Describe Azure Arc


Azure Arc is a service that provides a set of technologies for organizations such as Contoso that want to simplify their complex and distributed environments.

Azure Arc is a set of technologies that brings Azure security and cloud-native services to hybrid and multicloud environments. It provides a centralized, unified, and self-service approach to managing, securing, and monitoring:

  • Windows Server
  • Linux servers
  • Kubernetes clusters
  • SQL servers
  • Azure Data Services

Azure Arc also extends adoption of cloud native services and DevOps across hybrid, multicloud, and edge environments. In addition to extending the control plane for managing infrastructure, Azure Arc enables companies to run Azure data services, and Azure Machine Learning on containerized infrastructure anywhere.

Continuous improvements have been made to the Azure control plane. This control plane is responsible for managing the lifecycle of resources such as VMs, database instances, Apache Hadoop clusters, and Kubernetes clusters.

For example, every time Contoso provisions, scales, stops, or terminates a resource—such as an Azure VM—the Azure fabric controller processes this operation. In between the fabric controller and the resources is another layer called the Azure Resource Manager that automates the resource lifecycle. Azure has resource providers for each of these resource types hosted in Azure.


Azure Resource Manager provides a management layer that enables you to create, update, and delete your Azure resources.

Azure Arc capabilities

Azure Arc enables you to deploy and configure the following cloud based technologies to secure, manage, and monitor Arc-enabled servers:



Azure Policy guest configuration

Audit Azure Arc resources to validate such settings as configurations of the operating system (OS), applications, and environment settings

Support for resource-context–access Log Analytics data

Restrict the scope of access to Log Analytics data based on the permissions to the corresponding Azure resource.

Microsoft Defender for Cloud

Microsoft Defender for Endpoint provides threat detection and vulnerability management.

Microsoft Sentinel

Collect security-related events and correlate them with other data sources.

Azure Monitor

Monitor and store data related system performance and events. Discover application components and processes to determine dependencies.

Additional reading

You can learn more by reviewing the following documents.