Before setting up the environment, gather the following details to ensure proper configuration:

• Region & Availability Zones
  • Choose the Azure region where resources will be deployed (e.g., East US, West Europe).
  • Decide on Availability Zones. While Quix supports multiple AZs, we generally advise against it to reduce complexity and cost.
• Networking & CIDR Ranges
  • Identify any existing virtual networks (VNets) that this environment needs to peer with.
  • Define the primary CIDR range for this environment (e.g., 10.1.0.0/19) that do not overlap with existing networks.

Before proceeding, you must add our account to your Entra tenant. Azure RBAC roles can only be assigned to users who exist in your Entra ID. Quick Link: Invite new Entra tenant member as Guest Steps:

1. Go Azure Portal: https://portal.azure.com/
2. Search for Microsoft Entra Id
3. Click + Add (top bar, left), User > Invite External User
4. Set email to [email protected]
5. Finalise the rest of the optional details and invite

Setup

1. Create a new subscription through your internal procurement process, choosing a billing model that fits your company’s preferences. Steps:
   1. Go to the Azure Portal: https://portal.azure.com/
   2. Search for Subscriptions
   3. Click + Add (top bar, left)
   4. Specify subscription details
   5. Create
2. Assign RBAC permissions to our tenant user Steps:
   1. Go Azure Portal: https://portal.azure.com/
   2. Search for Subscriptions
   3. Select the newly created subscription
   4. Access Control (IAM) (left menu)
   5. Click + Add (top bar, left), Add role assignment
   6. Select Privileged administrator roles
   7. Select Owner
   8. Next
   9. + select Members
   10. find [email protected], Select
   11. Next
   12. Tick Allow user to assign all roles except privileged administrator roles Owner, UAA, RBAC (Recommended) option
   13. Next, Review & Assign
3. Once permissions are assigned, please confirm with us so we can begin the setup process. Also send us the gathered details asked at the beginning of this guide.

Frequently Asked Questions

Access & Permissions

Q: Can I assign the Contributor role instead of Owner? A: No, Contributor does not grant permission to assign roles for Azure Managed Identities, which is required for our setup.

Q: Do I need to invite a separate user for each engineer at Quix? A: No, you only need to invite [email protected]. Our internal team will manage access on our side.

Q: Can I remove your access after setup is complete? A: You can downgrade our access after deployment. However, without Contributor access, we can only provide guidance—you’ll need to apply fixes manually. This may impact SLA commitments if an issue requires intervention. We recommend keeping at least Reader access for monitoring and Break-Glass access to temporarily restore full permissions when needed.

Q: How do I audit what permissions Quix has in my environment? A: You can check our assigned roles in the Azure Portal under Access Control (IAM) for the subscription or resource group or via cli:

az role assignment list --assignee [[email protected]](<mailto:[email protected]>) --output table

Networking & Peering

Please see our private networking guide.

Security & Compliance