Rediger

Del via


Create a Batch account in the Azure portal

This article shows how to use the Azure portal to create an Azure Batch account that has account properties to fit your compute scenario. You see how to view account properties like access keys and account URLs. You also learn how to configure and create user subscription mode Batch accounts.

For background information about Batch accounts and scenarios, see Batch service workflow and resources.

Create a Batch account

When you create a Batch account, you can choose between user subscription and Batch service pool allocation modes. For most cases, you should use the default Batch service pool allocation mode. In Batch service mode, compute and virtual machine (VM)-related resources for pools are allocated on Batch service managed Azure subscriptions.

In user subscription pool allocation mode, compute and VM-related resources for pools are created directly in the Batch account subscription when a pool is created. In scenarios where you create a Batch pool in a virtual network that you specify, certain networking related resources are created in the subscription of the virtual network.

To create a Batch account in user subscription pool allocation mode, you must also register your subscription with Azure Batch, and associate the account with Azure Key Vault. For more information about requirements for user subscription pool allocation mode, see Configure user subscription mode.

To create a Batch account in the default Batch service mode:

  1. Sign in to the Azure portal.

  2. In the Azure Search box, enter and then select batch accounts.

  3. On the Batch accounts page, select Create.

  4. On the New Batch account page, enter or select the following details.

    • Subscription: Select the subscription to use if not already selected.

    • Resource group: Select the resource group for the Batch account, or create a new one.

    • Account name: Enter a name for the Batch account. The name must be unique within the Azure region, can contain only lowercase characters or numbers, and must be 3-24 characters long.

      Note

      The Batch account name is part of its ID and can't be changed after creation.

    • Location: Select the Azure region for the Batch account if not already selected.

    • Storage account: Optionally, select Select a storage account to associate an Azure Storage account with the Batch account.

      Screenshot of the New Batch account screen.

      On the Choose storage account screen, select an existing storage account or select Create new to create a new one. A general-purpose v2 storage account is recommended for the best performance.

      Screenshot of the Create storage account screen.

  5. Optionally, select Next: Advanced or the Advanced tab to specify Identity type, Pool allocation mode, and Authentication mode. The default options work for most scenarios. To create the account in User subscription mode, see Configure user subscription mode.

  6. Optionally, select Next: Networking or the Networking tab to configure public network access for your Batch account.

    Screenshot of the networking options when creating a Batch account.

  7. Select Review + create, and when validation passes, select Create to create the Batch account.

View Batch account properties

Once the account is created, select Go to resource to access its settings and properties. Or search for and select batch accounts in the portal Search box, and select your account from the list on the Batch accounts page.

Screenshot of the Batch account page in the Azure portal.

On your Batch account page, you can access all account settings and properties from the left navigation menu.

  • When you develop an application by using the Batch APIs, you use an account URL and key to access your Batch resources. To view the Batch account access information, select Keys.

    Screenshot of Batch account keys in the Azure portal.

    Batch also supports Microsoft Entra authentication. User subscription mode Batch accounts must be accessed by using Microsoft Entra ID. For more information, see Authenticate Azure Batch services with Microsoft Entra ID.

  • To view the name and keys of the storage account associated with your Batch account, select Storage account.

  • To view the resource quotas that apply to the Batch account, select Quotas.

Configure user subscription mode

You must take several steps before you can create a Batch account in user subscription mode.

Important

To create a Batch account in user subscription mode, you must have Contributor or Owner role in the subscription.

You must accept the legal terms for the image before you use a subscription with a Batch account in user subscription mode. If you haven't done this action, you might get the error Allocation failed due to marketplace purchase eligibility when you try to allocate Batch nodes.

To accept the legal terms, run the commands Get-AzMarketplaceTerms and Set-AzMarketplaceTerms in PowerShell. Set the following parameters based on your Batch pool's configuration:

  • Publisher: The image's publisher
  • Product: The image offer
  • Name: The offer SKU

For example:

Get-AzMarketplaceTerms -Publisher 'microsoft-azure-batch' -Product 'ubuntu-server-container' -Name '20-04-lts' | Set-AzMarketplaceTerms -Accept

Important

If you've enabled Private Azure Marketplace, you must follow the steps in Add new collection to add a new collection to allow the selected image.

Allow Batch to access the subscription

When you create the first user subscription mode Batch account in an Azure subscription, you must register your subscription with Batch resource provider, and assign Azure Batch Service Orchestration Role to Microsoft Azure Batch service principal. You need to do this configuration only once per subscription.

Important

You need Owner permissions in the subscription to take this action.

  1. In the Azure portal, search for and select subscriptions.

  2. On the Subscriptions page, select the subscription you want to use for the Batch account.

  3. On the Subscription page, select Resource providers from the left navigation.

  4. On the Resource providers page, search for Microsoft.Batch. If Microsoft.Batch resource provider appears as NotRegistered, select it and then select Register at the top of the screen.

    Screenshot of the Resource providers page.

  5. Return to the Subscription page and select Access control (IAM) from the left navigation.

  6. At the top of the Access control (IAM) page, select Add > Add role assignment.

  7. On the Role tab, search for and select Azure Batch Service Orchestration Role, and then select Next.

  8. On the Members tab, select Select members. On the Select members screen, search for and select Microsoft Azure Batch, and then select Select.

  9. Select Review + assign to go to Review + assign tab, and select Review + create again to apply role assignment changes.

For detailed steps, see Assign Azure roles by using the Azure portal.

Create a key vault

User subscription mode requires Azure Key Vault. The key vault must be in the same subscription and region as the Batch account.

To create a new key vault:

  1. Search for and select key vaults from the Azure Search box, and then select Create on the Key vaults page.
  2. On the Create a key vault page, enter a name for the key vault, and choose an existing resource group or create a new one in the same region as your Batch account.
  3. On the Access configuration tab, select either Azure role-based access control or Vault access policy under Permission model, and under Resource access, check all 3 checkboxes for Azure Virtual Machine for deployment, Azure Resource Manager for template deployment and Azure Disk Encryption for volume encryption.
  4. Leave the remaining settings at default values, select Review + create, and then select Create.

Create a Batch account in user subscription mode

To create a Batch account in user subscription mode:

  1. Follow the preceding instructions to create a Batch account, but select User subscription for Pool allocation mode on the Advanced tab of the New Batch account page.
  2. You must then select Select a key vault to select an existing key vault or create a new one.
  3. After you select the key vault, select the checkbox next to I agree to grant Azure Batch access to this key vault.
  4. Select Review + create, and then select Create to create the Batch account.

Create a Batch account with designated authentication mode

To create a Batch account with authentication mode settings:

  1. Follow the preceding instructions to create a Batch account, but select Batch Service for Authentication mode on the Advanced tab of the New Batch account page.

  2. You must then select Authentication mode to define which authentication mode that a Batch account can use by authentication mode property key.

  3. You can select either of the 3 "Microsoft Entra ID, Shared Key, Task Authentication Token authentication mode for the Batch account to support or leave the settings at default values.

    Screenshot of the Authentication Mode options when creating a Batch account.

  4. Leave the remaining settings at default values, select Review + create, and then select Create.

Tip

For enhanced security, it is advised to confine the authentication mode of the Batch account solely to Microsoft Entra ID. This measure mitigates the risk of shared key exposure and introduces additional RBAC controls. For more details, see Batch security best practices.

Warning

The Task Authentication Token will retire on September 30, 2024. Should you require this feature, it is recommended to use User assigned managed identity in the Batch pool as an alternative.

Grant access to the key vault manually

To grant access to the key vault manually in Azure portal, you need to assign Key Vault Secrets Officer role for Batch:

  1. Select Access control (IAM) from the left navigation of the key vault page.
  2. At the top of the Access control (IAM) page, select Add > Add role assignment.
  3. On the Add role assignment screen, under Role tab, under Job function roles sub tab, search and select Key Vault Secrets Officer role for the Batch account, and then select Next.
  4. On the Members tab, select Select members. On the Select members screen, search for and select Microsoft Azure Batch, and then select Select.
  5. Select the Review + create button on the bottom to go to Review + assign tab, and select the Review + create button on the bottom again.

For detailed steps, see Assign Azure roles by using the Azure portal.

Note

KeyVaultNotFound error returns for Batch account creation if the RBAC role isn't assigned for Batch in the referenced key vault.

If the Key Vault permission model is Vault access policy, you also need to configure the Access policies:

  1. Select Access policies from the left navigation of the key vault page.

  2. On the Access policies page, select Create.

  3. On the Create an access policy screen, select a minimum of Get, List, Set, Delete, and Recover permissions under Secret permissions.

    Screenshot of the Secret permissions selections for Azure Batch

  4. Select Next.

  5. On the Principal tab, search for and select Microsoft Azure Batch.

  6. Select the Review + create tab, and then select Create.

Configure subscription quotas

For user subscription Batch accounts, core quotas must be set manually. Standard Batch core quotas don't apply to accounts in user subscription mode. The quotas in your subscription for regional compute cores, per-series compute cores, and other resources are used and enforced.

To view and configure the core quotas associated with your Batch account:

  1. In the Azure portal, select your user subscription mode Batch account.
  2. From the left menu, select Quotas.

Other Batch account management options

You can also create and manage Batch accounts by using the following tools:

Next steps

  • Learn about the Batch service workflow and primary resources such as pools, nodes, jobs, and tasks.
  • Learn the basics of developing a Batch-enabled application by using the Batch .NET client library or Python. These quickstarts guide you through a sample application that uses the Batch service to execute a workload on multiple compute nodes, using Azure Storage for workload file staging and retrieval.