This article has not been completed yet. However, it may already contain  helpful Information and therefore it has been published at this stage.


# servicePrincipalTenantId




# Download the installation package
Invoke-WebRequest -Uri "" -TimeoutSec 30 -OutFile "$env:TEMP\install_windows_azcmagent.ps1"

# Install the hybrid agent
& "$env:TEMP\install_windows_azcmagent.ps1"
if($LASTEXITCODE -ne 0) {
    throw "Failed to install the hybrid agent"

# Run connect command
& "$env:ProgramW6432\AzureConnectedMachineAgent\azcmagent.exe" connect --resource-group "<RG>" --tenant-id "<Tenant-ID>" --location "westeurope" --subscription-id "<Subscription-ID>" --cloud "AzureCloud" --correlation-id "<Correlation-ID>"

if($LastExitCode -eq 0){Write-Host -ForegroundColor yellow "To view your onboarded server(s), navigate to"}

If more than one machine needs to be onboarded to Azure, this can of course be done via script as well. The required steps for this are described here.


param ($servicePrincipalAppId, $servicePrincipalTenantId, $servicePrincipalSecret)

# These settings will be replaced by the portal when the script is generated
$subId = "<Subscription-ID>"
$resourceGroup = "<RG>"
$location = "westeurope"
$resourceTags= @{}
$arcMachineName = [Environment]::MachineName

# These optional variables can be replaced with valid service principal details
# if you would like to use this script for a registration at scale scenario, i.e. run it on multiple machines remotely
# For more information, see
# For security purposes, passwords should be stored in encrypted files as secure strings
#$servicePrincipalAppId = '<SPA-ID>'
#$servicePrincipalTenantId = '<SPT-ID>'
#$servicePrincipalSecret = '<SPS>'

The Managed Service Account (MSA) should have the following rights:

  • Member of the local Administrators group on all servers in the environment
  • SysAdmin role on all Microsoft SQL Servers in the environment.
# Configuration Script
# FQDN = Fully Qualified Domain Name

if ($ManagedServiceAccountName)
	Add-SQLAssessmentTask -SQLServerName "<FQDN>" -WorkingDirectory "C:\sql_assessment\work_dir" -RunWithManagedServiceAccount $True -ScheduledTaskUsername $ManagedServiceAccountName -ScheduledTaskPassword (new-object System.Security.SecureString)
	Add-SQLAssessmentTask -SQLServerName "<FQDN>" -WorkingDirectory "C:\sql_assessment\work_dir" 


Create an Azure AD app and service principal in the portal - Microsoft identity platform
Create a new Azure Active Directory app and service principal to manage access to resources with role-based access control in Azure Resource Manager.
Connect SQL Servers on Azure Arc-enabled servers at scale
In this article, you learn different ways of connecting SQL Server instances to Azure Arc at scale.
Granting “Logon as a batch job” | Brooksnet
If you have a Windows service that accesses shared resources, such as shared drives and shared printers, you need to launch a process as a user with “Logon as batch” enabled.