Azure Arc Server Management
👋 Introduction
Azure Arc is a cool service from Microsoft that lets you bring Azure's management tools to your on-premises, multi-cloud, and edge setups. It gives you one place to manage all your resources whether they're Windows or Linux servers, Kubernetes clusters, or databases no matter where they're running.
Here’s what you can do with Azure Arc:
- Manage hybrid environments: Treat non-Azure resources like they’re in Azure by projecting them into Azure Resource Manager.
- Unified management: Use the same Azure tools you already know to manage everything in your environment.
- Kubernetes management: Connect and manage Kubernetes clusters anywhere, and use GitOps to handle configurations.
- Data services: Run Azure data services like SQL Managed Instance and PostgreSQL on any infrastructure, with all the perks like updates, security, and monitoring.
Azure Arc makes it super easy to manage and govern your resources, helping you keep everything consistent and running smoothly across different environments.
💰 Cost
Azure Arc – core control plane
| Services | Price |
|---|---|
| Inventory Tag your resources, organize them into resource groups, subscriptions, and management groups, and query at scale with Azure Resource Graph to unify your environments. | FREE |
| Manage Administrate your servers anywhere using SSH Arc, Run Command, and Custom Script Extension. | FREE |
| VM Self-service Perform lifecycle management such as (create, resize, update and delete) and powercycle operations such as (start, stop, and restart on VMware vCenter and System Center Virtual Machine Manager Virtual Machines). | FREE |
Azure Arc-enabled servers
INFO
Add-on Azure management services, such as Azure Update Manager, Azure Policy guest configuration, Azure Monitor, Microsoft Defender for Cloud, and Microsoft Sentinel, are charged for Azure Arc-enabled servers when enabled. The total monthly price of Azure Arc-enabled servers depends on the number of Azure management and security services you run on each server and the plan or SKU purchased.
With Microsoft Defender for Cloud Plan 2, Azure Policy guest configuration and Azure Update Manager are included at no additional cost. With Microsoft Defender for Cloud Plan 1, these two additional services are not included and can be purchased separately.
Customers with Windows Server licenses have active Software Assurance or Windows Server licenses which are active subscription licenses may access the following features at no additional cost. Some of these features may incur log ingestion, compute, storage costs which are paid. Learn more here:
- Azure Update Manager
- Change Tracking & Inventory
- Azure Machine Configuration
- Windows Admin Center in Azure for Arc-enabled servers
- Remote Support
- Best Practices Assessment
- Azure Site Recovery configuration
- Advanced networking
These services are billed on a per server basis:
| Services | Price |
|---|---|
| Microsoft Defender for Servers Plan 1 | €5/server/month €0.007/server/hour |
| Microsoft Defender for Servers Plan 2 | €14/server/month €0.019/server/hour |
| Azure Update Manager | €5/server/month €0.150/server/day |
| Azure Policy Guest Configuration and Change Tracking & Inventory | €5.557/server/month |
| Hotpatching | Preview |
These services are billed on a per GB ingested basis:
| Services | Price |
|---|---|
| Azure Monitor Analytics Logs | €2.557/GB |
| Azure Monitor SCOM Managed Instance | €5.557/month |
| Microsoft Sentinel | €4.779/GB-ingested |
Windows Server pay-as-you-go enabled by Azure Arc
| Services | Monthly Price | Hourly Price |
|---|---|---|
| Windows Server Pay-as-you-go enabled by Azure Arc | €31.099/core/month | €0.043/core/hour |
SQL Server pay-as-you-go enabled by Azure Arc
INFO
If you have an existing SQL Server license, you can also unlock Azure manageability and security with Azure Arc. See the complete set of features available for customers with existing SQL Server licenses including different SQL Server licenses set billing options. Manage SQL Server license and billing options - Azure Arc-enabled SQL Server | Microsoft Learn
For customers without an active SQL Server license:
| Services | Monthly Price | Hourly Price |
|---|---|---|
| Standard Edition | €67.6052 | €0.0927 |
| Enterprise Edition | €253.5192 | €0.3473 |
Extended Security Updates enabled by Azure Arc
INFO
Microsoft provides Extended Security Updates with Azure Arc for Windows Server 2012/R2 and SQL Server 2012/2014
For Windows Server 2012/R2:
| Services | Datacenter Monthly Price | Standard Monthly Price |
|---|---|---|
| Windows Server 2012 16 Core | €404 | €71 |
| Windows Server 2012 8 Core | €202 | €36 |
| Windows Server 2012 2 Core | €51 | €8.77 |
For SQL Server 2012:
| Services | Datacenter Monthly Price | Standard Monthly Price |
|---|---|---|
| SQL Server 2012 2 Core | €906 | €230 |
For SQL Server 2014:
| Services | Datacenter Monthly Price | Standard Monthly Price |
|---|---|---|
| SQL Server 2014 2 Core | €1,001 | €257 |
TIP
For detailed pricing based on your region, visit Azure Arc pricing.
🧑🔧 How to configure Azure Arc
Installing Agent
With Windows Server 2025, Azure Arc is already available with the OS and ready to deploy.
- Open the Azure Arc tray icon and click Launch Azure Arc Setup.
- Just click Next and Configure in the Azure Arc Agent Setup.
 |  |
|---|
Older Windows Servers or other resources can be added via the Azure Admin Portal -> Azure Arc.
You can add a server by downloading the installer mentioned earlier or by creating the resource directly in Azure and downloading the corresponding script for setup.
Or you can connect a Host environment by creating a resource bridge.
Configuring Agent
- After the installation the Conmfiguration of the Azure Arc Agent starts.
- Select your Azure cloud Environment and sign-in to Azure with your browser on the machine or with
https://microsoft.com/devilogonon another machine if you can`t access a browser on your resource.- Azure China Cloud
- Azure Global
- Azure US Goverment Cloud
DANGER
Beware that you need to have to allow authentication flow in your conditional access policies for the devilogon to function.
- Select the recourse details for your Azure Arc resource and click Next.
INFO
For more details on the Network Connectivity options, check out Network topology and connectivity for Azure Arc-enabled servers | Microsoft Learn.
- Then the Azure Arc Agent connects to Azure and registeres your resource.
 |  |
|---|
- When the Azure Arc Agent runs correctly you can find the Agent Information in the tray icon.
Information and Configuration in the Azure Portal
Azure Arc Portal
You can find all your Azure Arc resources under Azure Admin Portal -> Azure Arc.
 |  |
|---|
- Once your resources are configured, you can view detailed information and an overview in the Azure Arc Overview section.
- In the Snapshots tab, you can access an overview of your Azure Arc environment.
- Resource summary
- Host environment
- Recently viewed in Azure Arc
- Azure Monitor agent
- Update Manager
- Microsoft Defender for Servers
- Policy compliance
- Windows Admin Center
- In the Monitoring tab, you can check out the latest connection and security details for your Azure Arc environment.
- Connectivity
- Secure score
- Alerts
- In the Licensing section of Azure Arc Portal, you can easily check out an overview of your Windows Server and SQL Server Pay-as-you-go licenses, along with any Azure benefits you're using.
Azure Arc Mashine
If you drill down into a specific Azure Arc resource you get a great overview about the current status and configuration.
Seen in the following Windows Server example.
Notable configurations include:
- RBAC Controls: Configure Role-Based Access Control to manage permissions for your resource.
- Connect via SSH in the Browser: Securely connect to your servers directly from the Azure portal using browser-based SSH.
- Policies: Enforce compliance and governance using Azure Policy for consistent configurations across resources.
- Machine Configuration: Automate configuration management and ensure compliance with desired state configurations.
Run Commands via PowerShell: Execute PowerShell commands remotely on your Azure Arc-enabled servers for administrative tasks.
Run Command uses the Connected Machine agent to let you remotely and securely run a script inside this Azure Arc-enabled servers.
This can be useful for loads of scenarios across troubleshooting, recovery, diagnostics, and maintenance.
You can run commands through Azure CLI or PowerShell.Operation Description Create Or Update The operation will create a new Run command to update an existing Run Command Delete The operation will delete or stop an existing Run command Get The operation will get details for an existing Run Command List The operation will get all the Run Commands for an Arc-enabled server Update The operation will update an existing Run Command Windows Updates: Manage and deploy Windows updates across your servers using One-time update, Periodic assessment or the Azure Update Manager.
One-time update
- Pick the machines where you want to install updates.
- Choose the updates you want to apply.
- Decide if a reboot is okay or not.
Reboot options:
- Reboot if required
- Never reboot
- Always rebootMaintenance window (in minutes):
- 60 to 235- Finally, hit Install and you're good to go!
Azure Update Manager
- When you select the Azure Update Manager you get on overview about the current update status of your Azure Arc environment.
- In addtion you can configure update policies, create One-time updates or check the update history.
INFO
You can learn more on Microsoft Learn for a detailed overview of Azure Update Manager.
Periodic assessment
If you turn on Periodic assessment it will automatically check for updates every 24 hours.
INFO
You can check out more details at Assessment options in Update Manager | Microsoft Learn.
- You can enable the feature if you click Enable now in the overview.
- Now you can enable the Periodic assessment for the servers you want and then select Save.
When the Updates are installed you can see it in the overview.
Tracking with Log Analytics: Monitor changes, inventory, and performance metrics for your Azure Arc-enabled resources.
Inventory
You can maintain a detailed inventory of your resources here.
To enable the Inventory you need to have a Log Analytics Workspace.
After the activation you can see an inventory of the Software, Files, Registry and Services.
INFO
You can check out more details at Overview of change tracking and inventory using Azure Monitoring Agent | Microsoft Learn.
Change Tracking
Monitor and track changes to your infrastructure to ensure consistency and compliance across your environment.
INFO
This Tracking uses the same Log Analytics Workspace the Inventory blade uses.
Insights
Gain deeper visibility into the performance and health of your resources.
To get Insights up and running, just follow these steps:
- Hit the Enable button on the Insights page.
- Create a new Data collection rule.
- While setting up the Data collection rule, make sure to check the Enable processes and dependencies option. This unlocks the awesome Map feature.
INFO
- If you stick with the default collection rule, the Map feature won’t work.
- You’ll need a Log Analytics Workspace for the new rule, but don’t worry you can reuse the same Workspace you’re already using for other tracking logs.
Refresh your browser, wait a few seconds, and voilà! You’ll start seeing real-time performance metrics, along with details about processes and dependencies on your machine.
You can monitor the following performance metrics for your resources:
- CPU Utilization
- Available Memory
- Logical Disk IOPS
- Logical Disk MB/s
- Logical Disk Latency (ms)
- Max Logical Disk Used %
- Bytes Sent Rate
- Bytes Received Rate
Logs
In the Logs section you can create classic table queries for the data collected in you Log analytics workspace for troubleshooting and insights.
Licensing: Manage and monitor licensing for Windows Server and SQL Server, including pay-as-you-go options.
Admin Center: Use Windows Admin Center in Azure for streamlined server management from the cloud.
To get Windows Admin Center up and running, just follow these steps:
- Hit the Set up button on the Windows Admin Center page.
- Select a Listening port and click Install.
IMPORTANT
Please be aware that you need to edit RBAC roles to use the Windows Admin Center.
As soon as the Windows Admin Center is set up you can access and edit the following features:
In additon you can find the following live metrics:
NOTE
Please note that an appropriate license is required to access this feature.
Site Recovery: Configure Azure Site Recovery for disaster recovery and business continuity.
The Azure Site Recovery setup tool helps you handle replication, failover, and failback for your on-premises and Azure virtual machines (VMs) running on Arc-enabled Windows Server. It’s a great way to keep your on-premises workloads running smoothly during outages by replicating them to Azure as a backup location.
INFO
You can find out more here Configure Azure Site Recovery for Arc-enabled Windows servers | Microsoft Learn.
Best Practices Assessment: Evaluate your environment against best practices to optimize performance and security.
The Best Practices Assessment tool keeps an eye on your Windows Server, checking its setup against recommended Windows best practices. You can set it to run automatically on a schedule or kick it off manually whenever you need.
INFO
You can find out more here Overview of Windows Server Best Practices Assessment | Microsoft Learn.
- Health: Monitor the health of your resources and address issues proactively.
💡 Conclusion
Azure Arc is a total game-changer for managing hybrid and multi-cloud setups. It brings all the awesome Azure tools right to your resources. The best is that you are able to manage all your stuff over a single Portal, no matter where you host them.
And that you can start for the low price of FREE, there is no risk of testing if its right for you and your environment.