This article has been authored by Michael Coutanche, Portfolio Lead, Public Cloud | 23 June 2025

Many organisations, especially in the public sector, are under pressure to adopt a cloud-first strategy. But in reality, they’re often still tied to legacy systems that can’t be easily switched off or rearchitected. Core infrastructure runs on physical servers. Line-of-business apps are still on-prem. Data sovereignty, compliance or budget constraints make full cloud transformation feel out of reach.  This is something I see every day in my work at Telefónica Tech, across healthcare, education, government and finance. The ambition to modernise is there, but for many the day-to-day operational constraints often get in the way. That’s where Azure Arc becomes a powerful solution.

Introducing Azure Arc: Modernisation without Disruption 

Arc doesn’t force a rip-and-replace approach. It extends Azure’s control plane to wherever your workloads live. That could be in your data centre, in another cloud or on the edge. You get unified tooling, security, policy and automation. Most importantly, it allows you to move at your own pace.

What Azure Arc Actually Does

In practical terms, Azure Arc takes your existing estate, even the stuff that isn’t in Azure, and starts treating it as if it were. That means:

• One pane of glass for the control plane, centralised visibility and reporting with native Azure CLI\PowerShell or Portal plus integration to tools with more sophisticated capabilities such as Power BI.
• Deploy and enforce polices across environments. Standardise on Azure Policy engine to apply governance, auditing, or enforcement
• Use cloud-native tools like Azure Monitor, Defender for Cloud and Microsoft Sentinel with on-prem workloads or integrate with Windows Admin Center for Arc-enabled servers
• Centrally manage patching, updates, change tracking and inventory
• Extend Azure services to SQL Server instances or Kubernetes clusters running on existing infrastructure outside of Azure
• Seamlessly deploy extended Security updates for Windows Server 2012/R2 and SQL Server 2012/2014 in on-premises or multi-cloud environments

Take patching as an example. It’s a common, often manual task that many teams still manage in silos. With Arc patching becomes automated across both cloud and on-prem servers using a single policy engine. From the Azure portal, you can schedule updates, monitor compliance and track which machines are falling behind. So, no jumping between tools and no chasing different teams. The major benefit is that, from one central location, you can easily keep everything secure and consistent.

You keep everything where it needs to be operationally. But gain cloud-grade governance, security and scalability.  I’ve seen organisations use Arc to bring thousands of legacy servers into a compliant, manageable state without having to rearchitect everything.  In short, it helps manage technical debt while enabling strategic flexibility.

Common Use Cases We’re Seeing

Local Government

A city council needed to meet GDPR while keeping sensitive systems on-prem. With Azure Arc, they were able to apply uniform security baselines, enabled threat detection and tied everything into a central dashboard. All without interrupting services.

Healthcare

A health trust was struggling to manage legacy SQL servers that were still critical to patient care. Azure Arc helped to bring those servers under policy control, automate patching and improve visibility into vulnerabilities. Risk was reduced without disrupting operations.

Financial Services

Meeting FCA compliance on unsupported infrastructure is always a challenge. Azure Arc lets you roll out Defender across hybrid workloads, automate compliance checks and generate reporting to become audit ready.

Higher Education

A university running research workloads across on-prem and cloud. Azure Arc has the ability to stitch different environments together. Security improves. Management becomes consistent. And the sensitive research datasets remain untouched.

A Real-World Rollout: Azure Arc at Scale

We recently worked with a multinational organisation managing thousands of servers across dozens of sites. They needed to modernise without interrupting operations. Using Arc, we helped them achieve the following outcomes:

• Deploy central governance and security baselines across regions
• Use Azure-native tools like Defender and Monitor on legacy workloads
• Automate patching at scale
• Reduce reliance on legacy tooling and streamline licensing
• Build a foundation for broader cloud adoption at their own pace

The shift wasn’t just about tooling. It was a mindset change. Suddenly their IT estate was no longer a fragmented set of workloads. It became a unified, policy-driven platform that could scale securely.

Thinking Ahead: Compliance and AI Readiness

Azure Arc isn’t just about firefighting today’s IT headaches. It also lays the groundwork in preparation to support AI readiness enabling future workload innovation.  

If you want your infrastructure to be AI-ready, it needs to be secure, well-governed and able to scale. Arc gives you that foundation without forcing a total rebuild. It’s cloud on your terms. All with central management and enabling incremental improvements.

For VMware customers navigating Broadcom licensing changes or planning towards data centre exit, Azure VMware Solution (AVS) or Azure Local can offer a clean and fast path forward. Combined with Azure Arc these tools provide the flexibility to lift, shift and modernise without getting locked into transformation cycles you’re not ready for.

Final Thoughts on Azure Arc

Running critical systems on-prem is still valid. But it doesn’t mean you can’t modernise.

Azure Arc bridges the gap between legacy and cloud-native. It gives you centralised control, consistent security and a future-ready platform.

Curious how ready your infrastructure is for AI and emerging technologies? Our Cloud Infrastructure and AI Readiness Assessment can help identify opportunities for modernisation without committing to a full transformation.