What Azure Arc Is and Why CIOs Should Care
Azure Arc is a hybrid and multi-cloud management platform that extends Azure's control plane beyond Azure's own infrastructure. Arc "projects" on-premises and third-party cloud resources into Azure Resource Manager, allowing you to manage them as if they were native Azure resources. Servers, VMs, Kubernetes clusters, and databases running outside Azure can be monitored, tagged, governed, and automated through the Azure Portal and APIs — providing a single pane of glass for managing a diverse IT estate.
Arc-Enabled Servers
Register on-premises Windows and Linux servers with Azure Arc to inventory them, apply Azure Policies uniformly, run scripts via VM extensions, and enforce security standards across on-prem and cloud. Connecting servers to Arc is free — costs arise only when you enable add-on Azure services (Monitor, Defender, Update Management). Servers with active Software Assurance get certain Arc management features at no additional cost.
Arc-Enabled Kubernetes
Attach Kubernetes clusters from AWS, GCP, or on-premises to Azure Arc. Deploy configurations via GitOps, enforce Azure Policies across all clusters, and manage fleet-wide governance from the Azure Portal. This unifies Kubernetes management across environments — critical for enterprises running multi-cloud container strategies. Arc's Kubernetes management is free for basic features; advanced capabilities (Azure Monitor Container Insights, Defender for Containers) incur standard Azure charges.
Arc-Enabled Data Services
Deploy Azure SQL Managed Instance and Azure PostgreSQL Hyperscale on-premises or at the edge, managed through Azure as if they were cloud instances. This is essential for scenarios where data residency, latency, or regulatory requirements demand on-premises workloads without forfeiting cloud management benefits. Arc-enabled data services are billed through Azure — and critically, this consumption counts toward your Azure MACC commitment.
System Center Integration
Azure Arc integrates with System Center 2025, allowing organisations to leverage familiar on-premises management while extending capabilities to Azure. This means enterprises do not need to abandon existing ITSM and configuration management investments — Arc complements and extends them. CIOs should view Arc as an evolution of their management approach, not a replacement of existing tools.
"Azure Arc should be considered a strategic enabler for hybrid cloud operating models. It helps standardise management in mixed environments — which is crucial for enterprises pursuing digital transformation while maintaining legacy systems. CIOs need to see Arc not just as a tool but as a shift toward cloud-inspired operations for all infrastructure."
Licensing and Cost Optimisation with Azure Arc
Azure Arc's control plane is free — connecting resources, organising them, tagging, and running basic management scripts costs nothing. However, any Azure services enabled on Arc-connected resources and any advanced management features incur Azure charges. Understanding where costs arise — and where Arc creates licensing flexibility — is the key to optimisation.
| Arc Capability | Cost Model | Optimisation Strategy | EA Negotiation Relevance |
|---|---|---|---|
| Arc control plane (connect, inventory, tag, policy) | Free | Enable for all servers — zero cost for visibility and governance | Demonstrates Azure adoption breadth without additional spend |
| SQL Server PAYG via Arc | Hourly metered (per-core) | Use for burst, dev/test, seasonal; BYOL for steady production | Counts toward MACC; negotiate hourly rates in EA |
| Windows Server PAYG via Arc | Hourly metered (per-core) | Use for incremental/short-term deployments; perpetual for base | No CALs required for PAYG — saves on access licence costs |
| Extended Security Updates | Monthly via Azure billing | Stop paying instantly when servers are decommissioned or upgraded | Draws down Azure credits; can negotiate ESU rates in EA |
| Azure Monitor / Defender | Per-node or per-GB ingested | Enable selectively — critical servers only; use Defender plan bundles | Bundle with EA Azure commitment for volume discounts |
| Azure Hybrid Benefit | Licence entitlement applied to Arc | Apply existing SA-covered licences to reduce Arc PAYG costs | Negotiate SA inclusion/renewal as part of EA to maximise AHB |
| Core principle | Arc consumption flows through Azure billing → counts toward MACC → strengthens your Azure commitment negotiation position | ||
SQL Server Pay-As-You-Go via Azure Arc — A Deep Dive
The most financially impactful Arc capability is pay-as-you-go (PAYG) licensing for SQL Server. Instead of purchasing per-core licences upfront, you connect SQL Server instances to Azure Arc and pay hourly — billed to your Azure subscription exactly like a cloud PaaS service.
Elastic, Temporary, and Dev/Test Workloads
PAYG excels for: seasonal workloads (scale up for quarter-end processing, scale down after), development and testing environments (spin up SQL for a sprint, decommission after release), temporary projects (data migration staging, analytics for a specific initiative), and burst capacity (additional SQL instances during peak demand). The advantage: zero upfront licence cost, pay only for hours of active use, and stop paying immediately when the instance is shut down. For a SQL Server Enterprise core that costs $14,256/year as a traditional licence, PAYG can reduce the cost to a fraction if the workload runs only a few months per year.
Steady 24×7 Production Workloads
For SQL Server instances running 24 hours a day, 365 days a year, PAYG hourly billing becomes more expensive than a traditional per-core licence over a 3-year period. The break-even point varies by edition and negotiated EA discount, but as a rule of thumb: if a SQL Server instance runs continuously for more than 18–24 months, the traditional licence (purchased under EA with Software Assurance) is typically cheaper. The optimal strategy is hybrid: BYOL (Bring Your Own Licence) for stable production, PAYG for everything else. Arc supports both modes on the same server — you can attach a licensed SQL instance for management-only or enable PAYG billing for unlicensed instances.
Windows Server and Extended Security Updates via Arc
Windows Server PAYG — No CALs Required
Starting with Windows Server 2025, Microsoft offers pay-as-you-go licensing through Azure Arc — converting on-premises server licensing into a cloud-like hourly subscription. The significant benefit: PAYG Windows Server instances do not require separate Client Access Licences (CALs), which can represent a major saving for environments with large user populations. Use PAYG for new incremental deployments, short-term projects, and labs. Continue using perpetual licences or EA entitlements for well-utilised permanent servers where the annual cost comparison favours traditional licensing.
Extended Security Updates (ESU) — Monthly Billing via Arc
Legacy servers past end-of-support (Windows Server 2012/R2, SQL Server 2012/2014) can receive Extended Security Updates through Azure Arc on a pay-as-you-go monthly basis — instead of the traditional upfront annual ESU purchase through volume licensing. The advantages: (1) pay monthly and stop immediately when a server is decommissioned or upgraded (no wasted annual fees on servers retired mid-year), (2) ESU costs are billed through Azure and count toward your MACC commitment, (3) any negotiated Azure discounts apply to ESU billing. For enterprises with hundreds of legacy servers on varied decommission timelines, Arc-based ESU billing can save 20–40 % compared to annual ESU purchases.
Architecture Optimisation for Azure Arc Deployment
Start with Governance — Not Technology
Treat Azure Arc onboarding as a cloud adoption project. Before connecting servers, establish resource organisation: Azure subscriptions, resource groups, and management groups for Arc-connected assets. Define Azure Policy assignments that will apply automatically to Arc-enabled resources — security baselines, tagging requirements, compliance standards. This ensures that as you Arc-enable hundreds of servers or dozens of clusters, they consistently adhere to enterprise standards from day one.
Enable Selectively — Not Everything Needs Full Monitoring
The free Arc control plane provides inventory, tagging, and basic management for all connected resources. Add-on services (Monitor, Defender, Update Management) should be enabled selectively based on workload criticality. Tier your Arc-connected servers: Tier 1 (production-critical) gets full monitoring and Defender; Tier 2 (business applications) gets Update Management and basic monitoring; Tier 3 (development, test, legacy) gets Arc visibility only. This tiered approach can reduce Azure management costs by 40–60 % compared to enabling all services on all servers.
Security and Networking — Plan for Arc Agent Connectivity
Arc agents require secure outbound communication with Azure. Work with your CISO and network teams to plan connectivity: set up proxies or specific outbound firewall rules, configure Azure AD service principals for Arc, and ensure identity and access management controls are in place. Private Link for Arc is available for organisations requiring all Arc traffic to traverse private networks. Proper upfront planning maintains security parity between on-premises and Azure environments.
Leverage Azure Hybrid Benefit Across Arc
Azure Hybrid Benefit (AHB) allows organisations with Software Assurance-covered Windows Server and SQL Server licences to apply those entitlements against Arc-enabled workloads, reducing or eliminating PAYG costs. Map your existing SA entitlements to Arc-connected instances: production servers with existing licences should use BYOL mode (management-only), while unlicensed instances use PAYG. The combination of AHB + Arc PAYG creates a flexible licensing model where you optimise cost per workload without over-purchasing traditional licences.
EA Negotiation Tactics for Azure Arc
Azure Arc creates specific negotiation opportunities within your Microsoft Enterprise Agreement. Because Arc consumption flows through Azure billing, it directly impacts your Azure commitment, discount levels, and overall EA commercial structure.
| Negotiation Lever | Microsoft's Position | Your Counter-Strategy |
|---|---|---|
| Arc consumption in MACC | Microsoft counts Arc billing toward your Azure commitment | Use Arc PAYG to fill MACC at favourable rates — especially ESU and dev/test SQL. Negotiate that ALL Arc consumption (including PAYG licences) counts toward MACC commitment |
| Azure discount on Arc services | Standard Azure discount applies to Arc consumption | Negotiate a higher Azure discount tier by including projected Arc consumption in your total Azure commitment. Arc adds predictable on-prem spend to your Azure commitment, justifying a higher discount level |
| SQL Server PAYG rates | Standard hourly rates for Arc SQL | Negotiate custom PAYG rates for Arc SQL Server as part of your EA — particularly if you commit to migrating dev/test and seasonal workloads to Arc PAYG. Volume-based pricing is achievable |
| ESU pricing via Arc | List pricing for ESU through Azure billing | Negotiate ESU discounts as part of the EA renewal. Present your legacy server decommission timeline to demonstrate declining ESU spend — Microsoft may offer better rates to secure the commitment |
| Software Assurance and AHB | Microsoft wants SA renewal for AHB eligibility | Evaluate whether SA renewal cost is justified by AHB savings. Negotiate SA terms specifically for Arc benefit — include only products where AHB delivers measurable savings on Arc consumption |
| Arc as migration leverage | Microsoft views Arc as a pathway to Azure migration | Position Arc adoption as evidence of Azure investment that justifies better EA terms. "We are standardising on Azure management for 2,000+ servers via Arc — this commitment warrants improved pricing across the EA" |
✅ CIO Recommendations — Azure Arc EA Negotiation
- Include Arc consumption projections in your total Azure commitment calculation. Arc PAYG (SQL, Windows, ESU) adds predictable spend that strengthens your MACC commitment and justifies higher discount tiers
- Negotiate Arc-specific PAYG rates for SQL Server and Windows Server as a line item in your EA. Standard rates are not final — volume commitments yield custom pricing
- Use Arc ESU billing strategically: Route all ESU spend through Azure to count toward MACC. Negotiate ESU rates within the EA rather than purchasing through standard volume licensing
- Evaluate Software Assurance selectively: Renew SA only for products where Azure Hybrid Benefit on Arc delivers measurable savings. Do not pay SA on products where PAYG is more cost-effective
- Position Arc adoption as Azure commitment evidence when negotiating overall EA terms. Arc-enabling 1,000+ servers demonstrates strategic investment in the Microsoft ecosystem
- Negotiate flexibility provisions: Request the ability to shift between BYOL and PAYG modes within the EA term without penalty — Arc supports both modes, and your licensing strategy may evolve
- Bundle Arc with Defender and Monitor in your EA to achieve volume pricing on security and observability services across all Arc-connected resources
- Request Arc roadmap briefings from Microsoft during EA negotiations — upcoming Arc capabilities (new data services, additional PAYG products) may affect your multi-year commitment sizing
Adoption Roadmap — Phased Arc Deployment
Phase 1 — Inventory and Governance (Weeks 1–4)
Connect all on-premises servers and Kubernetes clusters to Azure Arc using the free control plane. Establish resource organisation (subscriptions, resource groups, management groups for Arc assets), apply Azure Policy assignments for tagging and security baselines, and generate a comprehensive inventory of your hybrid estate. This phase costs nothing in Azure charges and provides immediate value: unified visibility across on-prem, AWS, GCP, and edge infrastructure. Use this inventory to identify licensing optimisation opportunities — servers running legacy ESU-eligible OS, SQL Server instances that could benefit from PAYG, and workloads where Azure Hybrid Benefit can be applied.
Phase 2 — Selective Service Enablement (Weeks 5–12)
Enable paid Azure services selectively based on your tiered server classification: Defender for Cloud on Tier 1 (critical production), Update Management on Tier 1 and 2, Azure Monitor on servers requiring detailed observability. Enable PAYG SQL Server billing on development, test, and seasonal instances. Route ESU for legacy servers through Arc billing. Monitor Azure cost reports weekly during this phase to validate that actual charges align with projections — adjust service enablement if costs exceed expectations.
Phase 3 — EA Integration and Optimisation (Ongoing)
Incorporate Arc consumption data into your EA renewal planning. Calculate the total projected Arc spend (PAYG licences, ESU, management services) and include it in your Azure MACC commitment negotiation. Evaluate Software Assurance renewals based on AHB value across Arc-connected instances. Establish quarterly reviews of Arc consumption versus budget, and continuously optimise the balance between BYOL and PAYG per workload based on actual usage patterns. This phase is ongoing — Arc's licensing flexibility means your optimisation strategy should evolve with your infrastructure.