Azure Arc : Extend Azure Management Anywhere

What Is Azure Arc?

Azure Arc is a powerful hybrid and multicloud management platform from Microsoft. It allows organizations to project on-premises, edge, and multi-cloud resources into Azure and manage them as if they were native Azure resources.

With Azure Arc, you can manage :

  • Servers (Windows & Linux)
  • Kubernetes clusters
  • SQL servers & PostgreSQL databases
  • Virtual machines on any hypervisor or cloud
  • Applications running across environments

It is an essential component of Azure Local, allowing centralized governance and operations across all environments , local or remote, connected or disconnected.

Prerequisites

1 – Infrastructure Requirements

  • On-premises or third-party cloud resources (servers, K8s clusters, databases)
  • Public or private connectivity to Azure (direct or proxy)
  • Azure subscription and access to the Azure portal

2 – Supported Operating Systems

  • Windows Server 2012 R2 and later
  • Ubuntu, RHEL, CentOS, SUSE, Debian (for Arc-enabled Linux)
  • Any CNCF-certified Kubernetes cluster (e.g., AKS on Azure Stack HCI, OpenShift, VMware Tanzu, etc.)

3 – Agent Requirements

  • Connected Machine Agent for servers
  • Azure Arc-enabled Kubernetes agents for clusters
  • Outbound internet access to Azure endpoints over HTTPS

Key Advantages

  • Unified Governance : Use Azure Policy, RBAC, and Security Center across all environments , local datacenters, AWS, GCP, or the edge.
  • Enhanced Security : Protect workloads with Microsoft Defender for Cloud, apply baseline hardening with policies, and integrate Sentinel for SIEM/SOAR.
  • Centralized Monitoring : View metrics and logs in a single place using Azure Monitor and Log Analytics for all resources, wherever they reside.
  • Automation & DevOps : Enable GitOps, CI/CD pipelines, and Azure Automation for remote patching and configuration drift detection.
  • No Vendor Lock-In : Manage any infrastructure , VMware, Hyper-V, Bare Metal, AWS EC2, Google Cloud ,  all through the Azure control plane.

Pricing Overview

Azure Arc FeaturePricing
Arc-enabled serversFree for resource projection & inventory
Azure Policy, Monitoring, DefenderPay-as-you-go per service
Arc-enabled SQL ServerBilled per vCore/month
Arc-enabled KubernetesFree for connect; paid for GitOps, Policy, Defender

Mindmap

Connect an existing Windows server to Azure Arc

1 – Register Azure Resource Providers

Azure Arc-enabled servers depends on the following Azure resource providers in your subscription in order to use this service. Registration is an asynchronous process, and registration may take approximately 10 minutes.

You can do this step from Azure Portal or Azure PowerShell CLI :

A – Using Azure PowerShell CLI

  • Connect to Azure Portal and open Azure PowerShell CLI.
  • Copy paste this code
Register-AzResourceProvider -ProviderNamespace Microsoft.HybridCompute
Register-AzResourceProvider -ProviderNamespace Microsoft.GuestConfiguration
Register-AzResourceProvider -ProviderNamespace Microsoft.HybridConnectivity

Azure CLI execution result :

B – From Azure Portal

  1. Go to your Azure subscription
  2. Select Settings menu
  3. Click on Ressource Providers
  4. In the search bar type providers one by one (HybridCompute, GuestConfiguration, HybridConnectivity)
  5. Select Provider then click Register

2 – Create Azure service principal (SP)

To connect a server to Azure Arc, an Azure service principal (Entra ID application) assigned with the “Contributor” role is required. To create it, login to your Azure account run the below command directly from Azure CLI :

subscriptionId=$(az account show --query id --output tsv)
az ad sp create-for-rbac -n "AzureArcService" --role "Contributor" --scopes /subscriptions/$subscriptionId

here is the result :

  • Keep output result in notepad file, we will use them later to connect server agents.
  • Output should look like this :
{
"appId": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"displayName": "AzureArcService",
"password": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"tenant": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}

Here is the Entra ID App :

3 – Create a new Azure resource group for your Arc Servers

Create a new Azure resource group where you want your machine(s) to show up.

4 – Install the Azure Arc Agent on Servers

  • Download the azconnectwin PowerShell script.
  • Change the environment variables according to your environment and copy the script to the designated machine (Use saved output in previous steps).

Here is the PowerShell Code to use :

# <--- Change the following environment variables according to your Azure service principal name --->

$env:subscriptionId='<Your Azure subscription ID>'
$env:appId='<Your Azure service principal name>'
$env:password='<Your Azure service principal password>'
$env:tenantId='<Your Azure tenant ID>'
$env:resourceGroup='<Azure resource group name>'
$env:location='<Azure Region>'

# Download the package
function download() {$ProgressPreference="SilentlyContinue"; Invoke-WebRequest -Uri https://aka.ms/AzureConnectedMachineAgent -OutFile AzureConnectedMachineAgent.msi}
download

# Install the package
msiexec /i AzureConnectedMachineAgent.msi /l*v installationlog.txt /qn | Out-String

# Run connect command
 & "$env:ProgramFiles\AzureConnectedMachineAgent\azcmagent.exe" connect `
 --service-principal-id $env:appId `
 --service-principal-secret $env:password `
 --resource-group $env:resourceGroup `
 --tenant-id $env:tenantId `
 --location $env:location `
 --subscription-id $env:subscriptionId `
 --correlation-id "d009f5dd-dba8-4ac7-bac9-b54ef3a6671a"

here is PowerShell code is ISE after replacing environment variables :

After executing the script, the new server will appear automatically in new ressource groupe “Azure_Arc_Servers

Azure Services Recommendations

Once resources are connected, you can now:

  • Apply Azure Policy and Compliance
  • Enable Microsoft Defender for Cloud
  • Use Azure Monitor for metrics and logs
  • Set up Azure Update Management
  • Automate tasks with Azure Automation
  • Use GitOps for K8s configuration management

Conclusion

Azure Arc is a game-changer for organizations embracing hybrid or multicloud strategies. It enables IT teams to manage everything , regardless of where it runs using Azure-native tools and best practices.

Whether you’re modernizing legacy infrastructure, enforcing compliance at scale, or centralizing security, Azure Arc is the glue between your cloud and your on-prem world.

Read more

Thanks

Aymen EL JAZIRI (Microsoft MVP)
Aymen EL JAZIRI (Microsoft MVP)

Hi, I’m Aymen El Jaziri , a passionate System Administrator and Microsoft MVP, with years of hands-on experience in managing and securing modern IT infrastructures.
This blog is where I share technical guides, automation scripts, product reviews, and real-world solutions that help IT professionals simplify their day-to-day work and stay ahead in a fast-evolving cloud ecosystem.
Whether you’re here to troubleshoot an issue, improve your automation game, or learn new best practices , welcome in my blog !
Let’s build a stronger, smarter IT community together.
Feel free to connect with me on LinkedIn for more content, discussions, or collaboration opportunities.

Thanks

Aymen

Articles: 154

Related Posts

Trending now

Why it’s important to to disable user application consent in Microsoft 365
Intune Security Deep Dive : Enable Tamper Protection to Secure Defender Settings on Windows Devices
Unlock Your Microsoft 365 Tenant after Conditional Access misconfiguration in One Click
Maximize RDS Collection Efficiency : PowerShell Automation for Seamless Maintenance