Announcing the preview of Azure Local rack aware cluster
We are excited to announce the public preview of Azure Local rack aware cluster! We previously published a blog post with a sneak peek of Azure Local rack aware cluster and now, we're excited to share more details about its architecture, features, and benefits. Overview of Azure Local rack aware cluster Azure Local rack aware cluster is an advanced architecture designed to enhance fault tolerance and data distribution within an Azure Local instance. This solution enables you to cluster machines that are strategically placed across two physical racks in different rooms or buildings, connected by high bandwidth and low latency within the same location. Each rack functions as a local availability zone, spanning layers from the operating system to Azure Local management, including Azure Local VMs. The architecture leverages top-of-rack (ToR) switches to connect machines between rooms. This direct connection supports a single storage pool, with rack aware clusters distributing data copies evenly between the two racks. Even if an entire rack encounters an issue, the other rack maintains the integrity and accessibility of the data. This design is valuable for environments needing high availability, particularly where it is essential to avoid rack-level data loss or downtime from failures like fires or power outages. Key features Starting in Azure Local version 2510, this release includes the following key features for rack aware clusters: Rack-Level Fault Tolerance & High Availability Clusters span two physical racks in separate rooms, connected by high bandwidth and low latency. Each rack acts as a local availability zone. If one rack fails, the other maintains data integrity and accessibility. Support for Multiple Configurations Architecture supports 2 machines up to 8 machines, enabling scalable deployments for a wide range of workloads. Scale-Out by Adding Machines Easily expand cluster capacity by adding machines, supporting growth and dynamic workload requirements without redeployment. Unified Storage Pool with Even Data Distribution Rack aware clusters offer a unified storage pool with Storage Spaces Direct (S2D) volume replication, automatically distributing data copies evenly across both racks. This ensures smooth failover and reduces the risk of data loss. Azure Arc Integration and Management Experience Enjoy native integration with Azure Arc, enabling consistent management and monitoring across hybrid environments—including Azure Local VMs and AKS—while maintaining the familiar Azure deployment and operational experience. Deployment Options Deploy via Azure portal or ARM templates, with new inputs and properties in the Azure portal for rack aware clusters. Provision VMs in Local Availability Zones via the Azure Portal Provision Azure Local virtual machines directly into specific local availability zones using the Azure portal, allowing for granular workload placement and enhanced resilience. Upgrade Path from Preview to GA Deploy rack aware clusters with the 2510 public preview build and update to General Availability (GA) without redeployment—protecting your investment and ensuring operational continuity. Get started The preview of rack aware cluster is now available to all interested customers. We encourage you to try it out and share your valuable feedback. To get started, visit our documentation: Overview of Azure Local rack aware clustering (Preview) - Azure Local | Microsoft Learn Stay tuned for more updates as we work towards general availability in 2026. We look forward to seeing how you leverage Azure Local rack aware cluster to power your edge workloads!Expanding Azure Arc for Hybrid and Multicloud Management
Hybrid and multi-cloud environments are no longer optional—they’re essential for modern enterprises. At Ignite 2025, we are announcing key enhancements to Azure Arc based on your feedback, designed to simplify governance, improve security, and deliver operational consistency across diverse infrastructures. Here’s what’s new: 1. Multicloud Connector for GCP – Public Preview Azure Arc now extends its multicloud reach with Google Cloud Platform (GCP) support in public preview. Customers can now inventory and manage resource and gain a single pane of glass across AWS, GCP, and Azure resources. Learn more https://aka.ms/multicloud-connector-gcp-blog Agentless inventory discovery: Automatically detects GCP resources and projects them into Azure Resource Graph for unified visibility. Arc onboarding for GCP VMs: Bring GCP virtual machines under Azure management to apply monitoring, policy, and security controls. Secure authentication via OIDC federation: Eliminates the need for storing credentials, reducing security risk. 2. Azure virtual desktop for hybrid environments As part of this wave of new releases, Azure Virtual Desktop for hybrid environments is now available in preview through Azure Arc server. Building on the current offering of Azure Virtual Desktop for Azure Local, this capability enables organizations to deliver a rich virtual desktop experience on-premises—without requiring new hardware investments or hypervisor changes. In this release, Azure Virtual Desktop is enabled on Arc connected servers to address scenarios with high-latency, data residency, or application constraints that demand local VDI, while leveraging the Azure management plane for streamlined operations. This expansion provides greater deployment flexibility and supports customers who need both local and cloud-based solutions. To learn more: https://aka.ms/AVDHybridIgnite2025Blog 3. Azure Arc Auto-Agent Upgrades Managing Connected Machine Agents just got easier. With auto agent upgrades we reduce the operational overhead and minimizes downtime risk. Ensures machines stay secure and compliant with the latest features and patches automatically. Learn more Public Preview: Auto agent upgrade for Azure Arc-enabled servers | Microsoft Community Hub Automatic agent upgrade: Keeps agents current without manual intervention. Flexible control: Enable or disable auto-upgrade via Azure Portal, CLI, or PowerShell. Resilience built-in: Includes rollback and retry mechanisms for failed upgrades. 4. Azure Machine Configuration: OS Configuration Editor and Policy The new OS Configuration Editor simplifies compliance at scale. Accelerates compliance initiatives and reduces configuration drift. Non-technical teams can manage OS settings visually, improving agility and reducing errors. Learn more https://aka.ms/MCBaselinesPreviewBlog Visual authoring interface: Create and apply guest configuration policies without writing code. Fleet-wide auditing: Enforce OS settings across Azure and Arc-enabled servers. Integration with Azure Policy: Centralized governance for hybrid environments. 5. Windows Server Recovery Configuration Audit via Arc Part of the Windows Resiliency initiative, Azure Arc now supports recovery audits. Improves disaster recovery preparedness and compliance reporting. Enterprises can proactively identify gaps and reduce downtime during critical incidents. Learn more Audit WinRE policies: Validate Windows Recovery Environment readiness across Arc-enabled servers. Compliance visibility: View recovery status in Azure portal dashboards. Future roadmap: Configure your servers to receive boot critical updates and remote remediation for disaster recovery scenarios. 6. Workload Identity for Arc-enabled Kubernetes – General Availability Secure identity management for Kubernetes workloads is now GA. Strengthens security posture by eliminating secret sprawl. Simplifies identity management for hybrid and edge-native applications, reducing operational risk. Learn more https://aka.ms/workload-identity-arc-for-kubernetes-ga Federated identity integration: Connect workloads to Microsoft Entra without static secrets. Token-based authentication: Pods securely access Azure resources without manual credential rotation. Broad compatibility: Works across multiple Kubernetes distros connected via Azure Arc. 7. Azure Arc Site Manager – Public Preview Refresh Site Manager is a powerful solution designed to streamline site configuration and edge infrastructure observability and management at scale, making it easier to manage distributed environments, apply consistent policies, and streamline workflows across hybrid and edge deployments. Learn more Hierarchical Site Organization: Site creation that mirror an organization’s hierarchical structure Aggregated Monitoring and Insights: Single pane of glass for monitoring distributed environments for Connectivity, Updates, Alerts and Security baseline status Site Configurations: Define configurations at the site level and reuse them across partner solutions 8. Simplified migration journey for Arc customers - Preview Azure Migrate now natively integrates with Azure Arc to simplify the migration journey for Arc customers. Customers can leverage Azure Arc data to generate a comprehensive business case for migration as well as full estate migration readiness assessments with no additional on-premises deployments. Learn more Simple set up: Create a project and scope Arc resources by subscription. Azure Migrate generates business cases and assessments automatically. Optionally deploy the Azure Migrate Collector VM extension to collect additional information to improve the accuracy of business cases and assessments. Comprehensive business case: Compare the Total Cost of Ownership of your current Arc-enabled on-premises estate with that in Azure as well as insights into sustainability improvements of migrating to Azure. Full-estate readiness assessment: Assess the readiness of your workloads to various Azure targets such as Azure VMs, Azure SQL Databases, Azure SQL Managed Instance etc. Get right-sized recommended SKUs as well as potential monthly costs for your workloads in Azure. 9. Azure Key Vault Secret Store Extension – General Availability Azure Key Vault Secret Store Extension (SSE) is now generally available for Arc-enabled on-premises Kubernetes, including clusters that you connect yourself and AKS Arc managed clusters. SSE automatically fetches secrets from an Azure Key Vault to the on-premises cluster for offline access. Learn more Offline Access: With SSE, workloads can access Azure Key Vault secrets from the local Kubernetes secrets store regardless of internet connectivity interruptions. Scalability: SSE helps very large distributed deployments with hundreds or thousands of clusters to work with Azure Key Vault by spreading demand over time. These innovations reinforce Azure Arc’s position as the most comprehensive platform for hybrid and multicloud management. From easy connecting to AWS/GCP to Azure through multicloud connector to enabling secure workload identities and resilient OS configurations, Azure Arc is helping enterprises stay agile, secure, and compliant.
Workload Identity support for Azure Arc-enabled Kubernetes clusters now Generally Available!
We’re excited to announce that Workload Identity support for Azure Arc-enabled Kubernetes is now Generally Available (GA)! This milestone brings a secure way for applications running on Arc-connected clusters running outside of Azure to authenticate to Azure services without managing secrets. Traditionally, workloads outside Azure relied on static credentials or certificates to access Azure resources like Event Hubs, Azure Key Vault, and Azure Storage. Managing these secrets introduces operational overhead and security risks. With Microsoft Entra Workload ID federation, your Kubernetes workloads can now: Authenticate securely using OpenID Connect (OIDC) without storing secrets. Exchange trusted tokens for Azure access tokens to interact with services securely. This means no more manual secret rotation and reduced attack surface, all while maintaining compliance and governance. How It Works The integration uses Service Account Token Volume Projection and aligns with Kubernetes best practices for identity federation. The process involves a few concise steps: Enable OIDC issuer and workload identity on your Arc-enabled cluster using Azure CLI. az connectedk8s connect --name "${CLUSTER_NAME}" --resource-group "${RESOURCE_GROUP}" --enable-oidc-issuer –-enable-workload-identity Configure a user-assigned managed identity in Azure to trust tokens from your Azure Arc enabled Kubernetes cluster's OIDC issuer URL. This involves creating a federated identity credential that links the Azure identity with the Kubernetes service account. Applications running in pods, using the annotated Kubernetes service account, can then request Azure tokens via Microsoft Entra ID and access resources they’re authorized for (e.g., Azure Storage, Azure Key Vault). This integration uses Kubernetes-native construct of Service Account Token Volume Projection and aligns with Kubernetes best practices for identity federation. Supported platforms We support a broad ecosystem of distributions, including: Red Hat OpenShift Rancher K3s AKS-Arc (In preview) VMware Tanzu Kubernetes Grid (TKGm) So, whether you’re running clusters in retail stores, manufacturing plants, or remote edge sites, you can connect them to Azure Arc and enable secure identity federation for your workloads to access Azure services. Ready to get started? Follow our step-by-step guide on Deploying and Configuring Workload Identity Federation in Azure Arc-enabled Kubernetes to secure your edge workloads today!Accelerate your cloud migration journey with Azure Arc resource discovery in Azure Migrate (preview)
With Azure Migrate's new Arc-based discovery (preview), you can leverage your existing Arc-enabled servers and Arc-enabled SQL Server instances to quickly gain insights into: Migration readiness for Azure targets such as Azure VMs, Azure SQL Database, and Azure SQL Managed Instance. Savings potential for different migration strategies—all without deploying new on-premises infrastructure.Transforming City Operations: How Villa Park and DataON Deliver Real-Time Decisions with Edge RAG
In today’s connected world, customers expect instant, context-rich interactions- even in environments where cloud connectivity isn’t guaranteed. That’s where Edge Retrieval-Augmented Generation (RAG) at the edge comes in. Edge RAG, enabled by Azure Arc, combining local data retrieval with intelligent reasoning to empowers conversational experiences that are fast, secure, and deeply personalized. Together with our Edge Infrastructure partners, we’re applying this technology to transform customer engagement - enabling real-time insights, autonomous workflows, and resilient operations across industries. Edge RAG is a core part of our Adaptive Cloud pillar for Edge AI, ensuring flexibility, resilience, and intelligence wherever customers operate. It uses Foundry language models and together with Foundry Local shape Microsoft’s Foundry Anywhere commitment. Today we’re excited to announce a public preview refresh of Edge RAG at Ignite 2025, bringing new capabilities to accelerate adoption and unlock even more value at the edge: Production-Class LazyGraph RAG with Industry-leading RAG inferencing quality High-Fidelity Parsing: OCR-enabled support for documents, tables, and images SharePoint Server integration (limited access; to register, click here ) Multimodal search with image retrieval & image-rich outputs Chat UI Upgrades and performance improvements Fully Disconnected scenarios enabled by Azure Local for Disconnected Operations The new features in this release are informed by our engagement with the City of Villa Park, in partnership with DataON, where we’ve applied Edge RAG to improve operational efficiency and deliver smarter, real-time services for urban environments. Together, we pilot compliance assistant agentic workflow with OCR & LLM integration. Villa Park: A Blueprint for Smart Cities The City of Villa Park, California, faced challenges common to many municipalities: complex zoning regulations that slowed approvals, lengthy CEQA compliance processes requiring deep environmental analysis, backlogs in accessory dwelling unit (ADU) permit reviews. Working with DataON, a Microsoft partner, and Microsoft, Villa Park deployed Edge RAG on Azure Local, creating a resilient, intelligent planning system that operates seamlessly; even offline. Environmental assessments that once required days are now completed in minutes. The partnership between the City of Villa Park and DataON is a standout example of how municipalities and technology providers can co-innovate to solve real-world challenges. Ray Pascua, Villa Park’s Planning Manager, has led this transformation: “Having the opportunity to utilize AI to perform research and retrieve large datasets specifically from the California Environmental Quality Act (CEQA) Guidelines (Statutory/Categorical Exemptions), and State law relative to Accessory Dwelling Units (ADUs), has been an overall positive experience. AI algorithm is a revolutionary medium that can streamline and improve workflow efficiencies by automating routine and repetitive planning-related tasks and analysis, and would be of particular value and benefit to local government agencies that have limited personnel and resources. While this cutting-edge technological tool is still evolving and has room to improve accuracy and speed, it certainly has a place in the realm of City Planning, as well as other land use development fields and disciplines.” Howard Lo, VP of Sales & Marketing at DataON, shares: “Our collaboration with Microsoft and the City of Villa Park showcases Azure Local's transformative potential for municipal government AI. As a leading Azure Local partner, DataON has optimized our infrastructure to run Microsoft's Edge RAG solution, enabling Villa Park to address real planning challenges while maintaining data control and security. Working directly with Microsoft's engineering team and a forward-thinking city partner, we've proven that Azure Local delivers practical AI value for government operations. We're excited to help other municipalities achieve similar results on our Azure Local platform.” Villa Park’s deployment leverages DataON’s Azure Local-certified hardware, Microsoft’s Arc-enabled AI stack, and the expertise of city planners to deliver: End-to-end digital workflows for CEQA, zoning, and ADU permitting Conversational AI interfaces that empower staff to ask questions and get cited, regulatory-compliant answers instantly Operational resilience with full offline support, ensuring continuity even during network outages A replicable model for other municipalities seeking to modernize planning and compliance About DataON DataON’s edge infrastructure, combined with Azure Local and Edge RAG, forms the core of this transformation. DataON provides robust hardware and delivers deployment, integration, and training services, ensuring a seamless Azure Local experience. Their close support helps organizations quickly adopt and confidently manage edge solutions, resulting in secure, high-performance, and scalable deployments for multi-site environments. Let’s take a closer look at the features we’re announcing today: Deep Search for Complex Reasoning with LazyGarph RAG With the Ignite release, Edge RAG introduces Deep Search powered by LazyGraph RAG; a dynamic graph-based retrieval method that enables advanced, multi-document reasoning. This means Villa Park planners can now ask complex, multi-part questions that span zoning, CEQA, and ADU regulations, and Edge RAG will synthesize answers by connecting information from multiple sources in real time. Image 1: Deep Search capabilities on Edge RAG The system incrementally explores only the most relevant document chunks, reducing compute cost and latency while delivering comprehensive, cited responses. For Villa Park, this translates to resolving intricate regulatory scenarios, such as “What are the environmental constraints for ADUs in zones X, Y, and Z?”. With answers that reference and link multiple regulatory documents and historical decisions, all in a single query. Advanced Document Parsing for Structured Data Edge RAG’s advanced document parsing, introduced in this release, transforms how Villa Park’s planning documents are utilized. During data ingestion, the system now extracts not only free-form text but also tables, images, headings, and rich metadata. This includes full indexing of multi-page tables, column headers, and section context, with each chunk annotated by page number, section heading, and table index. As a result, planners can search for specific permit statistics, environmental impact scores, or compliance tables and retrieve results directly from structured data within city documents; enabling precise, source-attributed answers that were previously difficult or impossible to obtain. Image 2: Advanced document parsing on Edge RAG Enhanced Chat Experience The new model-only chat mode allows staff to interact directly with the language model, bypassing contextual data for general queries or troubleshooting. This flexibility enables Villa Park staff to quickly switch between knowledge-based chat-grounded in city data, and model-only chat for training, testing, or handling ambiguous queries, streamlining both day-to-day operations and onboarding of new team members. Additional Edge RAG Preview Refresh Updates We also improved Edge RAG based on customer feedback, adding these features: Agentic RAG for autonomous workflows: Systems can reason and act at the edge with less manual work. Full offline support: Operates and accesses data even without a network. SharePoint integration (private preview): users will also be able to query Edge RAG directly over SharePoint, enabling enhanced information retrieval and analysis within their workflows. Image 3: Sharepoint as a data source on Edge RAG Performance optimizations: Query responses for every search type, excluding Deep Search, are now delivered in under 15 seconds on legacy A2 and A16 GPUs; a fivefold speed boost. Additionally, streaming image processing has increased one hundred times, allowing 600 images to be handled continuously in just 36 seconds. Since late May, Edge RAG has supported “bring your own model” (BYOM), allowing organizations to deploy their preferred language models such as OpenAI GPT-4o or other advanced models, directly on their own infrastructure. This capability enables advanced features like deep search and hybrid multimodal search, while ensuring that sensitive data remains on-premises. BYOM empowers organizations to tailor Edge RAG’s AI capabilities to their unique compliance, performance, or customization requirements, maintaining full control over both data and model selection. Security, Compliance, and Sustainability Edge RAG is built for trust: data sovereignty ensures sensitive data remains on-premises, zero-trust architecture integrates with Microsoft security stack, and compliance-ready design supports municipal, state, and industry regulations. Sustainability is also a priority, with energy-efficient edge hardware reducing carbon footprint. Looking Ahead: The Future of Edge Intelligence Edge RAG enables flexible edge intelligence deployment in various environments. Its adaptable design handles dynamic workloads, supporting frontline teams as operations evolve. Instead of just speeding up processes or boosting connectivity, Edge RAG fosters innovative applications and smarter decision-making, helping organizations stay agile amid changing technology and business needs. Resources Explore these resources to learn more about Edge RAG, deployment best practices, customer stories, and technical documentation: Product documentation: Edge RAG Preview, enabled by Azure Arc Documentation | Microsoft Learn Get Started: Quickstart: Install Edge RAG Preview enabled by Azure Arc Release notes: What's New in Edge RAG – Azure Arc Tech Talk Distribution List: EdgeRAGTalk@microsoft.com Join the conversation, ask questions, and connect with the Edge RAG team Recommended Ignite sessions: BRK147: What’s new in Azure Local ODSP1467: Unlock your IT potential with Azure Local & DataON Plus Solutions BRK199: From cloud to edge: Building and shipping Edge AI apps with Foundry
Announcing General Availability of Software Defined Networking (SDN) on Azure Local
Starting in Azure Local version 2510, we’re excited to announce the General Availability of Software Defined Networking (SDN) on Azure Local enabled by Azure Arc. This release introduces cloud-native networking capabilities for access control at the network layer, utilizing Network Security Groups (NSGs) on Azure Local. Key highlights in this release are: 1- Centralized network management: Manage Logical networks, network interfaces, and NSGs through the Azure control plane – whether your preference is the Azure Portal, Azure Command-Line Interface (CLI), or Azure Resource Manager templates. 2- Fine-grained traffic control: Safeguard your edge workloads with policy-driven access controls by applying inbound and outbound allow/deny rules on NSGs, just as you would in Azure. 3- Seamless hybrid consistency: Reduce operational friction and accelerate your IT staff’s ramp-up on advanced networking skills by using the same familiar tools and constructs across both Azure public cloud and Azure Local. Software Defined Networking (SDN) forms the backbone of delivering Azure-style networking on-premises. Whether you’re securing enterprise applications or extending cloud-scale agility to your on-premises infrastructure, Azure Local, combined with SDN enabled by Azure Arc, offers a unified and scalable solution. Try this feature today and let us know how it transforms your networking operations! Feature Capabilities Here’s what you can do today with SDN enabled by Azure Arc: ✅ Run SDN control plane (Network Controller) as a Failover Cluster service on the Azure Local physical hosts — no VMs required! ✅ Deploy logical networks — use VLAN-backed networks in your datacenter that integrate with SDN enabled by Azure Arc. ✅ Attach VM Network Interfaces — assign static or DHCP IPs to VMs from logical networks. ✅ Apply NSGs - create, attach, and manage NSGs directly from Azure on your logical networks (VLANs in your datacenter) and/or on the VM network interface. This enables a generic rule set for VLANs, with a crisper rule set for individual Azure Local VM network interface using a complete 5-tuple control: source and destination IP, port, and protocol. ✅ Use Default Network Policies — apply baseline security policies during VM creation for your primary NIC. Select well-known inbound ports such as HTTP (while we block everything else for you), while still allowing outbound traffic. Alternatively, you can select an existing NSG you already have. ✅ Azure Arc Resource Bridge (ARB) Disaster Recovery capable - In case ARB on the cluster needs to be recovered, NSGs and its rules can be recovered along with VMs and its associated resources. SDN enabled by Azure Arc vs. SDN managed by on-premises tools Choosing Your Path: Some SDN features like virtual networks (vNETs), Load Balancers (SLBs), and Gateways are not yet supported in SDN enabled by Azure Arc. But good news: you’ve still got options. If your workloads need those features today, you can leverage SDN managed by on-premises tools: - SDN Express (PowerShell) - Windows Admin Center (WAC) The SDN managed by on-premises tools continues to provide full-stack SDN capabilities, including SLBs, Gateways, and VNET peering, while we actively work on bringing this additional value to complete SDN enabled by Azure Arc feature set. You must choose one of the modes of SDN management and cannot run in a hybrid management mode, mixing the two. Please read this important consideration section before getting started! Thank You to Our Community This milestone was only possible because of your input, your use cases, and your edge innovation. We're beyond excited to see what you build next with SDN enabled by Azure Arc. To try it out, head to the Azure Local documentation Let’s keep pushing the edge forward. Together!
A Guide to Adaptive Cloud at Microsoft Ignite 2025
Get ready to supercharge your Ignite experience! This guide is your go‑to playbook for all things Adaptive Cloud. You’ll find clear pointers on where to learn about the latest updates for unifying hybrid, multicloud, and edge environments, with the latest updates from Azure Monitor, Azure Local, Azure Backup, and more. Connect with experts and peers, prioritize sessions, and navigate the event flow with quick links to the session catalog and resources to confirm times and locations throughout the event. We can’t wait to connect!Operate everywhere with AI-enhanced management and security
Farzana Rahman and Dushyant Gill from Microsoft discuss new AI-enhanced features in Azure that make it simpler to acquire, connect, and operate with Azure's management offerings across multiple clouds, on-premises, and at the edge. Key updates include enhanced management for Windows servers and virtual machines with Windows Software Assurance, Windows Server 2025 hotpatching support in Azure Update Manager, simplified hybrid environment connectivity with Azure Arc gateway, a multicloud connector for AWS, and Log Analytics Simple Mode. Additionally, Azure Migrate Business Case helps compare the total cost of ownership, and new Copilot in Azure capabilities that simplify cloud management and provide intelligent recommendations.Public Preview: Audit and Enable Windows Recovery Environment (WinRE) for Azure Arc-enabled Servers
Windows Recovery Environment is a secure, isolated partition that enables diagnostics and repair when a system encounters critical failures – such as a stop error (commonly known as the blue screen of death). WinRE provides a reliable fallback mechanism for mission-critical workloads, allowing IT administrators to recover systems quickly and securely. With this Public Preview, Azure Arc introduces a set of Azure Policies that allow organizations to audit and enable WinRE across their fleet of Arc-enabled Windows Servers. These policies are powered by the Machine Configuration component of the Azure Connected Machine agent, which ensures secure and compliant configuration enforcement. Through the Azure Policy, the Azure Connected Machine agent detects whether WinRE is configured and reports its health status. If WinRE is not configured and the WinRE partition has been provisioned, customers can enable WinRE through the Azure Policy. These Azure Policies are available at no additional cost for servers covered under: Windows Server 2012 Extended Security Updates (ESUs) Microsoft Defender for Servers Plan 2 Windows Server Software Assurance attestation Windows Server Pay-as-you-Go licensing For other servers, these policies will incur charges associated with Azure Machine Configuration. To get started, deploy and assign these Azure Policies to Azure Arc-enabled servers in your existing subscription. [Preview]: Audit Windows machines that do not have Windows Recovery Environment (WinRE) enabled [Preview]: Configure Windows Recovery Environment (WinRE) on Windows machines Auditing and enablement of WinRE through Azure Arc underscores the capability of Azure Arc to increasingly afford resiliency across hybrid, multicloud, and edge workloads.
