Interim guidance for Egypt DST changes 2026
April 17, 2026Maintaining Azure Public IP Inventory by Retrieving Exact Deleted Public IP Using Activity Logs
April 18, 2026
Managing Windows systems has changed dramatically over the last few years. Environments are no longer limited to a single datacenter or even a single cloud. Today, many organizations run a mix of on‑premises servers, Windows clients, Azure resources, and workloads spread across multiple cloud providers. And that is exactly the challenge Azure Arc is designed to solve.
This post and video will walk through what Azure Arc is, why it matters, and how it brings consistent management to Windows Server and Windows client systems. It will also look at the high‑level steps involved in Arc‑enabling a Windows computer, just like the demo shown in the video.
What Azure Arc Is and Why It Matters
Azure Arc extends Microsoft Azure management capabilities beyond the Azure cloud. Instead of treating on‑premises and multi‑cloud systems as separate silos, Azure Arc allows those machines to appear as first‑class resources inside Azure.
Once a Windows Server or Windows client is Arc‑enabled, it shows up in the Azure portal alongside native Azure virtual machines. From there, administrators can apply familiar tools like Azure Policy, role‑based access control, monitoring, and extensions. The experience is consistent, even though the machines themselves may be running in a local datacenter, a branch office, or another cloud provider.
This approach is especially valuable in hybrid and multi‑cloud environments. Rather than managing different tools for each platform, Azure Arc provides a single control plane built on Microsoft Azure.
Platforms Supported by Azure Arc
This post focuses on Arc-enabling Windows computers and uses a Windows 11 client on Hyper-V for the example. However, Azure Arc supports far more than just server workloads. Azure Arc supports Linux computers and can also manage Kubernetes clusters running on‑premises and in other clouds. These clusters can be governed, monitored, and secured using Azure tools.
Azure Arc also extends to data services, enabling Azure SQL Managed Instance and PostgreSQL to run on Kubernetes outside Azure while still being managed through Azure. In addition, Azure Arc integrates with VMware vSphere, System Center Virtual Machine Manager, and Azure Local, bringing virtualization and infrastructure resources into the Azure management plane.
Together, these capabilities position Azure Arc as a unifying platform for managing servers, Kubernetes, and data services across hybrid and multi‑cloud environments.
Azure Arc and Windows Servers and Clients
Azure Arc works with both Windows server and client operating systems. While the onboarding process is the same, it is important to understand how these systems are expected to behave once they are Arc‑enabled.
Arc‑enabled Windows 10 or 11 client machines are treated like servers from a management perspective. They are expected to have consistent network connectivity and remain powered on so they can communicate with Azure services. This makes Azure Arc a great fit for always‑on Windows clients such as those used in VDI environments.
Once connected, these systems can take advantage of inventory reporting, tagging, monitoring, and security integrations that previously required them to be native Azure virtual machines.
Cost and Capabilities to Know About
One of the most common questions about Azure Arc is cost. There is no charge to Arc‑enable a Windows computer. Core functionality such as resource representation, tagging, inventory, and the ability to run extensions is included at no additional cost.
However, some services that can be layered on top of Arc‑enabled machines do have associated charges. Examples include Microsoft Defender for Servers, Azure Update Manager, and Hotpatching. These services are optional, but they can significantly enhance security and operational visibility.
Because licensing and pricing can vary, it is always a good idea to review Microsoft documentation or consult a licensing specialist when planning a broader rollout.
What You Need Before You Get Started
Before Arc‑enabling a Windows system, a few prerequisites must be in place. The Azure subscription must have the required resource providers registered. The machine must be able to reach Azure over outbound TCP port 443, either through direct internet access or through a proxy configuration.
Resource Providers
- Microsoft.HybridCompute
- Microsoft.GuestConfiguration
- Microsoft.HybridConnectivity
- Microsoft.AzureArcData
A resource group is also required, since Azure Arc creates a resource in Azure that represents the physical or virtual machine. Even though the machine itself does not run in Azure, the Arc resource must still be associated with an Azure region.
Permissions are another important consideration. The user onboarding the machine must have appropriate rights in Azure, and local administrator permissions are required to run the onboarding script on the Windows system.
Required Permissions
- Onboard machines – Azure Connected Machine Onboarding or Contributor role for the resource group where you’re managing the servers.
- Read, modify, and delete a machine – Azure Connected Machine Resource Administrator role for the resource group.
- Select a resource group from the drop-down list when creating a script – Reader role for that resource group.
Creating the Azure Arc Onboarding Script
The onboarding process starts in the Azure portal. From the Azure Arc section, you create a provisioning script that includes all the configuration settings for the machine.
This process includes selecting the subscription, resource group, region, and operating system. Connectivity options are configured here as well, including whether the agent uses a public endpoint or a private endpoint. Authentication options determine how the machine registers with Azure, either manually or through a service principal.
Tags can also be defined at this stage. Tags play an important role in organizing Arc‑enabled resources, especially in larger environments. Azure Arc includes physical location tags that describe where a machine is actually located, such as datacenter, city, and country, along with any custom tags you choose to apply.
Once these options are set, Azure generates the onboarding script. This script can be downloaded and reused, making it easy to standardize onboarding across multiple machines.
Running the Onboarding Script on Windows
After the script is created, the next step is running it on the Windows computer. This is done locally on the machine using an elevated PowerShell session.
The process steps are straightforward:
- Open PowerShell as an administrator on the Windows system.
- Set the execution policy for the current process to allow the script to run.
- Execute the onboarding script.
- Sign in when prompted using an account with permission to onboard Arc‑enabled machines.
Once the script completes, the machine registers with Azure and appears in the Azure Arc inventory. At this point, the Windows computer is officially Arc‑enabled.
Verifying the Arc‑Enabled Machine in Azure
After onboarding, the new Arc‑enabled Windows system can be found in the Azure portal under Azure Arc machines. From here, it can be managed like other Azure resources.
Administrators can review system details, view inventory data, apply tags, and control access using Azure role‑based access control. This centralized visibility is one of the key benefits of Azure Arc, especially in environments with a large number of distributed systems.
Adding Extensions to an Arc‑Enabled Windows Machine
One of the most powerful features of Azure Arc is support for extensions. Extensions allow administrators to deploy and manage additional functionality directly from Azure. A common example is the Azure Monitor Agent. Installing this extension enables monitoring and log collection, allowing Arc‑enabled Windows machines to integrate with Azure Monitor and related services.
The process involves navigating to the Arc machine in the Azure portal, selecting Extensions in the Settings menu, and adding the desired extension. Once deployed, the extension status can be monitored directly in the portal to confirm successful installation.
Why Azure Arc Is a Game Changer for Hybrid Environments
Azure Arc fundamentally changes how Windows systems are managed outside of Azure. It brings consistency, visibility, and control to environments that were previously fragmented across tools and platforms.
For organizations running Windows Server, Windows clients, and Kubernetes workloads in hybrid or multi‑cloud scenarios, Azure Arc provides a single management experience built on Microsoft Azure. It simplifies operations while opening the door to cloud‑based security, monitoring, and automation.
If you want to see this process end to end, including onboarding a Windows computer and deploying an extension, be sure to watch the accompanying video.
Links:
Zero to Hero with Azure Virtual Desktop
https://www.udemy.com/course/zero-to-hero-with-windows-virtual-desktop/?referralCode=B2FE49E6FCEE7A7EA8D4
Hybrid Identity with Windows AD and Azure AD
https://www.udemy.com/course/hybrid-identity-and-azure-active-directory/?referralCode=7F62C4C6FD05C73ACCC3
Windows 365 Enterprise and Intune Management
https://www.udemy.com/course/windows-365-enterprise-and-intune-management/?referralCode=4A1ED105341D0AA20D2E
Connected Machine agent network requirements
https://learn.microsoft.com/en-us/azure/azure-arc/servers/network-requirements?tabs=azure-cloud&WT.mc_id=AZ-MVP-5004159#urls
The post Azure Arc for Windows: Hybrid and Multi‑Cloud Management Made Simple appeared first on Ciraltos.
