Manage secure machine groups on CloudLink Center You can organize machines into groups for administrative or operational purposes. For example, you might group machines for your Finance department where the volume encryption policy requires encryption of all boot and data volumes. You might also group machines for your DevOps department where the volume encryption policy requires encryption of only boot volumes. Each machine group might have a different administrator. Each machine must belong to a machine group. A machine is assigned to a machine group during deployment. If you do not specify a group during deployment, the machine is assigned to the built-in machine group named Default. You can change the machine group that a machine belongs to after deployment. All machines in a group use the same: Key release policies that determine when a machine in the group can start up automatically. For more information, see CloudLink key release policies. For Enterprise and Microsoft Azure and Azure Stack—Volume encryption policy that determines the types of volumes that must be encrypted (boot, data, or both boot and data). Volume encryption policy applies to virtual machines (boot and data volumes) or physical machines (data volume only). Volume encryption policy does not apply to a physical machine’s boot volume. For more information, see CloudLink Center volume encryption policy. Keystore where encryption keys are stored. For more information, see Manage encryption keystores and keys in CloudLink Center. Managing roles that determine the roles that administer it. Only users belonging to a managing role for a machine group can view and make changes to it. Approved networks from which machines in the machine group can start up automatically. For more information, see Manage approved networks for machine groups. Approved location that is used to verify that a machine is in the correct place. For more information, see Manage approved locations for machine groups. Key lifetime that determines the frequency that CloudLink Center updates encryption keys for machines in the group. Once a key is updated, the previous key is expired. By default, keys never expire, which is referred to as an infinite lifetime. You can change the key lifetime. Child TopicsCloudLink key release policiesThis topic provides information about the key release policies available in CloudLink. CloudLink pending machine policyThis topic provides information about the CloudLink pending machine policy. CloudLink Center volume encryption policyThis topic provides information about the volume encryption policy in CloudLink Center. CloudLink Center machine group propertiesThis topic provides information about the group properties of a machine in CloudLink Center. View machine groups on CloudLink CenterYou can view a list of machine groups for which you have permission to view. Create a machine group to CloudLink CenterA machine group must exist before you can assign a machine to it. Modify a machine property on a CloudLink Center machine groupYou can modify all properties for a machine group, except the name. Change the volume encryption policyUse this procedure to change the volume encryption policy for a machine group. Change the location of a machine group on CloudLink CenterUse this procedure to change the location of a machine group on CloudLink Center. Change key release policies of a machine group on CloudLink CenterChange pending policies of a machine group on CloudLink CenterFor a machine group, you can modify the key release policies that must be met for a machine in that group to start automatically. Generate a registration code for a machine group on CloudLink CenterWhen you create a machine group, CloudLink Center generates a registration code. You may want to generate a new registration code for a machine group. For example, you might suspect that the existing machine code has been compromised. Scenarios for using maximum usage of CloudLink licensesThis topic provides information about the scenarios for using maximum usage of CloudLink licenses. Reset the license usage for a machine groupDelete a machine group from from CloudLink CenterYou can delete any machine group except the built-in Default machine group. Manage approved networks for machine groupsManage approved locations for machine groupsThis topic provides information about the approved locations for machine groups in CloudLink Center.