Install Azure Arc to maintain protection of your non-Azure SQL server instances

Question

Hello there fellow colleagues,

Hope you are all doing well.

I have received this email from Microsoft

Subject: [EXTERNAL] Action required by 31 July 2025: SQL servers on machines protection coverage at risk
Install Azure Arc to maintain protection of your non-Azure SQL server instances

You're receiving this notification because you're associated with one or more Azure subscriptions that have SQL servers onboarded to the Defender for SQL servers on machines plan with the legacy Microsoft Monitoring agent (MMA), and don't have Azure Arc installed.The Log Analytics agent, also known as Microsoft Monitoring Agent (MMA) is set to be fully retired by 31 July 2025. To maintain continued SQL server protection with the Defender for SQL servers on machines plan, you need to install Azure Arc on all non-Azure SQL server instances before 31 July 2025.Required actionUse this guide to identify SQL instances without Azure Arc installed and install Azure Arc on identified instances before 31 July 2025 to keep protection.*You're receiving this notification because you're associated with one or more Azure subscriptions that have SQL servers onboarded to the Defender for SQL servers on machines plan with the legacy Microsoft Monitoring agent (MMA), and don't have Azure Arc installed.*The Log Analytics agent, also known as Microsoft Monitoring Agent (MMA) is set to be fully retired by 31 July 2025. To maintain continued SQL server protection with the Defender for SQL servers on machines plan, you need to install Azure Arc on all non-Azure SQL server instances before 31 July 2025.Required actionUse this guide to identify SQL instances without Azure Arc installed and install Azure Arc on identified instances before 31 July 2025 to keep protection.
The question which i have, I am using Azure i have some servers there, however my SQL servers are connected via Agent to Azure from on-premise using VMware, do i need to do each server to install Azure Arc, or it is better to Open ports for Vmware and install Azure Arc for the whole vmware somehow, and expose the entire resources in Azure, which is the best approach?

Thank you,

Regards,

Viktor Marinov, system administrator

Answer 1

Hi Viktor Marinov,

In order to keep your non-Azure SQL Server instances protected, you should explicitly install Azure Arc on all of your non-Azure hosted SQL Server instances. Because you are utilizing VMWARE in order to link your instances of SQL servers to Azure, you have the option to choose between a couple of solutions.

1. Install Azure Arc on Each Server: This method guarantees that each instance of SQL Server is uniquely connected and controlled via Azure Arc. It could be more work since you will have to manage each server separately.
2. Open VMware Ports and Install Azure Arc for the Entire VMware Environment: This alternative may be more effective since you can expose the entire VMware environment to Azure and perhaps make it easier to manage and monitor. Nonetheless, you have to see to it that appropriate network configurations and security provisions are in place to enable such connection.

Finally, the optimal method relies on your particular setup and management style. If you have a high number of SQL Server instances, installing Azure Arc for the entire VMware setup may be more practical.

References:

https://learn.microsoft.com/en-us/azure/defender-for-cloud/identify-sql-servers-protected-by-mma

https://learn.microsoft.com/en-us/sql/sql-server/azure-arc/overview?view=sql-server-ver16

https://learn.microsoft.com/en-us/azure/azure-arc/choose-service

https://learn.microsoft.com/en-us/azure/defender-for-cloud/plan-defender-for-servers-select-plan#azure-arc-onboarding

---

Please let me know if you face any challenge here, I can help you to resolve this issue further

Provide your valuable Comments.

Please do not forget to "Accept the answer” and “upvote it” wherever the information provided helps you, this can be beneficial to other community members.it would be greatly appreciated and helpful to others.