. This allows you to use Azure services such as Azure Update Manager, Azure Monitor, Microsoft Defender for Cloud, Azure Policy, Azure Automation, Change Tracking and Inventory, etc. to secure, govern, patch and monitor your virtual machines.
If you enable guest management on any of your machines, based on your organization's network policies, choose the connectivity method for the Arc agents that runs in your SCVMM VMs to connect to Azure. The available options are Public endpoint, Proxy server and Private endpoint.
- If you want to connect the Arc agent via proxy, provide the proxy server details.
- If you want to connect Arc agent via private endpoint, follow these steps to set up Azure private link and provide the same details.
Note

Private endpoint connectivity is only available for Arc agent to Azure communications. For Arc resource bridge to Azure connectivity, Azure Private link isn't supported.
Provide the administrator username and password for the machine. For Windows VMs, the account must be part of the local administrator group; and for Linux VM, it must be a root account.
Select Enable to start the installation of the Arc agent in the specified machines. Once installation is complete, the Guest management column will switch to Enabled for the machines with Arc agent running. You can start using Azure services for these machines. These credentials won't be persisted in Azure. They're used to install the Azure Arc agent and then discarded.

Note

If you're using a Linux VM, the account must not prompt for login on sudo commands. To override the prompt, from a terminal, run sudo visudo, and add <username> ALL=(ALL) NOPASSWD:ALL at the end of the file. Ensure you replace <username>.
If your VM template has these changes incorporated, you won't need to do this for the VM created from that template.

Sign in to the target VM as an administrator.
Install and run the Azure CLI with the az command from either Windows Command Prompt or PowerShell.
Sign in to your Azure account in Azure CLI using az login --use-device-code

Run the downloaded script arcscvmm-enable-guest-management.ps1 or arcscvmm-enable-guest-management.sh, as applicable, using the following commands. The vmmServerId parameter should denote your VMM Server’s ARM ID.

For a Windows VM:

./arcscvmm-enable-guest-management.ps1 -<vmmServerId> '/subscriptions/<subscriptionId>/resourceGroups/<rgName>/providers/Microsoft.ScVmm/vmmServers/<vmmServerName>

For a Linux VM:

./arcscvmm-enable-guest-management.sh -<vmmServerId> '/subscriptions/<subscriptionId>/resourceGroups/<rgName>/providers/Microsoft.ScVmm/vmmServers/<vmmServerName>

The out-of-band methods first onboard the machines as Arc-enabled Server resources with Resource type as Microsoft.HybridCompute/machines. Then, perform Link to SCVMM operation to update the machine's Kind property as SCVMM which enables VM lifecycle and powercycle operations.

Connect the machines as Arc-enabled Server resources using any one of the following automation approaches:
Link Azure Arc-enabled Server resources to SCVMM: The following commands update the Kind property of Hybrid Compute machines as SCVMM. Linking the machines to SCVMM enables VM lifecycle operations (Create/Delete) and powercycle operations (Start/Restart/Stop) on the machines.
- The following command scans all the Azure Arc-enabled Server machines that belong to the SCVMM in the specified subscription and links the machines with that SCVMM.
```
az scvmm vm create-from-machines --subscription contoso-sub --scvmm-id /subscriptions/01234567-0123-0123-0123-0123456789ab/resourceGroups/contoso-rg/providers/Microsoft.ScVmm/vmmServers/contoso-vmmserver 
```
- The following command scans all the Azure Arc-enabled Server machines that belong to the SCVMM in the specified resource group and links the machines with that SCVMM.
```
az scvmm vm create-from-machines –resource group contoso-rg --scvmm-id /subscriptions/01234567-0123-0123-0123-0123456789ab/resourceGroups/contoso-rg/providers/Microsoft.ScVmm/vmmServers/contoso-vmmserver   
```
- The following command can be used to link an individual Azure Arc-enabled Server resource to SCVMM.
```
az scvmm vm create-from-machines –resource group contoso-rg --name contoso-vm --scvmm-id /subscriptions/01234567-0123-0123-0123-0123456789ab/resourceGroups/contoso-rg/providers/Microsoft.ScVmm/vmmServers/contoso-vmmserver   
```

Share via

Install Arc agents on SCVMM VMs

Prerequisites

Install Arc agents

Next steps

Feedback

Additional resources