Azure Arc is one of the newer services that has made its way into the AZ-900 exam, and it represents a significant shift in how Microsoft positions Azure: not just as a cloud, but as a management platform that extends beyond Azure's own data centres. If your organisation has servers in a colocation facility, a private data centre, or even running on AWS or Google Cloud, Azure Arc lets you manage those resources through the Azure portal — with full Azure governance applied.
The Problem Azure Arc Solves
Most real-world enterprises don't run everything in a single cloud. They have:
- Legacy on-premises servers that can't be migrated yet
- Edge devices in remote locations with limited connectivity
- Workloads in AWS or GCP for regulatory or vendor diversification reasons
- Applications in a private data centre due to data sovereignty requirements
Managing these environments through separate, siloed tools creates inconsistency: different security policies, different monitoring tools, different compliance frameworks. Azure Arc solves this by bringing all of those resources under a single Azure management pane — without requiring you to move them to Azure.
What Azure Arc Can Manage
Azure Arc supports several resource types:
Arc-Enabled Servers
Install the Azure Connected Machine agent on any physical or virtual server running Windows or Linux — anywhere in the world. Once connected, the server appears in the Azure portal as an Azure resource. You can then:
- Apply Azure Policy to enforce configuration standards
- Use Microsoft Defender for Cloud for threat detection and Secure Score
- Onboard to Azure Monitor for log and metric collection
- Apply tags and organise the server within your Azure resource hierarchy
Arc-Enabled Kubernetes
Connect any Kubernetes cluster — on-premises, AWS EKS, GKE, or at the edge — to Azure. This enables GitOps-based configuration management using Azure's Flux extension, and allows you to deploy Azure services (like Azure Monitor and Azure Policy) on to non-Azure clusters.
Arc-Enabled Data Services
Run Azure SQL Managed Instance and PostgreSQL on your own infrastructure, while being managed through Azure. This is particularly relevant for organisations with strict data residency requirements — they get the features of an Azure managed database service without the data leaving their premises.
Azure Arc and Governance
One of the most powerful uses of Azure Arc is extending Azure's governance tools across hybrid environments:
- Azure Policy — Apply the same policy definitions you use for native Azure resources to Arc-enabled servers. For example, enforce that all servers (Azure and non-Azure) have the Log Analytics agent installed.
- RBAC — Use the same role assignments. A team that has Reader access to a resource group will have Read access to Arc-enabled resources in that group.
- Azure Resource Graph — Query and inventory Arc-enabled resources alongside native Azure resources using the same Kusto-based query language.
The Hybrid Cloud Context for AZ-900
For the exam, Azure Arc is most important in the context of hybrid and multi-cloud strategy. You should understand these distinctions:
- Public cloud — Resources hosted in a shared cloud provider's data centres (Azure, AWS, GCP).
- Private cloud — Resources hosted in a dedicated environment, either on-premises or in a colocation facility, operated for a single organisation.
- Hybrid cloud — A combination of public and private cloud, connected to allow workloads and data to move between them.
- Multi-cloud — Using services from more than one public cloud provider.
Azure Arc enables consistent management across hybrid and multi-cloud environments. That's the one-sentence definition you need for the exam.
Azure Arc vs Azure Stack
Students often confuse Azure Arc with Azure Stack. They are related but different:
- Azure Stack Hub — A physical rack of hardware purchased from Microsoft and installed in your data centre. It runs a subset of Azure services locally, fully disconnected from the internet if required.
- Azure Stack Edge — A physical edge device for processing data locally (AI inferencing, IoT workloads) at remote or bandwidth-constrained sites.
- Azure Arc — A software agent. No hardware purchase. Extends Azure management to existing infrastructure without moving it.
Think of it this way: Azure Stack brings Azure to your location; Azure Arc manages your location from Azure.
Real-World Scenario: Arc in a Retail Chain
Consider a retail chain with 400 stores, each running a local Windows Server for point-of-sale processing. Replacing all 400 servers is not feasible in the short term. With Azure Arc:
- Install the Connected Machine agent on all 400 servers via a scripted deployment.
- All servers appear in the Azure portal under a resource group per region.
- Azure Policy enforces that all servers have Windows Update configured correctly.
- Defender for Cloud monitors all 400 servers for threats and produces a unified Secure Score.
- Azure Monitor collects event logs and performance metrics, centralised in a Log Analytics workspace.
The result: enterprise-grade cloud management for on-premises infrastructure, with no migration required.
Exam Takeaways
- Azure Arc extends Azure management to any infrastructure, anywhere.
- It does not move workloads to Azure — it manages them in place.
- Governance tools — Policy, RBAC, Monitor, Defender for Cloud — apply to Arc-enabled resources exactly as they do to native Azure resources.
- Azure Arc ≠ Azure Stack. Know the difference.
Azure Arc represents Microsoft's vision for the cloud: not a destination you must migrate to, but a control plane you can extend everywhere. Understanding this positions you well for both the AZ-900 exam and real-world hybrid cloud conversations.