diff --git a/nodeup/pkg/model/kubectl.go b/nodeup/pkg/model/kubectl.go
index dac4606426..1939805016 100644
--- a/nodeup/pkg/model/kubectl.go
+++ b/nodeup/pkg/model/kubectl.go
@@ -103,10 +103,16 @@ func (b *KubectlBuilder) Build(c *fi.NodeupModelBuilderContext) error {
 
 // findKubeconfigUser finds the default user for whom we should create a kubeconfig
 func (b *KubectlBuilder) findKubeconfigUser() (*fi.User, *fi.Group, error) {
-	users, err := b.Distribution.DefaultUsers()
-	if err != nil {
-		klog.Warningf("won't write kubeconfig to homedir for distribution %v: %v", b.Distribution, err)
-		return nil, nil, nil
+	var users []string
+	if b.RunningOnAzure() {
+		users = append(users, b.NodeupConfig.AzureAdminUser)
+	} else {
+		defaultUsers, err := b.Distribution.DefaultUsers()
+		if err != nil {
+			klog.Warningf("won't write kubeconfig to homedir for distribution %v: %v", b.Distribution, err)
+			return nil, nil, nil
+		}
+		users = append(users, defaultUsers...)
 	}
 
 	for _, s := range users {
diff --git a/pkg/apis/nodeup/config.go b/pkg/apis/nodeup/config.go
index 5cd16c5963..8c13dbc69e 100644
--- a/pkg/apis/nodeup/config.go
+++ b/pkg/apis/nodeup/config.go
@@ -118,6 +118,8 @@ type Config struct {
 	WarmPoolImages []string `json:"warmPoolImages,omitempty"`
 
 	// Azure-specific
+	// AzureAdminUser is the admin user of VMs.
+	AzureAdminUser string `json:",omitempty"`
 	// AzureLocation is the location of the resource group that the cluster is deployed in.
 	AzureLocation string `json:",omitempty"`
 	// AzureSubscriptionID is the ID of the Azure Subscription that the cluster is deployed in.
@@ -280,6 +282,7 @@ func NewConfig(cluster *kops.Cluster, instanceGroup *kops.InstanceGroup) (*Confi
 		config.AzureResourceGroup = cluster.AzureResourceGroupName()
 		config.AzureRouteTableName = cluster.AzureRouteTableName()
 		config.Networking.NetworkID = cluster.Spec.Networking.NetworkID
+		config.AzureAdminUser = cluster.Spec.CloudProvider.Azure.AdminUser
 	}
 
 	if cluster.Spec.CloudProvider.GCE != nil {
diff --git a/tests/e2e/kubetest2-kops/deployer/common.go b/tests/e2e/kubetest2-kops/deployer/common.go
index d6e82d2649..7ae627bd16 100644
--- a/tests/e2e/kubetest2-kops/deployer/common.go
+++ b/tests/e2e/kubetest2-kops/deployer/common.go
@@ -80,8 +80,7 @@ func (d *deployer) initialize() error {
 		}
 		d.SSHPublicKeyPath = publicKeyPath
 		d.SSHPrivateKeyPath = privateKeyPath
-		// TODO: Check if we can use "kops" as SSH user
-		d.SSHUser = "ubuntu"
+		d.SSHUser = "kops"
 	case "digitalocean":
 		if d.SSHPrivateKeyPath == "" {
 			d.SSHPrivateKeyPath = os.Getenv("DO_SSH_PRIVATE_KEY_FILE")
diff --git a/tests/e2e/kubetest2-kops/deployer/up.go b/tests/e2e/kubetest2-kops/deployer/up.go
index 14bf940e86..c054c71624 100644
--- a/tests/e2e/kubetest2-kops/deployer/up.go
+++ b/tests/e2e/kubetest2-kops/deployer/up.go
@@ -195,8 +195,6 @@ func (d *deployer) createCluster(zones []string, adminAccess string, yes bool) e
 		args = appendIfUnset(args, "--cloud-labels", "DO-NOT-DELETE=kOps")
 		args = appendIfUnset(args, "--control-plane-size", "Standard_D4s_v3")
 		args = appendIfUnset(args, "--node-size", "Standard_D2s_v3")
-		// TODO: Check if we can use "kops" as SSH user
-		args = appendIfUnset(args, "--azure-admin-user", "ubuntu")
 	case "gce":
 		if isArm {
 			args = appendIfUnset(args, "--master-size", "t2a-standard-2")
diff --git a/upup/pkg/fi/cloudup/new_cluster.go b/upup/pkg/fi/cloudup/new_cluster.go
index 6285e038e4..5222178ce5 100644
--- a/upup/pkg/fi/cloudup/new_cluster.go
+++ b/upup/pkg/fi/cloudup/new_cluster.go
@@ -176,6 +176,9 @@ func (o *NewClusterOptions) InitDefaults() {
 	o.EtcdClusters = []string{"main", "events"}
 	o.Networking = "cilium"
 	o.InstanceManager = "cloudgroups"
+
+	// Azure-specific
+	o.AzureAdminUser = "kops"
 }
 
 type NewClusterResult struct {