1# EMM Enable Flow (Portal)
2 
3Step-by-step guide for enabling Essential Machine Management through the Azure portal UI.
4 
5## Quick Reference
6 
7| Property | Value |
8| -------- | ----- |
9| Portal blade | `EnableMachineManagement.ReactView` |
10| Extension | `Microsoft_Azure_Computehub` |
11| Portal path | Compute infrastructure → Monitoring+Operations → Essential Machine Management → Enable |
12| Resource type | `Microsoft.ManagedOps/ManagedOps` |
13 
14## Enable Flow Steps
15 
16The portal enable flow is a multi-tab wizard with 4 tabs:
17 
18### Tab 1: Scope
19 
20Select the target subscription and managed identity.
21 
22| Field | Description | Required |
23| ----- | ----------- | -------- |
24| Subscription | The subscription to enable EMM for. Shows VM and Arc machine counts per subscription. | ✅ |
25| User-assigned managed identity | UAMI with Contributor on the subscription. Used for onboarding VMs. | ✅ |
26 
27**Validation displayed:**
28- Required user role assignments vs current user role assignments
29- Required UAMI role assignments vs current UAMI role assignments
30 
31> 💡 **Tip:** If roles are missing, the UI shows exactly which roles are needed. Assign them before proceeding.
32 
33### Tab 2: Configure
34 
35Select or create the monitoring workspaces.
36 
37| Field | Description | Required |
38| ----- | ----------- | -------- |
39| Log Analytics workspace | Collects log data (Change Tracking & Inventory). Can create new inline. | ✅ |
40| Azure Monitor workspace | Collects metrics data (VM Insights). Can create new inline. | ✅ |
41 
42**Notes:**
43- Workspaces can be in a different subscription than the one being enabled
44- If cross-subscription, additional RP registration and role assignments are needed (see [Prerequisites](emm-prerequisites.md))
45 
46### Tab 3: Security
47 
48Optional security add-ons.
49 
50| Feature | Description | Cost |
51| ------- | ----------- | ---- |
52| Foundational CSPM | Agentless, risk-prioritized cloud security posture insights. Always included. | Free |
53| Defender CSPM | Advanced CSPM with attack path analysis. Optional toggle. | Paid |
54| Defender for Cloud | Comprehensive server protection with EDR, vulnerability management, file integrity monitoring. Optional toggle. | Paid |
55 
56### Tab 4: Review & Enable
57 
58Displays a summary of all selections:
59- Included features (always: Azure Monitor VM Insights, Azure Policy & Machine Configurations, Change Tracking & Inventory, Azure Update Manager)
60- Selected scope (subscription, UAMI)
61- Configure selections (Log Analytics workspace, Azure Monitor workspace)
62- Security add-ons enabled
63- Pricing information with links
64 
65Clicking **Enable** triggers:
661. Resource provider registrations on the target subscription
672. Cross-subscription RP registration if workspaces are in a different subscription
683. Subscription-level ARM template deployment
69 
70## What Happens After Enable
71 
72- A deployment is created: `ManagedOps_{uamiName}_{subscriptionId}`
73- Policy assignments are created to configure all VMs in the subscription
74- Remediation tasks are created for existing VMs
75- New VMs added to the subscription are automatically enrolled
76- The subscription appears in the browse view with status "Succeeded"
77