New Blog | Onboard to Azure Arc with Security in Mind

By Simone Oor

 

Introduction

Azure Arc allows certain on-premises resources, typically servers, to be managed from Azure, depending on the configuration mode selected and currently available features.

 

While this allows for a more integrated approach to hybrid environments, it also further blurs the administrative boundary between on-premises and cloud.

 

This increases the risk that a vulnerability on either side lowers the level of security across the entire plane. This article contains tips for managing this risk and approaching Arc Onboarding with security in mind.

 

It focuses only on servers. The link below contains information about the full range of Azure Arc:

Azure Arc overview - Azure Arc | Microsoft Learn.

 

Azure Arc and its service principal

Onboarding to Azure Arc can be done using a service principal in Entra ID for authentication.

 

Service principals can be thought of as “service accounts” in Azure.

 

One way of generating this service principal is from the Azure Arc blade in the Azure portal. Navigate to Azure Arc / Management / Service principals. Below one such an entry:

 

 

Figure 1: Azure Arc service principals

Here the scope of the service principal (for example the resource group “RG-ARC”) and the Arc-specific roles can be assigned.  Most common is the “Azure Connected Machine Onboarding” role, as shown above. 

 

Read the full post here: Onboard to Azure Arc with Security in Mind