Overview of Azure Connected Machine agent

The Azure Connected Machine agent enables you to manage your Windows and Linux machines hosted outside of Azure on your corporate network or other cloud providers.

Agent component details

Azure Arc-enabled servers agent architectural overview.

The Azure Connected Machine agent package contains several logical components, which are bundled together:

  • The Hybrid Instance Metadata service (HIMDS) manages the connection to Azure and the connected machine's Azure identity.

  • The guest configuration agent provides functionality such as assessing whether the machine complies with required policies and enforcing compliance.

    Note the following behavior with Azure Policy guest configuration for a disconnected machine:

    • An Azure Policy assignment that targets disconnected machines is unaffected.
    • Guest assignment is stored locally for 14 days. Within the 14-day period, if the Connected Machine agent reconnects to the service, policy assignments are reapplied.
    • Assignments are deleted after 14 days, and are not reassigned to the machine after the 14-day period.
  • The Extension agent manages VM extensions, including install, uninstall, and upgrade. Extensions are downloaded from Azure and copied to the %SystemDrive%\%ProgramFiles%\AzureConnectedMachineAgent\ExtensionService\downloads folder on Windows, and to /opt/GC_Ext/downloads on Linux. On Windows, the extension is installed to the following path %SystemDrive%\Packages\Plugins\<extension>, and on Linux the extension is installed to /var/lib/waagent/<extension>.


The Azure Monitor agent (AMA) is a separate agent that collects monitoring data, and it does not replace the Connected Machine agent; the AMA only replaces the Log Analytics agent, Diagnostics extension, and Telegraf agent for both Windows and Linux machines.

Instance metadata

Metadata information about a connected machine is collected after the Connected Machine agent registers with Azure Arc-enabled servers. Specifically:

  • Operating system name, type, and version
  • Computer name
  • Computer manufacturer and model
  • Computer fully qualified domain name (FQDN)
  • Domain name (if joined to an Active Directory domain)
  • Active Directory and DNS fully qualified domain name (FQDN)
  • Connected Machine agent heartbeat
  • Connected Machine agent version
  • Public key for managed identity
  • Policy compliance status and details (if using guest configuration policies)
  • SQL Server installed (Boolean value)
  • Cluster resource ID (for Azure Stack HCI nodes)
  • Hardware manufacturer
  • Hardware model
  • CPU logical core count
  • Cloud provider
  • Amazon Web Services (AWS) metadata, when running in AWS:
    • Account ID
    • Instance ID
    • Region
  • Google Cloud Platform (GCP) metadata, when running in GCP:
    • Instance ID
    • Image
    • Machine type
    • Project ID
    • Project number
    • Service accounts
    • Zone

The following metadata information is requested by the agent from Azure:

  • Resource location (region)
  • Virtual machine ID
  • Tags
  • Azure Active Directory managed identity certificate
  • Guest configuration policy assignments
  • Extension requests - install, update, and delete.


Azure Arc-enabled servers doesn't store/process customer data outside the region the customer deploys the service instance in.

Deployment options and requirements

To deploy the agent and connect a machine, certain prerequisites must be met. There are also networking requirements to be aware of.

We provide several options for deploying the agent. For more information, see Plan for deployment and Deployment options.

Next steps