This article has not been completed yet. However, it may already contain  helpful Information and therefore it has been published at this stage.

1)

# servicePrincipalTenantId
(Get-AzContext).Tenant.Id

2)

3)

4)

# Download the installation package
Invoke-WebRequest -Uri "https://aka.ms/azcmagent-windows" -TimeoutSec 30 -OutFile "$env:TEMP\install_windows_azcmagent.ps1"

# Install the hybrid agent
& "$env:TEMP\install_windows_azcmagent.ps1"
if($LASTEXITCODE -ne 0) {
    throw "Failed to install the hybrid agent"
}

# Run connect command
& "$env:ProgramW6432\AzureConnectedMachineAgent\azcmagent.exe" connect --resource-group "<RG>" --tenant-id "<Tenant-ID>" --location "westeurope" --subscription-id "<Subscription-ID>" --cloud "AzureCloud" --correlation-id "<Correlation-ID>"

if($LastExitCode -eq 0){Write-Host -ForegroundColor yellow "To view your onboarded server(s), navigate to https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.HybridCompute%2Fmachines"}

5)

param ($servicePrincipalAppId, $servicePrincipalTenantId, $servicePrincipalSecret)

# These settings will be replaced by the portal when the script is generated
$subId = "<Subscription-ID>"
$resourceGroup = "<RG>"
$location = "westeurope"
$proxy=""
$resourceTags= @{}
$arcMachineName = [Environment]::MachineName

# These optional variables can be replaced with valid service principal details
# if you would like to use this script for a registration at scale scenario, i.e. run it on multiple machines remotely
# For more information, see https://docs.microsoft.com/sql/sql-server/azure-arc/connect-at-scale
#
# For security purposes, passwords should be stored in encrypted files as secure strings
#
#$servicePrincipalAppId = '<SPA-ID>'
#$servicePrincipalTenantId = '<SPT-ID>'
#$servicePrincipalSecret = '<SPS>'
........

https://it-infrastructure.solutions/how-to-set-up-a/

The Managed Service Account (MSA) should have the following rights:

  • Member of the local Administrators group on all servers in the environment
  • SysAdmin role on all Microsoft SQL Servers in the environment.
# Configuration Script
# FQDN = Fully Qualified Domain Name

[CmdletBinding()]
Param(
	[Parameter(Mandatory=$false)]
	[string]$ManagedServiceAccountName
)
if ($ManagedServiceAccountName)
{
	Add-SQLAssessmentTask -SQLServerName "<FQDN>" -WorkingDirectory "C:\sql_assessment\work_dir" -RunWithManagedServiceAccount $True -ScheduledTaskUsername $ManagedServiceAccountName -ScheduledTaskPassword (new-object System.Security.SecureString)
}
else
{
	Add-SQLAssessmentTask -SQLServerName "<FQDN>" -WorkingDirectory "C:\sql_assessment\work_dir" 
}

Sources:

Create an Azure AD app and service principal in the portal - Microsoft identity platform
Create a new Azure Active Directory app and service principal to manage access to resources with role-based access control in Azure Resource Manager.
Connect SQL Servers on Azure Arc-enabled servers at scale
In this article, you learn different ways of connecting SQL Server instances to Azure Arc at scale.
Granting “Logon as a batch job” | Brooksnet
If you have a Windows service that accesses shared resources, such as shared drives and shared printers, you need to launch a process as a user with “Logon as batch” enabled.

https://docs.microsoft.com/en-us/services-hub/health/getting-started-sql

https://docs.microsoft.com/en-us/services-hub/health/assessment_prereq_docs/prereqssqlassessment.pdf