Nerdio Manager Installation Preparation Steps

You should review all the following Nerdio Manager installation preparation steps before you start the installation.

Step 1: Check the App Service Plan quotas

Nerdio Manager uses specific App Service SKUs. Therefore, you must check your quotas before installation.

To check your quotas:

1. In the Azure portal, open the “App Service plan quota” for the subscription and region you are using.

2. Confirm there is quota for the following:

   • General App Service plan VMs (overall limit).

   • B3 SKU (used for the main Nerdio Manager application).

3. If you do not have enough quota, log a support ticket with Microsoft to increase it in the target subscription and region and notify Nerdio.

4. You need capacity for:

   • 3 × B3 instances (main Nerdio Manager app, Intune Insights (optional), Realtime Insights (optional)).

   • 1 × P0v3 instance (Cost Attribution (optional)).

Step 2: Run the pre-flight checks

Nerdio Manager’s pre-flight script checks that the appropriate permissions and quota exist. It verifies the ability to create resources that may be blocked by policy, including a Log Analytics Workspace, Storage Account, SQL Server, SQL Database, App Service Plan, Automation Account, and Key Vault. In addition, it lists the state of the required Resource Providers and roles assigned to the target resource group for the user account used to run the script.

To run the pre-flight checks:

1. Open the pre-flight script repository: https://github.com/Get-Nerdio/NME-SE/tree/main/preflight

2. Review the repository to see that it contains the following:

   • A PowerShell pre-flight check script (run this in the target subscription).

   • A Kusto query for Microsoft Graph to highlight any policies with a Deny action that may block installation.

3. Follow the guidance in the repository to:

   • Run the pre-flight script in the subscription where you plan to deploy Nerdio Manager.

   • Additional information and a walk through about the pre-flight script can be found here: https://www.youtube.com/watch?v=TYN0GOUNcGw

   • Run the Kusto query and review any policies it flags, then adjust or exclude those policies as needed before installation. https://github.com/Get-Nerdio/NME-SE/tree/main/preflight#kusto-query

Architecture and permissions

This helps your team understand what Nerdio will deploy and which permissions are needed.

• To perform the install, sign in to the Azure portal with:

  • Entra ID role: Global Administrator (or Privileged Role Administrator + Cloud Application Administrator).

  • Azure role: Owner on the subscription where you install Nerdio Manager.

  • The resources that are deployed in the Azure subscription are:

    • Automation account

    • SQL Server + SQL Database

    • Key Vault

    • App Service + App Service Plan

    • Application Insights

    • DPS storage account for encryption keys (Nerdio Manager v5.5 and later)

• Hardened installs have an additional requirement to create a new VNet

• Architecture diagrams and overview. See Nerdio Manager for Enterprise reference architecture for details.

• Required permissions for install, configuration, and ongoing use. See Azure Permissions and Nerdio Manager for details.

Required Network and Internet access

Nerdio Manager and your AVD session hosts must be able to reach certain Microsoft and Azure endpoints.

• For AVD session hosts, confirm outbound internet access matches. See Required outbound internet access from AVD session host VMs for details.

• For the Nerdio Manager App Service, confirm required external endpoints are reachable, and configured correctly if you use VNet integration or firewalls. See VNet integration firewall requirements for details.

Next Step

Nerdio Manager Installation Guide