Azure Arc Extensions
Keep your Azure Arc extensions up-to-date
Keep your Azure Arc extensions up-to-date
Microsoft Azure Arc Services is a bridge that extends the Azure platform to help you build applications and services with the flexibility to run across datacenters, at the edge, and in multicloud environments. Develop cloud-native applications with a consistent development, operations, and security model. Azure Arc runs on both new and existing hardware, virtualization and Kubernetes platforms, IoT devices, and integrated systems. Do more with less by leveraging your existing investments to modernize with cloud-native solutions.
Azure Arc Control Plane
So with this Awesome Microsoft Feature Azure Arc, I have connected my Windows Insiders Domain mvplab.local servers like a Windows Server Insider Domain Controller, Windows Server Insider Cluster with a SQL Instance on it and Windows 11 Insider Preview Build in the Beta Channel domain joined. Here you can find how to install the Azure Arc Agent on your Servers
Microsoft Azure Arc comes with great features like Azure Security with Cloud Defender to keep your Azure Arc enabled Servers as secure as possible. Azure Policies is very handy to keep your IT governance on every Server the same. With inventory and Change tracking you are in control to get the right information of your machines. Monitoring your Azure Arc enabled servers with Insights and Log analytics is very powerful. But for now I’m going to use Updates feature of Azure Arc enabled Windows 11 Insider Preview Build machine.
Important : I’m working with Windows Server Insider preview Build and Windows 11 Insider Preview Build.
They are for testing purpose only and not for production environments!
Of course you can use Windows Server 2019 / 2022 or Windows 10 / 11 Build with Azure Arc 🙂
Here we have Windows 11 Insider Preview Build with new Updates in the Beta Channel.
Click on One time Update
I’m going to update this Azure Arc enabled Windows 11 Insider preview Build once manually but you can schedule updates also and use Update Management Center.
Select the Machine and Click on Next
Here you can select the updates or exclude updates.
Then Click on Next
Here you can set the Reboot option and
Maintenance Window in minutes.
Click on Next
Review and Click on Install
Install Updates Request is submitted.
At Updates of your Azure Arc enabled Machine you can open
Update Management Center
Here you can see the Complete Overview of the Updates on your Machines.
Left under you see the 3 updates for the Windows 11 Insider Beta Build.
When you Click on the left panel on Machines you get this status overview.
When you click on History you will see the status in progress.
Updates are running on the Machine.
But with the Azure Resource Graph Explorer you can also
see when the updates are succeeded.
Update Management Center after successful running updates
Updates Done for Azure Arc enabled Windows 11 Insider Beta Build.
Now I have got the Newest Windows 11 Insider Preview Build in the Beta Channel at this moment
You have seen how easy it is to work with Microsoft Azure Arc services to manage your Virtual Machine with Updates, when you have lot of Virtual Machines / Servers to manage you can configure them once and do this automatically via schedule tasks for every month. Now I can manage my on-prem Servers / machines in the same way I do the Microsoft Azure Virtual Machines.
So this was only Updates, but you can do the same for Security and keep your machines secure by default with the same Azure policies on your machines for IT Governance. Hope you see the benefits of Azure Hybrid and please start your own journey.
When you have a test environment, please consider the Microsoft Windows Insider program for Windows 11 Insider Builds and for Windows Server Insider Build to work with the newest features and getting experience before GA becomes available.
JOIN the Azure Hybrid Community Group on LinkedIn
GitHub has become the central location for open-source projects, samples, and even content – but primarily focused on developers. This new repository will focus on you: The ITPro/Ops person managing the environment in your company, keeping the lights on, supporting end-users or other IT teams.
The Microsoft Modern Infrastructure Cloud Advocates are responsible for the content on this repo, but sharing your handy script samples on this repo would be Awesome to manage Modern Azure Infrastructure, Azure Stack HCI, Windows Servers, Hyper-V, Containers and more. Have a look at the announcement on Microsoft tech community, Sharing together to make IT Better 😉
Microsoft Announcing the ITOpsTalk GitHub repo – A central location for IT/Ops related samples
With Windows Admin Center in the Azure portal you can manage the Windows Server operating system of your Arc-enabled servers, known as hybrid machines. You can securely manage hybrid machines from anywhere–without needing a VPN, public IP address, or other inbound connectivity to your machine.
With Windows Admin Center extension in Azure, you get the management, configuration, troubleshooting, and maintenance functionality for managing your Arc-enabled servers in the Azure portal. Windows Server infrastructure and workload management no longer requires you to establish line-of-sight or Remote Desktop Protocol (RDP)–it can all be done natively from the Azure portal. Windows Admin Center provides tools that you’d normally find in Server Manager, Device Manager, Task Manager, Hyper-V Manager, and most other Microsoft Management Console (MMC) tools.
In the following steps we will install Azure Windows Admin Center (Preview) on a Microsoft Azure Arc enabled Server from the Azure Portal.
Click on Windows Admin Center (Preview) on the Left side.
Then click op Setup
Set the port.
Click on Install
Installing extension Windows Admin Center
At the Activity log you can follow the installation.
and See the Quick Insights
No Problems here 😉
Sign in with your Username and Password
Running Windows Admin Center from the Azure Portal.
Azure Windows Admin Center of the Azure Arc enabled Server.
PowerShell session remote on the Azure Arc enabled Server.
Events of the Azure Arc enabled Server.
With Microsoft Azure Windows Admin Center and Azure Arc enabled Servers you can manage your servers from anywhere.
You got all the benefits of Microsoft Azure Hybrid features. Try it yourself, Windows Admin Center is still in preview and for testing only.
You can experience this awesome Azure Hybrid solution before it goes in production 😉
Watch AKS Edge Essentials Architecture with @liorkamrat
The following Jumpstart scenario will show how to create an AKS Edge Essentials cluster in Azure Windows Server VM and connect the Azure VM and AKS Edge Essentials cluster to Azure Arc using Azure ARM Template. The provided ARM template is responsible for creating the Azure resources as well as executing the LogonScript (AKS Edge Essentials cluster creation and Azure Arc onboarding (Azure VM and AKS Edge Essentials cluster)) on the Azure VM.
Microsoft Azure Arc enabled Server Insights
Azure Arc-enabled servers lets you manage Windows and Linux physical servers and virtual machines hosted outside of Azure, on your corporate network, or other cloud providers. VM insights monitors the performance and health of your virtual machines and virtual machine scale sets, including their running processes and dependencies on other resources. It can help deliver predictable performance and availability of vital applications by identifying performance bottlenecks and network issues.
In the following steps you see more Azure Arc Insights of this On-premises domain controller.
Azure Arc Insights Performance monitor
Here you see by default performance counters in a dashboard of the Azure Arc enabled Server :
In the right corner you can show your own workbooks.
Azure Arc Insights Map dependencies
I really like this feature to see more Insights of your dependencies with this map. See if there are any communication issues
in your solution is great!
Here you see connections of the Azure Arc enabled domain controller from on-premises.
You even can see if you have Malicious Connections in your process, here they are all green 🙂
Azure Arc Insights Map Changes
You can Investigate Changes
Azure Arc Insights Map Alerts
Here you can Investigate the Alerts.
Azure Arc Insights Overview
Make your own Data Collection Rule.
Here is the Data Source MSVMI-HybridIT
Here you can configure your resources with the Data Sources.
Create your own Data Collection endpoint for your Azure Arc enabled Server
Create your endpoint and select your Tag
with Tags you can set the Owner or cost number on the data collection endpoint.
When It’s ready you can here select the Data collection endpoint for your Server.
We only have Performance Counters, so we will add more Data Sources.
Here you can see some default Data sources.
I select Windows Event Logs.
Here you can configure the event logs and levels to Collect.
I selected only these.
Click on Next : Destination>
Select the right destination.
Then Click on Add Data Source
Here you have your Data Sources
More information :
Microsoft Azure Monitor Overview
Azure Arc JumpStart YouTube Videos
When you have your Servers Azure Arc enabled, you will work with Azure Arc extensions to work with Azure hybrid features like Defender for Cloud, Azure Monitor, Windows Admin Center and more. For each Azure Arc extension you can get updates, and it’s important to keep them up-to-date for new functionality and security. You have Azure Arc extensions for Windows Servers but also for Linux Servers.
Some of the Azure Arc extensions will automatic upgrade when you have enabled it and some must go manually from the Azure Portal.
More information about Azure Arc extensions you can find them here
In the next steps you will see the Update management of the Azure Arc enabled extensions :
Here I update one extension.
Inside the WindowsOsUpdateExtension
Here you can see that the WindowsOsUpdateExtension is up-to-date
and Status Succeeded
On the right of this screenshot you see Automatic Upgrade and some extensions are enabled, but some are not supported.
That’s why it’s important to check these updates.
Here you can see in the Status that two Azure Arc extensions are updating
And sometimes it failed to update.
But you can see what you can do best with this failed Status.
Here you see the error message and the Tips.
And when you can’t fix it yourself you can make a Support ticket right away.
Here you can see that all the Azure Arc extensions are updated successfully
So I selected all my Azure Arc enabled Servers and updated them all.
With Microsoft Azure Arc enabled Servers you have do some IT management to keep your Azure Arc extensions up-to-date.
I did this without rebooting Servers, just from the Azure Portal update Azure Arc extension.
Here you find more information about Microsoft Azure Arc for Azure Hybrid IT
I like to thank you Community for Supporting, Sharing and Reading New Microsoft technologies on my Blog, Twitter, Facebook and
LinkedIn Community Groups 💗 I wish you all happy Holidays, Merry Christmas and a Healthy New Year 2023 may the Best Wishes comes true ! 🎄🥂
I’m very proud and Honored on the Microsoft Global MVP Awards 2022-2023 !
Thank you Microsoft Product Groups, MVP Award Program, Windows Insider Team, Azure Hybrid Team, Windows Server and Azure Stack HCI Team for all your support, NDA PGI sessions, and for the Awesome software, Features, solutions you are building 🙂
Wish you all Happy Holidays, Merry Christmas and a Healthy New Year 2023 may the Best Wishes comes true ! 🎄🥂
JOIN these LinkedIn Community Groups for free and Share New Microsoft Technologies Together:
Windows Admin Center Community Group
Containers in the Cloud Community Group
Microsoft Azure Monitor & Security for Hybrid IT Community Group
What I really love is the Microsoft Tech Community platform
For Microsoft Azure Hybrid:
Azure Hybrid and Multi Cloud documentation
Microsoft Azure Arc Community monthly Meetup (GitHub)
Follow on Twitter for Azure Hybrid:
Microsoft Windows Insiders Blog
Windows Insider Team on YouTube
The Windows Insider Program Team is really active on Twitter:
Get started with the Windows Server Insider program
What’s New in Windows Server 2022
Overview of Windows Admin Center
Azure Arc enabled SQL Servers Architecture
To keep your Business running, It’s important to secure and monitor your data. One of the security measures is doing Vulnerability assessments in your datacenter(s) to see the status and results for remediation. With Microsoft Azure Arc Defender for Cloud you can do a SQL Server vulnerability assessment in your on-premises datacenter or anywhere with the Azure Arc agent running.
Here you find more information about Azure Arc enabled SQL Server
Microsoft Defender for Cloud on Azure Arc enabled SQL Server
Here I activated Microsoft Defender for Cloud on Azure Arc enabled SQL Server, and Azure Defender for Cloud is doing a SQL vulnerability assessment to get the security status and results for remediation.
On this same Azure portal page you will see the Vulnerability assessment findings.
When you Open a Vulnerability finding, you get more information and the remediation for the issue.
Here you see the complete Resource Health of the Azure Arc enabled SQL Server.
Look at the Status of each severity.
Here you see all the vulnerability findings on these four databases.
When you do the remediation you will see the healthy status.
on the Passed tab.
Here I open only the OperationsManager database.
Now you see only the Vulnerability findings on this database.
Here you see a vulnerability finding on the SCOM database with the Remediation 🙂
You can make your Own Workbooks or use them from the Gallery.
Workbook example of Vulnerability Assessment findings.
With Azure Defender for Cloud vulnerability assessment and management you will learn a lot to set your Security Baseline on a higher level in your datacenter(s). Getting the right remediation of Microsoft to solve security issues is Great! You can do your assessments frequently to show your current status on demand. I Really like these Azure Hybrid Tools to make my work easier and the data more secure for the business.
Please join the Azure Hybrid Community Group on LinkedIn for free ( Sharing is Caring together )
In earlier MVPLABSerie blogpost I wrote about making your on-premises Servers hybrid with Azure Arc enabled Servers.
In my mvplab.local domain, there is a SQL 2022 Cluster running which also has the Azure Connected Machine Agent version 1.24.
One of the benefits of Azure Arc enabled Servers for SQL is that you can do on-demand SQL Health assessments on your SQL Environment in your On-premises Datacenter. In the following step-by-step guide we will prepare the SQL Cluster nodes.
Go to this link to watch the video
In my mvplab.local domain I’m doing the following steps :
Go in the Azure Portal to Azure Arc
Click on SQL Servers under Infrastructure.
Click on Add
I Choose for Connect Servers
because both SQL Nodes are already connected in my MVPLAB.local domain.
Click on Next Server details.
Select the right Azure Subscription and Resource Group
Select the region and Operating System
Set Proxy server URL if you need one
Click on Next.
Set your owner tags if needed.
Here you can find more information about Tags Management
From here you have to download the Script
and Run it locally on both SQL Nodes. ( or your Single SQL Server )
Run the script in administrator modus of Powershell ISE.
go to page https://microsoft.com/devicelogin
and enter the Code
Login and continue.
Here you see that the Azure Connected Machine Agent already is installed.
But it will now add the SQL Extension.
Installation Completed Successfully.
Now we have two Azure Arc enabled SQL Servers connected.
Overview of SQL 2022 Node in Azure Arc.
You can see the Databases running.
Here you can set your Admin from Azure Active Directory.
But we want to do a SQL Assessment, but the Azure Monitoring Agent is still missing.
Here you see that the SQL extension is installed.
Now we will add the Azure Monitor Agent to my existing Log Analytics Workspace.
Click on Add
Select Log Analytics Agent – Azure Arc.
Add your Workspace ID
Add your Workspace Kay
Click on Review + Create
Azure Monitoring Agent is Installed.
From here you can do the On-Demand SQL Assessments via
Microsoft Azure Arc enabled SQL Servers.
The SQL Server Assessment focuses on several key pillars, including:
Example of SQL Server Assessment results.
On each assessment result you get a recommendation from Microsoft so you can make your SQL environment Health and Secure!
To get these health results of your SQL environment is Awesome 🙂 You are in control of your Azure Hybrid Arc enabled SQL Servers to keep them Healthy and Secure. The following Azure Arc enabled SQL Server blogpost is about Azure Defender for Cloud for your SQL Servers. With these two Azure Arc for SQL Server features you get the best Insights to keep your data as save as possible.