I have been looking at bringing on prom servers into Azure Arc to start getting all the logs into Sentinel as well as take advantage of the compliance policies. However, when setting this up, there is an option to use private link / private endpoints. Otherwise, the connection goes encrypted over a public endpoint (the internet). I feel like this part is not so bad, but just wanted to check. I know a Microsoft rep is going to tell you to go with private link all day, as you have to pay for this traffic to go over the link.

Also, the data meets CMMC 2.0 L2 compliance while on prep. However, our cloud is commercial cloud. Sure, the data is not stored in commercial cloud, but Arc gives you quite a bit of visibility into the server, so does this break requirements for Level 2 compliance?

Basically, I am hoping to be able to bring them in, but not have to pay the premium for a private link, and I am trying to see if commercial cloud basically kills the requirements right off the bat. We are currently keeping our CUI in a separate enclave, or in a protected on-prem server that I am hoping to view in Arc.