A very common mistake I see for those newer to Azure and Arc is not understanding the risk associated with permissions in Azure and privilege escalation paths to Arc enabled servers

It's a good idea to consider locking down Arc to only what you need ;)

https://learn.microsoft.com/en-us/azure/azure-arc/servers/security-overview#security-considerations-for-tier-0-assets