Blog Post

Azure Arc Blog
12 MIN READ

SQL Server enabled by Azure Arc Overview

NaufalPrawironegoro's avatar
NaufalPrawironegoro
Icon for Microsoft rankMicrosoft
Apr 16, 2026

Azure Arc enables you to standardize security and governance across a wide range of resources and locations by extending the Azure control plane. Right from Azure, you can easily organize, govern, and secure Windows, Linux, SQL server, and Kubernetes clusters across data centers, edge, and multi-cloud. For SQL Server, not only can you manage and secure your workloads with Azure Arc, you can also migrate and modernize them to Azure. This article provides comprehensive guidance on Azure Arc implementation for SQL Servers.

Table of Contents

  1. What is Azure Arc-enabled SQL Server?
  2. Connecting SQL Server to Azure Arc (4-step onboarding)
  3. Your SQL Server is Now in Azure (unified management)
  4. SQL Best Practices Assessment
  5. Monitoring and Governance
  6. Troubleshooting Guide
  7. Azure Arc Demo

 

What You Can Learn from This Article

This article walks you through the end-to-end journey of bringing external SQL Servers (on-prem, AWS, GCP, edge) under Azure management using Azure Arc. Specifically, you'll learn how to onboard SQL Server instances via the Arc agent and PowerShell script, navigate the unified Azure Portal experience for hybrid SQL estates, enable and interpret SQL Best Practices Assessments with Log Analytics, apply Azure Policy and performance monitoring across all environments, leverage Azure Hybrid Benefit for cost savings, and troubleshoot common issues like assessment upload failures, Wire Server 403 errors, and IMDS connectivity problem, with a real case study distinguishing Azure VM vs. Arc-enabled server scenarios. 

 

1. What is Azure Arc-enabled SQL Server?

Azure Arc helps you connect your SQL Server to Azure wherever it runs.

Whether your SQL Server is running on-premises in your datacenter, on AWS EC2, Google Cloud, or at an edge location Azure Arc brings it under Azure management. This means you get the same governance, security, and monitoring capabilities as native Azure resources and streamline migration journey to Azure, effectively manage SQL estate at scale and strengthen security and governance posture

Cloud innovation. Anywhere.

SQL Server migration in Azure Arc includes an end-to-end migration journey with the following capabilities:

  • Continuous database migration assessments with Azure SQL target recommendations and cost estimates.
  • Seamless provisioning of Azure SQL Managed Instance as destination target, also with an option of free instance evaluation.
  • Option to choose between two built-in migration methods: real-time database replication using Distributed Availability Groups (powered by the Managed Instance link feature), or log shipping via backup and restore (powered by Log Replay Service feature).
  • Unified interface that eliminates the need to use multiple tools or to jump between various places in Azure portal.
  • Microsoft Copilot is integrated to assist you at select points during the migration journey.

learn more in SQL Server migration in Azure Arc – Generally Available | Microsoft Community Hub

1.1 The Problem Azure Arc Solves

Organizations typically have SQL Servers scattered across multiple environments:

Location

Challenge Without Azure Arc

On-premises datacenter

Separate management tools, no unified view

AWS EC2 instances

Multi-cloud complexity, different monitoring

Google Cloud VMs

Inconsistent governance and policies

Edge / Branch offices

Limited visibility, manual compliance

VMware / Hyper-V

No cloud-native management features

 

Azure Arc solves this by extending a single Azure control plane to ALL your SQL Servers regardless of where they physically run

2. Connecting SQL Server to Azure Arc

Connecting SQL Server to Azure Arc

This section shows how to onboard your SQL Server to Azure Arc. Once connected, your SQL Server appears in Azure Portal alongside your other Azure resources.

2.1 Step 1: Access Azure Arc Portal

Navigation: Azure Portal → Azure Arc → Machines

 

 

 

Figure 1: Azure Arc | Machines, Starting Point for Onboarding

Description: The Azure Arc Machines blade is your entry point for connecting servers outside Azure. Click 'Onboard/Create' dropdown and select 'Onboard existing machines' to begin. The left menu shows Azure Arc capabilities: Machines, Kubernetes clusters, Data services, Licenses, etc. This is where ALL your Azure Arc-enabled servers will appear after onboarding.

2.2 Step 2: Configure Onboarding Options

Select your operating system, enable SQL Server auto-discovery, and choose connectivity method:

 

 

 

 

Figure 2: Onboarding Configuration, Enable SQL Server Auto-Discovery

Description: Key settings: (1) Operating System select Windows or Linux, (2) SQL Server checkbox, 'Automatically connect any SQL Server instances to Azure Arc' enables auto-discovery of SQL instances on the server, (3) Connectivity method, 'Public endpoint' for direct internet access or 'Private endpoint' for VPN/ExpressRoute. The SQL Server checkbox is crucial, it installs the SQL Server extension automatically.

💡 Important: Check the 'Connect SQL Server' option! This ensures SQL Server instances are automatically discovered and connected to Azure Arc.

2.3 Step 3: Download the Onboarding Script

Azure generates a customized PowerShell script containing your subscription details and configuration:

 

 

 

 

Figure 3: Generated Onboarding Script, Ready to Download

Description: The portal generates a PowerShell script customized for your environment. Key components: (1) Agent download from Azure CDN, (2) Installation commands, (3) Pre-configured connection parameters (subscription, resource group, location). Click 'Download' to save the script. Requirements note: Server needs HTTPS (port 443) access to Azure endpoints.

2.4 Step 4: Run the Script on Your Server

Copy the script to your SQL Server and execute it in PowerShell as Administrator:

 

 

 

 

Figure 4: Executing OnboardingScript.ps1 on the SQL Server

Description: PowerShell console showing script execution from D:\Azure Arch directory. The script (OnboardingScript.ps1, 3214 bytes) installs the Azure Connected Machine Agent and registers the server with Azure Arc. During execution, a browser window opens for Azure authentication. After completion, the server appears in Azure Arc within minutes.

What happens during onboarding:

  1. Azure Connected Machine Agent is downloaded and installed
  2. Agent establishes secure connection to Azure
  3. Server is registered as an Azure Arc resource
  4. SQL Server extension is installed (if checkbox was enabled)
  5. SQL Server instance appears in Azure Arc → SQL Server

3. Your SQL Server is Now Visible in the Azure Control Plane

Once connected via Azure Arc, your SQL Server is projected as a resource in the Azure Portal,right alongside your native Azure SQL resources. This is the power of Azure Arc: your SQL Server remains where it runs (on-premises, in AWS, or anywhere else), but Azure's management plane now extends to it. You can govern, monitor, and secure it with the same tools you use for Azure-native resources, without migrating the workload.

3.1 Unified View in Azure Portal

After onboarding, you can see your Azure Arc-enabled SQL Server through two paths:

Navigation Path

What You See

Azure Arc → SQL Server

All Azure Arc-enabled SQL instances

Azure Arc → Machines

The host server with extensions

 

3.2 Management Experience Similar to SQL Server on Azure VM

The management capabilities for Azure Arc-enabled SQL Server are very similar to SQL Server on Azure VM. The screenshots below show the SQL Server on Azure VM experience Azure Arc-enabled SQL Server provides nearly identical functionality.

Whether your SQL Server runs natively on an Azure VM or is connected from outside Azure via Azure Arc, you get access to a consistent management experience including:

 

 

 

 

 

Figure 5: SQL Server Management Overview — Consistent Experience

Description: This shows the management experience for SQL Server in Azure. Whether connected via Azure Arc or running on Azure VM, you see: SQL Server version and edition, VM details, License type configuration, Storage configuration, and feature status. Azure Arc-enabled SQL Server provides a nearly identical dashboard experience, extending this unified view to your on-premises and multi-cloud servers.

3.3 Azure Hybrid Benefit - Use Your Existing Licenses

One of the key cost-saving advantages which is you can apply Azure Hybrid Benefit (AHB) to Azure SQL Database and Azure SQL Managed Instance, saving up to 30% or more on licensing costs by leveraging your existing Software Assurance-enabled SQL Server licenses. 

Note: Azure Hybrid Benefit applies to Azure SQL Database and SQL Managed Instance. For SQL Server running on-premises or in other clouds managed via Azure Arc, AHB does not apply directly.  However, Arc-enabled SQL Server provides other benefits such as centralized management, Azure-integrated security, and access to Extended Security Updates (ESUs). 

 

 

 

Figure 6: Azure Hybrid Benefit Configuration

Description:  License configuration for SQL Server on Azure VM, showing three options: Pay As You Go, Azure Hybrid Benefit (selected), and HA/DR. With Azure Hybrid Benefit, organizations with existing SQL Server licenses and active Software Assurance can save up to 30% or more on SQL Server licensing costs running on Azure VMs (as reflected in the Azure portal configuration blade). Free SQL Server licenses for High Availability and Disaster Recovery are also available for Standard and Enterprise editions.

 

 

4. SQL Best Practices Assessment

 

One of the most valuable features available to Azure Arc-enabled SQL Server is the Best Practices Assessment — automatically evaluating your SQL Server configuration against Microsoft's recommendations.

4.1 Prerequisites: Log Analytics Workspace

Before enabling assessment, you need a Log Analytics Workspace to store the results:

 

 

 

 

Figure 7: Create Log Analytics Workspace

Description: Log Analytics workspace creation form. Fill in: Subscription, Resource Group, Name (green checkmark indicates valid name), and Region (choose same region as your resources). This workspace stores assessment results, performance metrics, and logs from ALL your SQL Servers both Azure Arc-enabled and Azure VMs.

 

 

 

 

Figure 8: Log Analytics Workspace Ready for Use

Description: Workspace overview showing: Status (Active), Pricing tier (Pay-as-you-go), and Operational issues (OK). The 'Get Started' section guides you through: (1) Connect a data source, (2) Configure monitoring solutions, (3) Monitor workspace health. This workspace becomes the central repository for all your SQL Server insights.

4.2 Enable SQL Best Practices Assessment

Navigate to your SQL Server (Azure Arc-enabled or Azure VM) and enable the assessment:

 

 

 

Figure 9: SQL Best Practices Assessment Enable Feature

Description: Assessment landing page explaining the feature: evaluates indexes, deprecated features, trace flags, statistics, etc. Results are uploaded via Azure Monitor Agent (AMA). Click 'Enable SQL best practices assessments' to begin configuration. This feature is available for BOTH Azure Arc-enabled SQL Server and Azure SQL VMs.

 

 

 

Figure 10: Assessment Configuration Select Log Analytics Workspace

Description: Configuration panel requiring: (1) Enable checkbox, (2) Log Analytics workspace selection, (3) Resource group for AMA. The warning 'No Log Analytics workspace is found' appears if you haven't created one yet,  see Section 4.1. Once configured, assessments run on schedule and upload results to your workspace.

4.3 Run and Review Assessment

 

 

 

 

Figure 11: Run Assessment Button

Description: After configuration, click 'Run assessment' to start evaluation. Assessment duration varies: 5-10 minutes for small environments, 30-60 minutes for large ones. The 'View latest successful assessment' button (disabled until first run completes) opens the results workbook.

 

 

 

 

Figure 12: Assessment Results History

Description: Assessment history showing multiple runs with different statuses: 'Scheduled' (pending), 'Completed' (results available), 'Failed - result expired' (data retention exceeded). Regular assessments help catch configuration drift over time. If you see 'Failed - upload failed', see the Troubleshooting section.

 

 

 

 

Figure 13: Assessment Recommendations  Actionable Insights

Description: Best practices workbook showing three panels: (1) Recommendation Summary with severity (High, Medium) and categories (DBConfiguration, Performance, Index, Backup), (2) Recommendation Details with target and name, (3) Details panel showing selected item — example: 'Enable instant file initialization' for performance improvement. High severity items should be addressed immediately.

Severity Levels:

Severity

Description

Action Timeline

🔴 High

Critical issues affecting performance or security

Address immediately

🟡 Medium

Important optimizations recommended

Within 30 days

🟢 Low

Nice-to-have improvements

As time permits

ℹ️ Info

Informational findings

Review and acknowledge

 

5. Monitoring and Governance

With your SQL Servers connected to Azure (via Azure Arc or native), you gain access to Azure's full monitoring and governance capabilities.

5.1 Azure Policy Compliance

Apply consistent governance policies across ALL your SQL Servers — regardless of where they run:

 

 

 

 

Figure 14: Azure Policy Compliance Dashboard

Description: Compliance dashboard showing: 28% overall compliance (5 of 18 resources), pie chart with Compliant (green), Exempt, and Non-compliant (red). The table lists non-compliant resources (microsoft.hybridcompute type = Azure Arc-enabled servers). Use this to ensure ALL SQL Servers, on-premises, cloud, edge meet your organization's standards.

5.2 Performance Monitoring

 

 

Figure 15: Performance Monitoring  Unified Dashboard

Description: Performance dashboard showing: Logical Disk Performance (C: drive 30% used), CPU Utilization (1.75% average, 5.73% 95th percentile), Available Memory (3.1GB average). This same dashboard works for Azure Arc-enabled servers, giving you consistent visibility across your entire SQL Server estate.

 

5.3 Service Dependency Mapping

 

 

Figure 16: Service Map Visualize Dependencies

Description: Map view showing server FNPSVR01 with 17 processes connecting to Port 443 (7 servers) and Port 53 (1 server). Machine Summary shows FQDN, OS (Windows Server 2016), IP address. Use this to understand application dependencies before maintenance or migration  available for both Azure Arc-enabled and Azure-native servers.

 

6. Troubleshooting Guide

This section covers common issues encountered when working with Azure Arc-enabled SQL Server and Azure SQL VMs.

6.1 Common Issues Overview

Issue

Symptoms

Azure Arc-enabled

Azure VM

Assessment Upload Failed

Status: 'Failed - upload failed'

✅ Applies

✅ Applies

Wire Server 403

Agent cannot connect

❌ N/A

✅ Applies

IMDS Disabled

Cannot obtain token

❌ N/A

✅ Applies

Azure Arc Agent Connectivity

Server not appearing

✅ Applies

❌ N/A

SQL Login Failed

Machine account denied

✅ Applies

✅ Applies

 

6.2 Real Case Study: Assessment Upload Failed on Azure VM

Note: This case study is from an Azure VM (not Azure Arc-enabled). The Wire Server and IMDS issues are specific to Azure VMs. Azure Arc-enabled servers use different connectivity mechanisms.

Symptoms observed:

  • Assessment status: 'Failed - upload failed'
  • Local data collected successfully (415 issues)
  • Data not appearing in Log Analytics workspace

 

Root causes identified from logs:

Error 1 (ExtensionLog ):

[ERROR] Customer disable the IMDS service, cannot obtain IMDS token.

Error 2 (WaAppAgent.log):

[WARN] GetMachineGoalState() failed: 403 (Forbidden) to 168.63.129.16 Resolution for Azure VMs

Fix Wire Server (168.63.129.16) connectivity:

# Test connectivity Test-NetConnection -ComputerName 168.63.129.16 -Port 80  # Add route if missing route add 168.63.129.16 mask 255.255.255.255 <gateway> -p  # Add firewall rule if needed New-NetFirewallRule -DisplayName "Allow Azure Wire Server" -Direction Outbound -RemoteAddress 168.63.129.16 -Action Allow

Fix IMDS (169.254.169.254) connectivity:

# Test IMDS Invoke-RestMethod -Uri "http://169.254.169.254/metadata/instance?api-version=2021-02-01" -Headers @{Metadata="true"}  # Add firewall rule if blocked New-NetFirewallRule -DisplayName "Allow Azure IMDS" -Direction Outbound -RemoteAddress 169.254.169.254 -Action Allow

Test Azure Arc agent connectivity:

# Check Arc agent status & "$env:ProgramW6432\AzureConnectedMachineAgent\azcmagent.exe" show  # Test connectivity to Azure endpoints   & "$env:ProgramW6432\AzureConnectedMachineAgent\azcmagent.exe" check

 

 

6.3 Azure Arc-enabled SQL Server Connectivity Issues

For Azure Arc-enabled servers (not Azure VMs), connectivity issues are different:

Required Azure endpoints for Azure Arc agent:

Endpoint

Port

Purpose

management.azure.com

443

Azure Resource Manager

login.microsoftonline.com

443

Azure AD authentication

*.his.arc.azure.com

443

Azure Arc Hybrid Identity

*.guestconfiguration.azure.com

443

Guest configuration

7. Troubleshooting Guide

Demo Deck: Azure Arc for Windows Server and SQL Server

 

More Additional Resources :

 

 

 

Updated Apr 12, 2026
Version 1.0
arc jumpstart
azure arc
hybrid
multicloud
No CommentsBe the first to comment