Last updated: May 2026

Azure Fundamentals Beginner AZ-900 ⏱ 11 min read

Azure Arc

Most large organisations don't live entirely in one cloud. They have servers on-premises, resources on AWS or GCP, and workloads in Azure. Managing all of these from separate consoles is painful, inconsistent, and error-prone. Azure Arc solves this by extending the Azure control plane beyond Azure — letting you manage and govern resources anywhere in the world from a single pane of glass: the Azure Portal.

What you'll learn What Azure Arc is and the problem it solves · Azure Arc-enabled Servers · Azure Arc-enabled Kubernetes · Azure Arc-enabled Data Services · How Arc brings Azure governance to non-Azure resources · When to use Azure Arc · Key benefits for enterprises

Table of Contents

What is Azure Arc?
The Problem Azure Arc Solves
How Azure Arc Works
Arc-Enabled Servers
Arc-Enabled Kubernetes
Arc-Enabled Data Services
Governance with Azure Arc
When to Use Azure Arc
Azure Arc vs Azure Stack
Practice Questions

What is Azure Arc?

Azure Arc is a set of technologies that extends Azure management, governance, and services to any infrastructure — whether it's running on-premises in your own data centre, on another cloud provider like AWS or GCP, or at the edge.

With Azure Arc, a Linux server sitting in your Mumbai office appears in the Azure Portal just like an Azure VM. You can apply Azure Policies to it, monitor it with Azure Monitor, secure it with Microsoft Defender — even if it never moves to Azure.

ℹ️

One Line Definition Azure Arc = Azure management capabilities extended to resources outside Azure. It brings non-Azure infrastructure into the Azure control plane without migrating it.

The Problem Azure Arc Solves

Consider a typical enterprise that has:

50 on-premises Windows and Linux servers in their Chennai data centre
A Kubernetes cluster running on AWS EKS
Some VMs on Azure
Edge devices in retail stores

Without Arc, managing these requires four separate consoles, four sets of policies, four monitoring dashboards, and four different ways to apply security. Teams use different tools, policies drift, and security gaps appear.

With Arc, all of these appear in the Azure Portal. One set of policies. One monitoring view. One security baseline. One place to manage access control.

How Azure Arc Works

Azure Arc works by installing a lightweight agent on the machine you want to manage — called the Azure Connected Machine agent (for servers) or the Arc-enabled Kubernetes agent.

Once installed, the agent:

Registers the machine with Azure Resource Manager
Makes the machine appear as an Azure resource in the portal
Allows Azure policies, tags, RBAC, and monitoring to be applied to it
Reports health and compliance status back to Azure

ℹ️

The Machine Stays Where It Is Installing the Arc agent does NOT move your workload to Azure. Your server stays on-premises (or on AWS, or wherever). Only management and monitoring happens through Azure. The physical machine and its data stay in their original location.

Arc-Enabled Servers

Azure Arc-enabled Servers lets you manage physical and virtual machines running Windows or Linux — anywhere — through the Azure Portal, just as if they were Azure VMs.

What You Can Do with Arc-Enabled Servers

Apply Azure Policies — Enforce configuration standards (e.g., "All servers must have the monitoring agent installed")
Use Azure Monitor — Collect logs and metrics from on-premises servers in the same Azure Monitor workspace as your Azure VMs
Microsoft Defender for Servers — Get threat detection and security recommendations on non-Azure servers
Azure Automation — Run update management and inventory tracking on on-premises servers
Tags and RBAC — Tag on-premises servers and control who manages them using Azure RBAC

💡

Real Example A manufacturing company has 200 on-premises Linux servers running their production control systems — they can't migrate these to cloud. With Azure Arc, they onboard all 200 servers into Azure, apply a security baseline policy, and monitor them all from a single Azure Monitor dashboard — without moving a single workload.

Arc-Enabled Kubernetes

Azure Arc-enabled Kubernetes lets you attach any Kubernetes cluster — running on-premises, on AWS EKS, on Google GKE, or anywhere else — to Azure. Once attached, you can manage and govern it from the Azure Portal.

What You Can Do

View cluster health and inventory in the Azure Portal
Deploy applications to the cluster using GitOps (Flux)
Apply Azure Policies to enforce cluster configuration standards
Monitor with Azure Monitor for containers
Use Microsoft Defender for Kubernetes threat protection

ℹ️

GitOps with Arc Arc-enabled Kubernetes supports GitOps — a practice where your cluster configuration is stored in a Git repository and automatically applied to the cluster. Any change in Git is automatically deployed to the cluster. This works across all your clusters, regardless of where they run.

Arc-Enabled Data Services

Azure Arc-enabled Data Services lets you run Azure data services — specifically Azure SQL Managed Instance and PostgreSQL — on any infrastructure, while still being managed like Azure services.

This means you can run Azure SQL Managed Instance on your on-premises servers and get:

Automatic updates and patching (Microsoft manages the data service layer)
Elastic scale — add or remove vCores without downtime
Built-in high availability
Azure data security features

Governance with Azure Arc

One of Arc's biggest value propositions is applying Azure's governance tools to non-Azure resources:

Azure Governance Tool	Works on Arc Resources?	What It Does
Azure Policy	✅ Yes	Enforce configuration standards on any Arc resource
Azure RBAC	✅ Yes	Control who can manage Arc resources
Azure Tags	✅ Yes	Organise and track costs for non-Azure resources
Azure Monitor	✅ Yes	Collect logs and metrics from anywhere
Microsoft Defender	✅ Yes	Security monitoring and threat detection
Azure Update Manager	✅ Yes	Patch management for on-premises servers

When to Use Azure Arc

Scenario	Use Arc?	Why
On-premises servers you can't migrate	✅ Yes	Bring Azure governance to servers that must stay on-prem
Kubernetes clusters on AWS/GCP	✅ Yes	Manage multi-cloud K8s from one place
Hybrid cloud strategy	✅ Yes	Consistent governance across cloud and on-prem
All resources already in Azure	❌ Not needed	Azure-native resources are already managed by Azure
Edge devices and IoT	✅ Yes	Arc can manage edge devices like retail kiosks or factory machines

Azure Arc vs Azure Stack

These are two different Microsoft products for hybrid cloud — they're often confused:

	Azure Arc	Azure Stack Hub
What it is	Management layer for non-Azure resources	Azure infrastructure running in your data centre
Requires Azure hardware?	No — works with any server	Yes — specific Microsoft-validated hardware
Runs Azure services locally?	No — management only	Yes — actual Azure VMs, App Service, etc. run on-prem
Best for	Governance of existing on-prem and multi-cloud resources	Full Azure IaaS/PaaS capabilities in disconnected environments
Cost	Pay per managed resource	Significant hardware investment

💡

AZ-900 Exam Tip Azure Arc = extend Azure management to resources outside Azure (on-premises, AWS, GCP). It does not move resources to Azure — the agent just makes them manageable from Azure. Know the types: Arc-enabled Servers, Arc-enabled Kubernetes, Arc-enabled Data Services.

📝 Practice Questions

Click an option to check your answer. AZ-900 style questions.

Q1. What does Azure Arc enable?

A Automatic migration of on-premises workloads to Azure

B Managing resources outside Azure using the Azure control plane

C Free cloud storage for on-premises backup

D A replacement for the Azure Portal with a desktop application

Q2. A company has 100 on-premises Linux servers they cannot migrate to Azure due to regulatory constraints. They want to monitor and apply security policies to these servers using Azure tools. What should they use?

A Azure Monitor only

B Azure Migrate

C Azure Arc-enabled Servers

D Azure Stack Hub

Q3. What happens to an on-premises server's workload when the Azure Arc agent is installed on it?

A The workload is automatically migrated to the nearest Azure region

B A copy of the workload is created in Azure as a backup

C Nothing — the workload stays on-premises; only management is extended to Azure

D The server is shut down and replaced with an Azure VM

Q4. Which of the following Azure governance tools can be applied to Arc-enabled resources?

A Azure Policy only

B Azure Monitor only

C Azure RBAC only

D Azure Policy, RBAC, Tags, Monitor, and Defender — all work on Arc resources

Q5. What is the key difference between Azure Arc and Azure Stack Hub?

A Azure Arc is for Azure-only resources; Azure Stack Hub is for on-premises resources

B Azure Arc extends management to existing non-Azure resources; Azure Stack Hub runs Azure services in your own data centre on dedicated hardware

C Azure Arc is a cheaper version of Azure Stack Hub

D Azure Arc is for Windows only; Azure Stack Hub is for Linux only

← Previous Azure Management Groups Next → Back to Azure Fundamentals

Comments

Disclaimer: RedKite Cloud is an independent educational resource and is not affiliated with, endorsed by, or officially connected to Microsoft Corporation. All product names, logos, and trademarks are property of their respective owners. Content is written independently for educational purposes only.