Hi @Sadik Karadag ,
May I ask you where did you get the information that "any extension that is installed would use the same connectivity as the Azure Arc (private link scope)?"
It shouldn't by default. Due to Azure Monitoring Agent is a part of Azure Monitor, referring the following article, for Azure Monitor you need to enable the private link scope manually:
Optionally, deploy private endpoints for other Azure services your machine or server is managed by, such as:
Azure Monitor
Azure Automation
Azure Blob storage
Azure Key Vault