Expanding Azure Arc for Hybrid and Multicloud Management

Hybrid and multi-cloud environments are no longer optional—they’re essential for modern enterprises. At Ignite 2025, we are announcing key enhancements to Azure Arc based on your feedback, designed to simplify governance, improve security, and deliver operational consistency across diverse infrastructures. Here’s what’s new:

1. Multicloud Connector for GCP – Public Preview

Azure Arc now extends its multicloud reach with Google Cloud Platform (GCP) support in public preview. Customers can now inventory and manage resource and gain a single pane of glass across AWS, GCP, and Azure resources. Learn more https://aka.ms/multicloud-connector-gcp-blog

• Agentless inventory discovery: Automatically detects GCP resources and projects them into Azure Resource Graph for unified visibility.
• Arc onboarding for GCP VMs: Bring GCP virtual machines under Azure management to apply monitoring, policy, and security controls.
• Secure authentication via OIDC federation: Eliminates the need for storing credentials, reducing security risk.

2. Azure virtual desktop for hybrid environments

As part of this wave of new releases, Azure Virtual Desktop  for hybrid environments is now available in preview through Azure Arc server.

Building on the current offering of Azure Virtual Desktop for Azure Local, this capability enables organizations to deliver a rich virtual desktop experience on-premises—without requiring new hardware investments or hypervisor changes. In this release, Azure Virtual Desktop is enabled on Arc connected servers to address scenarios with high-latency, data residency, or application constraints that demand local VDI, while leveraging the Azure management plane for streamlined operations. This expansion provides greater deployment flexibility and supports customers who need both local and cloud-based solutions. To learn more: https://aka.ms/AVDHybridIgnite2025Blog

3. Azure Arc Auto-Agent Upgrades

Managing Connected Machine Agents just got easier. With auto agent upgrades we reduce  the operational overhead and minimizes downtime risk. Ensures machines stay secure and compliant with the latest features and patches automatically. Learn more Public Preview: Auto agent upgrade for Azure Arc-enabled servers | Microsoft Community Hub

• Automatic agent upgrade: Keeps agents current without manual intervention.
• Flexible control: Enable or disable auto-upgrade via Azure Portal, CLI, or PowerShell.
• Resilience built-in: Includes rollback and retry mechanisms for failed upgrades.

4. Azure Machine Configuration: OS Configuration Editor and Policy

The new OS Configuration Editor simplifies compliance at scale. Accelerates compliance initiatives and reduces configuration drift. Non-technical teams can manage OS settings visually, improving agility and reducing errors. Learn more https://aka.ms/MCBaselinesPreviewBlog

• Visual authoring interface: Create and apply guest configuration policies without writing code.
• Fleet-wide auditing: Enforce OS settings across Azure and Arc-enabled servers.
• Integration with Azure Policy: Centralized governance for hybrid environments.

5. Windows Server Recovery Configuration Audit via Arc

Part of the Windows Resiliency initiative, Azure Arc now supports recovery audits. Improves disaster recovery preparedness and compliance reporting. Enterprises can proactively identify gaps and reduce downtime during critical incidents. Learn more

• Audit WinRE policies: Validate Windows Recovery Environment readiness across Arc-enabled servers.
• Compliance visibility: View recovery status in Azure portal dashboards.
• Future roadmap:  Configure your servers to receive boot critical updates and remote remediation for disaster recovery scenarios.

6. Workload Identity for Arc-enabled Kubernetes – General Availability

Secure identity management for Kubernetes workloads is now GA. Strengthens security posture by eliminating secret sprawl. Simplifies identity management for hybrid and edge-native applications, reducing operational risk. Learn more https://aka.ms/workload-identity-arc-for-kubernetes-ga

• Federated identity integration: Connect workloads to Microsoft Entra without static secrets.
• Token-based authentication: Pods securely access Azure resources without manual credential rotation.
• Broad compatibility: Works across multiple Kubernetes distros connected via Azure Arc.

7. Azure Arc Site Manager – Public Preview Refresh

Site Manager is a powerful solution designed to streamline site configuration and edge  infrastructure observability and management at scale, making it easier to manage distributed environments, apply consistent policies, and streamline workflows across hybrid and edge deployments. Learn more

• Hierarchical Site Organization: Site creation that mirror an organization’s hierarchical structure
• Aggregated Monitoring and Insights: Single pane of glass for monitoring distributed environments for Connectivity, Updates, Alerts and Security baseline status
• Site Configurations: Define configurations at the site level and reuse them across partner solutions

8. Simplified migration journey for Arc customers - Preview

Azure Migrate now natively integrates with Azure Arc to simplify the migration journey for Arc customers. Customers can leverage Azure Arc data to generate a comprehensive business case for migration as well as full estate migration readiness assessments with no additional on-premises deployments.  Learn more 

• Simple set up: Create a project and scope Arc resources by subscription. Azure Migrate generates business cases and assessments automatically. Optionally deploy the Azure Migrate Collector VM extension to collect additional information to improve the accuracy of business cases and assessments.
• Comprehensive business case: Compare the Total Cost of Ownership of your current Arc-enabled on-premises estate with that in Azure as well as insights into sustainability improvements of migrating to Azure.
• Full-estate readiness assessment: Assess the readiness of your workloads to various Azure targets such as Azure VMs, Azure SQL Databases, Azure SQL Managed Instance etc. Get right-sized recommended SKUs as well as potential monthly costs for your workloads in Azure.

9. Azure Key Vault Secret Store Extension – General Availability

Azure Key Vault Secret Store Extension (SSE) is now generally available for Arc-enabled on-premises Kubernetes, including clusters that you connect yourself and AKS Arc managed clusters. SSE automatically fetches secrets from an Azure Key Vault to the on-premises cluster for offline access. Learn more

• Offline Access: With SSE, workloads can access Azure Key Vault secrets from the local Kubernetes secrets store regardless of internet connectivity interruptions.
• Scalability: SSE helps very large distributed deployments with hundreds or thousands of clusters to work with Azure Key Vault by spreading demand over time.

These innovations reinforce Azure Arc’s position as the most comprehensive platform for hybrid and multicloud management. From easy connecting to AWS/GCP to Azure through multicloud connector to enabling secure workload identities and resilient OS configurations, Azure Arc is helping enterprises stay agile, secure, and compliant.