This chapter covers Azure Dedicated Hosts, a compute service that provides physical servers dedicated to your workloads for enhanced control and compliance. For the AZ-104 exam, Dedicated Hosts appear in the 'Manage Azure virtual machines' objective (3.1) and typically account for 5-10% of compute-related questions. Understanding Dedicated Hosts is crucial for scenarios requiring strict physical isolation, regulatory compliance, or use of your own Windows Server or SQL Server licenses with Azure Hybrid Benefit. We will explore the architecture, provisioning, management, and exam-relevant details including host groups, sizing, and maintenance controls.
Jump to a section
Imagine a busy restaurant with a large open dining area. Typically, tables are shared or placed close together, and guests may hear conversations from neighboring tables. This is like running VMs on shared Azure infrastructure — you get your own virtual machine, but the underlying physical server is shared with other customers, managed by the hypervisor. Now, consider a private dining room: a separate, enclosed space reserved exclusively for your party. You have full control over the room’s layout, you can bring in your own decorations, and you know exactly which tables and chairs are used. This is Azure Dedicated Hosts. You lease an entire physical server (the private room) from Azure. No other customer’s VMs run on that server. You control the server’s hardware maintenance schedule, you can optimize placement of your VMs on that host, and you can even bring your own operating system licenses (like bringing your own wine). The downside: you pay for the entire room regardless of how many guests you have. If your party is small, you might waste capacity. Similarly, with Dedicated Hosts, you pay for the whole host even if you only run a few VMs. The restaurant analogy extends to maintenance: the restaurant may close the private room for renovations on a schedule you agree to, whereas the open dining area might be renovated at any time. This maps to Azure’s planned maintenance events — with Dedicated Hosts, you control when maintenance occurs, avoiding unexpected VM reboots.
What Are Azure Dedicated Hosts?
Azure Dedicated Hosts provide physical servers dedicated to one Azure subscription, ensuring that no other customer's virtual machines run on the same hardware. This isolation is critical for workloads that must comply with industry regulations such as HIPAA, PCI DSS, or government standards that require physical separation. Unlike isolated VMs (which use dedicated hardware within a shared host but still share the physical server with other tenants), Dedicated Hosts guarantee the entire server is yours.
How Dedicated Hosts Work
When you provision a Dedicated Host, you are essentially leasing a physical server from Azure. The host is associated with an Azure region and availability zone. You then deploy VMs directly onto that host. The hypervisor (Microsoft Hyper-V) runs on the host, and only your VMs are allowed. The host has a specific SKU (e.g., Dsv3-Type1, Esv3-Type1) that determines the supported VM sizes and the number of vCPUs, RAM, and local storage available. Each host can run multiple VMs, up to the capacity of the host. For example, a Dsv3-Type1 host has 32 physical cores and 256 GB of RAM, so you could run up to 32 D2s v3 VMs (each with 2 vCPUs) or a mix of sizes as long as total vCPUs do not exceed 32.
Key Components and Configuration
Host Group: A logical grouping of Dedicated Hosts. You can create a host group to manage multiple hosts together. Host groups can span availability zones and fault domains. When deploying VMs, you specify the host group, and Azure automatically places the VM on an available host within the group. Host groups can be set to automatically assign VMs to hosts, or you can manually assign VMs to specific hosts.
Host SKU: Determines the VM family and size constraints. Common SKUs include:
- Dsv3-Type1: Supports Dsv3-series VMs (general purpose) - Esv3-Type1: Supports Esv3-series VMs (memory optimized) - Fsv2-Type2: Supports Fsv2-series VMs (compute optimized) - Msv2-Type1: Supports Msv2-series VMs (memory optimized, large) Each SKU has a defined number of vCPUs, RAM, and temporary disk. You cannot mix VM families on the same host (e.g., you cannot run D-series and E-series VMs on the same Dsv3 host). - Fault Domain: Within a host group, you can specify the number of fault domains (up to 3, matching availability zones). This is used for high availability across hosts. If you have multiple hosts in a group, you can spread VMs across fault domains to protect against host-level failures. - Maintenance Control: One of the biggest advantages of Dedicated Hosts is the ability to control when Azure performs maintenance that could reboot your VMs. You can schedule maintenance windows (e.g., every Sunday at 2 AM) and Azure will perform updates during that window. Without Dedicated Hosts, maintenance is managed by Azure and can happen at any time. - Azure Hybrid Benefit: With Dedicated Hosts, you can use your own Windows Server or SQL Server licenses with Software Assurance to save on licensing costs. You must enable Azure Hybrid Benefit at the host level, not per VM. This applies to all VMs on that host. - Capacity Reservation: When you provision a Dedicated Host, you reserve the full capacity of the host. You pay for the host regardless of how many VMs run on it. This is different from reserved instances, which reserve VM capacity but not the physical server.
Provisioning and Management
To create a Dedicated Host using Azure CLI:
# Create a host group
az vm host group create --name myHostGroup --resource-group myRG --location eastus --platform-fault-domain-count 2
# Create a dedicated host
az vm host create --name myHost --resource-group myRG --host-group myHostGroup --sku Dsv3-Type1 --platform-fault-domain 0
# Create a VM on the host
az vm create --name myVM --resource-group myRG --image UbuntuLTS --size Standard_D2s_v3 --host myHostYou can also use the Azure portal: navigate to 'Dedicated hosts' under 'Virtual machines', create a host group, then add hosts. When creating a VM, select 'Dedicated host' under 'Advanced' and choose the host group.
Interaction with Other Azure Services
Availability Sets and Scale Sets: You can use Dedicated Hosts with availability sets and virtual machine scale sets. However, the VMs must all be on the same host group. For scale sets, you can specify a host group, and the scale set will place VMs on available hosts within that group.
Azure Site Recovery and Backup: Supported. You can replicate VMs on Dedicated Hosts to another region or back them up using Azure Backup.
Azure Policy: You can enforce the use of Dedicated Hosts for certain VMs using Azure Policy. For example, you can require that all production VMs in a subscription be deployed on a Dedicated Host.
Cost Management: Dedicated Hosts are billed per hour based on the host SKU. Prices are higher than equivalent VM instances because you pay for the entire server. You can use Azure Reservations to get a discount (up to 70% for 3-year reservations).
Maintenance and Updates
Azure performs regular maintenance on physical hosts, including security patches and firmware updates. With Dedicated Hosts, you can control when these updates occur. You can configure a maintenance schedule using Azure Maintenance Configurations. The maintenance window is set at the host group level. During the window, Azure will reboot VMs as needed. You can also manually initiate a maintenance event (e.g., to apply a critical security patch) using the 'Redeploy' operation on the host, which will migrate VMs to another host in the group if available.
Limitations
VM Size Flexibility: You cannot change the VM family on a host. If you need to switch from D-series to E-series, you must create a new host with the appropriate SKU and migrate VMs.
Host Count Limits: There is a default limit of 20 Dedicated Hosts per region per subscription. This can be increased by requesting a quota increase.
No VM Host Affinity: You cannot pin a VM to a specific physical host forever. If the host fails or is decommissioned, VMs are automatically migrated to another host in the group. However, you can set the host group to 'automatic placement' or 'manual placement'.
Storage: Dedicated Hosts do not provide dedicated storage. VMs use Azure managed disks which are stored on separate storage clusters. The physical isolation is only for compute.
Exam Tips
Remember that Dedicated Hosts are a physical server, not a VM. You pay for the host, not the VMs.
Know the SKU naming convention: FamilyType-Size, e.g., Dsv3-Type1.
Understand that Azure Hybrid Benefit is applied at the host level, not per VM.
Maintenance control is a key differentiator from isolated VMs.
Fault domains within a host group are used for high availability across hosts, not within a single host.
Assess Workload Requirements
Identify if your workload requires physical isolation due to compliance (e.g., HIPAA, PCI DSS) or if you want to use your own licenses with Azure Hybrid Benefit. Also consider performance predictability – Dedicated Hosts eliminate noisy neighbors. Determine the VM family and sizes needed. For example, if you need 16 D4s v3 VMs, you require a host with at least 16*4=64 vCPUs. Choose a host SKU that supports that family and has sufficient capacity.
Create a Host Group
In the Azure portal, navigate to 'Dedicated hosts' and click 'Create host group'. Provide a name, resource group, region, and availability zone (optional). Set the number of fault domains (up to 3). Fault domains are used to distribute hosts for high availability. For example, if you set 2 fault domains, you can have up to 2 hosts in the group, each in a different fault domain. Host groups can be used to logically group hosts for management and VM placement.
Provision Dedicated Hosts
Within the host group, create one or more Dedicated Hosts. Choose a host SKU that matches your VM family (e.g., Dsv3-Type1). Specify the fault domain (0, 1, or 2) for each host. You can also set the license type to 'Windows Server' or 'None' to enable Azure Hybrid Benefit. Each host has a capacity (vCPUs, RAM) that determines how many VMs you can deploy. For example, a Dsv3-Type1 host has 32 vCPUs and 256 GB RAM.
Deploy VMs to the Host
When creating a VM, under the 'Advanced' tab, select 'Dedicated host' and choose the host group. Optionally, you can select a specific host. The VM size must be compatible with the host SKU. For example, on a Dsv3-Type1 host, you can deploy any Dsv3-series VM (e.g., Standard_D2s_v3, Standard_D4s_v3). The VM will be placed on the host, consuming its resources. You can deploy multiple VMs up to the host's capacity.
Configure Maintenance Control
To control when Azure performs maintenance on the host, create a Maintenance Configuration in Azure. Assign the configuration to the host group. Set a maintenance window (e.g., weekly on Sunday from 2:00 AM to 6:00 AM). During this window, Azure will apply updates that may require VM reboots. You can also manually trigger maintenance using the 'Redeploy' action on the host, which will move VMs to another host in the group if available.
Monitor and Manage Hosts
Use Azure Monitor to track the health and performance of your Dedicated Hosts. Metrics include CPU utilization, memory usage, and VM count. You can also view the maintenance status. If a host fails, Azure automatically migrates VMs to another host in the same group (if available). You can also manually move VMs between hosts using Azure Site Recovery or by redeploying. Keep an eye on host capacity to avoid over-provisioning.
Enterprise Scenario 1: Healthcare Compliance
A hospital system must run an electronic health records (EHR) application that processes protected health information (PHI). To comply with HIPAA, they require physical isolation from other tenants. They deploy a Dedicated Host group with two hosts in different availability zones for high availability. Each host runs a mix of D4s v3 VMs for the application tier and E4s v3 VMs for the database tier (using separate hosts for different families). They enable Azure Hybrid Benefit on the hosts to use their existing Windows Server and SQL Server licenses, saving 40% on licensing costs. Maintenance is scheduled for Saturday nights to minimize disruption. The challenge: they initially underestimated the number of VMs needed, causing a capacity crunch. They had to add a third host to the group, which required re-evaluating fault domain distribution.
Enterprise Scenario 2: Financial Services with Strict Audit Requirements
A bank needs to run a trading application that requires audit trails showing that no other customer's workload could interfere. They use Dedicated Hosts with manual placement to ensure specific VMs stay on specific hosts. They also use Azure Policy to enforce that all production VMs are deployed on Dedicated Hosts. The host group spans three fault domains. During a regulatory audit, they provide the host list and VM placement as evidence of isolation. One issue: they discovered that Azure Backup jobs were causing unexpected I/O spikes, impacting trading performance. They mitigated by using Azure NetApp Files with dedicated capacity. The key lesson: Dedicated Hosts isolate compute, but storage and network are still shared, so you must also consider those layers for full isolation.
Enterprise Scenario 3: Software Licensing Optimization
A large enterprise runs thousands of Windows Server VMs. They have Software Assurance and want to maximize Azure Hybrid Benefit savings. They create Dedicated Hosts for each VM family (e.g., D-series, E-series) and enable Azure Hybrid Benefit at the host level. They use Azure Reservations for the hosts to get a 3-year term discount. They also use Azure Policy to prevent deployment of VMs without Azure Hybrid Benefit on those hosts. The challenge: they had to migrate existing VMs from shared infrastructure to Dedicated Hosts. They used Azure Migrate with minimal downtime. The migration revealed that some VMs were using unsupported sizes (e.g., B-series burstable), which forced them to resize or create additional hosts. They also learned that they needed to plan for host maintenance windows to avoid conflicts with business hours.
What AZ-104 Tests on Dedicated Hosts
The exam objective 'Manage Azure virtual machines' (3.1) includes Dedicated Hosts under 'Implement and manage virtual machines'. Questions typically focus on understanding the purpose, configuration, and benefits. Specific exam topics:
Differentiating Dedicated Hosts from isolated VMs and reserved instances.
Host groups and fault domains.
Azure Hybrid Benefit at host level.
Maintenance control.
Supported VM families and SKU naming.
Limitations (no mixing families, host capacity).
Common Wrong Answers and Why
'Dedicated Hosts provide dedicated storage.' This is false. Dedicated Hosts only isolate compute. Storage (managed disks) is still shared infrastructure. Candidates often assume full isolation.
'You can run any VM size on any host SKU.' Wrong. Each host SKU supports only one VM family (e.g., Dsv3). You cannot run a D-series VM on an Esv3 host.
'Dedicated Hosts are the same as reserved instances.' No. Reserved instances reserve VM capacity at a discount but still run on shared hosts. Dedicated Hosts provide physical isolation.
'You can enable Azure Hybrid Benefit per VM on a Dedicated Host.' False. It must be enabled at the host level and applies to all VMs on that host.
Specific Numbers and Terms
Host SKU format: FamilyType-TypeNumber (e.g., Dsv3-Type1, Esv3-Type2).
Default host limit per region: 20 (can be increased).
Fault domain count: up to 3.
Host capacity: measured in vCPUs and RAM. Example: Dsv3-Type1: 32 vCPUs, 256 GB RAM.
Maintenance window: configurable using Maintenance Configurations.
Edge Cases
Host failure: If a host fails, VMs are automatically moved to another host in the same group. If no host has capacity, VMs remain stopped. Ensure you have spare capacity.
Mixed VM families: Not allowed on the same host. You must create separate hosts for different families.
Deploying a VM to a specific host: You can specify the host during VM creation. If that host lacks capacity, deployment fails.
How to Eliminate Wrong Answers
If an answer mentions 'shared storage' or 'no physical isolation', it's describing shared infrastructure, not Dedicated Hosts.
If an answer says 'pay for VMs only', it's wrong – you pay for the host.
If an answer says 'any VM size on any host', eliminate it.
Look for keywords: 'physical server', 'dedicated hardware', 'maintenance control', 'Azure Hybrid Benefit at host level'.
Dedicated Hosts provide physical servers dedicated to your subscription for compliance and isolation.
You pay for the host per hour, not per VM, and can run multiple VMs up to host capacity.
Host SKUs are specific to VM families (e.g., Dsv3-Type1 supports Dsv3-series only).
Azure Hybrid Benefit must be enabled at the host level, not per VM.
Maintenance control allows you to schedule when Azure updates the host.
Host groups logically group hosts and support up to 3 fault domains for high availability.
Default limit is 20 hosts per region per subscription; can be increased via quota request.
Dedicated Hosts do not isolate storage or network – only compute.
Use Azure Policy to enforce Dedicated Host usage for compliance.
You can use Azure Reservations on Dedicated Hosts for cost savings.
These come up on the exam all the time. Here's how to tell them apart.
Dedicated Hosts
Provides physical server isolation from other customers.
You pay for the entire host regardless of VM count.
You control maintenance scheduling.
Supports Azure Hybrid Benefit at host level.
Host SKU determines supported VM family.
Reserved Instances
Provides discounted VM pricing but runs on shared hardware.
You pay for reserved VM instances, not the host.
No control over maintenance – Azure manages it.
Azure Hybrid Benefit applies per VM instance.
No restriction on VM family per reservation.
Dedicated Hosts
Entire physical server is dedicated to your subscription.
Can run multiple VMs on the same host.
Host-level maintenance control.
Azure Hybrid Benefit at host level.
Higher cost but full isolation.
Isolated VM Sizes (e.g., Standard_E64is_v3)
Only the VM's resources are isolated on the physical host, but the host is shared.
Single VM per isolated size (no multi-VM on same host).
No maintenance control – VM may be moved during maintenance.
Azure Hybrid Benefit per VM.
Lower cost than Dedicated Host but less isolation.
Mistake
Dedicated Hosts provide full physical isolation for both compute and storage.
Correct
Only compute is isolated. Storage (managed disks) and network are shared infrastructure. For full isolation, you need additional services like Azure NetApp Files or dedicated storage accounts.
Mistake
You can mix different VM families on the same Dedicated Host.
Correct
Each host SKU supports only one VM family. For example, a Dsv3-Type1 host only supports Dsv3-series VMs. To run E-series VMs, you need a separate Esv3 host.
Mistake
Azure Hybrid Benefit is applied per VM on a Dedicated Host.
Correct
Azure Hybrid Benefit is enabled at the host level and applies to all VMs on that host. You cannot selectively apply it to individual VMs on the same host.
Mistake
Dedicated Hosts are the same as reserved instances.
Correct
Reserved instances provide a discount on VM costs but VMs still run on shared hardware. Dedicated Hosts provide physical isolation and are billed separately, regardless of VM count.
Mistake
You can deploy any VM size on any Dedicated Host SKU.
Correct
The host SKU determines the VM sizes supported. For example, a Dsv3-Type1 host supports Dsv3-series sizes (D2s_v3, D4s_v3, etc.) but not Dsv4-series. You must match the VM family and generation.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Dedicated Hosts provide an entire physical server dedicated to your subscription, allowing multiple VMs on that host and giving you control over maintenance scheduling. Isolated VM sizes (e.g., Standard_E64is_v3) run on a dedicated hardware within a shared host, but the physical server is still shared with other tenants. Isolated VMs are a single VM per host node, and you cannot run multiple VMs on the same isolated node. Dedicated Hosts are more expensive but offer full isolation and flexibility.
Yes, if you have Software Assurance, you can use Azure Hybrid Benefit to save on licensing costs. You enable Azure Hybrid Benefit at the host level, and it applies to all VMs on that host. You must have eligible licenses (Windows Server, SQL Server) and activate the benefit during host creation or later.
You use Azure Maintenance Configurations to define a maintenance window. Create a maintenance configuration, assign it to the host group, and set a schedule (e.g., weekly on Sunday from 2-6 AM). Azure will perform updates during that window, which may reboot VMs. You can also manually trigger maintenance using the 'Redeploy' action on the host.
Azure automatically detects the failure and migrates VMs to another host in the same host group, if capacity is available. If no host has spare capacity, the VMs remain in a stopped state. To ensure high availability, deploy multiple hosts in the group with spare capacity and use fault domains.
No. The host SKU determines the supported VM family. To run a different family, you must create a new host with the appropriate SKU and migrate the VMs. You cannot change the SKU of an existing host.
The default limit is 20 Dedicated Hosts per region per subscription. You can request a quota increase through Azure support. There is no limit on the number of VMs per host, only the host's capacity.
No, Dedicated Hosts are available in most major regions but not all. Check Azure region availability for specific host SKUs. For example, some smaller regions may not support all SKUs.
You've just covered Azure Dedicated Hosts — now see how well it sticks with free AZ-104 practice questions. Full explanations included, no account needed.
Done with this chapter?