How to work with Jumpstart ArcBox for IT Pros

Why use Jumpstart ArcBox for IT Pros?

One of the standout benefits of Jumpstart ArcBox is the ability to gain experience with complex enterprise technologies without needing to provision or configure the underlying infrastructure from scratch. IT professionals can explore key capabilities, such as Azure Arc-enabled servers, policy enforcement and Azure Monitor integration. This arrangement eliminates the barriers typically associated with setting up hybrid environments, such as hardware dependencies, security configurations and networking complexities, allowing learners to focus on mastering the tools and workflows that matter most in real-world deployments.

Jumpstart ArcBox also serves as a valuable training and enablement resource for organizations and IT teams. Whether onboarding new team members, conducting internal workshops or evaluating Azure Arc capabilities before production rollout, Jumpstart ArcBox provides a consistent, replicable learning experience. It bridges the skills gap by accelerating familiarity with hybrid management tools and gives IT pros the confidence to support evolving infrastructure strategies that blend on-premises systems with the flexibility of the cloud.

In addition to Jumpstart ArcBox for IT Pros, Microsoft also offers other tailored sandbox deployments: a full ArcBox deployment for a complete hybrid cloud experience, ArcBox for DevOps designed for DevOps engineers and ArcBox for DataOps for data professionals.

How to deploy Jumpstart ArcBox for IT Pros

Microsoft designed Jumpstart ArcBox to be self-sufficient. If you've ever set up a lab environment for Arc before, chances are that you've had to make use of physical hardware. Jumpstart ArcBox for IT Pros uses nested virtualization: Hyper-V VMs that run inside the Azure VM are the "on-premises" systems registered as Arc-enabled servers. All you need is an Azure subscription to provision the entire lab environment.

Before you start, there are a few prerequisites to check:

1. While you don't need hardware to run the lab, you need a system to trigger the deployment and access the lab environment. Anything capable of running a terminal and a browser should be fine. There are no OS requirements.
2. Install the latest version of Azure CLI, which is cross-platform, so you can install it on Windows, Linux -- including Windows Subsystem for Linux (WSL) -- and macOS.
3. Check that you can deploy to one of the supported Azure regions. Not every region supports all the features needed to run Jumpstart ArcBox, so check the online documentation and ensure you can access one of the supported datacenters.
4. Check the vCPU quota for the desired region. Jumpstart ArcBox for IT Pros uses eight DSv5 vCPUs, so ensure you have sufficient capacity. You can request a quota increase for the specific region, which usually only takes a few minutes to fulfill.
5. Using the az provider register command, you'll need to register the following Resource Providers in your Azure subscription:

1. 1. 1. Microsoft.Compute
      2. Microsoft.HybridCompute
      3. Microsoft.GuestConfiguration
      4. Microsoft.AzureArcData
      5. Microsoft.OperationsManagement
      6. Microsoft.Insights
      7. Microsoft.HybridConnectivity

To deploy Jumpstart ArcBox for IT Pros, there are a couple of approaches, and both of them start from the official documentation page:

1. Navigate to Deployment Option 1: Azure portal and click the Deploy to Azure button to start a deployment using the ARM templates for ArcBox, which are stored in the relevant GitHub repository. Because the repository is public, all templates and parameter files are referenced via URLs to allow a complete deployment. You only need to provide values for the required parameters that can't be automatically populated, such as the tenant ID and a password for the local Windows administrator. The system automatically populates other parameters with default values from the parameters file, but they can be customized. For example, you can modify the automatic shutdown time, specify an email recipient for the shutdown notifications or and whether or not to make use of Azure Spot Pricing. Once you've made the necessary edits, select Review and create, confirm the details and the deployment is submitted.
2. The second option is to pull down the GitHub repository and deploy from a local workstation. In the official documentation, scroll down to Deployment Option 2: Bicep deployment, and you'll see the git command to clone down the repository. The files you're looking for are contained in the ./azure_arc/azure_jumpstart_ArcBox/bicep folder. The main file to edit is the main.bicepparam file -- this is the parameters file which passes values to the main.bicep deployment template. As with the portal-based deployment, the main values you need to provide are for the tenantID and windowsAdminPassword parameters, but you can add additional parameters to the file to overwrite the default values in the main template. Just keep the syntax consistent, for example param autoShutdownTime = '1200'. The online documentation lists the available parameters you can adjust, or you can look inside the main.bicep file at the different configured parameters. Once done, you have a few options for deployment:

1. Start by creating a new Azure Resource Group in the region to deploy ArcBox. For example, az group create --name "ArcBox-rg" --location "eastus"
2. Deploy using Azure CLI with the following command: az deployment group create -g "ArcBox-rg" -f "main.bicep" -p "main.bicepparam"
3. Deploy using Azure PowerShell with the following command: New-AzResourceGroupDeployment -Name ArcBox -ResourceGroupName "ArcBox-rg" -TemplateFile "./main.bicep" -TemplateParameterFile "./main.bicepparam"
4. Deploy directly from a supported application, such as VSCode. To do this, ensure you have the relevant Azure and Bicep extensions installed, then right-click the main.bicepparam file and select Show Deployment Pane. This gives a step-by-step UI for submitting the deployment to Azure and tracking it to completion.

The first deployment option via the Azure portal gets you up and running faster, but if you think you'll run the deployment multiple times, then the second option is preferred. The portal-based deployment option doesn't store any of the parameter values, so you'll have to re-enter them each time. Using a local copy of the GitHub repository means that your parameter values are saved, so you don't need to provide them for each deployment. Just be careful to avoid committing sensitive data to the parameters file and then committing it to an online repository. You won't have access to push to the original Microsoft repository, so you can't do that accidentally, but it's still worth being careful.

Post-deployment configuration and access for ArcBox lab

Once the template deployment is complete, go to the Azure portal and navigate to the Azure Resource Group that you specified for the ArcBox deployment. You'll see a list of various resources, but nothing specifically related to Azure Arc, because there's a fully automated post-deployment process running on the ArcBox-Client VM. This was triggered by an Azure VM script extension, which runs the ./azure_arc/azure_jumpstart_ArcBox/artifacts/Bootstrap.ps1 script. This, in turn, executes additional configuration scripts depending on the type of ArcBox provisioned.

Connect to the ArcBox-Client VM to see the ongoing configuration process. By default, there's no inbound connectivity, so we need to open a port in the ArcBox-NSG Network Security Group. Go to the NSG resource, navigate to Settings>Inbound security rules and select Add. Choose the following configuration options:

• Source>My IP Address
• Service>RDP

Leave all the other settings as the default. Select Add to create the new rule, which opens TCP port 3389 to the target VM, but only from the detected public IP address. If the IP address changes in the future or you want to connect from a different location, you'll need to update the rule with the new IP address. You can also turn off the rule when you're not planning to connect to the VM by changing the action from Allow to Deny. If you're uncomfortable with opening the RDP port, a deployment option includes an Azure Bastion instance that gives a connection to the VM via a hosted jumphost. However, this is an always-on service, so Azure Bastion will keep incurring running costs even if the VM is turned off.

Once done, navigate to the ArcBox-Client VM and select Connect. Download the RDP file, and you can connect to the VM via any application that supports Remote Desktop Protocol. The username and password are whatever you specified in the deployment. Once connected, you should see a PowerShell window that is running several predetermined configuration scripts to set the VM up to host multiple VMs acting as your pseudo on-premises lab. These are the systems that will be automatically registered with Azure Arc. This post-deployment process can take up to 45 minutes to complete, and the VM will log you out at least once.

If you turn the VM off or set it to auto-shutdown, then the VM will likely have a different public IP address when it is restarted. You'll need to retrieve this when reconnecting.

Once complete, the desktop wallpaper will change to the official JumpStart logo, and there'll be a BgInfo box in the corner showing you how many functional tests were executed, how many passed and how many failed. Open Hyper-V Manager and you'll see five VMs: two Windows, two Linux and one SQL. Lastly, go back to the resource group in the Azure portal and refresh to see the new resources -- these are the newly deployed VMs now registered with Azure Arc. Your JumpStart lab is complete.

How to interact with Jumpstart ArcBox for IT Pros

You can interact with the Jumpstart ArcBox for IT Pros lab environment from any system, but the ArcBox-Client VM is the best option. This dedicated VM includes:

• required binaries and necessary tools;
• System Managed Identity configuration to authenticate to Azure services; and
• required permissions to interact with Arc-enabled resources.

To work in the lab, use Azure CLI to remote to one of the Linux servers. From within the VM, start by opening up a terminal session, then:

1. Start typing Get-ChildItem env: to get a list of all the environment variables available to the PowerShell session. There are many custom ones which define the lab environment, such as mssqlmiName and resourceGroup, that help with passing values into administrative commands.
2. Type in az account show to demonstrate Azure CLI is already installed and authenticated to Azure using the VM's managed identity.
3. Enter the following PowerShell commands:

$serverName = "ArcBox-Ubuntu-01"
$localUser = "jumpstart"
az arc ssh --resource-group $env:resourceGroup --name $serverName --local-user $localUser

• 1. This uses the Azure CLI Arc module to connect to the Arc-enabled Linux server using SSH. The Arc management plane handles the connection. There is no need to configure any networking or firewalls to enable it.
  2. Try changing the $serverName variable to ArcBox-Ubuntu-02 and execute the same command as above. You will see that you're able to SSH directly into the system from the VM because the managed identity has the requisite permissions.

4. Connect to the Windows Server 2025 system via Azure Arc SSH using the following commands:

$serverName = "ArcBox-Win2K25"
$localUser = "Administrator"
az arc ssh --resource-group $env:resourceGroup --name $serverName --local-user $localUser
Password = "JS123!!"

1. 1. 1. 1. The commands connect you to a shell session on the Arc-enabled Windows Server 2025 VM. Type in pwsh to enter a PowerShell 7 -- formerly PowerShell Core -- session on the same remote system.
         2. Exit the SSH session back to the main VM. Enter the same command as above, but this time append --rdp to the end. This time you'll connect to the Server 2025 VM, but instead of tunnelling SSH through the Azure Arc backplane, you'll connect via RDP.

Get familiar with Azure Arc's operational features

Let's move on to look at some of the operational features that have been enabled in the ArcBox lab, starting with operational workbooks.

In the ArcBox-itpro resource group, you'll see two Azure Workbook resources. Open the Azure Arc-enabled resources inventory workbook to see a breakdown of the lab inventory, including the available and outstanding list of software updates pending across the lab.

Go back out and select the second workbook (OS Performance) -- this workbook takes it data from the lab Log Analytics Workspace, so you may need to select the workspace resource for the workbook to be populated.

This workbook gives you a rundown of the processor, memory and disk performance metrics for each server in the lab. While these are very similar to the performance metrics you'd expect to see from Azure VMs, this metrics data is ingested into Log Analytics via Azure Arc from systems that are effectively on-premises.

In the top right-hand corner of each component in the workbook, you'll see an Azure Logs icon to view the logs directly in the workspace which were used to populate the report component view. Within the logs view, if you click on User Query, you'll get the specific Kusto Query Language (KQL) query used to generate the results. This allows you to customize the queries, save them as custom queries and use them in different workbooks or administrative systems.

Circling back to update management, this data is available because each Arc-enabled system has been onboarded to Azure Update Manager. This centralized platform allows managing updates across the infrastructure in Azure and Arc-enabled servers.

Try the following steps to manage updates on an Arc-enabled server:

1. In the Azure portal, navigate to the ArcBox-itpro resource group and go into ArcBox-Ubuntu-02. This is the Arc resource created when the Hyper-VM was onboarded to Azure Arc.
2. Navigate to Operations>Updates for a list of available updates for this particular system, classified by type.
3. Select One-time update. There should be only one machine selected, although Azure Update Manager can update multiple systems at once.
4. Select Next, then choose Select by Update Classification. Uncheck Select All and select Security and critical updates, then click Save.
5. Proceed to Review and install, and then click Install. This triggers an update of the Arc-enabled VM, downloading and installing critical and security updates. The system will reboot if needed, and Azure Update Manager will refresh the status of the VM once the outstanding updates have been installed successfully.

The last thing we'll take a look at is the Arc-enabled SQL instance. In the ArcBox-itpro resource group, navigate to the ArcBox-SQL resource, which is the SQL server instance running on the Hyper-V lab VM. SQL Best Practices Assessment has been enabled for the lab and has been run on instance already, with the results stored in the lab's Log Analytics workspace.

Navigate to Settings>Best practices assessment and click on the completed assessment. You'll see a full list of all the issues detected on the SQL server and databases, categorized by severity and type. Drill down into any of the issues to see a rundown of the problem along with the URL to the associated help link to assist with research and to implement the correct remediation.

Best practices assessment doesn't allow you to execute remote remediation, which is probably a good thing given the importance of most SQL servers. As you work through the detected issues, each new assessment will show a reduction in the problem and recommendation count. If you're too impatient to wait for the next scheduled scan, hit Run assessment to trigger a manual scan. This functionality is available for any Arc-enabled SQL server, regardless of where it runs.

Explore these next steps with an ArcBox lab

When you finish exploring the Jumpstart ArcBox for IT Pros lab, delete the resource group, which removes all the lab-related resources.

Because the ArcBox lab is designed to be completely self-contained and easily deployed, it's a good candidate for building a self-service portal for your team. Creating a simple Microsoft Form tied to an Azure Logic App can trigger an automated ArcBox deployment for further testing and also exploring the other ArcBox offerings. You can also extend the standard ArcBox deployment by adding custom Hyper-V VMs running a range of OSes and applications, then register them with Azure Arc to explore technical scenarios closer to your own environment's ecosystem.

The official JumpStart ArcBox website features additional tutorials and labs to explore, so don't forget to check it out as you progress on your journey to learn more about Azure Arc.

James Bannan is a principal security consultant with more than 25 years of industry experience, specializing in Microsoft Azure architecture, security and automation. He is a published author and journalist, as well as a former Microsoft MVP and a current Microsoft Certified Trainer.