Security overview - Azure Arc
Security gaps often emerge when managing infrastructure across public cloud, private cloud, and on-prem environments. Azure Arc helps bridge those gaps by extending Azure security tools to Arc-enabled servers running anywhere. Read this Microsoft Learn article to see how it works and how your organization can benefit. Contact Ontrack Dynamics LLC for a complimentary security assessment of your hybrid environment.
What is the shared responsibility model for Azure Arc-enabled servers?
The security of Azure Arc-enabled servers is a shared responsibility. Microsoft is responsible for securing the cloud service that stores system metadata, protecting privacy, documenting optional security features, publishing regular agent updates, managing RBAC access, and securing the server infrastructure. Users are responsible for securing the server itself, managing credentials, determining the application of security features, and ensuring compliance with legal and internal policies.
How does the Azure Connected Machine agent function?
The Azure Connected Machine agent acts as an enablement platform that connects your machine to Azure. It establishes a relationship with your Azure subscription, provides a managed identity for authentication, enables additional capabilities through extensions, and enforces settings on your server. The agent is essential for relaying data and actions between your managed server and Azure.
What security measures should be taken for Tier 0 assets?
For Tier 0 assets, it is recommended to use a dedicated Azure subscription to minimize access and closely monitor permissions. You should also disable unnecessary management features, such as remote access capabilities and the extension manager, unless they are needed. Implementing an extension allowlist can help restrict the use of extensions to only those that meet your security requirements.
Security overview - Azure Arc
published by Ontrack Dynamics LLC
CMMC Implementation | Azure GCC High | DoD/FedSec | Subcontractor to AOS-G Partners |
More about us
OnTrack Dynamics is a federal-focused cybersecurity and cloud compliance
firm specializing in CMMC implementation and Azure GCC High migrations
for defense contractors and government agencies. With over thirty years
of professional experience in enterprise IT, compliance frameworks, and
federal cybersecurity, OnTrack delivers expert-level security architecture
and implementation services that help defense industrial base (DIB)
organizations achieve audit-ready compliance, maintain DoD contracts,
and operate secure, scalable cloud environments. Federal-ready with
active UEI, CAGE, and SAM.gov registration.
Business Type
- Consultant
- Cloud Service Provider (CSP)
- Managed Security Service Provider (MSSP)
- Systems Integrator
- Compliance Specialist
Solution Types
- CMMC Compliance (Level 1 & 2)
- Azure GCC High Architecture & Migration
- NIST 800-171 Implementation
- Zero Trust Security
- Cybersecurity & Threat Management
- Managed SOC/NOC Services
- Identity & Access Management
- Data Protection & Encryption
Cloud Solutions
- Azure GCC High
- Microsoft 365 GCC High
- Azure Government (DoD Regions)
Industries Supported
- Defense Contractors (DIB)
- Aerospace & Defense Manufacturing
- Federal Government Agencies
- State & Local Government
- Critical Infrastructure
- Engineering & R&D Firms
- Professional Services (supporting DoD)
Compliance Frameworks
- CMMC Level 1 & 2
- NIST SP 800-171
- NIST SP 800-53
- DFARS 7012
- FedRAMP Awareness
- ITAR/EAR (CUI Handling)
- SOC 2 Type II
- ISO 27001
Federal Credentials
- UEI: N7Y3MK6F9B63
- CAGE Code: 883G6
- NAICS: 541511, 541512, 541519
- SAM.gov: Active & Verified
- Authorized to handle CUI (Controlled Unclassified Information)
.png "Ontrack Dynamics LLC"){kind=spacer}
Sign in with LinkedIn