Azure Local | HomeLab setup

Reading Time: 4 minutes

Azure Local is the latest name in the lineup—though technically not new, as it was rebranded in 2024. Given the growing interest around it, I decided to explore the available deployment options with a focus on cost efficiency. My research shows that Azure Local can be hosted in three primary ways: on an Azure Jumpbox, through Hyper‑V, or on low‑cost hardware.

Why would you start with Azure Local?

When getting started with Azure Local, it helps to define a clear objective—your “dot on the horizon”—so you know what you want to achieve throughout the journey. Common use cases include:

Dev/Test environments
Hybrid cloud simulations
IoT and edge computing demos
Container orchestration practice

In my case, I wanted to understand what Azure Local actually offers. Specifically, I was curious about how hybrid cloud computing works in this context and what steps come after completing the initial setup.

The options

Azure Jumpstart

Fully in the cloud

Setup easy with a script
Everything you need in the cloud
High costs on your subscription

Hyper-V

Hybrid with an extra virtualization layer

Flexible for testing purposes
Not all resources available because host needs too
With a simple nuc already possible

Low-Cost hardware

Expensive but comes most to the reality

All resources available
For testing purpose a lot of reinstall because of Azure Cost
Most close to reality

My option to use is Hyper-V.

The NUC I’m using is a Minisforum MS‑01 equipped with an Intel i5 processor, three NVMe SSDs, and 64 GB of memory—though memory prices have certainly become steep lately. I also have a VPN connection to my Azure tenant, which allows me to test private endpoints, networking scenarios, and, of course, Azure Virtual Desktop running on Azure Local.

Setup Hyper-V

I downloaded the latest version of Windows Server 2025 and installed it using the Desktop Experience option. While this configuration consumes roughly 5 GB of memory, it significantly simplifies day‑to‑day management.

On a separate NUC, I’m already running a domain controller that synchronizes with an Azure‑based domain controller. This replication occurs over the VPN connection, including cloud sync, ensuring the environment stays aligned across both on‑premises and Azure.

I added a switch which is External so I have connection to the outside world.

Virtual Machine

I’ve provisioned a single virtual machine configured with 16 vCPUs, 55 GB of memory, and four virtual disks. One disk (127 GB) is dedicated to the operating system installation, while the remaining three disks (each 1 TB) are allocated for data, workloads, and future expansion.

Be sure to enable MAC address spoofing on the network adapter and turn on virtualization support for the virtual machine. These settings are required for nested virtualization and proper network functionality within the guest environment.

Prepare Tenant

Before you can deploy Azure Local in your tenant, a few preparatory steps are required. These include enabling the necessary resource providers, assigning the appropriate RBAC roles, and creating the required resource groups. Completing these prerequisites ensures that Azure Local can be provisioned and managed without interruption.

Connect-AzAccount -UseDeviceAuthentication

$subscriptionID = (Get-AzContext).Subscription.id
$location = "westeurope"

$resourceProviders = @(
    "Microsoft.HybridCompute"
    "Microsoft.GuestConfiguration"
    "Microsoft.Kubernetes"
    "Microsoft.KubernetesConfiguration"
    "Microsoft.ExtendedLocation"
    "Microsoft.AzureArcData"
    "Microsoft.OperationsManagement"
    "Microsoft.AzureStackHCI"
    "Microsoft.ResourceConnector"
    "Microsoft.OperationalInsights"
    "Microsoft.Compute"
    "Microsoft.DesktopVirtualization"
)

$RbacRoles = @(
    "Azure Stack HCI Administrator"
    "Key Vault Administrator"
    "Key Vault Contributor"
    "Key Vault Secrets Officer"
    "Storage Account Contributor"
)

Write-Host "Registering Azure providers..."
ForEach ($provider in $resourceProviders) {
    # check if already registered
    $reg = Get-AzResourceProvider -ProviderNamespace $provider
    if ($reg.RegistrationState -eq "Registered") {
        Write-Host "$provider is already registered."
        continue
    }
    Write-Host "Registering $provider... $provider"
    Register-AzResourceProvider -ProviderNamespace $provider
}

# Create resource groups
$resourceGroups = @(
    "azl-we-rsg-lz-azlocal-01"
)

Try {
    ForEach ($resourceGroup in $resourceGroups) {
        if (-not (Get-AzResourceGroup -Name $resourceGroup -ErrorAction SilentlyContinue)) {
            $create = New-AzResourceGroup -Name $resourceGroup -Location $location
            Write-Host "Resource group '$resourceGroup' created."
        }
        else {
            Write-Host "Resource group '$resourceGroup' already exists."
        }
    }
}
Catch {
    Write-Host "Error creating resource groups: $_"
}

# RBAC Permissions to logged in user
$CurrentUser = (Get-AzContext).Account.Id
ForEach ($role in $RbacRoles) {
    $roleAssignment = Get-AzRoleAssignment -ObjectId $CurrentUser -RoleDefinitionName $role -ErrorAction SilentlyContinue
    if (-not $roleAssignment) {
        if ($role -eq "Azure Stack HCI Administrator") {
            $scope = "/subscriptions/$subscriptionID"
        }   
        else {
            $scope = "/subscriptions/$subscriptionID/resourceGroups/$($resourceGroups[0])"
        }
        $assign = New-AzRoleAssignment -ObjectId $CurrentUser -RoleDefinitionName $role -Scope $scope -ErrorAction SilentlyContinue
    }
}
else {
    Write-Host "User '$CurrentUser' already has role '$role'."
}

Connect-AzAccount -UseDeviceAuthentication

$subscriptionID = (Get-AzContext).Subscription.id
$location = "westeurope"

$resourceProviders = @(
    "Microsoft.HybridCompute"
    "Microsoft.GuestConfiguration"
    "Microsoft.Kubernetes"
    "Microsoft.KubernetesConfiguration"
    "Microsoft.ExtendedLocation"
    "Microsoft.AzureArcData"
    "Microsoft.OperationsManagement"
    "Microsoft.AzureStackHCI"
    "Microsoft.ResourceConnector"
    "Microsoft.OperationalInsights"
    "Microsoft.Compute"
    "Microsoft.DesktopVirtualization"
)

$RbacRoles = @(
    "Azure Stack HCI Administrator"
    "Key Vault Administrator"
    "Key Vault Contributor"
    "Key Vault Secrets Officer"
    "Storage Account Contributor"
)

Write-Host "Registering Azure providers..."
ForEach ($provider in $resourceProviders) {
    # check if already registered
    $reg = Get-AzResourceProvider -ProviderNamespace $provider
    if ($reg.RegistrationState -eq "Registered") {
        Write-Host "$provider is already registered."
        continue
    }
    Write-Host "Registering $provider... $provider"
    Register-AzResourceProvider -ProviderNamespace $provider
}

# Create resource groups
$resourceGroups = @(
    "azl-we-rsg-lz-azlocal-01"
)

Try {
    ForEach ($resourceGroup in $resourceGroups) {
        if (-not (Get-AzResourceGroup -Name $resourceGroup -ErrorAction SilentlyContinue)) {
            $create = New-AzResourceGroup -Name $resourceGroup -Location $location
            Write-Host "Resource group '$resourceGroup' created."
        }
        else {
            Write-Host "Resource group '$resourceGroup' already exists."
        }
    }
}
Catch {
    Write-Host "Error creating resource groups: $_"
}

# RBAC Permissions to logged in user
$CurrentUser = (Get-AzContext).Account.Id
ForEach ($role in $RbacRoles) {
    $roleAssignment = Get-AzRoleAssignment -ObjectId $CurrentUser -RoleDefinitionName $role -ErrorAction SilentlyContinue
    if (-not $roleAssignment) {
        if ($role -eq "Azure Stack HCI Administrator") {
            $scope = "/subscriptions/$subscriptionID"
        }   
        else {
            $scope = "/subscriptions/$subscriptionID/resourceGroups/$($resourceGroups[0])"
        }
        $assign = New-AzRoleAssignment -ObjectId $CurrentUser -RoleDefinitionName $role -Scope $scope -ErrorAction SilentlyContinue
    }
}
else {
    Write-Host "User '$CurrentUser' already has role '$role'."
}

Prepare Active Directory

After preparing the tenant, the next step is to configure your Active Directory environment. During this process, Azure Local will create an organizational unit (OU) with the required delegated permissions, along with a service account that will be used throughout the deployment.

#on domain controller

Install-Module AsHciADArtifactsPreCreationTool -Repository PSGallery -Force
$ou = "OU=AzureLocal,OU=Servers,OU=azurelocalbox,DC=azurelocalbox,DC=local"
$password = ConvertTo-SecureString '<password>' -AsPlainText -Force
$user = "lcmuser"
$credential = New-Object System.Management.Automation.PSCredential ($user, $password)

New-HciAdObjectsPreCreation -AzureStackLCMUserCredential $credential -AsHciOUName $ou

#on domain controller

Install-Module AsHciADArtifactsPreCreationTool -Repository PSGallery -Force
$ou = "OU=AzureLocal,OU=Servers,OU=azurelocalbox,DC=azurelocalbox,DC=local"
$password = ConvertTo-SecureString '<password>' -AsPlainText -Force
$user = "lcmuser"
$credential = New-Object System.Management.Automation.PSCredential ($user, $password)

New-HciAdObjectsPreCreation -AzureStackLCMUserCredential $credential -AsHciOUName $ou

Time to go to action

With all preparations complete, it’s finally time to begin the installation. I’ll cover that process in the next post. Throughout this series, I’ll be using this environment to explore various features, run different scenarios, and gain a deeper understanding of how Azure Local operates in practice.

Azure Local | HomeLab setup – Part II