az stack-hci cluster list --resource-group <resource-group>Azure Local
Azure Local is Microsoft’s distributed infrastructure solution that extends Azure capabilities to customer-owned environments for local VMs, containers, and selected Azure services through Azure Arc.
Source: Microsoft Learn - What is Azure Local? Reviewed 2026-05-11
- Exam trap
- Running commands against the wrong subscription, tenant, workspace, cluster, or environment because context was not checked.
- Production check
- Can an operator show the current Azure Local configuration without using portal screenshots?
Article details and learning context
- Aliases
- Azure Stack HCI, Azure Local infrastructure, Arc-enabled local infrastructure
- Difficulty
- advanced
- CLI mappings
- 6
- Last verified
- 2026-05-11
Understand the concept
In plain English
Azure Local is Microsoft’s distributed infrastructure platform for running virtual machines, containers, and selected Azure services on customer-owned hardware. In plain English, it gives teams Azure-style management for workloads that must stay local because of latency, sovereignty, disconnection, factory, branch, or. You usually see it when organizations need Azure-consistent operations in datacenters, factories, hospitals, stores, or disconnected sites outside Azure regions. It still needs ownership, monitoring, and change control. The practical question is whether it lets operators deploy, inspect, govern, or troubleshoot the workload clearly.
Why it matters
Azure Local matters because it turns a broad platform capability into something teams can design, review, and operate. Without a clear understanding of it, teams often make weak assumptions about ownership, limits, dependencies, or failure behavior. Used well, it helps architects choose the right boundary, gives operators observable signals, and gives security and finance teams evidence they can review. The value is not the label alone; the value is the repeatable operating model around it. For Azure-consistent local infrastructure operations, that operating model reduces surprises during releases, audits, incidents, and scale events. That clarity keeps small design choices from becoming hidden production risks.
Official wording and source
Azure Local is Microsoft’s distributed infrastructure solution that extends Azure capabilities to customer-owned environments for local VMs, containers, and selected Azure services through Azure Arc. Microsoft Learn places it in What is Azure Local?; operators confirm scope, configuration, dependencies, and production impact.
Technical context
Technically, Azure Local is configured through cluster registration, Arc settings, custom locations, and VM resources. Operators verify it with stack-hci CLI output, Arc connection state, cluster health, and extension inventory. It integrates with Azure Arc, Azure Kubernetes Service, Azure Monitor, and Azure Policy. Key settings include cluster name, location, custom location, and Arc settings. Capture desired state, compare it to live Azure state, and keep evidence for releases, incidents, and audits. These details matter because control-plane mistakes can affect many resources quickly.
Exam context
Compare with
Where it is used
Where you see it
- You see Azure Local in Azure Local cluster pages, Arc settings, custom locations, VM inventories, hardware health, where engineers confirm the design matches current resource state.
- You see Azure Local in site operations runbooks where local operators confirm connectivity, updates, VM health, hardware, where operators connect evidence to ownership, recent changes, and incident response.
- You see Azure Local in architecture reviews covering data residency, edge latency, physical access, hardware lifecycle, Arc, where architects, security, operations, and finance teams keep one shared decision record.
Common situations
- Use Azure Local for Azure-consistent local infrastructure operations when the workload needs repeatable governance.
- Use it during production readiness reviews to confirm configuration, owners, and evidence.
- Use it in incident response when operators need a shared technical reference.
- Use it in automation when portal-only steps would create drift.
Illustrative Azure scenarios
These examples show how the concept can affect design and operations. They are illustrative scenarios, not customer claims.
Scenario 01 Factory edge modernization Scenario, objectives, solution, measured impact, and takeaway.
GraniteForge Automation, a industrial manufacturing organization, needed local compute for production-line control systems where cloud round trips were too slow for safety workflows.
- Keep control-loop response under 20 milliseconds.
- Manage local VMs through Azure tooling.
- Maintain operations during WAN disruption.
- Standardize updates across three plants.
Architects deployed Azure Local clusters in each plant with Arc registration, custom locations, local virtual machines, and Azure Monitor integration. Critical control applications ran locally, while management evidence flowed to Azure when connectivity was available. Update windows were scheduled around production shifts. Operators used stack-hci and stack-hci-vm CLI commands to confirm cluster state, Arc settings, extensions, and VM inventory. Disconnected-mode procedures documented who could operate workloads during WAN outages. The team also assigned named owners, saved acceptance evidence, and reviewed rollout notes with support staff responsible for factory edge modernization. A final readiness check compared design assumptions, operator permissions, monitoring signals, and rollback steps before the production milestone. After launch, the runbook kept Azure Local checks tied to the same business objective rather than letting the configuration drift silently.
- Control-loop response averaged 11 milliseconds locally.
- Plant VMs appeared in Azure-backed inventory views.
- WAN disruption drills kept line-control workloads running.
- Three plants adopted the same update runbook.
Azure Local brings Azure-style management to places where latency, physical operations, or disconnection require local infrastructure.
Scenario 02 Hospital sovereign workload platform Scenario, objectives, solution, measured impact, and takeaway.
Moorfield Health District, a healthcare organization, needed patient-facing workloads to remain on hospital-owned hardware while still using cloud governance and monitoring.
- Run regulated workloads inside hospital facilities.
- Use Azure Arc for governance visibility.
- Improve VM inventory accuracy.
- Create hardware replacement evidence for auditors.
The district deployed Azure Local on certified hardware in two hospital sites. Arc settings connected clusters to Azure, while local VMs hosted clinical integration services. Azure Policy and monitoring provided compliance visibility, and local operations staff followed documented procedures for hardware health checks. CLI evidence listed clusters, Arc settings, extensions, and local VMs before audit reviews. The architecture separated patient data residency requirements from control-plane observability so governance improved without moving the workload. The team also assigned named owners, saved acceptance evidence, and reviewed rollout notes with support staff responsible for hospital sovereign workload platform. A final readiness check compared design assumptions, operator permissions, monitoring signals, and rollback steps before the production milestone. After launch, the runbook kept Azure Local checks tied to the same business objective rather than letting the configuration drift silently.
- Regulated workloads stayed on hospital-owned hardware.
- Arc-backed governance reports covered both clusters.
- VM inventory accuracy improved from 71 percent to 96 percent.
- Auditors received hardware and extension evidence in one packet.
Azure Local is valuable when governance must improve but workload placement must stay local for compliance reasons.
Scenario 03 Remote retail store platform Scenario, objectives, solution, measured impact, and takeaway.
NorthTrail Mercantile, a retail organization, needed reliable store applications in locations with intermittent connectivity and limited local IT staff.
- Run point-of-sale support services locally.
- Reduce recovery time after WAN outages.
- Manage updates from central IT.
- Standardize VM images across 160 stores.
Central IT used Azure Local clusters in regional store hubs and managed them through Azure Arc. Store support VMs ran inventory sync, receipt processing, and local authentication helpers. Standard images and network definitions reduced configuration drift. CLI checks captured cluster health, VM inventory, storage paths, and extension status for weekly operations reviews. Runbooks explained how store staff should escalate hardware alarms and how central IT would defer updates during retail blackout periods. The team also assigned named owners, saved acceptance evidence, and reviewed rollout notes with support staff responsible for remote retail store platform. A final readiness check compared design assumptions, operator permissions, monitoring signals, and rollback steps before the production milestone. After launch, the runbook kept Azure Local checks tied to the same business objective rather than letting the configuration drift silently.
- Point-of-sale support services stayed available during WAN outages.
- Recovery time after connectivity loss dropped by 63 percent.
- Central IT managed updates from one process.
- Standard VM images reached all 160 store hubs.
Azure Local helps distributed businesses operate local workloads consistently when connectivity is not guaranteed.
Azure CLI
Use Azure CLI for Azure Local when you need repeatable inventory, governed changes, deployment checks, migration evidence, or incident proof. CLI output makes scope, identity, configuration, and timing explicit, which is better than relying on screenshots or memory during reviews.
Useful for
- Inventory Azure Local configuration across subscriptions, projects, tenants, or resource groups before a design review.
- Capture repeatable evidence for incidents, audits, migrations, and release readiness checks.
- Create or update supported settings through reviewed scripts instead of manual portal-only changes.
- Compare expected state with actual state after deployment, rollback, migration, or platform upgrade work.
Before you run a command
- Confirm the active tenant, subscription, resource group, workspace, cluster, or project before running any command.
- Check whether the command is read-only, mutating, cost-impacting, security-impacting, or destructive.
- Use least-privilege identity and store sensitive output in approved locations only.
- Have rollback notes and owner contacts ready before changing production configuration.
What the output tells you
- The output identifies the current Azure Local resource, setting, relationship, or runtime state being inspected.
- IDs, regions, SKUs, tags, endpoints, identities, and scopes show whether deployment matches the design.
- Empty or missing fields often reveal an incomplete configuration, wrong scope, unsupported feature, or stale deployment.
- Metric and state values help separate Azure configuration issues from application behavior problems.
Mapped commands
Azure Local operations
directaz stack-hci cluster show --resource-group <resource-group> --name <cluster>az stack-hci arc-setting list --resource-group <resource-group> --cluster-name <cluster>az stack-hci extension list --resource-group <resource-group> --cluster-name <cluster> --arc-setting-name <arc-setting>az stack-hci-vm list --resource-group <resource-group>az stack-hci-vm show --resource-group <resource-group> --name <vm>Architecture context
Technically, Azure Local is configured through cluster registration, Arc settings, custom locations, and VM resources. Operators verify it with stack-hci CLI output, Arc connection state, cluster health, and extension inventory. It integrates with Azure Arc, Azure Kubernetes Service, Azure Monitor, and Azure Policy. Key settings include cluster name, location, custom location, and Arc settings. Capture desired state, compare it to live Azure state, and keep evidence for releases, incidents, and audits. These details matter because control-plane mistakes can affect many resources quickly.
- Security
- Security for Azure Local starts with knowing who can configure it, who can use it, and what data or access path it can influence. The main risk is treating local infrastructure like regular cloud capacity, missing hardware health, weak Arc connectivity, unmanaged local admin access, or unclear disconnection runbooks. Review RBAC assignments, managed identities, keys or credentials, network exposure, diagnostic logs, and any linked resources before production use. Prefer least privilege, private connectivity where appropriate, audited changes, and secret storage outside application code. Also confirm that support teams can prove the current configuration during an incident without relying on screenshots or memory. Document the approved evidence before the first high-risk change and review it during access recertification.
- Cost
- Cost impact for Azure Local comes from hardware procurement, support contracts, local power and space, Azure service charges, underused edge capacity, update effort, and duplicated environments across sites. The common waste pattern is enabling the capability for a pilot, then leaving resources, replicas, logs, or supporting infrastructure running after the original need changes. Estimate costs before rollout, tag resources to a clear owner, and compare steady-state usage with the design assumption. During reviews, look for unused resources, overbuilt tiers, avoidable data movement, and duplicated environments. Cost control works best when finance data is tied back to operational intent. Tie each optimization to an owner, forecast, and retirement date.
- Reliability
- Reliability depends on whether Azure Local is designed for the workload’s real failure modes. Focus on cluster health, hardware redundancy, Arc connectivity, local network dependencies, update sequencing, VM recovery, storage resiliency, and disconnected operating procedures. A reliable design documents what should happen during scale-out, regional disruption, credential failure, deployment rollback, and operator error. Monitoring should show both the Azure resource state and the application symptoms users actually feel. Test the runbook before an outage, capture evidence from CLI or portal checks, and decide which failures require manual intervention versus automated recovery. Include dependency maps and health signals so responders know whether the platform or application failed during triage.
- Performance
- Performance depends on how Azure Local affects latency, throughput, deployment speed, or operator decision time. Focus on local latency, storage path performance, network throughput, hardware sizing, VM placement, edge application response time, and control-plane delays during disconnection. Do not assume the default setting is fast enough for production or that a faster tier fixes design problems. Measure before and after important changes, watch for throttling or slow control-plane calls, and test with realistic scale. Performance evidence should include user-facing symptoms, resource metrics, and configuration details so the team can distinguish service limits from application defects. Include baseline measurements so later tuning work has a defensible comparison point for teams.
- Operations
- Operationally, Azure Local should appear in runbooks, dashboards, release gates, and ownership records. Focus on site ownership, hardware lifecycle, Arc agent state, update governance, local VM inventory, support contracts, physical access procedures, and Azure control-plane evidence. The team should know which commands are safe for inventory, which changes are mutating, and which outputs prove compliance or readiness. Keep naming, tags, environments, and documentation consistent so support engineers can find the right resource quickly. Review the configuration after major releases, incident retrospectives, platform upgrades, and cost reviews rather than treating it as a one-time setup. Assign a named owner, keep an escalation path, and review stale automation before quarterly platform reviews.
Common mistakes
- Running commands against the wrong subscription, tenant, workspace, cluster, or environment because context was not checked.
- Treating a successful create command as proof that security, monitoring, and operations are complete.
- Copying examples into production without adjusting regions, names, identities, SKUs, and network rules.
- Ignoring service-specific limits, preview behavior, retirement status, or required extensions before automation rollout.