Managing and deploying Azure resources
📘Microsoft Certified: Azure Fundamentals (AZ-900)
1. What is Azure Arc?
Azure Arc is a service that extends Azure management and governance to resources that are not located in Azure.
Normally, Azure tools manage resources that are inside Azure. However, many organizations also have:
- On-premises servers (in their own data center)
- Virtual machines running in another cloud provider
- Kubernetes clusters outside Azure
- SQL Servers running locally
Azure Arc allows you to manage these non-Azure resources as if they were inside Azure.
👉 In simple terms:
Azure Arc lets you manage servers, Kubernetes clusters, and some Azure services running outside Azure using Azure tools.
2. Why Azure Arc is Important for the AZ-900 Exam
For the AZ-900 exam, you must understand:
- Azure Arc extends Azure management to hybrid and multi-cloud environments.
- It allows centralized management from the Azure portal.
- It supports governance, security, monitoring, and compliance for non-Azure resources.
- It does NOT move resources into Azure.
- It does NOT automatically migrate workloads.
- It connects external resources to Azure for management purposes.
3. What Problems Does Azure Arc Solve?
In real IT environments, organizations often have:
- Physical servers in their own data center
- Virtual machines in Azure
- Virtual machines in AWS or Google Cloud
- Kubernetes clusters running in multiple locations
- SQL Servers installed on-premises
Without Azure Arc:
- These resources are managed separately.
- Different tools are used.
- Security policies may not be consistent.
- Monitoring is fragmented.
With Azure Arc:
- All resources can appear inside the Azure portal.
- You can apply Azure policies to them.
- You can use Azure Monitor for logs and alerts.
- You can enforce governance rules consistently.
4. What Can Azure Arc Manage?
Azure Arc supports several types of resources.
4.1 Azure Arc-enabled Servers
You can connect:
- Windows Servers
- Linux Servers
- Physical servers
- Virtual machines in other clouds
After connection:
- The server appears as a resource in Azure.
- You can apply:
- Azure Policy
- Role-Based Access Control (RBAC)
- Tags
- Azure Monitor
- Defender for Cloud
Important:
- The server still runs in its original location.
- Azure Arc only manages it.
4.2 Azure Arc-enabled Kubernetes
You can connect Kubernetes clusters running:
- On-premises
- In other clouds
- On edge devices
After connecting:
- The cluster appears in Azure.
- You can:
- Apply Azure Policy
- Deploy configurations
- Monitor workloads
- Use GitOps for configuration management
This helps organizations maintain consistent container management across environments.
4.3 Azure Arc-enabled Data Services
Azure Arc allows you to run certain Azure data services outside Azure.
For example:
- Azure SQL Managed Instance
- Azure SQL Database (in supported modes)
These can run:
- On-premises
- In other clouds
- On Kubernetes clusters
This provides:
- Azure-like data services
- Automatic updates
- Central management
This is useful when data must stay in a local data center for compliance reasons.
4.4 Azure Arc-enabled SQL Server
You can connect existing SQL Servers to Azure.
After connection:
- You can monitor SQL health.
- You can apply security recommendations.
- You can enable advanced features like Defender for Cloud.
5. Key Concepts You Must Know for AZ-900
5.1 Hybrid Cloud
Hybrid cloud means:
- Some resources run in Azure.
- Some resources run on-premises.
Azure Arc is a hybrid cloud solution.
5.2 Multi-Cloud
Multi-cloud means:
- Resources are running in more than one cloud provider.
Azure Arc supports multi-cloud management.
5.3 Resource Representation
When a server or cluster is connected using Azure Arc:
- It becomes an Azure resource.
- It gets a Resource ID.
- It can be organized into:
- Subscriptions
- Resource groups
- Regions (for management purposes)
Even though the resource is physically outside Azure, it behaves like an Azure resource for management.
6. How Azure Arc Works (High-Level)
- You install an Azure Arc agent on the server or connect the Kubernetes cluster.
- The resource registers with Azure.
- The resource appears in the Azure portal.
- You can manage it using Azure tools.
Important for the exam:
- Azure Arc does not require moving the workload.
- It connects the resource to Azure for management.
7. Benefits of Azure Arc
You should know these benefits clearly:
1. Centralized Management
Manage all resources from one place — the Azure portal.
2. Consistent Governance
Apply:
- Azure Policy
- Resource locks
- Tags
- RBAC
Across Azure and non-Azure resources.
3. Improved Security
Use:
- Microsoft Defender for Cloud
- Security recommendations
- Threat protection
Even for on-premises servers.
4. Compliance
Apply compliance policies across hybrid environments.
5. Monitoring
Use:
- Azure Monitor
- Log Analytics
- Alerts
Across all connected resources.
8. Azure Arc vs Azure Stack (Exam Confusion Alert)
Many students confuse Azure Arc with Azure Stack.
Azure Arc:
- Extends Azure management to existing resources.
- Does not provide Azure infrastructure.
- Does not create a local Azure cloud.
- Focuses on management and governance.
Azure Stack:
- Brings Azure infrastructure and services into your data center.
- You run Azure services locally.
For AZ-900:
👉 Azure Arc = Management extension
👉 Azure Stack = Azure services on-premises
9. Azure Arc and Azure Policy
One important exam topic:
You can use Azure Policy with Azure Arc to:
- Enforce configuration standards
- Ensure compliance rules
- Automatically deploy required settings
For example, enforcing that:
- Servers must have monitoring enabled.
- Security configurations must follow standards.
This works even if the server is not in Azure.
10. Azure Arc and RBAC
Azure Role-Based Access Control (RBAC) works with Arc-enabled resources.
This means:
- You can control who can manage connected servers.
- You can assign permissions at:
- Subscription level
- Resource group level
- Resource level
This ensures secure access management across hybrid environments.
11. Azure Arc and Security
Azure Arc integrates with:
Microsoft Defender for Cloud
- Provides security recommendations.
- Detects threats.
- Improves security posture.
Microsoft Sentinel
- Collects logs from connected servers.
- Helps with threat detection and response.
This is important for organizations that want centralized security monitoring.
12. What Azure Arc Does NOT Do (Very Important for Exam)
Azure Arc:
❌ Does NOT automatically migrate servers to Azure
❌ Does NOT replace Azure Migrate
❌ Does NOT copy data to Azure
❌ Does NOT turn on-premises servers into Azure VMs
❌ Does NOT require workloads to change
It only connects them for management.
13. Typical Exam Scenarios
You may see questions like:
- “An organization wants to manage on-premises servers using Azure Policy.”
→ Answer: Azure Arc - “A company has Kubernetes clusters running in multiple clouds and wants centralized governance.”
→ Answer: Azure Arc-enabled Kubernetes - “A business wants to move servers to Azure.”
→ Answer: Azure Migrate (NOT Azure Arc)
14. Summary – What You Must Remember
For AZ-900, remember these key points:
- Azure Arc extends Azure management to non-Azure resources.
- It supports hybrid and multi-cloud environments.
- It works with:
- Servers
- Kubernetes clusters
- SQL Servers
- Azure data services
- It integrates with:
- Azure Policy
- RBAC
- Azure Monitor
- Defender for Cloud
- It does not move or migrate workloads.
- It provides centralized governance and security.
Final Quick Revision Points
If you remember only this, you can answer most exam questions:
- Azure Arc = Manage resources outside Azure.
- It makes non-Azure resources appear in Azure.
- It supports hybrid and multi-cloud.
- It enables governance, security, and monitoring.
- It does not migrate workloads.
