diff --git a/go.mod b/go.mod
index a59554a375e02b6caa674d34116a6a2183db33a8..a448f6cf6b50cb8adcf68dfb1b2d60238f3c3d60 100644
--- a/go.mod
+++ b/go.mod
@@ -94,7 +94,7 @@ require (
 	github.com/prometheus/client_golang v1.9.0
 	github.com/prometheus/client_model v0.2.0
 	github.com/prometheus/common v0.15.0
-	github.com/rancher/aks-operator v1.0.1-rc4
+	github.com/rancher/aks-operator v1.0.1-rc6
 	github.com/rancher/apiserver v0.0.0-20210519053359-f943376c4b42
 	github.com/rancher/channelserver v0.5.1-0.20210421200213-5495c5f6e430
 	github.com/rancher/dynamiclistener v0.2.1-0.20201110045217-9b1b7d3132e8
diff --git a/go.sum b/go.sum
index 6e769a23a249befa69e9e99dd927142c9337438d..4387b4bf1ead88c1db6e283fb46532c7353c10f2 100644
--- a/go.sum
+++ b/go.sum
@@ -949,8 +949,8 @@ github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40T
 github.com/qri-io/starlib v0.4.2-0.20200213133954-ff2e8cd5ef8d/go.mod h1:7DPO4domFU579Ga6E61sB9VFNaniPVwJP5C4bBCu3wA=
 github.com/quobyte/api v0.1.8/go.mod h1:jL7lIHrmqQ7yh05OJ+eEEdHr0u/kmT1Ff9iHd+4H6VI=
 github.com/rackspace/gophercloud v0.0.0-20150408191457-ce0f487f6747/go.mod h1:4bJ1FwuaBZ6dt1VcDX5/O662mwR8GWqS4l68H6hkoYQ=
-github.com/rancher/aks-operator v1.0.1-rc4 h1:H/GCiEFetQt1/dRcee1y8vx0eSJCsCuiV/rTePw0ADM=
-github.com/rancher/aks-operator v1.0.1-rc4/go.mod h1:c3rHKpVkpWhPCgcMQue5BfDAhrSUrvXK33JHFKgdU+w=
+github.com/rancher/aks-operator v1.0.1-rc6 h1:ML5nh0509YiTKESJknXa8FsDrtKQThvFbZ/jWUFxdUU=
+github.com/rancher/aks-operator v1.0.1-rc6/go.mod h1:c3rHKpVkpWhPCgcMQue5BfDAhrSUrvXK33JHFKgdU+w=
 github.com/rancher/apiserver v0.0.0-20201023000256-1a0a904f9197/go.mod h1:8W0EwaR9dH5NDFw6mpAX437D0q+EZqKWbZyX71+z2WI=
 github.com/rancher/apiserver v0.0.0-20210519053359-f943376c4b42 h1:yjpulamf2dZz62++nQQaFjZv+qv5aR4Uwm3uj39AJ8Y=
 github.com/rancher/apiserver v0.0.0-20210519053359-f943376c4b42/go.mod h1:8W0EwaR9dH5NDFw6mpAX437D0q+EZqKWbZyX71+z2WI=
diff --git a/pkg/api/norman/customization/aks/handler.go b/pkg/api/norman/customization/aks/handler.go
new file mode 100644
index 0000000000000000000000000000000000000000..d2888a09c54ff3f767a1afe9075feeaff79dca05
--- /dev/null
+++ b/pkg/api/norman/customization/aks/handler.go
@@ -0,0 +1,223 @@
+package aks
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+
+	"github.com/Azure/go-autorest/autorest/azure"
+	"github.com/gorilla/mux"
+	"github.com/rancher/norman/api/access"
+	"github.com/rancher/norman/httperror"
+	"github.com/rancher/norman/types"
+	client "github.com/rancher/rancher/pkg/client/generated/management/v3"
+	v1 "github.com/rancher/rancher/pkg/generated/norman/core/v1"
+	v3 "github.com/rancher/rancher/pkg/generated/norman/management.cattle.io/v3"
+	"github.com/rancher/rancher/pkg/namespace"
+	"github.com/rancher/rancher/pkg/ref"
+	mgmtSchema "github.com/rancher/rancher/pkg/schemas/management.cattle.io/v3"
+	schema "github.com/rancher/rancher/pkg/schemas/management.cattle.io/v3"
+	"github.com/rancher/rancher/pkg/types/config"
+	"github.com/sirupsen/logrus"
+)
+
+type Capabilities struct {
+	AuthBaseURL      string `json:"authBaseUrl"`
+	BaseURL          string `json:"baseUrl"`
+	TenantID         string `json:"tenantId"`
+	SubscriptionID   string `json:"subscriptionId"`
+	ClientID         string `json:"clientId"`
+	ClientSecret     string `json:"clientSecret"`
+	ResourceLocation string `json:"region"`
+}
+
+// AKS handler lists available resources in Azure API
+type handler struct {
+	schemas       *types.Schemas
+	secretsLister v1.SecretLister
+	clusterLister v3.ClusterLister
+	ac            types.AccessControl
+}
+
+func NewAKSHandler(scaledContext *config.ScaledContext) http.Handler {
+	return &handler{
+		schemas:       scaledContext.Schemas,
+		secretsLister: scaledContext.Core.Secrets(namespace.GlobalNamespace).Controller().Lister(),
+		clusterLister: scaledContext.Management.Clusters("").Controller().Lister(),
+		ac:            scaledContext.AccessControl,
+	}
+}
+
+func (h *handler) ServeHTTP(writer http.ResponseWriter, req *http.Request) {
+	writer.Header().Set("Content-Type", "application/json")
+
+	capa := &Capabilities{}
+
+	if credID := req.URL.Query().Get("cloudCredentialId"); credID != "" {
+		if errCode, err := h.getCloudCredential(req, capa, credID); err != nil {
+			handleErr(writer, errCode, err)
+			return
+		}
+	} else if req.Method == http.MethodPost {
+		if errCode, err := h.getCredentialsFromBody(req, capa); err != nil {
+			handleErr(writer, errCode, err)
+			return
+		}
+	} else {
+		handleErr(writer, http.StatusBadRequest, fmt.Errorf("cannot access Azure API without credentials to authenticate"))
+		return
+	}
+
+	var serialized []byte
+	var errCode int
+	var err error
+
+	resourceType := mux.Vars(req)["resource"]
+
+	switch resourceType {
+	case "aksVersions":
+		if serialized, errCode, err = listKubernetesVersions(req.Context(), capa); err != nil {
+			logrus.Debugf("[aks-handler] error getting kubernetes versions: %v", err)
+			handleErr(writer, errCode, err)
+			return
+		}
+		writer.Write(serialized)
+	case "aksVirtualNetworks":
+		if serialized, errCode, err = listVirtualNetworks(req.Context(), capa); err != nil {
+			logrus.Debugf("[aks-handler] error getting networks: %v", err)
+			handleErr(writer, errCode, err)
+			return
+		}
+		writer.Write(serialized)
+	default:
+		handleErr(writer, httperror.NotFound.Status, fmt.Errorf("invalid endpoint %v", resourceType))
+	}
+}
+
+func (h *handler) getCloudCredential(req *http.Request, cap *Capabilities, credID string) (int, error) {
+	ns, name := ref.Parse(credID)
+	if ns == "" || name == "" {
+		logrus.Debugf("[AKS] invalid cloud credential ID %s", credID)
+		return http.StatusBadRequest, fmt.Errorf("invalid cloud credential ID %s", credID)
+	}
+
+	var accessCred client.CloudCredential //var to check access
+	if err := access.ByID(h.generateAPIContext(req), &schema.Version, client.CloudCredentialType, credID, &accessCred); err != nil {
+		apiError, ok := err.(*httperror.APIError)
+		if !ok {
+			return httperror.NotFound.Status, err
+		}
+		if apiError.Code.Status == httperror.NotFound.Status {
+			return httperror.InvalidBodyContent.Status, fmt.Errorf("cloud credential not found")
+		}
+		if apiError.Code.Status != httperror.PermissionDenied.Status {
+			return httperror.InvalidBodyContent.Status, err
+		}
+		var clusterID string
+		if clusterID = req.URL.Query().Get("clusterID"); clusterID == "" {
+			return httperror.InvalidBodyContent.Status, fmt.Errorf("cloud credential not found")
+		}
+		if errCode, err := h.clusterCheck(h.generateAPIContext(req), clusterID, credID); err != nil {
+			return errCode, err
+		}
+	}
+
+	cc, err := h.secretsLister.Get(ns, name)
+	if err != nil {
+		logrus.Debugf("[AKS] error accessing cloud credential %s", credID)
+		return httperror.InvalidBodyContent.Status, fmt.Errorf("error accessing cloud credential %s", credID)
+	}
+	cap.TenantID = string(cc.Data["azurecredentialConfig-tenantId"])
+	cap.SubscriptionID = string(cc.Data["azurecredentialConfig-subscriptionId"])
+	cap.ClientID = string(cc.Data["azurecredentialConfig-clientId"])
+	cap.ClientSecret = string(cc.Data["azurecredentialConfig-clientSecret"])
+
+	cap.BaseURL = req.URL.Query().Get("baseUrl")
+	if cap.BaseURL == "" {
+		cap.BaseURL = azure.PublicCloud.ResourceManagerEndpoint
+	}
+	cap.AuthBaseURL = req.URL.Query().Get("authBaseUrl")
+	if cap.AuthBaseURL == "" {
+		cap.AuthBaseURL = azure.PublicCloud.ActiveDirectoryEndpoint
+	}
+	region := req.URL.Query().Get("region")
+	if region != "" {
+		cap.ResourceLocation = region
+	}
+
+	return http.StatusOK, nil
+}
+
+func (h *handler) clusterCheck(apiContext *types.APIContext, clusterID, cloudCredentialID string) (int, error) {
+	clusterInfo := map[string]interface{}{
+		"id": clusterID,
+	}
+
+	clusterSchema := h.schemas.Schema(&mgmtSchema.Version, client.ClusterType)
+	if err := h.ac.CanDo(v3.ClusterGroupVersionKind.Group, v3.ClusterResource.Name, "update", apiContext, clusterInfo, clusterSchema); err != nil {
+		return httperror.InvalidBodyContent.Status, fmt.Errorf("cluster not found")
+	}
+
+	cluster, err := h.clusterLister.Get("", clusterID)
+	if err != nil {
+		if httperror.IsNotFound(err) {
+			return httperror.InvalidBodyContent.Status, fmt.Errorf("cluster not found")
+		}
+		return httperror.ServerError.Status, err
+	}
+
+	if cluster.Spec.AKSConfig.AzureCredentialSecret != cloudCredentialID {
+		return httperror.InvalidBodyContent.Status, fmt.Errorf("cloud credential not found")
+	}
+
+	return http.StatusOK, nil
+}
+
+func (h *handler) getCredentialsFromBody(req *http.Request, cap *Capabilities) (int, error) {
+	raw, err := ioutil.ReadAll(req.Body)
+	if err != nil {
+		return http.StatusBadRequest, fmt.Errorf("cannot read request body: %v", err)
+	}
+
+	if err = json.Unmarshal(raw, &cap); err != nil {
+		return http.StatusBadRequest, fmt.Errorf("cannot parse request body: %v", err)
+	}
+
+	if cap.SubscriptionID == "" {
+		return http.StatusBadRequest, fmt.Errorf("invalid subscriptionId")
+	}
+	if cap.TenantID == "" {
+		return http.StatusBadRequest, fmt.Errorf("invalid tenantId")
+	}
+	if cap.ClientID == "" {
+		return http.StatusBadRequest, fmt.Errorf("invalid clientId")
+	}
+	if cap.ClientSecret == "" {
+		return http.StatusBadRequest, fmt.Errorf("invalid clientSecret")
+	}
+	if cap.BaseURL == "" {
+		cap.BaseURL = azure.PublicCloud.ResourceManagerEndpoint
+	}
+	if cap.AuthBaseURL == "" {
+		cap.AuthBaseURL = azure.PublicCloud.ActiveDirectoryEndpoint
+	}
+
+	return http.StatusOK, nil
+}
+
+func (h *handler) generateAPIContext(req *http.Request) *types.APIContext {
+	return &types.APIContext{
+		Method:  req.Method,
+		Request: req,
+		Schemas: h.schemas,
+		Query:   map[string][]string{},
+	}
+}
+
+func handleErr(writer http.ResponseWriter, errorCode int, originalErr error) {
+	asJSON := []byte(fmt.Sprintf(`{"error":"%v"}`, originalErr))
+
+	writer.WriteHeader(errorCode)
+	writer.Write(asJSON)
+}
diff --git a/pkg/api/norman/customization/aks/listers.go b/pkg/api/norman/customization/aks/listers.go
new file mode 100644
index 0000000000000000000000000000000000000000..875b7aff9bc1acdf04c2e8002fa4a892fcbd32bd
--- /dev/null
+++ b/pkg/api/norman/customization/aks/listers.go
@@ -0,0 +1,188 @@
+package aks
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"regexp"
+	"sort"
+
+	"github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2020-09-01/containerservice"
+	"github.com/Azure/azure-sdk-for-go/services/network/mgmt/2020-07-01/network"
+	"github.com/Azure/go-autorest/autorest"
+	"github.com/Azure/go-autorest/autorest/adal"
+	"github.com/mcuadros/go-version"
+)
+
+type virtualNetworksResponseBody struct {
+	Name          string   `json:"name"`
+	ResourceGroup string   `json:"resourceGroup"`
+	Subnets       []subnet `json:"subnets"`
+}
+
+type subnet struct {
+	Name         string `json:"name"`
+	AddressRange string `json:"addressRange"`
+}
+
+var matchAzureNetwork = regexp.MustCompile("/resourceGroups/(.+?)/")
+
+func NewClientAuthorizer(cap *Capabilities) (autorest.Authorizer, error) {
+	oauthConfig, err := adal.NewOAuthConfig(cap.AuthBaseURL, cap.TenantID)
+	if err != nil {
+		return nil, err
+	}
+
+	spToken, err := adal.NewServicePrincipalToken(*oauthConfig, cap.ClientID, cap.ClientSecret, cap.BaseURL)
+	if err != nil {
+		return nil, fmt.Errorf("couldn't authenticate to Azure cloud with error: %v", err)
+	}
+
+	return autorest.NewBearerAuthorizer(spToken), nil
+}
+
+func NewContainerServiceClient(cap *Capabilities) (*containerservice.ContainerServicesClient, error) {
+	authorizer, err := NewClientAuthorizer(cap)
+	if err != nil {
+		return nil, err
+	}
+
+	containerService := containerservice.NewContainerServicesClientWithBaseURI(cap.BaseURL, cap.SubscriptionID)
+	containerService.Authorizer = authorizer
+
+	return &containerService, nil
+}
+
+func NewNetworkServiceClient(cap *Capabilities) (*network.VirtualNetworksClient, error) {
+	authorizer, err := NewClientAuthorizer(cap)
+	if err != nil {
+		return nil, err
+	}
+
+	containerService := network.NewVirtualNetworksClientWithBaseURI(cap.BaseURL, cap.SubscriptionID)
+	containerService.Authorizer = authorizer
+
+	return &containerService, nil
+}
+
+type sortableVersion []string
+
+func (s sortableVersion) Len() int {
+	return len(s)
+}
+
+func (s sortableVersion) Swap(a, b int) {
+	s[a], s[b] = s[b], s[a]
+}
+
+func (s sortableVersion) Less(a, b int) bool {
+	return version.Compare(s[a], s[b], "<")
+}
+
+func listKubernetesVersions(ctx context.Context, cap *Capabilities) ([]byte, int, error) {
+	if cap.ResourceLocation == "" {
+		return nil, http.StatusBadRequest, fmt.Errorf("region is required")
+	}
+
+	clientContainer, err := NewContainerServiceClient(cap)
+	if err != nil {
+		return nil, http.StatusInternalServerError, err
+	}
+
+	orchestrators, err := clientContainer.ListOrchestrators(ctx, cap.ResourceLocation, "managedClusters")
+	if err != nil {
+		return nil, http.StatusBadRequest, fmt.Errorf("failed to get orchestrators: %v", err)
+	}
+
+	if orchestrators.Orchestrators == nil {
+		return nil, http.StatusBadRequest, fmt.Errorf("no version profiles returned: %v", err)
+	}
+
+	var kubernetesVersions []string
+
+	for _, profile := range *orchestrators.Orchestrators {
+		if profile.OrchestratorType == nil || profile.OrchestratorVersion == nil {
+			return nil, http.StatusInternalServerError, fmt.Errorf("unexpected nil orchestrator type or version")
+		}
+
+		if *profile.OrchestratorType == "Kubernetes" {
+			kubernetesVersions = append(kubernetesVersions, *profile.OrchestratorVersion)
+		}
+	}
+
+	sort.Sort(sortableVersion(kubernetesVersions))
+
+	return encodeOutput(kubernetesVersions)
+}
+
+func listVirtualNetworks(ctx context.Context, cap *Capabilities) ([]byte, int, error) {
+	clientNetwork, err := NewNetworkServiceClient(cap)
+	if err != nil {
+		return nil, http.StatusInternalServerError, err
+	}
+
+	result, err := clientNetwork.ListAll(ctx)
+	if err != nil {
+		return nil, http.StatusBadRequest, fmt.Errorf("failed to get networks: %v", err)
+	}
+
+	var networks []virtualNetworksResponseBody
+
+	for result.NotDone() {
+		var batch []virtualNetworksResponseBody
+
+		for _, azureNetwork := range result.Values() {
+			var subnets []subnet
+
+			if azureNetwork.Subnets != nil {
+				for _, azureSubnet := range *azureNetwork.Subnets {
+					if azureSubnet.Name != nil {
+						subnets = append(subnets, subnet{
+							Name:         *azureSubnet.Name,
+							AddressRange: *azureSubnet.AddressPrefix,
+						})
+					}
+				}
+			}
+
+			if azureNetwork.ID == nil {
+				return nil, http.StatusInternalServerError, fmt.Errorf("no ID on virtual network")
+			}
+
+			match := matchAzureNetwork.FindStringSubmatch(*azureNetwork.ID)
+
+			if len(match) < 2 || match[1] == "" {
+				return nil, http.StatusInternalServerError, fmt.Errorf("could not parse virtual network ID")
+			}
+
+			if azureNetwork.Name == nil {
+				return nil, http.StatusInternalServerError, fmt.Errorf("no name on virtual network")
+			}
+
+			batch = append(batch, virtualNetworksResponseBody{
+				Name:          *azureNetwork.Name,
+				ResourceGroup: match[1],
+				Subnets:       subnets,
+			})
+		}
+
+		networks = append(networks, batch...)
+
+		err = result.NextWithContext(ctx)
+		if err != nil {
+			return nil, http.StatusInternalServerError, err
+		}
+	}
+
+	return encodeOutput(networks)
+}
+
+func encodeOutput(result interface{}) ([]byte, int, error) {
+	data, err := json.Marshal(&result)
+	if err != nil {
+		return data, http.StatusInternalServerError, err
+	}
+
+	return data, http.StatusOK, err
+}
diff --git a/pkg/apis/go.mod b/pkg/apis/go.mod
index 776cb937c525d0c606203895c14808ba0e9709f2..18ca7784f98ec3f5822d8e893533b8d8f3c876e1 100644
--- a/pkg/apis/go.mod
+++ b/pkg/apis/go.mod
@@ -6,7 +6,7 @@ replace k8s.io/client-go => k8s.io/client-go v0.21.0
 
 require (
 	github.com/pkg/errors v0.9.1
-	github.com/rancher/aks-operator v1.0.1-rc4
+	github.com/rancher/aks-operator v1.0.1-rc6
 	github.com/rancher/eks-operator v1.0.6-rc1
 	github.com/rancher/fleet/pkg/apis v0.0.0-20210428191153-f414eab0e4de
 	github.com/rancher/gke-operator v1.0.1
diff --git a/pkg/apis/go.sum b/pkg/apis/go.sum
index a88d4f444c2ada6f2a213fc738a4c9ee24c07498..4fd13756c1ae1b72a7a2f918db41cb4c32c12664 100644
--- a/pkg/apis/go.sum
+++ b/pkg/apis/go.sum
@@ -656,8 +656,8 @@ github.com/prometheus/procfs v0.2.0 h1:wH4vA7pcjKuZzjF7lM8awk4fnuJO6idemZXoKnULU
 github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/qri-io/starlib v0.4.2-0.20200213133954-ff2e8cd5ef8d/go.mod h1:7DPO4domFU579Ga6E61sB9VFNaniPVwJP5C4bBCu3wA=
-github.com/rancher/aks-operator v1.0.1-rc4 h1:H/GCiEFetQt1/dRcee1y8vx0eSJCsCuiV/rTePw0ADM=
-github.com/rancher/aks-operator v1.0.1-rc4/go.mod h1:c3rHKpVkpWhPCgcMQue5BfDAhrSUrvXK33JHFKgdU+w=
+github.com/rancher/aks-operator v1.0.1-rc6 h1:ML5nh0509YiTKESJknXa8FsDrtKQThvFbZ/jWUFxdUU=
+github.com/rancher/aks-operator v1.0.1-rc6/go.mod h1:c3rHKpVkpWhPCgcMQue5BfDAhrSUrvXK33JHFKgdU+w=
 github.com/rancher/eks-operator v1.0.6-rc1 h1:VY2lLcaHtBMByd7pq7px4fB+GW0cd0cfessODbmH+Tc=
 github.com/rancher/eks-operator v1.0.6-rc1/go.mod h1:GB2kyPtIN0r+DGlUcDgEUMsB4qRwZH7OKsraemZT+GA=
 github.com/rancher/fleet/pkg/apis v0.0.0-20210428191153-f414eab0e4de h1:k8019s2eb27ACgl8qoAJjZW9i5+0437bcDwNtoBMszo=
diff --git a/pkg/client/generated/management/v3/zz_generated_aks_cluster_config_spec.go b/pkg/client/generated/management/v3/zz_generated_aks_cluster_config_spec.go
index 0565ce55628b592a5b7ce733dd647c1ea113cc16..59343ea74d43677aed4bfebd34f730ef5ff0a661 100644
--- a/pkg/client/generated/management/v3/zz_generated_aks_cluster_config_spec.go
+++ b/pkg/client/generated/management/v3/zz_generated_aks_cluster_config_spec.go
@@ -25,7 +25,6 @@ const (
 	AKSClusterConfigSpecFieldResourceLocation            = "resourceLocation"
 	AKSClusterConfigSpecFieldSubnet                      = "subnet"
 	AKSClusterConfigSpecFieldTags                        = "tags"
-	AKSClusterConfigSpecFieldTenantID                    = "tenantId"
 	AKSClusterConfigSpecFieldVirtualNetwork              = "virtualNetwork"
 	AKSClusterConfigSpecFieldVirtualNetworkResourceGroup = "virtualNetworkResourceGroup"
 	AKSClusterConfigSpecFieldWindowsAdminPassword        = "windowsAdminPassword"
@@ -33,32 +32,31 @@ const (
 )
 
 type AKSClusterConfigSpec struct {
-	AuthBaseURL                 string            `json:"authBaseUrl,omitempty" yaml:"authBaseUrl,omitempty"`
+	AuthBaseURL                 *string           `json:"authBaseUrl,omitempty" yaml:"authBaseUrl,omitempty"`
 	AuthorizedIPRanges          []string          `json:"authorizedIpRanges,omitempty" yaml:"authorizedIpRanges,omitempty"`
 	AzureCredentialSecret       string            `json:"azureCredentialSecret,omitempty" yaml:"azureCredentialSecret,omitempty"`
-	BaseURL                     string            `json:"baseUrl,omitempty" yaml:"baseUrl,omitempty"`
+	BaseURL                     *string           `json:"baseUrl,omitempty" yaml:"baseUrl,omitempty"`
 	ClusterName                 string            `json:"clusterName,omitempty" yaml:"clusterName,omitempty"`
-	DNSPrefix                   string            `json:"dnsPrefix,omitempty" yaml:"dnsPrefix,omitempty"`
+	DNSPrefix                   *string           `json:"dnsPrefix,omitempty" yaml:"dnsPrefix,omitempty"`
 	Imported                    bool              `json:"imported,omitempty" yaml:"imported,omitempty"`
-	KubernetesVersion           string            `json:"kubernetesVersion,omitempty" yaml:"kubernetesVersion,omitempty"`
-	LinuxAdminUsername          string            `json:"linuxAdminUsername,omitempty" yaml:"linuxAdminUsername,omitempty"`
-	LinuxSSHPublicKey           string            `json:"sshPublicKey,omitempty" yaml:"sshPublicKey,omitempty"`
-	LoadBalancerSKU             string            `json:"loadBalancerSku,omitempty" yaml:"loadBalancerSku,omitempty"`
-	NetworkDNSServiceIP         string            `json:"dnsServiceIp,omitempty" yaml:"dnsServiceIp,omitempty"`
-	NetworkDockerBridgeCIDR     string            `json:"dockerBridgeCidr,omitempty" yaml:"dockerBridgeCidr,omitempty"`
-	NetworkPlugin               string            `json:"networkPlugin,omitempty" yaml:"networkPlugin,omitempty"`
-	NetworkPodCIDR              string            `json:"podCidr,omitempty" yaml:"podCidr,omitempty"`
-	NetworkPolicy               string            `json:"networkPolicy,omitempty" yaml:"networkPolicy,omitempty"`
-	NetworkServiceCIDR          string            `json:"serviceCidr,omitempty" yaml:"serviceCidr,omitempty"`
+	KubernetesVersion           *string           `json:"kubernetesVersion,omitempty" yaml:"kubernetesVersion,omitempty"`
+	LinuxAdminUsername          *string           `json:"linuxAdminUsername,omitempty" yaml:"linuxAdminUsername,omitempty"`
+	LinuxSSHPublicKey           *string           `json:"sshPublicKey,omitempty" yaml:"sshPublicKey,omitempty"`
+	LoadBalancerSKU             *string           `json:"loadBalancerSku,omitempty" yaml:"loadBalancerSku,omitempty"`
+	NetworkDNSServiceIP         *string           `json:"dnsServiceIp,omitempty" yaml:"dnsServiceIp,omitempty"`
+	NetworkDockerBridgeCIDR     *string           `json:"dockerBridgeCidr,omitempty" yaml:"dockerBridgeCidr,omitempty"`
+	NetworkPlugin               *string           `json:"networkPlugin,omitempty" yaml:"networkPlugin,omitempty"`
+	NetworkPodCIDR              *string           `json:"podCidr,omitempty" yaml:"podCidr,omitempty"`
+	NetworkPolicy               *string           `json:"networkPolicy,omitempty" yaml:"networkPolicy,omitempty"`
+	NetworkServiceCIDR          *string           `json:"serviceCidr,omitempty" yaml:"serviceCidr,omitempty"`
 	NodePools                   []AKSNodePool     `json:"nodePools,omitempty" yaml:"nodePools,omitempty"`
 	PrivateCluster              *bool             `json:"privateCluster,omitempty" yaml:"privateCluster,omitempty"`
 	ResourceGroup               string            `json:"resourceGroup,omitempty" yaml:"resourceGroup,omitempty"`
 	ResourceLocation            string            `json:"resourceLocation,omitempty" yaml:"resourceLocation,omitempty"`
-	Subnet                      string            `json:"subnet,omitempty" yaml:"subnet,omitempty"`
+	Subnet                      *string           `json:"subnet,omitempty" yaml:"subnet,omitempty"`
 	Tags                        map[string]string `json:"tags,omitempty" yaml:"tags,omitempty"`
-	TenantID                    string            `json:"tenantId,omitempty" yaml:"tenantId,omitempty"`
-	VirtualNetwork              string            `json:"virtualNetwork,omitempty" yaml:"virtualNetwork,omitempty"`
-	VirtualNetworkResourceGroup string            `json:"virtualNetworkResourceGroup,omitempty" yaml:"virtualNetworkResourceGroup,omitempty"`
-	WindowsAdminPassword        string            `json:"windowsAdminPassword,omitempty" yaml:"windowsAdminPassword,omitempty"`
-	WindowsAdminUsername        string            `json:"windowsAdminUsername,omitempty" yaml:"windowsAdminUsername,omitempty"`
+	VirtualNetwork              *string           `json:"virtualNetwork,omitempty" yaml:"virtualNetwork,omitempty"`
+	VirtualNetworkResourceGroup *string           `json:"virtualNetworkResourceGroup,omitempty" yaml:"virtualNetworkResourceGroup,omitempty"`
+	WindowsAdminPassword        *string           `json:"windowsAdminPassword,omitempty" yaml:"windowsAdminPassword,omitempty"`
+	WindowsAdminUsername        *string           `json:"windowsAdminUsername,omitempty" yaml:"windowsAdminUsername,omitempty"`
 }
diff --git a/pkg/client/generated/management/v3/zz_generated_aks_node_pool.go b/pkg/client/generated/management/v3/zz_generated_aks_node_pool.go
index 67aaf4aec546fd3219865784f7b709b1f5ac3592..eaf4c3f4a05f096bd7c1876c537cbb40453ab281 100644
--- a/pkg/client/generated/management/v3/zz_generated_aks_node_pool.go
+++ b/pkg/client/generated/management/v3/zz_generated_aks_node_pool.go
@@ -25,8 +25,8 @@ type AKSNodePool struct {
 	MaxPods             *int64   `json:"maxPods,omitempty" yaml:"maxPods,omitempty"`
 	MinCount            *int64   `json:"minCount,omitempty" yaml:"minCount,omitempty"`
 	Mode                string   `json:"mode,omitempty" yaml:"mode,omitempty"`
-	Name                string   `json:"name,omitempty" yaml:"name,omitempty"`
-	OrchestratorVersion string   `json:"orchestratorVersion,omitempty" yaml:"orchestratorVersion,omitempty"`
+	Name                *string  `json:"name,omitempty" yaml:"name,omitempty"`
+	OrchestratorVersion *string  `json:"orchestratorVersion,omitempty" yaml:"orchestratorVersion,omitempty"`
 	OsDiskSizeGB        *int64   `json:"osDiskSizeGB,omitempty" yaml:"osDiskSizeGB,omitempty"`
 	OsDiskType          string   `json:"osDiskType,omitempty" yaml:"osDiskType,omitempty"`
 	OsType              string   `json:"osType,omitempty" yaml:"osType,omitempty"`
diff --git a/pkg/controllers/management/clusterupstreamrefresher/aks_upstream_spec.go b/pkg/controllers/management/clusterupstreamrefresher/aks_upstream_spec.go
index 8b5a27f80b9c3db1ce2e22a66698364d85a706d2..d462f6703dbcd1076f702d008a53ef763acd6b59 100644
--- a/pkg/controllers/management/clusterupstreamrefresher/aks_upstream_spec.go
+++ b/pkg/controllers/management/clusterupstreamrefresher/aks_upstream_spec.go
@@ -19,7 +19,6 @@ func BuildAKSUpstreamSpec(secretsCache wranglerv1.SecretCache, cluster *mgmtv3.C
 	upstreamSpec.ClusterName = cluster.Spec.AKSConfig.ClusterName
 	upstreamSpec.ResourceLocation = cluster.Spec.AKSConfig.ResourceLocation
 	upstreamSpec.ResourceGroup = cluster.Spec.AKSConfig.ResourceGroup
-	upstreamSpec.TenantID = cluster.Spec.AKSConfig.TenantID
 	upstreamSpec.AzureCredentialSecret = cluster.Spec.AKSConfig.AzureCredentialSecret
 	upstreamSpec.Imported = cluster.Spec.AKSConfig.Imported
 
diff --git a/pkg/multiclustermanager/capabilities/aks_version_endpoint.go b/pkg/multiclustermanager/capabilities/aks_version_endpoint.go
deleted file mode 100644
index 99e4ccb52e58e24c1c100088405df2a33f6dedc2..0000000000000000000000000000000000000000
--- a/pkg/multiclustermanager/capabilities/aks_version_endpoint.go
+++ /dev/null
@@ -1,161 +0,0 @@
-package capabilities
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"sort"
-
-	"github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2017-09-30/containerservice"
-	"github.com/Azure/go-autorest/autorest"
-	"github.com/Azure/go-autorest/autorest/adal"
-	"github.com/Azure/go-autorest/autorest/azure"
-	"github.com/mcuadros/go-version"
-)
-
-func NewAKSVersionsHandler() *AKSVersionHandler {
-	return &AKSVersionHandler{}
-}
-
-type AKSVersionHandler struct {
-}
-
-type regionCapabilitiesRequestBody struct {
-	// BaseURL specifies the Azure Resource management endpoint, it defaults "https://management.azure.com/".
-	BaseURL string `json:"baseUrl"`
-	// AuthBaseURL specifies the Azure OAuth 2.0 authentication endpoint, it defaults "https://login.microsoftonline.com/".
-	AuthBaseURL string `json:"authBaseUrl"`
-	// credentials
-	ClientID       string `json:"clientId"`
-	ClientSecret   string `json:"clientSecret"`
-	SubscriptionID string `json:"subscriptionId"`
-	TenantID       string `json:"tenantId"`
-
-	Region string `json:"region"`
-}
-
-func (g *AKSVersionHandler) ServeHTTP(writer http.ResponseWriter, req *http.Request) {
-	if req.Method != http.MethodPost {
-		writer.WriteHeader(http.StatusMethodNotAllowed)
-		return
-	}
-
-	writer.Header().Set("Content-Type", "application/json")
-
-	var body regionCapabilitiesRequestBody
-	if err := extractRequestBody(writer, req, &body); err != nil {
-		handleErr(writer, err)
-		return
-	}
-
-	if err := validateRegionRequestBody(writer, &body); err != nil {
-		handleErr(writer, err)
-		return
-	}
-
-	region := body.Region
-
-	clientID := body.ClientID
-	clientSecret := body.ClientSecret
-	subscriptionID := body.SubscriptionID
-	tenantID := body.TenantID
-
-	baseURL := body.BaseURL
-	authBaseURL := body.AuthBaseURL
-	if baseURL == "" {
-		baseURL = azure.PublicCloud.ResourceManagerEndpoint
-	}
-	if authBaseURL == "" {
-		authBaseURL = azure.PublicCloud.ActiveDirectoryEndpoint
-	}
-
-	oAuthConfig, err := adal.NewOAuthConfig(authBaseURL, tenantID)
-	if err != nil {
-		writer.WriteHeader(http.StatusBadRequest)
-		handleErr(writer, fmt.Errorf("failed to configure azure oaith: %v", err))
-		return
-	}
-
-	spToken, err := adal.NewServicePrincipalToken(*oAuthConfig, clientID, clientSecret, baseURL)
-	if err != nil {
-		writer.WriteHeader(http.StatusBadRequest)
-		handleErr(writer, fmt.Errorf("failed to create token: %v", err))
-		return
-	}
-
-	authorizer := autorest.NewBearerAuthorizer(spToken)
-
-	client := containerservice.NewContainerServicesClientWithBaseURI(baseURL, subscriptionID)
-	client.Authorizer = authorizer
-
-	orchestrators, err := client.ListOrchestrators(context.Background(), region, "managedClusters")
-	if err != nil {
-		writer.WriteHeader(http.StatusBadRequest)
-		handleErr(writer, fmt.Errorf("failed to get orchestrators: %v", err))
-		return
-	}
-
-	if orchestrators.Orchestrators == nil {
-		writer.WriteHeader(http.StatusBadRequest)
-		handleErr(writer, fmt.Errorf("no version profiles returned: %v", err))
-		return
-	}
-
-	var kubernetesVersions []string
-
-	for _, profile := range *orchestrators.Orchestrators {
-		if profile.OrchestratorType == nil || profile.OrchestratorVersion == nil {
-			writer.WriteHeader(http.StatusInternalServerError)
-			handleErr(writer, fmt.Errorf("unexpected nil orchestrator type or version"))
-			return
-		}
-
-		if *profile.OrchestratorType == "Kubernetes" {
-			kubernetesVersions = append(kubernetesVersions, *profile.OrchestratorVersion)
-		}
-	}
-
-	sort.Sort(sortableVersion(kubernetesVersions))
-
-	serialized, err := json.Marshal(kubernetesVersions)
-	if err != nil {
-		writer.WriteHeader(http.StatusInternalServerError)
-		handleErr(writer, err)
-		return
-	}
-
-	writer.Write(serialized)
-}
-
-type sortableVersion []string
-
-func (s sortableVersion) Len() int {
-	return len(s)
-}
-
-func (s sortableVersion) Swap(a, b int) {
-	s[a], s[b] = s[b], s[a]
-}
-
-func (s sortableVersion) Less(a, b int) bool {
-	return version.Compare(s[a], s[b], "<")
-}
-
-func validateRegionRequestBody(writer http.ResponseWriter, body *regionCapabilitiesRequestBody) error {
-	toCheck := [][]string{
-		{"region", body.Region},
-		{"clientID", body.ClientID},
-		{"clientSecret", body.ClientSecret},
-		{"subscriptionID", body.SubscriptionID},
-		{"tenantID", body.TenantID},
-	}
-	for _, v := range toCheck {
-		if v[1] == "" {
-			writer.WriteHeader(http.StatusBadRequest)
-			return fmt.Errorf("invalid %s", v[0])
-		}
-	}
-
-	return nil
-}
diff --git a/pkg/multiclustermanager/capabilities/aks_virtual_networks_endpoint.go b/pkg/multiclustermanager/capabilities/aks_virtual_networks_endpoint.go
deleted file mode 100644
index 9fa7dbf0873b4343a2f6dd85dbb2e531646f35ad..0000000000000000000000000000000000000000
--- a/pkg/multiclustermanager/capabilities/aks_virtual_networks_endpoint.go
+++ /dev/null
@@ -1,193 +0,0 @@
-package capabilities
-
-import (
-	"context"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"net/http"
-	"regexp"
-
-	"github.com/Azure/azure-sdk-for-go/services/network/mgmt/2018-07-01/network"
-	"github.com/Azure/go-autorest/autorest"
-	"github.com/Azure/go-autorest/autorest/adal"
-	"github.com/Azure/go-autorest/autorest/azure"
-)
-
-var regex = regexp.MustCompile("/resourceGroups/(.+?)/")
-
-func NewAKSVirtualNetworksHandler() *AKSVirtualNetworksHandler {
-	return &AKSVirtualNetworksHandler{}
-}
-
-type AKSVirtualNetworksHandler struct {
-}
-
-type virtualNetworksRequestBody struct {
-	// BaseURL specifies the Azure Resource management endpoint, it defaults "https://management.azure.com/".
-	BaseURL string `json:"baseUrl"`
-	// AuthBaseURL specifies the Azure OAuth 2.0 authentication endpoint, it defaults "https://login.microsoftonline.com/".
-	AuthBaseURL string `json:"authBaseUrl"`
-	// credentials
-	ClientID       string `json:"clientId"`
-	ClientSecret   string `json:"clientSecret"`
-	SubscriptionID string `json:"subscriptionId"`
-	TenantID       string `json:"tenantId"`
-}
-
-type virtualNetworksResponseBody struct {
-	Name          string   `json:"name"`
-	ResourceGroup string   `json:"resourceGroup"`
-	Subnets       []subnet `json:"subnets"`
-}
-
-type subnet struct {
-	Name         string `json:"name"`
-	AddressRange string `json:"addressRange"`
-}
-
-func (g *AKSVirtualNetworksHandler) ServeHTTP(writer http.ResponseWriter, req *http.Request) {
-	if req.Method != http.MethodPost {
-		writer.WriteHeader(http.StatusMethodNotAllowed)
-		return
-	}
-
-	writer.Header().Set("Content-Type", "application/json")
-
-	var body virtualNetworksRequestBody
-	if err := extractRequestBody(writer, req, &body); err != nil {
-		handleErr(writer, err)
-		return
-	}
-
-	if err := validateVirtualNetworksRequestBody(&body); err != nil {
-		writer.WriteHeader(http.StatusBadRequest)
-		handleErr(writer, err)
-		return
-	}
-
-	clientID := body.ClientID
-	clientSecret := body.ClientSecret
-	subscriptionID := body.SubscriptionID
-	tenantID := body.TenantID
-
-	baseURL := body.BaseURL
-	authBaseURL := body.AuthBaseURL
-	if baseURL == "" {
-		baseURL = azure.PublicCloud.ResourceManagerEndpoint
-	}
-	if authBaseURL == "" {
-		authBaseURL = azure.PublicCloud.ActiveDirectoryEndpoint
-	}
-
-	oAuthConfig, err := adal.NewOAuthConfig(authBaseURL, tenantID)
-	if err != nil {
-		writer.WriteHeader(http.StatusBadRequest)
-		handleErr(writer, fmt.Errorf("failed to configure azure oauth: %v", err))
-		return
-	}
-
-	spToken, err := adal.NewServicePrincipalToken(*oAuthConfig, clientID, clientSecret, baseURL)
-	if err != nil {
-		writer.WriteHeader(http.StatusBadRequest)
-		handleErr(writer, fmt.Errorf("failed to create token: %v", err))
-		return
-	}
-
-	authorizer := autorest.NewBearerAuthorizer(spToken)
-
-	client := network.NewVirtualNetworksClientWithBaseURI(baseURL, subscriptionID)
-	client.Authorizer = authorizer
-
-	var networks []virtualNetworksResponseBody
-
-	pointer, err := client.ListAll(context.Background())
-	if err != nil {
-		writer.WriteHeader(http.StatusBadRequest)
-		handleErr(writer, fmt.Errorf("failed to get networks: %v", err))
-		return
-	}
-
-	for pointer.NotDone() {
-		var batch []virtualNetworksResponseBody
-
-		for _, azureNetwork := range pointer.Values() {
-			var subnets []subnet
-
-			if azureNetwork.Subnets != nil {
-				for _, azureSubnet := range *azureNetwork.Subnets {
-					if azureSubnet.Name != nil {
-						subnets = append(subnets, subnet{
-							Name:         *azureSubnet.Name,
-							AddressRange: *azureSubnet.AddressPrefix,
-						})
-					}
-				}
-			}
-
-			if azureNetwork.ID == nil {
-				writer.WriteHeader(http.StatusInternalServerError)
-				handleErr(writer, errors.New("no ID on virtual network"))
-				return
-			}
-
-			match := regex.FindStringSubmatch(*azureNetwork.ID)
-
-			if len(match) < 2 || match[1] == "" {
-				writer.WriteHeader(http.StatusInternalServerError)
-				handleErr(writer, errors.New("could not parse virtual network ID"))
-				return
-			}
-
-			if azureNetwork.Name == nil {
-				writer.WriteHeader(http.StatusInternalServerError)
-				handleErr(writer, errors.New("no name on virtual network"))
-				return
-			}
-
-			batch = append(batch, virtualNetworksResponseBody{
-				Name:          *azureNetwork.Name,
-				ResourceGroup: match[1],
-				Subnets:       subnets,
-			})
-		}
-
-		networks = append(networks, batch...)
-
-		err = pointer.Next()
-		if err != nil {
-			writer.WriteHeader(http.StatusInternalServerError)
-			handleErr(writer, err)
-			return
-		}
-	}
-
-	serialized, err := json.Marshal(networks)
-	if err != nil {
-		writer.WriteHeader(http.StatusInternalServerError)
-		handleErr(writer, err)
-		return
-	}
-
-	writer.Write(serialized)
-}
-
-func validateVirtualNetworksRequestBody(body *virtualNetworksRequestBody) error {
-	if body.ClientID == "" {
-		return fmt.Errorf("invalid clientID")
-	}
-
-	if body.ClientSecret == "" {
-		return fmt.Errorf("invalid clientSecret")
-	}
-
-	if body.SubscriptionID == "" {
-		return fmt.Errorf("invalid subscriptionID")
-	}
-
-	if body.TenantID == "" {
-		return fmt.Errorf("invalid tenantID")
-	}
-
-	return nil
-}
diff --git a/pkg/multiclustermanager/capabilities/http_request_body.go b/pkg/multiclustermanager/capabilities/http_request_body.go
deleted file mode 100644
index 3a2126738f9dc66047b2bc9087d0ba3a4abf1d4d..0000000000000000000000000000000000000000
--- a/pkg/multiclustermanager/capabilities/http_request_body.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package capabilities
-
-import (
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"net/http"
-
-	"github.com/sirupsen/logrus"
-)
-
-type errorResponse struct {
-	Error string `json:"error"`
-}
-
-func handleErr(writer http.ResponseWriter, originalErr error) {
-	resp := errorResponse{originalErr.Error()}
-
-	asJSON, err := json.Marshal(resp)
-
-	if err != nil {
-		logrus.Error("error while marshalling error message '" + originalErr.Error() + "' error was '" + err.Error() + "'")
-		writer.Write([]byte(err.Error()))
-
-		return
-	}
-
-	writer.Write(asJSON)
-}
-
-func extractRequestBody(writer http.ResponseWriter, req *http.Request, body interface{}) error {
-	raw, err := ioutil.ReadAll(req.Body)
-
-	if err != nil {
-		writer.WriteHeader(http.StatusBadRequest)
-		return fmt.Errorf("cannot read request body: " + err.Error())
-	}
-
-	err = json.Unmarshal(raw, &body)
-
-	if err != nil {
-		writer.WriteHeader(http.StatusBadRequest)
-		return fmt.Errorf("cannot parse request body: " + err.Error())
-	}
-
-	return nil
-}
diff --git a/pkg/multiclustermanager/routes.go b/pkg/multiclustermanager/routes.go
index 3df463bd195bb2da919856414c030178d3f81b73..bb47aab6c252ad6039a6e3a18c9836a3ace32ee2 100644
--- a/pkg/multiclustermanager/routes.go
+++ b/pkg/multiclustermanager/routes.go
@@ -4,13 +4,11 @@ import (
 	"context"
 	"net/http"
 
-	"github.com/rancher/apiserver/pkg/parse"
-	"github.com/rancher/rancher/pkg/features"
-	"github.com/rancher/rancher/pkg/tunnelserver/mcmauthorizer"
-
 	"github.com/gorilla/mux"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
+	"github.com/rancher/apiserver/pkg/parse"
 	"github.com/rancher/rancher/pkg/api/norman"
+	"github.com/rancher/rancher/pkg/api/norman/customization/aks"
 	"github.com/rancher/rancher/pkg/api/norman/customization/clusterregistrationtokens"
 	"github.com/rancher/rancher/pkg/api/norman/customization/gke"
 	"github.com/rancher/rancher/pkg/api/norman/customization/oci"
@@ -25,15 +23,16 @@ import (
 	"github.com/rancher/rancher/pkg/channelserver"
 	"github.com/rancher/rancher/pkg/clustermanager"
 	rancherdialer "github.com/rancher/rancher/pkg/dialer"
+	"github.com/rancher/rancher/pkg/features"
 	"github.com/rancher/rancher/pkg/httpproxy"
 	k8sProxyPkg "github.com/rancher/rancher/pkg/k8sproxy"
 	"github.com/rancher/rancher/pkg/metrics"
-	"github.com/rancher/rancher/pkg/multiclustermanager/capabilities"
 	"github.com/rancher/rancher/pkg/multiclustermanager/whitelist"
 	"github.com/rancher/rancher/pkg/pipeline/hooks"
 	"github.com/rancher/rancher/pkg/rbac"
 	"github.com/rancher/rancher/pkg/rkenodeconfigserver"
 	"github.com/rancher/rancher/pkg/telemetry"
+	"github.com/rancher/rancher/pkg/tunnelserver/mcmauthorizer"
 	"github.com/rancher/rancher/pkg/types/config"
 	"github.com/rancher/steve/pkg/auth"
 )
@@ -97,8 +96,7 @@ func router(ctx context.Context, localClusterEnabled bool, tunnelAuthorizer *mcm
 	authed.Use(mux.MiddlewareFunc(rbac.NewAccessControlHandler()))
 	authed.Use(requests.NewAuthenticatedFilter)
 
-	authed.Path("/meta/aksVersions").Handler(capabilities.NewAKSVersionsHandler())
-	authed.Path("/meta/aksVirtualNetworks").Handler(capabilities.NewAKSVirtualNetworksHandler())
+	authed.Path("/meta/{resource:aks.+}").Handler(aks.NewAKSHandler(scaledContext))
 	authed.Path("/meta/{resource:gke.+}").Handler(gke.NewGKEHandler(scaledContext))
 	authed.Path("/meta/oci/{resource}").Handler(oci.NewOCIHandler(scaledContext))
 	authed.Path("/meta/vsphere/{field}").Handler(vsphere.NewVsphereHandler(scaledContext))