What are the prerequisites for Azure Arc server onboarding?

The server needs outbound HTTPS (port 443) connectivity to Azure endpoints (or through a proxy/Private Link). Supported operating systems include Windows Server 2012 R2+ and most major Linux distributions (Ubuntu, RHEL, CentOS, SLES, Debian, Amazon Linux, Oracle Linux). The service principal used for onboarding needs the Azure Connected Machine Onboarding role. The Connected Machine agent runs as a service (himds on Linux, Connected Machine Agent on Windows) and uses about 200MB of memory. Servers behind firewalls can use Azure Arc Private Link Scope for private connectivity.

What can I do with an Arc-enabled server that I cannot do without it?

Without Arc, on-premises servers are invisible to Azure management. With Arc, you can: assign Azure Policy for compliance auditing, deploy VM extensions for monitoring and security, use Microsoft Defender for Cloud for vulnerability assessments, manage OS updates with Azure Update Manager, query server inventory with Azure Resource Graph, use Azure Automanage for automated best-practice configurations, and track servers alongside Azure VMs in a single inventory. Essentially, Arc servers become first-class Azure resources for governance purposes.

Azure Arc Server Config Builder

ComputeAzure

Build Azure Arc connected server configurations with extensions and policies.

Azure Arc Configuration

Build Azure Arc connected server configs with extensions, guest configuration, and patch management.

Required Fields

nameresourceGrouplocationsubscriptionIdextensions

{
  "name": "srv-onprem-db-01",
  "resourceGroup": "rg-arc-servers",
  "location": "eastus2",
  "tenantId": "00000000-0000-0000-0000-000000000000",
  "subscriptionId": "00000000-0000-0000-0000-000000000000",
  "tags": {
    "environment": "production",
    "department": "engineering",
    "os": "ubuntu-22.04",
    "datacenter": "dc-east-01"
  },
  "identity": {
    "type": "SystemAssigned"
  },
  "extensions": [
    {
      "name": "AzureMonitorLinuxAgent",
      "publisher": "Microsoft.Azure.Monitor",
      "type": "AzureMonitorLinuxAgent",
      "autoUpgradeMinorVersion": true,
      "enableAutomaticUpgrade": true,
      "settings": {
        "workspaceId": "00000000-0000-0000-0000-000000000000"
      }
    },
    {
      "name": "MDE.Linux",
      "publisher": "Microsoft.Azure.AzureDefenderForServers",
      "type": "MDE.Linux",
      "autoUpgradeMinorVersion": true,
      "enableAutomaticUpgrade": true,
      "settings": {
        "azureResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-arc-servers/providers/Microsoft.HybridCompute/machines/srv-onprem-db-01"
      }
    },
    {
      "name": "DependencyAgentLinux",
      "publisher": "Microsoft.Azure.Monitoring.DependencyAgent",
      "type": "DependencyAgentLinux",
      "autoUpgradeMinorVersion": true
    }
  ],
  "guestConfiguration": {
    "assignmentType": "ApplyAndAutoCorrect",
    "configurationName": "AzureLinuxBaseline",
    "contentUri": "https://stconfigs.blob.core.windows.net/guestconfig/AzureLinuxBaseline.zip",
    "version": "1.0.0"
  },
  "patchSettings": {
    "assessmentMode": "AutomaticByPlatform",
    "patchMode": "AutomaticByPlatform",
    "maintenanceWindow": {
      "startDateTime": "2026-03-15T02:00:00",
      "duration": "PT2H",
      "timeZone": "Eastern Standard Time",
      "recurrence": {
        "frequency": "Week",
        "interval": 1,
        "daysOfWeek": ["Saturday"]
      }
    }
  }
}

Generated Output

Output will appear here...

About This Tool

Azure Arc extends Azure management and governance to servers running on-premises, at the edge, or in other clouds. Onboarding a server to Azure Arc installs the Connected Machine agent, which establishes a secure connection to Azure and registers the server as an Azure resource. Once connected, you can apply Azure Policy, deploy VM extensions (Log Analytics agent, custom scripts, Defender for Servers), manage updates with Azure Update Manager, and use Microsoft Defender for Cloud. The Arc Server Config Builder helps you configure agent installation parameters, extension deployments, and policy assignments for hybrid server management.

When to Use This Tool

•Generating Arc onboarding scripts with proxy settings and service principal authentication for automated enrollment
•Configuring VM extension deployments for Log Analytics, Microsoft Monitoring Agent, and custom script extensions
•Building Azure Policy assignments that enforce tagging, compliance standards, and configuration baselines on Arc-enabled servers

Frequently Asked Questions

What are the prerequisites for Azure Arc server onboarding?: The server needs outbound HTTPS (port 443) connectivity to Azure endpoints (or through a proxy/Private Link). Supported operating systems include Windows Server 2012 R2+ and most major Linux distributions (Ubuntu, RHEL, CentOS, SLES, Debian, Amazon Linux, Oracle Linux). The service principal used for onboarding needs the Azure Connected Machine Onboarding role. The Connected Machine agent runs as a service (himds on Linux, Connected Machine Agent on Windows) and uses about 200MB of memory. Servers behind firewalls can use Azure Arc Private Link Scope for private connectivity.
What can I do with an Arc-enabled server that I cannot do without it?: Without Arc, on-premises servers are invisible to Azure management. With Arc, you can: assign Azure Policy for compliance auditing, deploy VM extensions for monitoring and security, use Microsoft Defender for Cloud for vulnerability assessments, manage OS updates with Azure Update Manager, query server inventory with Azure Resource Graph, use Azure Automanage for automated best-practice configurations, and track servers alongside Azure VMs in a single inventory. Essentially, Arc servers become first-class Azure resources for governance purposes.

Related Learning Guides

Azure Landing Zones26 min read

Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.