System Center Operations Manager (SCOM) can be used to monitor virtual machines running in Microsoft Azure IaaS from an on-premises environment. This requires opening appropriate ports for communication and using certificate-based authentication since the Azure VMs are outside the management group's trusted environment. The solution design involves setting up a site-to-site VPN or point-to-site VPN for communication, importing certificates onto the Azure VMs, installing OpsMgr agents with individual certificates, and approving the pending agents in the SCOM console.