In this post I want to show step by step how you can onboard and connect your on-premise Windows Server machines (bare metal or virtual machines) to Azure Arc.

Azure Arc-enabled servers lets you manage Windows and Linux physical servers and virtual machines hosted outside of Azure, on your corporate network, or other cloud provider. For the purposes of Azure Arc, these machines hosted outside of Azure are considered hybrid machines. The management of hybrid machines in Azure Arc is designed to be consistent with how you manage native Azure virtual machines, using standard Azure constructs such as Azure Policy and applying tags.

When a hybrid machine is connected to Azure, it becomes a connected machine and is treated as a resource in Azure. Each connected machine has a Resource ID enabling the machine to be included in a resource group.

To connect hybrid machines to Azure, you install the Azure Connected Machine agent on each machine.

Source: https://learn.microsoft.com/en-us/azure/azure-arc/servers/overview


We also need to onboard our on-premise machines to Azure Arc in case we want to protect them by using Microsoft Defender for Cloud resp. Microsoft Defender for Servers. More about how to onboard them to Microsoft Defender for Servers you will find in my following post.

How to onboard on-premise Servers to Microsoft Defender for Servers



Table Of Contents
  1. Onboarding on-premise Server to Azure Arc
  2. Onboarding on-premise Server to Azure Arc by using a deployment script
  3. Links



Onboarding on-premise Server to Azure Arc

We can onboard Windows Server 2022 and later directly to Azure Arc by using a graphical wizard installed as a feature by default.

The Azure Arc Setup wizard is launched from a system tray icon at the bottom of the Windows Server machine when the Azure Arc Setup feature is enabled. This feature is enabled by default. Alternatively, you can launch the wizard from a pop-up window in the Server Manager or from the Windows Server Start menu.

Source: https://learn.microsoft.com/en-us/azure/azure-arc/servers/onboard-windows-server

For Windows Server 2022, Azure Arc Setup is an optional component that can be removed using the Remove Roles and Features Wizard. For Windows Server 2025 and later, Azure Arc Setup is a Features On Demand. Essentially, this means that the procedures for removal and enablement differ between OS versions.

Source: https://learn.microsoft.com/en-us/azure/azure-arc/servers/onboard-windows-server


Launch the Azure Arc Setup wizard from the system tray icon as show below.


The wizard automatically checks for the prerequisites necessary to install the Azure Connected Machine agent on your Windows Server machine. Once this process completes and the agent is installed, select Configure.



Sign-in to Azure by selecting the applicable Azure cloud, usually you will need to select Azure Global, and then selecting Sign in to Azure. You’ll be asked to provide your sign-in credentials.


Besides the selecting our Azure tenant, subscription, resource group and region for our Azure Arc- enabled server we also need to select how the server will connect to Azure.

In my case where I have so for in my lab environment neither a site-to-site VPN nor a Azure ExressRoute, I can just choose below between a public endpoint or a proxy server which finally both will connect my server through the public internet.


Azure Arc-enabled server also supports a site-to-site VPN or Azure ExpressRoute as shown in the figure below.

Use Azure Private Link to securely connect servers to Azure Arc
https://learn.microsoft.com/en-us/azure/azure-arc/servers/private-link-security

Source: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/hybrid/arc-enabled-servers/eslz-arc-servers-connectivity#architecture


Once the configuration completes and your machine is onboarded to Azure Arc, select Finish.



When the on-premise server finally is connected to Azure Arc, the icon in the system tray changes like shown below. Further you will see the status of the server in the Azure Arc Management field of the Server Manager on Windows Server 2022 or later.





Onboarding on-premise Server to Azure Arc by using a deployment script

For Windows Server 2019 and before we can use a deployment script generated directly in the Azure portal as shown below.

The script to automate the download and installation, and to establish the connection with Azure Arc, is available from the Azure portal.

Source: https://learn.microsoft.com/en-us/azure/azure-arc/servers/onboard-portal#generate-the-installation-script-from-the-azure-portal


On the Azure Arc – Machines page, select Add/Create at the upper left, and then select Add a machine from the drop-down menu.


On the Add servers with Azure Arc page, under the Add a single server tile, select Generate script.

Select a resource group, region and operating system. Further select the connectivity method for your on-premise server and finally click on Download and run script.



The script we execute on the on-premise server we want to connect to Azure Arc.


After you install the agent and configure it to connect to Azure Arc-enabled servers, go to the Azure portal to verify that the server has successfully connected. 





Links

What is Azure Arc-enabled servers?
https://learn.microsoft.com/en-us/azure/azure-arc/servers/overview

Connect hybrid machines to Azure using a deployment script
https://learn.microsoft.com/en-us/azure/azure-arc/servers/onboard-portal#generate-the-installation-script-from-the-azure-portal