Share via

Azure Arc - without full internet.

Christopher Gray 41 Reputation points
2022-11-07T20:46:47.203+00:00

I wan't to know if it's possible to use Azure Arc without Internet access.

Currently, we have a site2site vpn connection between our on-premise infrastructure & Azure. We have Azure Arc connected to all our servers using a PrivatelinkScope connected to an endpoint in Azure. We also have the Microsoft Monitoring Agent installed on our servers as well. We block all outbound traffic to the public internet using a fire policy on our security appliance.

I noticed that we can't connect the Arc Agent or Insight to manage the servers unless the Arc HTTPS endpoints are opened up on our firewall and servers. Is it possible to use Azure Arc, MMA, Azures Monitoring App & Azure insight, without giving the on-premise servers access to the internet? and only use the secured VPN connection?

Thank you.

Azure Arc
Azure Arc
A Microsoft cloud service that enables deployment of Azure services across hybrid and multicloud environments.
382 questions
0 comments
Accepted answer
  1. Maxim Sergeev 6,566 Reputation points Microsoft Employee
    2022-11-07T22:23:21.263+00:00

    Hi there,

    A quick answer - no, you can't use Arc in fully isolated environments. It requires to have at least private link and mostly importantly access to AAD

    The quote from a product group:
    "We require continuous access to AAD because our agent uses an AAD managed identity to authenticate with our service."

    2 people found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest