Which service should not be utilized when extending Azure security to AWS if Azure Arc is not being used?

When considering the extension of Azure security to AWS without utilizing Azure Arc, Microsoft Defender for Identity is the service that should not be utilized. This is because Microsoft Defender for Identity is primarily designed for protecting on-premises Active Directory environments and hybrid infrastructures by monitoring user activities, detecting suspicious behavior, and providing insights specific to those environments. It does not have direct functionality for extending security controls or monitoring capabilities to AWS environments.

In contrast, Azure Active Directory, Microsoft Defender for Cloud, and Azure AD Conditional Access are geared toward providing security and identity management across various environments, including multi-cloud scenarios. Azure Active Directory can be used for authentication and identity management, allowing you to extend these controls to AWS. Microsoft Defender for Cloud provides comprehensive security management and threat protection across cloud services, including AWS. Azure AD Conditional Access enables organizations to enforce policies that control access based on conditions, an important aspect when securing multi-cloud environments.