Azure VPS setup notes » History » Revision 56
Revision 55 (Jon Goldberg, 11/10/2025 09:13 PM) → Revision 56/60 (Jon Goldberg, 11/10/2025 09:13 PM)
{{last_updated_at}} by {{last_updated_by}}
# Microsoft Azure - Setup
## For the Client
Hi there! If I've directed you to this page, the part that concerns you are the first three sections only. It's a bit convoluted, so feel free to ask me if you run into trouble! -Jon
[**NOTE**: Most of Microsoft's pages break with an ad blocker enabled.]
### Get a Sponsorship
* [Go to the Nonprofit Microsoft Getting Started page](https://nonprofit.microsoft.com/en-us/getting-started). Fill out the paperwork to be approved as a 501c3. Approval can take 1 day or 3-4 weeks - I've seen both multiple times.
* Once approved, go to https://www.microsoft.com/en-us/nonprofits/azure to claim credits (or go directly to [Claiming Your Credits](https://nonprofit.microsoft.com/en-us/offers/azure).
* You'll know you're successful because you'll see a sponsorship listed on the [Sponsorship Page](https://www.microsoftazuresponsorships.com/Balance).
### Create a Subscription
* Check that you have credits in your sponsored account: https://www.microsoftazuresponsorships.com/Balance
* Visit the [Azure Portal](https://portal.azure.com).
* Click the **Subscriptions** icon.
* Click the **Add** button.
* Add a subscription of type "Microsoft Azure Sponsorship" from the Azure portal. You will likely need to select **Show other subscription types** to see it.
* **Note**: Even sponsored subscriptions require a credit card, make sure you have one available.
### Grant access to other users
Microsoft is now enforcing two-factor authentication, so you need to create a separate user for me as your web vendor.
**October 2025**
Starting in October, you must do these additional steps. If not, please start at the "Start Here" below.
* Using the search bar at the top, search for **Microsoft Entra ID**.
* Click **Manage**, then **Users** in the left-hand menu.
* On the toolbar near the top of the page, select **New User » Invite External User**.
* Add my email (jon@megaphonetech.com) and display name.
* Click **Review and Invite** at the bottom left of the page.
[Source](https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/add-change-subscription-administrator) for instructions
[START HERE if it's not October yet]
* Open the new subscription by clicking on it from the **Subscriptions** page.
* Click **Access Control (IAM)** in the left navigation bar.
* At the top, press **Add » Add role assignment**.
* On the *Role* tab, go to the **Privileged administrator roles** subtab.
* Click **Owner** and press **Next**.
* On the *Members* tab, set *Assign Access* to **User, group, or service principal**, and click **Select Members**.
* In the *Search by name or email address* box, put the email of the new user and press **Select**. Press **Next**.
* On the *Conditions* tab, select **Allow user to assign all roles except privileged administrator roles Owner, UAA, RBAC (Recommended)**.
* Click **Review and Assign**, then click **Review and Assign** again.
At this point, they'll receive an email to either log in with an existing Microsoft account or to create a new one.
### On Renewals
You will need to renew every year. Instructions for this are incomplete - but you should go to your [Azure portal](https://portal.azure.com) and click the **Subscriptions** button (see screenshot 1 below). Find the subscription ID (screenshot 2) - it's a string of numbers and letters. Then go to https://www.microsoftazuresponsorships.com/Balance and assign your new credits to the existing subscription.
If you did not do this in time, you should be able to open a support ticket with Microsoft to request a refund.
**Screenshot 1**
**Screenshot 2**
## Technical Configuration
To set up a free account, you must:
* Get a Sponsorship (see above)
* Create a Subscription linked to the Sponsorship (see above)
* (Strongly recommended) Grant access to the subscription to other users.
* Create a Resource Group linked to the Subscription
* Create a Virtual Machine (and associated resources) linked to the Resource Group
### Create a resource group
* Select "Resource Groups" from the main Azure portal (left sidebar).
* Select **Create** and give it a name.
* Your subscription should be pre-selected since you only have the one.
* Click **Review and Create**, then **Create**.
### Create a virtual machine
* Click on your new resource group in the Azure Portal.
* Click **Create**.
* Search for the name of the image you want (e.g. `Debian 13 "Trixie`).
* If you picked an image that shows an hourly cost, it's the wrong one.
* See the screenshots below for configuration of the "Basics" and "Disk" tabs. The other tabs I keep with the defaults. My standard VPS type is now `D2ps_v6`.
* "D2" is general-purpose VM, we always select this. "a" is AMD-series (old preference), "p" is ARM64, "d" is temp disk included (we don't need this), "s" supports premium SSD disks. v6 is the latest gen, always use the latest gen.
### Post-provisioning configuration
#### Get serial console working
Serial console is necessary for single-user mode, and troubleshooting if SSH fails.
* Go to **Boot Diagnostics** in the VM's left nav.
* Click **Settings** at the top.
* Select **Enable with managed storage account**.
* Save.
Now Serial Console will work.
#### Mount the attached disk
From within *Serial Console*:
```shell
DISK=/dev/sdb
# Go to single-user mode
init 1
# Ensure that no files are open in /var.
# This should come back empty. (Note that recently it hasn't been but seems to work anyway).
lsof | grep /var
# pkill anything that's running, e.g. `pkill hv_kvp_daemon`. It's OK if `systemd-journal` has files open.
mount ${DISK}1 /mnt
rsync -va /var/* /mnt
mv /var /var.old
umount /mnt
mkdir /var
mount ${DISK}1 /var
# Get the UUID of the drive for fstab
# Look for the partition you just created
blkid
vi /etc/fstab
```
Add the following line to `/etc/fstab`, subbing in *your* UUID:
```
UUID=13523269-c397-46a4-93b5-cb9f108489da /var ext4 defaults 0 1
```
You can reboot now to see that everything looks good. Note that due to a bug in `cloud-init`, there's a 2-minute delay on every reboot in Debian 11 (fixed in Debian 12, will presumably be backported at some point).
#### Modify Firewall Rules
* Click on your new virtual machine in the Azure portal.
* Click **Networking** in the side navigation.
* You should see your firewall settings. They should look like the screenshot below, except they'll be missing the two items circled.
* Add the "allow_ping" and "Port_5665" rules to the *Inbound Port Rules* as shown in the screenshot.
.png)
#### Add a swapfile
[Complete instructions are here](https://support.microsoft.com/en-us/help/4010058/how-to-add-a-swap-file-in-linux-azure-virtual-machines) but in short, add this to `/etc/waagent.conf` for an 8GB swapfile:
```
ResourceDisk.Format=y
ResourceDisk.EnableSwap=y
ResourceDisk.SwapSizeMB=8192
```
Then run `service walinuxagent restart`.
## Post-deployment management
### Adding a new disk
Add a disk by going to the virtual machine and clicking "Disk", not by "Add Resource". Then used the `parted` and `mkfs` commands from above. Don't forget to modify `/etc/fstab`!