Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management

Category Archives: Azure Security


by Leave a comment

Add Kubernetes Cluster to Microsoft Azure Arc #Containers #AzureHybrid

Microsoft Azure Arc Services for Adaptive Cloud

Azure Arc-enabled Kubernetes allows you to attach Kubernetes clusters running anywhere so that you can manage and configure them in Azure. By managing all of your Kubernetes resources in a single control plane, you can enable a more consistent development and operation experience to run cloud-native apps anywhere and on any Kubernetes platform.
Azure Arc-enabled Kubernetes works with any Cloud Native Computing Foundation (CNCF) certified Kubernetes clusters. This includes clusters running on other public cloud providers (such as GCP or AWS) and clusters running on your on-premises data center (such as VMware vSphere or Azure Stack HCI).

In the following step-by step installation, we are going to connect a Kubernetes Cluster with Azure Arc services.

Add Kubernetes Cluster

Before you begin, you need this prerequisites

Extension add

the Extension was already installed.

Here you set the subscription and resource group first.
Cluster name in Azure and the Microsoft Azure Region.
and at last, the network connectivity method, in my scenario a public endpoint.

you can add your tags.

Here you can select your script type Bash or PowerShell
Then download your script.

Azure login

Enter the code and login your Azure subscription.

You now have signed in.

Check these Provider registrations (requirement)

Running the bash script.

Starting to install Azure Arc agents on the Kubernetes Cluster.

In Azure Portal, Kubecluster is connected to Azure.

kubectl get pods -n azure-arc

Kubecluster Overview in Azure portal.

the kubecluster is Azure Arc enabled and running. 🙂

Azure Arc-enabled Kubernetes with Azure Monitor options.

Azure ArcNetworking extension for loadbalancer service.

Arc Enabled kubernetes Cluster features.
Azure provides an automated application deployments capability using GitOps 

Try your Azure Arc enabled Kubernetes Cluster Today first in your test lab and see all the features you can use for your environment.
Join Containers in the Cloud Community on Linkedin

Join Azure Hybrid Community on Linkedin


by Leave a comment

Updating my MVPLAB with Windows Server 2025 Insider Preview Build 26040

Microsoft Windows Server 2025 Datacenter Insider Preview Build 26040

Microsoft released a new Windows Server Insider preview Build 26040 on January 26th and changed Windows Server vNext name into Microsoft Windows Server 2025!

So time to update my MVPLAB domain stack.local.

I’m updating my domain controller from build 26010 to 26040.

Before we can move further, we have to run adprep.

Run adprep from the new ISO on the Domain controller.
by Typing C and enter it will run.

Schema upgrade from 90 to 91

adprep /domainprep.

Adprep successfully updated.

After this click on refresh in the Windows Server Setup if you have this still open.

 

I want to keep my files, settings and apps on my domain controller.
Click on Install

Installing Windows Server 2025 Insider Preview Build 26040

Don’t turn off your machine. 😉

Microsoft Windows Server 2025 Datacenter Insider Preview Build 26040
is running as my Domain Controller.

Don’t forget the last updates.

Running Schema object version 91.

Here you can find more information about Windows Server 2025 Insider Preview Build 26040

Follow Jeff Woolsey on X (Twitter) here

Follow Ned Pyle on X (Twitter) here

Get started by joining Windows Server Insider program

Make your Windows Servers Hybrid with Microsoft Azure Arc
for more Hybrid IT management Benefits


by Leave a comment

Download the Windows 11 Security Book: Powerful #security by Design

Here you can download the Free Windows 11 Security E-book

How Secure are your devices?

Make it more secure by design with Windows 11 and do security assessments / scans for vulnerabilities on your pc’s in your company.
I hope this free E-Book will give you more security insights.


by Leave a comment

Happy Holidays

I wish you all a Merry Christmas and a Happy & Healthy New Year 2024!
Thank you for all your support in the Community.

Join these Free LinkedIn Community Groups during the Holidays and keep up-to-date 😉

Microsoft Azure Monitor & Security for Hybrid IT

Azure Hybrid Community

Windows Admin Center Community

Azure DevOps Community

Containers in the Cloud

Azure Copilot and Security Copilot (NEW)


by Leave a comment

Adding Windows Server 2022 to Azure Arc Services #AzureHybrid #HybridIT #Azure

Azure Arc Enabled Server

With Microsoft Azure Arc Machine agent you can connect your Windows Server 2022 with Microsoft Azure Arc Services.
Microsoft Azure Arc-enabled servers lets you manage Windows and Linux physical servers and virtual machines hosted outside of Azure, on your corporate network, or other cloud provider. in October 2023 Microsoft released via Windows Update Center the setup of Azure Arc Machine agent. In the following steps I will install Azure Arc via the Windows Server Manager:

Click on Disabled

Click on Next

Azure Connected Machine Agent is installing.

Click on Configure

Click on Next

Sign into your Azure Subscription

Click on Next

Select your Azure Active Directory Tenant.
Select Subscription
Select the Resource Group
Select the Azure Region
Select Network Connectivity.
Click on Next

 

Your done, your Windows Server is now connected with Azure Arc
Click on Finish

Here is our Azure Arc enabled Windows Server 2022 in the Microsoft Azure Portal.

 

From here you have all the Azure Arc Services available for your on-prem Server.

When you connect your machine to Azure Arc-enabled servers, you can perform many operational functions, just as you would with native Azure virtual machines. Below are some of the key supported actions for connected machines.

  • Govern:
  • Protect:
    • Protect non-Azure servers with Microsoft Defender for Endpoint, included through Microsoft Defender for Cloud, for threat detection, for vulnerability management, and to proactively monitor for potential security threats. Microsoft Defender for Cloud presents the alerts and remediation suggestions from the threats detected.
    • Use Microsoft Sentinel to collect security-related events and correlate them with other data sources.
  • Configure:
  • Monitor:
    • Monitor operating system performance and discover application components to monitor processes and dependencies with other resources using VM insights.
    • Collect other log data, such as performance data and events, from the operating system or workloads running on the machine with the Log Analytics agent. This data is stored in a Log Analytics workspace.

This is handy to install a couple of Servers manually but when you have to do more, you can generate a script for multiple
Servers installation:

From the Azure Portal
Click on Generate Script

Here you can make a Basic script or for Configuration Manager,
or a script for a Group Policy or via Ansible.

Important:

Before you begin with making your Windows Server Azure Hybrid with the Arc Connected Machine Agent, you have to think about Security by Design. with Identity Access Management (IAM) you can manage who will get access to your Arc enabled Servers.
Wo may use Windows Admin Center for example in the Azure portal?

Access Control on Azure Arc enabled Server.

With Microsoft Azure policy you can set your governance and policies for the organization. There are a lot of pre-defined policies, but you can also make your own Azure policies for your Arc enabled Servers.

Conclusion

Make your datacenter(s) securely Hybrid with Microsoft Azure Arc Services is easy to do and gives you a lot of Azure Hybrid benefits.
Start with your test environment and make your own Azure Arc enabled solutions and when the experience is good you can do it in production 😉

 Here you find more about Azure Arc enabled Services:

Join the Azure Hybrid Community on LinkedIn for Free


by Leave a comment

Whats new with Azure Connected Machine agent and More CLI #AzureArc #AzureHybrid

Azure Connected Machine Agent

Microsoft is continuously improving and fixing issues on the Azure Connected Machine agent for Azure Arc Enabled Servers.

Before you make your Servers in your datacenter Hybrid with Azure Arc Connected Machine Agent, you can have a look at Security first when you want to be in Controle of the Azure Arc extensions. For example, who can install Azure Arc Extensions? and which Extensions should be installed and which not. Or in the latest Azure Connected Machine Agent Version 1.35 of October 2023 No Extensions allowed to install on this Server.

With Azure Arc Connected Machine Agent version 1.35 you can configure the extension manager to run, without allowing any extensions to be installed, by configuring the allowlist to “Allow/None”.  This supports Windows Server 2012 ESU scenarios where the extension manager is required for billing purposes but doesn’t need to allow any extensions to be installed.

Users and applications granted contributor or administrator role access to the resource can make changes to the resource, including deploying or deleting extensions on the machine. Extensions can include arbitrary scripts that run in a privileged context, so consider any contributor on the Azure resource to be an indirect administrator of the server.

The Azure Connected Machine Onboarding role is available for at-scale onboarding and is only able to read or create new Azure Arc-enabled servers in Azure. It cannot be used to delete servers already registered or manage extensions. As a best practice, we recommend only assigning this role to the Microsoft Entra service principal used to onboard machines at scale.

Users as a member of the Azure Connected Machine Resource Administrator role can read, modify, re-onboard, and delete a machine. This role is designed to support management of Azure Arc-enabled servers, but not other resources in the resource group or subscription.

Identity and Access Management (IAM) in Azure to Configure Roles.

Azure Arc Portal Agent version.

With AZCMAGENT CLI command, you can see more information from the Arc enabled Server and is handy for
the Administrator to know:

azcmagent check

azcmagent Config get config.mode

azcmagent show

azcmagent logs

in ProgramData you will find the Azure Arc Connected Machine Agent Logs

Guest config logs of Azure Arc extensions

The Azure Connected Machine agent command line tool, azcmagent, helps you configure, manage, and troubleshoot a server’s connection with Azure Arc. I just showed you some azcmagent commands I use for troubleshooting or to just get the right information.
Here you find the complete Azure Connected Machine Agent Command line reference

Hope this information is useful for you and keep your azcmagent up-to-date for fixes and new innovated features!

Join the Azure Hybrid Community on LinkedIn Group

 


by Leave a comment

Windows Server Insider Preview Build 25967 with Azure Arc in Taskbar

You can Download Windows Server Insider Preview Build 25967 here

New in Windows Server Insider Preview Build 25967 is Microsoft Azure Arc in your taskbar system tray Icon.

Currently, Azure Arc allows you to manage the following resource types hosted outside of Azure:

  • Servers: Manage Windows and Linux physical servers and virtual machines hosted outside of Azure.
  • Kubernetes clusters: Attach and configure Kubernetes clusters running anywhere, with multiple supported distributions.
  • Azure data services: Run Azure data services on-premises, at the edge, and in public clouds using Kubernetes and the infrastructure of your choice. SQL Managed Instance and PostgreSQL (preview) services are currently available.
  • SQL Server: Extend Azure services to SQL Server instances hosted outside of Azure.
  • Virtual machines (preview): Provision, resize, delete and manage virtual machines based on VMware vSphere or Azure Stack HCI and enable VM self-service through role-based access.

Here you find the Azure Arc system tray icon.

Here you can see the Microsoft Azure Arc Status
and
You can connect to the Azure Arc enabled virtual machine in the Cloud.

Azure Arc enabled virtual machine in the Cloud.

Windows Admin Center via Azure Arc enabled Server.

Azure Arc Management in Server Manager!

Here you find more information about Windows Server Insider Preview Build 25967 on Microsoft Tech Community.

JOIN Microsoft Azure Arc Hybrid Community on LinkedIn


by Leave a comment

Whats new with Azure Connected Machine agent #Azure #AzureArc #Winserv #ESU

Azure Connected Machine Agent Update version 1.34

New features

  • Extended Security Updates for Windows Server 2012 and 2012 R2 can be purchased and enabled through Azure Arc. If your server is already running the Azure Connected Machine agent, upgrade to agent version 1.34 or later to take advantage of this new capability.
  • Additional system metadata is collected to enhance your device inventory in Azure:
    • Total physical memory
    • Additional processor information
    • Serial number
    • SMBIOS asset tag
  • Network requests to Microsoft Entra ID (formerly Azure Active Directory) now use login.microsoftonline.com instead of login.windows.net

Fixed

  • Better handling of disconnected agent scenarios in the extension manager and policy engine.

Use Azure Update Manager with Azure Arc enabled Windows Server 2012 R2 for Extended Security Updates

The Azure Connected Machine agent receives improvements on an ongoing basis. To stay up to date with the most recent developments, this article provides you with information about:

  • The latest releases
  • Known issues
  • Bug fixes

This page is updated monthly, so revisit it regularly. If you’re looking for items older than six months, you can find them in archive for What’s new with Azure Connected Machine agent.

Here you find more information about Microsoft Azure Arc for Hybrid IT Management

Here you find more information on Microsoft Tech Community Blog about Extended Security Update Options

JOIN the Microsoft Azure Hybrid Community on LinkedIn

 


by Leave a comment

Windows Terminal with #AzureCLI Cloud Shell and #AI Knowledge Base

Windows Terminal with Azure Cloud Shell CLI

Microsoft Azure Artificial Intelligence (AI) is going fast in the Cloud, It can support you with the tools you use like Azure CLI for example to manage Azure resources. But AI can support you in Security too, like Microsoft Security Copilot

Microsoft security CoPilot Create a visual to explain.

But I was busy with Windows Terminal in Windows 11 Insider Preview Build and Azure Cloud Shell.
First getting the latest Build of Azure CLI in my Windows Terminal :

az upgrade

Installing Azure CLI 2.48.1

Click on Install

Click on Finish

For the Changes you need to Restart your machine.

After the reboot we have the Newest Azure CLI Version 2.48.1

Login Azure with Windows Terminal.

I’m connected with Azure via Windows Terminal Azure Cloud Shell.

Here I’m checking if I have a Connection with Azure AI-examples :

az ai-examples check-connection

Connection was successful.

The Azure AI knowledge base made me find examples 🙂

When a command is incomplete or wrong, the AI knowledge base is doing
a suggestion and gives a link to Microsoft docs.

Conclusion

This is where I Like Microsoft Azure Artificial Intelligence (AI) to make my IT Management easier and faster to do the job.
It’s supporting me in my work and not doing things I don’t like. It’s going fast with AI and It’s important to keep it in Control for doing IT Management tasks.


by Leave a comment

Microsoft Azure Arc Extensions Updates #AzureHybrid #AzureArc #AzOps

Azure Arc Extensions

Keep your Azure Arc extensions up-to-date