16/02/2026

GetToTheCloud

Azure Local | HomeLab setup

Alex ter Neuzen011 mins
AzureLocalHomeLab
Reading Time: 4 minutes

Azure Local is the latest name in the lineupโ€”though technically not new, as it was rebranded in 2024. Given the growing interest around it, I decided to explore the available deployment options with a focus on cost efficiency. My research shows that Azure Local can be hosted in three primary ways: on an Azure Jumpbox, through Hyperโ€‘V, or on lowโ€‘cost hardware.

Why would you start with Azure Local?

When getting started with Azure Local, it helps to define a clear objectiveโ€”your โ€œdot on the horizonโ€โ€”so you know what you want to achieve throughout the journey. Common use cases include:

  • Dev/Test environments
  • Hybrid cloud simulations
  • IoT and edge computing demos
  • Container orchestration practice

In my case, I wanted to understand what Azure Local actually offers. Specifically, I was curious about how hybrid cloud computing works in this context and what steps come after completing the initial setup.

The options

Azure Jumpstart

Fully in the cloud

  • Setup easy with a script
  • Everything you need in the cloud
  • High costs on your subscription

Hyper-V

Hybrid with an extra virtualization layer

  • Flexible for testing purposes
  • Not all resources available because host needs too
  • With a simple nuc already possible

Low-Cost hardware

Expensive but comes most to the reality

  • All resources available
  • For testing purpose a lot of reinstall because of Azure Cost
  • Most close to reality

My option to use is Hyper-V.

The NUC Iโ€™m using is a Minisforum MSโ€‘01 equipped with an Intel i5 processor, three NVMe SSDs, and 64 GB of memoryโ€”though memory prices have certainly become steep lately. I also have a VPN connection to my Azure tenant, which allows me to test private endpoints, networking scenarios, and, of course, Azure Virtual Desktop running on Azure Local.

Setup Hyper-V

I downloaded the latest version of Windows Server 2025 and installed it using the Desktop Experience option. While this configuration consumes roughly 5 GB of memory, it significantly simplifies dayโ€‘toโ€‘day management.

On a separate NUC, Iโ€™m already running a domain controller that synchronizes with an Azureโ€‘based domain controller. This replication occurs over the VPN connection, including cloud sync, ensuring the environment stays aligned across both onโ€‘premises and Azure.

I added a switch which is External so I have connection to the outside world.

Virtual Machine

Iโ€™ve provisioned a single virtual machine configured with 16 vCPUs, 55 GB of memory, and four virtual disks. One disk (127 GB) is dedicated to the operating system installation, while the remaining three disks (each 1 TB) are allocated for data, workloads, and future expansion.

Be sure to enable MAC address spoofing on the network adapter and turn on virtualization support for the virtual machine. These settings are required for nested virtualization and proper network functionality within the guest environment.

Prepare Tenant

Before you can deploy Azure Local in your tenant, a few preparatory steps are required. These include enabling the necessary resource providers, assigning the appropriate RBAC roles, and creating the required resource groups. Completing these prerequisites ensures that Azure Local can be provisioned and managed without interruption.

Connect-AzAccount -UseDeviceAuthentication

$subscriptionID = (Get-AzContext).Subscription.id
$location = "westeurope"

$resourceProviders = @(
    "Microsoft.HybridCompute"
    "Microsoft.GuestConfiguration"
    "Microsoft.Kubernetes"
    "Microsoft.KubernetesConfiguration"
    "Microsoft.ExtendedLocation"
    "Microsoft.AzureArcData"
    "Microsoft.OperationsManagement"
    "Microsoft.AzureStackHCI"
    "Microsoft.ResourceConnector"
    "Microsoft.OperationalInsights"
    "Microsoft.Compute"
    "Microsoft.DesktopVirtualization"
)

$RbacRoles = @(
    "Azure Stack HCI Administrator"
    "Key Vault Administrator"
    "Key Vault Contributor"
    "Key Vault Secrets Officer"
    "Storage Account Contributor"
)

Write-Host "Registering Azure providers..."
ForEach ($provider in $resourceProviders) {
    # check if already registered
    $reg = Get-AzResourceProvider -ProviderNamespace $provider
    if ($reg.RegistrationState -eq "Registered") {
        Write-Host "$provider is already registered."
        continue
    }
    Write-Host "Registering $provider... $provider"
    Register-AzResourceProvider -ProviderNamespace $provider
}

# Create resource groups
$resourceGroups = @(
    "azl-we-rsg-lz-azlocal-01"
)

Try {
    ForEach ($resourceGroup in $resourceGroups) {
        if (-not (Get-AzResourceGroup -Name $resourceGroup -ErrorAction SilentlyContinue)) {
            $create = New-AzResourceGroup -Name $resourceGroup -Location $location
            Write-Host "Resource group '$resourceGroup' created."
        }
        else {
            Write-Host "Resource group '$resourceGroup' already exists."
        }
    }
}
Catch {
    Write-Host "Error creating resource groups: $_"
}

# RBAC Permissions to logged in user
$CurrentUser = (Get-AzContext).Account.Id
ForEach ($role in $RbacRoles) {
    $roleAssignment = Get-AzRoleAssignment -ObjectId $CurrentUser -RoleDefinitionName $role -ErrorAction SilentlyContinue
    if (-not $roleAssignment) {
        if ($role -eq "Azure Stack HCI Administrator") {
            $scope = "/subscriptions/$subscriptionID"
        }   
        else {
            $scope = "/subscriptions/$subscriptionID/resourceGroups/$($resourceGroups[0])"
        }
        $assign = New-AzRoleAssignment -ObjectId $CurrentUser -RoleDefinitionName $role -Scope $scope -ErrorAction SilentlyContinue
    }
}
else {
    Write-Host "User '$CurrentUser' already has role '$role'."
}

Prepare Active Directory

After preparing the tenant, the next step is to configure your Active Directory environment. During this process, Azure Local will create an organizational unit (OU) with the required delegated permissions, along with a service account that will be used throughout the deployment.

#on domain controller

Install-Module AsHciADArtifactsPreCreationTool -Repository PSGallery -Force
$ou = "OU=AzureLocal,OU=Servers,OU=azurelocalbox,DC=azurelocalbox,DC=local"
$password = ConvertTo-SecureString '<password>' -AsPlainText -Force
$user = "lcmuser"
$credential = New-Object System.Management.Automation.PSCredential ($user, $password)

New-HciAdObjectsPreCreation -AzureStackLCMUserCredential $credential -AsHciOUName $ou

Time to go to action

With all preparations complete, itโ€™s finally time to begin the installation. Iโ€™ll cover that process in the next post. Throughout this series, Iโ€™ll be using this environment to explore various features, run different scenarios, and gain a deeper understanding of how Azure Local operates in practice.

Azure Local | HomeLab setup – Part II

Share and Enjoy !

Shares

Related News

Designer (23)

Stay close to the actionโ€”follow GetToThe.Cloud across social!
Deep dives and handsโ€‘on howโ€‘tos on Azure Local, hybrid cloud, automation, PowerShell/Bicep, AVD + FSLogix, image pipelines, monitoring, networking, and resilient design when the internet/Azure is down.

๐Ÿ”— Our channels
โ–ถ๏ธ YouTube: https://www.youtube.com/channel/UCa33PgGdXt-Dr4w3Ub9hrdQ
๐Ÿ’ผ LinkedIn Group: https://www.linkedin.com/groups/9181126/
โœ–๏ธ X (Twitter): https://x.com/Gettothecloud
๐ŸŽต TikTok: https://www.tiktok.com/@gettothecloud
๐Ÿ™ GitHub: https://github.com/GetToThe-Cloud/Website
๐Ÿ’ฌ Slack: DM us for an invite
๐Ÿ“ฒ WhatsApp: DM for the community link

Share

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners. View more
Cookies settings
Accept
Privacy & Cookie policy
Privacy & Cookies policy
Cookies list
Cookie name Active

Who we are

Our website address is: https://www.gettothe.cloud

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitorโ€™s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.
Save settings
Cookies settings