Installing Windows Server Insider Datacenter Azure Edition
In my last blogpost we installed Windows 11 Insider Preview Enterprise Build on a Microsoft Azure Virtual Machine. Now we do the same with Windows Server 2022 Insider build version on Microsoft Azure Cloud.
IMPORTANT
This blogpost is for testing only and not ready for production environments yet!
Before you Search for the Windows Server Insider Preview image, you need some preview features added to your azure subscription first. Here you find more information
One of the features is Inquest Hot patching, which we activate via Azure Cloud Shell with Bash Azure CLI :
az feature register –namespace Microsoft.Compute –name InGuestHotPatchVMPreview az feature register –namespace Microsoft.Compute –name InGuestAutoPatchVMPreview az feature register –namespace Microsoft.Compute –name InGuestPatchVMPreview
Register via Azure CLI with these commands.
Feature registration can take up to 15 minutes. To check the registration status:
az feature show –namespace Microsoft.Compute –name InGuestHotPatchVMPreview
az feature show –namespace Microsoft.Compute –name InGuestAutoPatchVMPreview
az feature show –namespace Microsoft.Compute –name InGuestPatchVMPreview
When registration is done, you will see this message.
Once the feature has been registered for your subscription, complete the opt-in process by propagating the change into the Compute resource provider.
Type the following Azure CLI commandline :
az provider register –namespace Microsoft.Compute
Now your Microsoft Azure Subscription is ready for the new Features with the Windows Server 2022 Insider Preview Datacenter Azure Edition Build.
You need the Core edition when you want to try hotpatching.
and you need to be a Windows Server Insider.
Add Storage to your Virtual Machine.
Because it’s for testing only I selected SSD.
Set your network settings.
Set Management settings like Hotpatch Preview.
At Advanced tab you can add Extensions and Custom scripts.
Click on Review + Create
Validation is passed, Click on Create and the
Windows Server Insider 2022 Datacenter Azure Edition will deploy.
IMPORTANT
Check the Network Security Group (NSG) of the Virtual Machine in Azure and set the security settings!
Set the Security Settings in the NSG.
Because we Installed the Windows Server Insider Core version,
Windows Admin Center (Preview) is very handy for Management.
Running Windows Server 2022 Insider Build 10.0.20348.166 in Azure
with Windows Admin Center (Preview) for Testing.
Now we wait for the Hotpatch 😉
Conclusion
Microsoft Azure Cloud platform is great for testing new products like Windows Server Insider Build versions, Windows 11 Insider Preview and the new Azure features. So when this becomes GA in the future you have already the experience and did some feedback to the Microsoft Product Team 😉
With Windows Admin Center you can remotely manage Windows Server running anywhere—physical, virtual, on-premises, in Azure, or in a hosted environment.
The tool, available with your Windows Server license at no additional charge, consolidates and reimagines Windows OS tools in a single, browser-based, graphical user interface.
At Microsoft Ignite 2021 Global Virtual Event they launched Windows Admin Center version 2103. Here you find the download.
Set Proxy Server in Windows Admin Center Settings.
Open in a Separate Window
This is a Separate Window on my Second Screen, this works Awesome!
Windows Admin Center Virtual Tool improvements 🙂
Conclusion
Microsoft is working hard to make Hybrid IT Management better for Administrators to manage Hybrid Cloud datacenters. Windows Admin Center is a must have for managing
Windows Server Core, AzureStack HCI, and Cluster Services. I can say: I love to work with Windows Admin Center 🙂
Azure Arc enabled servers allows you to manage your Windows and Linux machines hosted outside of Azure, on your On-premises network, or other cloud provider consistent with how you manage native Azure virtual machines. When a hybrid machine is connected to Azure, it becomes a connected machine and is treated as a resource in Azure. Each connected machine has a Resource ID, is included in a resource group, and benefits from standard Azure constructs such as Azure Policy and applying tags. Service providers who manage a customer’s on-premises infrastructure can manage their hybrid machines, just like they do today with native Azure resources, across multiple customer environments, using Azure Lighthouse with Azure Arc.
To deliver this experience with your hybrid machines hosted outside of Azure, the Azure Connected Machine agent needs to be installed on each machine that you plan on connecting to Azure. This agent does not deliver any other functionality, and it doesn’t replace the Azure Log Analytics agent. The Log Analytics agent for Windows and Linux is required when you want to proactively monitor the OS and workloads running on the machine, manage it using Automation runbooks or solutions like Update Management, or use other Azure services like Azure Security Center.
Now we have my Dark20H2.MVPLAB.LOCAL Windows Server Core managed by Windows Admin Center, I like to connect the Windows Server 20H2 Core to Azure Arc Services for Hybrid IT Management to get the benefits of the Cloud.
In the next step-by step guide we will enable Azure Arc Services by installing the agent on the Windows Server 20H2 Core.
Prerequisites
If you don’t have an Azure subscription, create a free account before you begin.
Deploying the Arc enabled servers Hybrid Connected Machine agent requires that you have administrator permissions on the machine to install and configure the agent. On Linux, by using the root account, and on Windows, with an account that is a member of the Local Administrators group.
Before you get started, be sure to review the agent prerequisites and verify the following:
If the machine connects through a firewall or proxy server to communicate over the Internet, make sure the URLs listed are not blocked.
Azure Arc enabled servers supports only the regions specified here.
Open Azure Arc in the Portal.
Because I have already Azure Arc Active for my Azure Stack HCI Cluster in my MVPLAB.LOCAL, I will click on Servers on the left.
Click on Add
We will Generate a Script for the Single Windows Server 20H2 Core.
You can Add also Servers at Scale.
HTTPS Access to Azure Services is Needed
and
Local Administrator permissions, Click Next
Select the right Azure Subscription and the Resource Group.
Select the Azure Region and Operating System.
and the URL when you are behind a Proxy Server.
Click Next.
You can add Tags for Administrative tasks like Costs.
Click Next.
Here you can Copy and Paste the Script or Download it.
I downloaded the PowerShell Script.
Click on Close.
Windows Admin Center in action on Windows Server 20H2 Core
The Windows Server Dark20H2.mvplab.local is a basic installation and managed by Windows Admin Center
Now we have to do the following steps :
Copy the Azure Arc PowerShell Script to the Server with WAC.
Install Azure PowerShell on the Server
Run the Azure Arc PowerShell Script.
1. Copy the Azure Arc PowerShell Script to the Server with WAC
First we use Windows Admin Center to make a directory on the Server for uploading the Azure Arc PowerShell Script.
I have made a Azure Arc directory with Windows Admin Center.
Click on Upload.
Browse to your Azure Arc PowerShell Script.
Click on Submit.
The Azure Arc PowerShell Script is now on the Server.
2. Install Azure PowerShell on the Server
In the following steps we will install Microsoft Azure PowerShell on the Server via Windows Admin Center.
Type: $PSVersionTable.PSVersion
You need at least PowerShell 5.1
Make sure you have the latest version of PowerShellGet. Run Install-Module -Name PowerShellGet -Force
Run the following script :
———————————————————————-
if ($PSVersionTable.PSEdition -eq ‘Desktop’ -and (Get-Module -Name AzureRM -ListAvailable)) { Write-Warning -Message (‘Az module not installed. Having both the AzureRM and ‘ + ‘Az modules installed at the same time is not supported.’) } else { Install-Module -Name Az -AllowClobber -Scope CurrentUser }
———————————————————————–
Type Y or A ( Yes or Yes to All)
Installing the Azure PowerShell Modules.
Now we are ready for the Azure Arc PowerShell Script.
3. Run Azure Arc PowerShell Script on the Server.
From here we are going to install the Microsoft Azure Arc PowerShell Script to join this server to Azure Arc Services with an Agent.
Run  .\OnboardingScript (1).ps1
It will ask for a Device login to Azure with a Code.
I did that on the Windows Admin Center Server.
When you Login to Azure with your Account you will see this Screen.
The Next screen is the completion in Windows Admin Center PowerShell of the Windows Server 20H2 Core.
This Dark20H2.mvplab.local Server is now connected with Azure Arc Services.
Azure Arc Enabled Server.
Here we see the Windows Server 202H2 Core in Azure Arc.
Azure Arc Services
Installing Azure Arc Insights
Here we start with one of the Azure Arc Services on the On-Premises Windows Server 20H2 Core called Azure Arc Insights.
Click on Insights on the Left of the Azure Arc Server.
Click on Enable.
Select your Azure Subscription and Log Analytics Workspace.
Click on Enable.
Installation of Azure Arc Insights in progress……
It’s Ready and waiting for data in Azure.
Performance View of On-Prem Servers.
Azure Arc Service Map will come available
Conclusion
With Microsoft Azure Arc Services you get the Azure Cloud Management services connected with On-Premises Servers. You get Azure Security Center, Log Analytics, Azure Monitoring and Alerting, Update Management, Change tracking and Automation tasks. This is the power of Hybrid IT Management and get the best of Tools there is like Windows Admin Center supporting me with Windows Server 20H2 Core. Azure Arc Services with Kubernetes and Azure Stack HCI Management is powerful and with a Single pain of Glass in IT Management. Hope this helpful for you, and Go for it yourself. 😉
The Windows Subsystem for Linux (WSL) gives you the most command-line tools, utilities, and applications directly on Windows. I’m using Microsoft Windows Admin Center and Windows Server Core 20H2 with Build version 19042.746 to deploy WSL 2 with Ubuntu 18.04 Linux Distro. Here you find the installation of the Windows Server Core 20H2 with Windows Admin Center
In the following steps we will install the Following :
Ubuntu 18.04 is Running in WSL2 on Windows Server Core 20H2 😉
Conclusion
First of All Microsoft Windows Admin Center is supporting me in the Installation of Windows Subsystem for Linux. We have WSL 2 Running with Ubuntu 18.04 with a lot of possibilities!
What I really like is integration, like in Windows 10 and Docker for desktop with the WSL 2 Engine. Here my Blogpost
Together with VSCode Remote WSL is Cool.
Would be awesome to run Docker Windows and Linux Containers in combination with WSL 2 integration on Windows Server Core edition. Maybe in the Future, who knows?
Manage all your server environments with familiar yet modernized tools, such as the reimagined Server Manager and streamlined MMC tools, from a single, browser-based, graphical user interface. Admins can manage Windows Server instances anywhere: on-premises, in Azure, or in any cloud.
Operate hybrid seamlessly
Extend on-premises deployments of Windows Server to the cloud by using the Azure hybrid services found in Windows Admin Center. Use Azure for:
Backup and disaster recovery
Additional capacity for compute, file servers and storage
Centralized management for monitoring, threat protection and update management
In the following steps we will install Windows Server Core 20H2 version Build 10.0.19042 via Windows Admin Center on my Hyper-V Host called Starship01.mvplab.cloud.
I have Windows Admin Center already running for my MVPLAB with a Windows Server 2019 Hypervisor host. From here I will install a New Windows Server Core 20H2 Machine.
Click in the Left toolbar on Virtual MachinesÂ
and then on Add New
Deployment settings for the New Virtual Machine.
Here we set the following settings :
Virtual Machine Name
Generation VM ( gen 2 is recommended )
The path of the VM settings and Disk
Virtual Processors
a mark for nested virtualization ( for the Hyper-V feature )
Memory
Network / Virtual Switch
Storage
When you Add Storage you can select also the new ISO file for Installation.
I changed the Size of the Operating Disk from 127GB to 50GB
And I selected the path to the Windows Server Core 20H2 ISO.
Then Click on Create.
Windows Admin Center will create the Virtual Machine really fast.
Now the Window Virtual Machine Dark20H2 is created by Windows Admin Center on the Hyper-V Host, we can do the Windows Server Core 20H2 Installation by starting the Virtual Machine.
Before you Start running the VM, have a look at the settings
If you want you can set more Security features here.
You can set Encryption and Security Policy.
Start the Virtual Machine here for Installation of Windows Server Core 20H2
( The ISO is connected )
Installation of Windows Server Core 20H2 version Build 10.0.19042
The virtual Machine is running and now we can connect it via Windows Admin Center to do the installation of Windows Server.
Click on Connect
Use your Windows Admin Center account and mark
for the certificate. Then Click on Connect
Here we see the Console for the Windows Server Installation.
Install Now.
The Windows Server Core 20H2 is Installed.
Of course you can now configure the Machine via SConfig.exe, I only gave the Server name and a static IP address with DNS.
Via Windows Admin Center ( Manage) you can add the Machine to the domain.
Add the Server to the domain with your account and Click on Join
Server will Restart, Click on Yes
Dark20H2 Joined the Domain MVPLAB.CLOUD Successfully
 Adding the Windows Server Core 20H2 to Windows Admin Center
Add Dark20H2.mvplab.cloud to Windows Admin Center.
Of course I want to manage the server with Windows Admin Center and use all the tools I need to securely manage this Server.
Windows Server Core 20H2 in Windows Admin Center.
First thing what I do in my MVPLAB is Windows Updates.
December Updates for Windows Server Core 20H2
Updates Installed Successfully 🙂
Azure Hybrid Services
Azure Hybrid Services
You can extend on-premises deployments of Windows Server to the cloud by using Azure hybrid services. These cloud services provide an array of useful functions, both for extending on-premises into Azure, and for centrally managing from Azure. Think of :
Windows Admin Center is a must have when you have to manage Windows Server Core versions, you don’t have to worry about all the Commands of Windows Server Core. With Windows Admin Center it becomes easy to do the complete installation of the server and this include also all features of Windows Server Core 202H2 Build 10.0.19042. It becomes really powerful when you use it in a Hybrid way by connecting to Microsoft Azure Cloud Services. Earlier I wrote a blogpost about Windows Admin Center and Azure Security Center
I Hope this is useful for you, and start your journey with Windows Admin Center & Windows Server Core versions 😉
Microsoft Azure Arc enables you to manage your entire environment, with a single pane of glass, by projecting your existing resources into Azure Resource Manager. You can now manage virtual machines, Kubernetes clusters, and databases as if they are running in Azure. Regardless of where they live, you can use familiar Azure services and management capabilities. Azure Arc enables you to continue using traditional ITOps, while introducing DevOps practices to support new cloud native patterns in your environment.
IT Management with Azure ARC
With Microsoft Windows Admin Center I Build a Microsoft Azure Stack HCI Clusterand the Nodes are connected with Azure Arc Services. In the following steps you will see a security feature of Microsoft Azure Arc Services with remediation of the Risks on the Azure Stack HCI Cluster On-premises.
Azure Arc Security Remediation
Here you see the Azure Arc Servers with Azure Stack HCI
On Skywalker01 Node we have two Security Risks
When you click on the risk, you see the description and the remediation steps to solve this risk issue. Here you can also see the remediation script:
Automatic Remediation Script.Â
Select the Azure workspace ID and when you don’t have one you can Create new Workspace in Azure.
Select the resource, in my case Skywalker01
Click on remediate resource.
Remediation in progress
The Microsoft Azure Monitor Agent extension in Azure Arc is successfully installed.
Done.
I did the same for Skywalker02 Azure Stack HCI Cluster Node.
The Next Medium Risk is a Vulnerability assessment on the Azure Stack HCI Cluster nodes. Just follow the steps of the wizard.
Azure Arc Security Vulnerability Assessment with Azure Defender
Click on remediate.
This one will use Qualys in Azure Defender.
Click on remediate resource.
The vulnerability scanner included with Azure Security Center is powered by Qualys. Qualys’ scanner is one of the leading tools for real-time identification of vulnerabilities. It’s only available with Azure Defender for servers. You don’t need a Qualys license or even a Qualys account – everything’s handled seamlessly inside Security Center.
Azure Arc Insights of the Azure Stack HCI Cluster Node
Because we have installed the Microsoft Azure Monitor extension in Azure Arc on this Azure Stack HCI Node Server, telemetry and analytics will do his job for Monitoring in Azure and data will be collected. In Azure maps you see the connectivity of the Server.
Here you can see the Fired Alerts by severity and Investigate 🙂
Here you see the power of Hybrid IT management via Microsoft Azure Arc services and get Azure Cloud services for your On-premises Servers. You have the Free Microsoft Windows Admin Center Tool and integration with Azure Arc for all the innovative tools like Azure Monitor, Azure Security Center, Azure Defender, Update management and more. I hope you see the benefits too, Get started Today !
Azure Stack HCI is a Hyper-Converged Infrastructure (HCI) cluster solution that hosts virtualized Windows and Linux workloads and their storage in a hybrid on-premises environment. Azure hybrid services enhance the cluster with capabilities such as cloud-based monitoring, Site Recovery, and VM backups, as well as a central view of all of your Azure Stack HCI deployments in the Azure portal. You can manage the cluster with your existing tools including Windows Admin Center, System Center, and PowerShell.
Azure Stack HCI, version 20H2 is a new operating system now in Public Preview and available for download. It’s intended for on-premises clusters running virtualized workloads, with hybrid-cloud connections built-in. As such, Azure Stack HCI is delivered as an Azure service and billed on an Azure subscription. Azure Stack HCI also now includes the ability to host the Azure Kubernetes Service; for details, see Azure Kubernetes Service on Azure Stack HCI.
Get Started with Azure Stack HCI and Windows Admin Center
Windows Admin Center is a locally deployed, browser-based app for managing Azure Stack HCI. The simplest way to install Windows Admin Center is on a local management PC (desktop mode), although you can also install it on a server (service mode).
If you install Windows Admin Center on a server, tasks that require CredSSP, such as cluster creation and installing updates and extensions, require using an account that’s a member of the Gateway Administrators group on the Windows Admin Center server. For more information, see the first two sections of Configure User Access Control and Permissions.
Before you begin, you have to know that Azure Stack HCI is still in Preview and not for Production usage ready. But I’m installing it in my MVPLAB for testing purpose only and learn all the New Features.
What’s New in Azure Stack HCI
Clusters running Azure Stack HCI, version 20H2 have the following new features as compared to Windows Server 2019-based solutions:
New capabilities in Windows Admin Center: With the ability to create and update hyper-converged clusters via an intuitive UI, Azure Stack HCI is easier than ever to use.
Stretched clusters for automatic failover: Multi-site clustering with Storage Replica replication and automatic VM failover provides native disaster recovery and business continuity to clusters that use Storage Spaces Direct.
Affinity and anti-affinity rules: These can be used similarly to how Azure uses Availability Zones to keep VMs and storage together or apart in clusters with multiple fault domains, such as stretched clusters.
Azure portal integration: The Azure portal experience for Azure Stack HCI is designed to view all of your Azure Stack HCI clusters across the globe, with new features in development.
GPU acceleration for high-performance workloads: AI/ML applications can benefit from boosting performance with GPUs.
BitLocker encryption: You can now use BitLocker to encrypt the contents of data volumes on Azure Stack HCI, helping government and other customers stay compliant with standards such as FIPS 140-2 and HIPAA.
Improved Storage Spaces Direct volume repair speed: Repair volumes quickly and seamlessly.
In the Following Step-by-Step guide we install Azure Stack HCI Cluster with Windows Admin Center.
Click on Add and then Create New Server Cluster.
Choose for Azure Stack HCI.
Here you can also choose for both Azure Stack HCI nodes are in the same Site or you have more Azure Stack HCI Nodes in Two Sites for disaster Recovery and Business Continuity.
In my MVPLAB I have all Azure Stack HCI nodes in One Site. More information about Microsoft Azure Stack HCI Stretching Clusters can be found here.
This is what I like about Windows Admin Center, supporting you in all steps and choices for making an Azure Stack HCI Cluster with Storage Spaces Direct.
Specify your administrator Account and password and add the Azure Stack HCI Node Servers
Add the Nodes to the Domain.
Install Required Features on the Azure Stack HCI Node Servers
Install Updates on the Azure Stack HCI Node Servers
Here you get options from your hardware vendor
I don’t get this because it’s virtual.
Restart the Azure Stack HCI Node Servers and Click Next Networking
Networking adapters are UP and Running.
When you have Enough Nics in your Azure Stack HCI Node Server, you can choose here for a Teamed Management NIC.
I choose for a single management NIC. Plan your Azure Stack HCI Node network
Configure your Production and Storage network
Here you can configure different Switches for your workloads. Windows Admin Center will work with Software Defined Networking (SDN) I Skipped this in my MVPLAB.
Before creating the Azure Stack HCI Cluster, we have to Validate the Cluster first.
When the Cluster Validation is done, you can download the Cluster Validation report.
Here we give the Cluster a Name and a static IP.
Click Create Cluster.
Microsoft Azure Stack HCI Cluster is created 😉
Click Next for Storage.
Click Next
I Got some small disks Click Next.
Storage is validated and suitable for Storage Spaces Direct.
Storage Spaces Direct is enabled on your Azure Stack HCI Cluster.
Click Next for SDN
Here you can configure the Network Controller for the Azure Stack HCI Cluster
Done your Azure Stack HCI Cluster is made 🙂
Here we have the Dashboard in Windows Admin Center of my Azure Stack HCI Cluster
Management of your Azure Stack HCI Cluster
Managing your Azure Stack HCI Cluster with Windows Admin Center is important, because I have connected WAC with my Azure Subscription I can use Azure Monitor.
From here the Cluster is also connected with my Analytics workspace of Azure Monitor.
Azure Stack HCI Cluster Nodes connected with Azure Monitor.
With Windows Admin Center you can manage the Azure Stack HCI updates with Cluster Aware Updating (CAU) without any downtime for your workloads.
Start Cluster Aware Updating
Click on Install
One Azure Stack HCI Node is waiting and the other is Installing.
Now the other Azure Stack HCI Node is Installing the Update.
Updates Succeeded on both Azure Stack HCI Nodes.
Microsoft Azure Stack HCI Cluster is Running
Create your Virtual Machine on Azure Stack HCI Cluster.
Conclusion
Windows Admin Center supports you all the way for making your Microsoft Azure Stack HCI Cluster in easy steps deployment wizard. Of course you can make also your own PowerShell deployment scripts when you have to make more Azure Stack HCI Clusters for different platforms like Deploying virtual machines or AKS Kubernetes Clusters for Container Applications or a SQL environment. Here you find more information about PowerShell commands
After deploying Azure Stack HCI Clusters with your own PowerShell Script, you can add the Cluster into Windows Admin Center for IT Management.
The Installation time of the Cluster is really fast. I hope this will give you more inside information about the Preview of Microsoft Azure Stack HCI Cluster and Windows Admin Center better Together!
Next Step is AKS Kubernetes on Azure Stack HCI 😉
As an Administrator, I like to work with Microsoft Windows Admin Center, It’s a locally deployed, browser-based app for managing Windows servers, clusters, hyper-converged infrastructure, as well as Windows 10 PCs. You can download Windows Admin Center hereand use it for Free in your Production environment. What is Windows Admin Center? What are my benefits? Here you see Windows Admin Center Architecture how it works.
Windows Admin Center Architecture.
So you can use Windows Admin Center everywhere, you can Install it on a Server on-premises without any internet connections, or in a hybrid way with a internet connection for Cloud
services integrations like Azure Backup, Azure Security Center, Azure Monitor or Azure File Sync and to manage your Virtual Machines in the Cloud.
Microsoft is now busy with Windows Admin Center in the Azure Portal in Preview to manage your Hybrid Datacenter. Here you find a blogpost about it in the Microsoft Tech Community.
Manage Internet Access in Windows Admin Center.
Datacenter Administrators want to manage Windows Servers in an Easy way but it must be secure. Microsoft has some user access options for using Windows Admin Center.
The one I like most is Microsoft Azure MFA (Two-Factor-Authentication) on your Windows Admin Center environment. Here you find more information about User Access WAC.
Choose the right Windows Admin Center installation for your environment:
Windows Admin Center Installation types.
These are Production Ready.
But don’t forget the Microsoft Windows Admin Center in the Azure Portal Preview :
Windows Admin Center in the Azure Portal Preview.
Windows Admin Center | Management | Azure Security Center Integration.
The Power of a Modern Management tool like Windows Admin Center is the Extensions feature to integrate with external Services like Azure Cloud Services, or third party vendors like Dell EMC or HP, Fujitsu, Data-On with great management solutions. An other example of a Windows Admin Center Extension are Containers.Â
In the following steps you will see how easy it is to manage and integrate Azure Security Center into Windows Admin Center for your Servers.
When you have installed Windows Admin Center, you have to add your Microsoft Azure Subscription into WAC.
Azure Registration in Windows Admin Center.
In the upper right you have the settings icon of Windows Admin Center, from there you can select Azure and do the registration. What it will do is making a API with your Microsoft Azure subscription:
Here you see the Registration in Microsoft Azure.
When that is completed successfully, you can add the Microsoft Azure Services via Extensions in Settings. We are going to Select Azure Security Center.
Install the Microsoft Azure Security Center Extension.
From here you have installed the basics for your Servers, now the Microsoft Azure Security Center feature is added in the left management bar at each Server in Windows Admin Center.
Now we only have to register the Servers into Azure Security Center with Windows Admin Center.
Here you see my MVPLAB Machines.
I have two Azure Stack HCI virtual Machines and I like to know if they are secure. ( Skywalker01 and Skywalker02) I start with the Azure Security Center Installation on Skywalker01 VM.
Azure Stack HCI VM called Skywalker01.mvplab.cloud
Sign into Azure.
Select your Azure Subscription, Create or Use existing workspace.
Select Region, and Create or use existing Resource Group.
Click on Setup.
The Virtual Machine will be added to Azure Security Center.
From here it need some time to do the job with doing assessments, getting the metadata of the server with log analytics. Microsoft Azure Security Center will come with security recommendations like:
Here you can do a Quick Fix and do Remediation.
After a view minutes the Security issues are also coming into Windows Admin Center.
Here I get some Security advice in Windows Admin Center for Skywalker01 VM
Here you see the Power of the Azure Cloud with Log Analytics and the
Azure Security Center baselines for Skywalker01 Azure Stack HCI VM.
I forgot Skywalker02 VM to do the monthly security updates and that is a Security Risk too of course :
Skywalker02 Azure Stack HCI VM at High Security Risk.
(No updates)
Of course we have Windows Updates in Windows Admin Center, Just have to select and approve the updates for Skywalker02 to solve this high Risk issue.
Skywalker02 Azure Stack HCI VM Security Risk Solved 😉
Conclusion
In a Hybrid IT world today is Better Together my motto with Windows Admin Center and Microsoft Azure Security Center you have a Great solution. You can make your own Azure Security Center Baseline policy to deploy on your Windows Servers to make them more Secure. Get a High Security Score ! And don’t worry you can add all your Windows Servers into Windows Admin Center if they are on-premises or in the Cloud.
With Azure MFA Two-Factor access authentication, you make your Management tool Windows Admin Center more Secure for your environment. If you don’t use Windows Admin Center yet, start Today !
Learn about the latest Windows Server features and capabilities—directly from the Microsoft product team. Watch demos and discover best practices to modernize your workloads, whether you’re running Windows Server on-premises, in a hybrid environment, or on Azure.
