Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management


Leave a comment

Windows Server Insider 2022 Datacenter Azure version #WindowsInsiders #WIMVP #Azure #Winserv

Installing Windows Server Insider Datacenter Azure Edition

In my last blogpost we installed Windows 11 Insider Preview Enterprise Build on a Microsoft Azure Virtual Machine. Now we do the same with Windows Server 2022 Insider build version on Microsoft Azure Cloud.

IMPORTANT

This blogpost is for testing only and not ready for production environments yet!

Before you Search for the Windows Server Insider Preview image, you need some preview features added to your azure subscription first. Here you find more information

One of the features is Inquest Hot patching, which we activate via Azure Cloud Shell with Bash Azure CLI :

az feature register –namespace Microsoft.Compute –name InGuestHotPatchVMPreview
az feature register –namespace Microsoft.Compute –name InGuestAutoPatchVMPreview
az feature register –namespace Microsoft.Compute –name InGuestPatchVMPreview

Register via Azure CLI with these commands.

Feature registration can take up to 15 minutes. To check the registration status:

az feature show –namespace Microsoft.Compute –name InGuestHotPatchVMPreview
az feature show –namespace Microsoft.Compute –name InGuestAutoPatchVMPreview
az feature show –namespace Microsoft.Compute –name InGuestPatchVMPreview

When registration is done, you will see this message.

Once the feature has been registered for your subscription, complete the opt-in process by propagating the change into the Compute resource provider.

Type the following Azure CLI commandline :

az provider register –namespace Microsoft.Compute

Now your Microsoft Azure Subscription is ready for the new Features with the Windows Server 2022 Insider Preview Datacenter Azure Edition Build.

You need the Core edition when you want to try hotpatching.
and you need to be a Windows Server Insider.

Here you can Register for the Windows Server Insider Program

Create the Virtual Machine.

Add Storage to your Virtual Machine.
Because it’s for testing only I selected SSD.

Set your network settings.

Set Management settings like Hotpatch Preview.

At Advanced tab you can add Extensions and Custom scripts.
Click on Review + Create

Validation is passed, Click on Create and the
Windows Server Insider 2022 Datacenter Azure Edition will deploy.

IMPORTANT

Check the Network Security Group (NSG) of the Virtual Machine in Azure and set the security settings!

Set the Security Settings in the NSG.

Because we Installed the Windows Server Insider Core version,
Windows Admin Center (Preview) is very handy for Management.

Running Windows Server 2022 Insider Build 10.0.20348.166 in Azure
with Windows Admin Center (Preview) for Testing.

Now we wait for the Hotpatch 😉

Conclusion

Microsoft Azure Cloud platform is great for testing new products like Windows Server Insider Build versions, Windows 11 Insider Preview and the new Azure features. So when this becomes GA in the future you have already the experience and did some feedback to the Microsoft Product Team 😉


Leave a comment

Security by Design with #Azure Security Center and Azure Defender #ASC #Security #SecOps

Azure Architecture

Security by Design is increasingly becoming the mainstream development approach to ensure security of software systems. Security architectural design decisions are based on well-known security tactics, and patterns defined as reusable techniques for achieving specific quality concerns. In the following steps we will make a security baseline for Windows Servers with different tools.

1.Microsoft Security Compliance Toolkit

The Microsoft Security Configuration Toolkit enables enterprise security administrators to effectively manage their enterprise’s Group Policy Objects (GPOs).  Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store them in GPO backup file format, and apply them via a domain controller or inject them directly into testbed hosts to test their effects. A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers. A lot of hacks are based on registry settings, so that’s why Windows Server Security Baseline is important.
You can download the Microsoft Security Compliance Toolkit here

2. Windows Defender Firewall with Advanced Security

Windows Defender Firewall with Advanced Security is an important part of a layered security model. By providing host-based, two-way network traffic filtering for a device, Windows Defender Firewall blocks unauthorized network traffic flowing into or out of the local device. Windows Defender Firewall also works with Network Awareness so that it can apply security settings appropriate to the types of networks to which the device is connected. Windows Defender Firewall and Internet Protocol Security (IPsec) configuration settings are integrated into a single Microsoft Management Console (MMC) named Windows Defender Firewall, so Windows Defender Firewall is also an important part of your network’s isolation strategy. So set only the firewall ports you need end to end.

Windows Security Setting Firewall & Network Protection
Select Advanced settings

Windows Defender Firewall Advanced settings
Set only active what you need!

3. Windows Defender Security Virus & Threat Protection

Schedule a Full Scan in the Night for Threats
and Set the Windows Security options.
Keep your Defender and Virus definition files up-to-date.

4. Windows Updates

When your Windows Server is ready for production, you have to keep it Up-to-Date with Windows Updates. It’s not only the Windows Security patches, but all the software that’s running on your Server. One software leak is enough for a hacker to compromise your Server.

Windows Updates

Have a look at the Microsoft Update Catalog

Lot of Companies are using Microsoft WSUS Services or Microsoft Endpoint Configuration Manager to deploy the software Life cycle Management Security updates to Servers to keep them secure as possible. These are not only Microsoft Security Updates but also from third party Software vendors, like adobe, Google, etc.

5. Security Monitoring and Remediation

This Cycle is important for Security!

IT departments have multiple teams with different disciplines, so when the Windows Server is ready
for the Administrator it goes to the Application Admin in a different IT Team. They will install the Application software and maybe
some software connections with other Servers by a third IT Team. To get in control of those security steps is important, because when a IT Consultant of a third party vendor is installing old legacy software you will have hacker leaks again and that’s making your Server vulnerable. Here is where Azure Security Center and Azure Defender will support you in monitoring and remediation of security issues.

It doesn’t matter where your Windows Server is installed, in Azure Cloud or On-premises in your datacenter, it can connect securely via internet for monitoring the Server. When it’s on-premises you can install the Microsoft Arc agent

Microsoft Azure Arc Connected Machine Agent.

Azure Arc enabled Server from On-premises

When the Microsoft Azure Arc Agent is installed on the Server, you can use these Azure Services for example :

  • Azure Update Management
  • Azure Monitoring
  • Azure Security Center with Azure Defender
  • Azure Policies for Compliance
  • Change Tracking and Inventory
  • Insights
  • Automation of Tasks

These Microsoft Azure features are supporting you to keep your Server as safe as possible and your security Up-to-Date.

From here you can add the Windows Server to Microsoft Azure Security Center with the right log analytics workspace.

Microsoft Azure Security Center Recommendations

Remediate Security Configurations on the Arc enabled Server

Remediation of Vulnerabilities on your Windows Server (Arc Enabled)

Azure Defender is a built-in tool that provides threat protection for workloads running in Azure, on premises, and in other clouds. Integrated with Azure Security Center, Azure Defender protects your hybrid data, cloud-native services, and servers and integrates with your existing security workflows, such as SIEM solutions and vast Microsoft threat intelligence, to streamline threat mitigation.

Workflow of Azure Defender for Vulnerability Scanning.

When Azure Security Center and Azure Defender are installed, you can do a Vulnerability Assessment on your Azure Arc enabled Server which is on-premises datacenter before your Windows Server is going in Production.

Vulnerabilities after Assessment on Windows Server with Arc enabled with remediation
This happens a lot when there is third party software installed on the Server.

To get a list of your high security vulnerabilities, you can use the Azure Resource Graph explorer.

Azure Resource Graph Explorer
Here you can download your high risks into a CSV or Pin to a Dashboard.

6. Compliance and Security Policies

Learn how Microsoft products and services help your organization meet regulatory compliance standards.
When you have to manage a lot of Windows Servers or Linux Servers, you want them compliant with the right security policies.

Here you find all the Microsoft Compliance Offerings

Regulatory Compliance of your environment.

With Azure Security Policy you can configure your Compliance.

in the following steps you will see an Sample alert :

Sample Alerts with Mitre ATT&CK Tactics

Take Action on the Security Alert.

Related entities

Mitigate the Threat
Prevent future attacks
Trigger automated response
or
Suppress similar Alerts.

Security by Design Conclusion

Before you begin with deploying Windows Servers in your datacenter or in the Azure Cloud, it’s good to make a High Level design with your security set for the right compliance of your new Windows Server. You can use all the security On-Premises for Windows Server but with Azure Security Center, Azure Monitor, Azure Arc Services, Azure Defender you get all the security Insights and remediation options when a vulnerability is discovered. Windows Server and Azure Security Center is better together for Security Management.

Microsoft Security

If you want to keep your Windows Servers secure as possible, you need to keep doing these steps above. Continuous Monitoring and remediate vulnerabilities is a on-going process for SecOps and Administrators. Make it hackers difficult to add ransomware on your Servers.  One more important IT Service, is your Backup / Disaster Recovery solution. This should be secure from hackers and from ransomware encryption. I always say think of this rule :

More information

Microsoft Azure Security Center on GitHub

Overview of the Azure Security Benchmark (V2)

Become an Azure Security Center Ninja

Azure Security Center in the Field by Yuri Diogenes

Introduction to Azure Defender

Join the Microsoft Azure Monitor & Security for Hybrid IT Community Group on LinkedIn

 


Leave a comment

Windows Admin Center v2103 Available! What’s New #Winserv #Azure #Management #WindowsAdminCenter #MVPBuzz

Windows Admin Center v2103

With Windows Admin Center you can remotely manage Windows Server running anywhere—physical, virtual, on-premises, in Azure, or in a hosted environment.
The tool, available with your Windows Server license at no additional charge, consolidates and reimagines Windows OS tools in a single, browser-based, graphical user interface.
At Microsoft Ignite 2021 Global Virtual Event they launched Windows Admin Center version 2103. Here you find the download.

What’s New in Windows Admin Center v2103

WAC Updates Automatically

Events Tool ReDesign (Preview)

Great Overview of the Server Events 😉

Azure IoT Edge for Linux on Windows

Windows Admin Center in The Azure Portal 

Set Proxy Server in Windows Admin Center Settings.

Open in a Separate Window

This is a Separate Window on my Second Screen, this works Awesome!

Windows Admin Center Virtual Tool improvements 🙂

Conclusion

Microsoft is working hard to make Hybrid IT Management better for Administrators to manage Hybrid Cloud datacenters. Windows Admin Center is a must have for managing
Windows Server Core, AzureStack HCI, and Cluster Services. I can say: I love to work with Windows Admin Center 🙂

 

When you have feedback for the Product Team please do that here at User Voice


Leave a comment

Windows Server 2022 Insider Preview Build 10.0.20298 Available! #Winserv #WindowsServer2022 #WIMVP #WindowsInsiders #MSIgnite

Windows Server 2022 Insider Preview Build 10.0.20298

Microsoft Windows Server Insider Team Released Windows Server 2022 Insider Preview Build 10.0.20298, here you find more information on Tech Community

This Build is Available with :

  • Windows Server 2022 Standard (Core)
  • Windows Server 2022 Standard ( Desktop Experience)
  • Windows Server 2022 Datacenter ( Core)
  • Windows Server 2022 Datacenter ( Desktop Experience)

I Installed Windows Server 2022 Insider Preview with Windows Admin Center.

Windows Server 2022 Insider Preview Build 10.0.20298 is Running 😉

And in Control of Windows Admin Center.

Download Windows Server 2022 Insider Preview here

Don’t forget this Awesome session at MSIgnite 2021 Event!

 


Leave a comment

Adding Windows Server 20H2 Core to Azure Arc Services with #WindowsAdminCenter #Winserv #Azure

Azure Arc Services

Azure Arc enabled servers allows you to manage your Windows and Linux machines hosted outside of Azure, on your On-premises network, or other cloud provider consistent with how you manage native Azure virtual machines. When a hybrid machine is connected to Azure, it becomes a connected machine and is treated as a resource in Azure. Each connected machine has a Resource ID, is included in a resource group, and benefits from standard Azure constructs such as Azure Policy and applying tags. Service providers who manage a customer’s on-premises infrastructure can manage their hybrid machines, just like they do today with native Azure resources, across multiple customer environments, using Azure Lighthouse with Azure Arc.

To deliver this experience with your hybrid machines hosted outside of Azure, the Azure Connected Machine agent needs to be installed on each machine that you plan on connecting to Azure. This agent does not deliver any other functionality, and it doesn’t replace the Azure Log Analytics agent. The Log Analytics agent for Windows and Linux is required when you want to proactively monitor the OS and workloads running on the machine, manage it using Automation runbooks or solutions like Update Management, or use other Azure services like Azure Security Center.

In earlier blogpost I wrote about Windows Admin Center and the Installation of Windows Server 20H2 Core version.

Now we have my Dark20H2.MVPLAB.LOCAL Windows Server Core managed by Windows Admin Center, I like to connect the Windows Server 20H2 Core to Azure Arc Services for Hybrid IT Management to get the benefits of the Cloud.

In the next step-by step guide we will enable Azure Arc Services by installing the agent on the Windows Server 20H2 Core.

Prerequisites

  • If you don’t have an Azure subscription, create a free account before you begin.
  • Deploying the Arc enabled servers Hybrid Connected Machine agent requires that you have administrator permissions on the machine to install and configure the agent. On Linux, by using the root account, and on Windows, with an account that is a member of the Local Administrators group.
  • Before you get started, be sure to review the agent prerequisites and verify the following:
    • Your target machine is running a supported operating system.
    • Your account is granted assignment to the required Azure roles.
    • If the machine connects through a firewall or proxy server to communicate over the Internet, make sure the URLs listed are not blocked.
    • Azure Arc enabled servers supports only the regions specified here.

Open Azure Arc in the Portal.

Because I have already Azure Arc Active for my Azure Stack HCI Cluster in my MVPLAB.LOCAL, I will click on Servers on the left.

Click on Add

We will Generate a Script for the Single Windows Server 20H2 Core.
You can Add also Servers at Scale.

HTTPS Access to Azure Services is Needed
and
Local Administrator permissions, Click Next

Select the right Azure Subscription and the Resource Group.
Select the Azure Region and Operating System.
and the URL when you are behind a Proxy Server.
Click Next.

You can add Tags for Administrative tasks like Costs.
Click Next.

Here you can Copy and Paste the Script or Download it.
I downloaded the PowerShell Script.
Click on Close.

Windows Admin Center in action on Windows Server 20H2 Core

The Windows Server Dark20H2.mvplab.local is a basic installation and managed by Windows Admin Center

Now we have to do the following steps :

  1. Copy the Azure Arc PowerShell Script to the Server with WAC.
  2. Install Azure PowerShell on the Server
  3. Run the Azure Arc PowerShell Script.

1. Copy the Azure Arc PowerShell Script to the Server with WAC

First we use Windows Admin Center to make a directory on the Server for uploading the Azure Arc PowerShell Script.

I have made a Azure Arc directory with Windows Admin Center.
Click on Upload.

Browse to your Azure Arc PowerShell Script.

Click on Submit.

The Azure Arc PowerShell Script is now on the Server.

2. Install Azure PowerShell on the Server

In the following steps we will install Microsoft Azure PowerShell on the Server via Windows Admin Center.

Type: $PSVersionTable.PSVersion
You need at least PowerShell 5.1

  1. Install .NET Framework 4.7.2 or later.
  2. Make sure you have the latest version of PowerShellGet. Run Install-Module -Name PowerShellGet -Force

Run the following script :

———————————————————————-

if ($PSVersionTable.PSEdition -eq ‘Desktop’ -and (Get-Module -Name AzureRM -ListAvailable)) {
Write-Warning -Message (‘Az module not installed. Having both the AzureRM and ‘ +
‘Az modules installed at the same time is not supported.’)
} else {
Install-Module -Name Az -AllowClobber -Scope CurrentUser
}

———————————————————————–

Type Y or A ( Yes or Yes to All)

Installing the Azure PowerShell Modules.

Now we are ready for the Azure Arc PowerShell Script.

3. Run Azure Arc PowerShell Script on the Server.

From here we are going to install the Microsoft Azure Arc PowerShell Script to join this server to Azure Arc Services with an Agent.

Run   .\OnboardingScript (1).ps1
It will ask for a Device login to Azure with a Code.
I did that on the Windows Admin Center Server.

When you Login to Azure with your Account you will see this Screen.

The Next screen is the completion in Windows Admin Center PowerShell of the Windows Server 20H2 Core.

This Dark20H2.mvplab.local Server is now connected with Azure Arc Services.
Azure Arc Enabled Server.

Here we see the Windows Server 202H2 Core in Azure Arc.

Azure Arc Services

Installing Azure Arc Insights

Here we start with one of the Azure Arc Services on the On-Premises Windows Server 20H2 Core called Azure Arc Insights.

Click on Insights on the Left of the Azure Arc Server.
Click on Enable.

Select your Azure Subscription and Log Analytics Workspace.
Click on Enable.

Installation of Azure Arc Insights in progress……

It’s Ready and waiting for data in Azure.

Performance View of On-Prem Servers.

Azure Arc Service Map will come available

Conclusion

With Microsoft Azure Arc Services you get the Azure Cloud Management services connected with On-Premises Servers. You get Azure Security Center, Log Analytics, Azure Monitoring and Alerting, Update Management, Change tracking and Automation tasks. This is the power of Hybrid IT Management and get the best of Tools there is like Windows Admin Center supporting me with Windows Server 20H2 Core. Azure Arc Services with Kubernetes and Azure Stack HCI Management is powerful and with a Single pain of Glass in IT Management. Hope this helpful for you, and Go for it yourself. 😉

 

 


Leave a comment

#WindowsAdminCenter and Windows Server 20H2 Core with WSL2 #Ubuntu Distro #Winserv #WSL2

Windows Server 2019 Core and WSL 2 Ubuntu 18.04

The Windows Subsystem for Linux (WSL) gives you the most command-line tools, utilities, and applications directly on Windows. I’m using Microsoft Windows Admin Center and Windows Server Core 20H2 with Build version 19042.746 to deploy WSL 2 with Ubuntu 18.04 Linux Distro. Here you find the installation of the Windows Server Core 20H2 with Windows Admin Center

In the following steps we will install the Following :

  • Windows Subsystem for Linux (WSL)
  • Move from WSL 1.0 to WSL 2.0
  • Install Ubuntu 18.04 Linux distro

Installing Windows Subsystem for Linux (WSL)

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

This will install the WSL Feature.
When it ask do you want to Restart select No, because we will install the Next Feature :

Enable-WindowsOptionalFeature -Online -FeatureName VirtualMachinePlatform

Select now Yes for Restarting the Server.

Moving from WSL 1.0 to WSL version 2.0

Before we Move from WSL version 1 to WSL version 2, we need a WSL Kernel Update.
Download here https://aka.ms/wsl2kernel

I Created a Share on the Windows Server via WIndows Admin Center.
And Uploaded the WSL_Update_X64.msi

Run WSL_Update_X64 and Click on Next.

Click on Finish

WSL –Set-Default-Version 2
Now we have Windows Subsystem for Linux version 2 Active.

Install Ubuntu 18.04 Linux Distro for WSL2

With the following Powershell Invoke-WebRequest we get Ubuntu 18.04


Invoke-WebRequest -Uri https://aka.ms/wsl-ubuntu-1804 -OutFile ~/Ubuntu1804.zip -UseBasicParsing
md C:\Distros\Ubuntu1804
Expand-Archive ~/Ubuntu1804.zip C:\Distros\Ubuntu1804


Run Ubuntu 18.04

Ubuntu 18.04 is Running in WSL2 on Windows Server Core 20H2 😉

Conclusion

First of All Microsoft Windows Admin Center is supporting me in the Installation of Windows Subsystem for Linux. We have WSL 2 Running with Ubuntu 18.04 with a lot of possibilities!
What I really like is integration, like in Windows 10 and Docker for desktop with the WSL 2 Engine. Here my Blogpost
Together with VSCode Remote WSL is Cool.

Would be awesome to run Docker Windows and Linux Containers in combination with WSL 2 integration on Windows Server Core edition. Maybe in the Future, who knows?


Leave a comment

Happy Holidays and I wish you a Healthy 2021 #Azure #Cloud #MVPBuzz #Winserv #Security #Healthcare

It’s a year full of misery with the Covid-19 virus around the world. People who lose their loved one, It’s a very sad time for all of us! Microsoft technologies are still going on strong with new features in Azure Cloud Services but also supporting the people who are working in the healthcare, data analytics, Microsoft Teams for Collaboration and much more. But what I want to say to all HealthCare people over the world : THANK YOU SO MUCH FOR ALL THE WORK YOU DO 👍
I have deep respect for you all !
Community, Microsoft Product Teams, MVP Lead, WIndows Insiders, I wish you and your family happy holidays and a Healthy 2021 with lot of Success! 🎄😍

 


Leave a comment

#WindowsAdminCenter – Installing Windows Server version 20H2 Core Build 10.0.19042 #Winserv #HybridIT #Azure

Windows Admin Center Hyper-V Host

Simplify server management

Manage all your server environments with familiar yet modernized tools, such as the reimagined Server Manager and streamlined MMC tools, from a single, browser-based, graphical user interface. Admins can manage Windows Server instances anywhere: on-premises, in Azure, or in any cloud.

Operate hybrid seamlessly

Extend on-premises deployments of Windows Server to the cloud by using the Azure hybrid services found in Windows Admin Center. Use Azure for:

  • Backup and disaster recovery
  • Additional capacity for compute, file servers and storage
  • Centralized management for monitoring, threat protection and update management

You can download Windows Admin Center here

In the following steps we will install Windows Server Core 20H2 version Build 10.0.19042 via Windows Admin Center on my Hyper-V Host called Starship01.mvplab.cloud.
I have Windows Admin Center already running for my MVPLAB with a Windows Server 2019 Hypervisor host. From here I will install a New Windows Server Core 20H2 Machine.

Click in the Left toolbar on Virtual Machines 
and then on Add New

Deployment settings for the New Virtual Machine.

Here we set the following settings :

  • Virtual Machine Name
  • Generation VM ( gen 2 is recommended )
  • The path of the VM settings and Disk
  • Virtual Processors
  • a mark for nested virtualization ( for the Hyper-V feature )
  • Memory
  • Network / Virtual Switch
  • Storage

 

When you Add Storage you can select also the new ISO file for Installation.

I changed the Size of the Operating Disk from 127GB to 50GB
And I selected the path to the Windows Server Core 20H2 ISO.
Then Click on Create.

Windows Admin Center will create the Virtual Machine really fast.

Now the Window Virtual Machine Dark20H2 is created by Windows Admin Center on the Hyper-V Host, we can do the Windows Server Core 20H2 Installation by starting the Virtual Machine.

Before you Start running the VM, have a look at the settings

If you want you can set more Security features here.
You can set Encryption and Security Policy.

Start the Virtual Machine here for Installation of Windows Server Core 20H2
( The ISO is connected )

Installation of Windows Server Core 20H2 version Build 10.0.19042

The virtual Machine is running and now we can connect it via Windows Admin Center to do the installation of Windows Server.

Click on Connect

Use your Windows Admin Center account and mark
for the certificate. Then Click on Connect

Here we see the Console for the Windows Server Installation.

Install Now.

The Windows Server Core 20H2 is Installed.

Of course you can now configure the Machine via SConfig.exe, I only gave the Server name and a static IP address with DNS.

Via Windows Admin Center ( Manage) you can add the Machine to the domain.

Add the Server to the domain with your account and Click on Join

Server will Restart, Click on Yes

Dark20H2 Joined the Domain MVPLAB.CLOUD Successfully

 Adding the Windows Server Core 20H2 to Windows Admin Center

Add Dark20H2.mvplab.cloud to Windows Admin Center.

Of course I want to manage the server with Windows Admin Center and use all the tools I need to securely manage this Server.

Windows Server Core 20H2 in Windows Admin Center.

First thing what I do in my MVPLAB is Windows Updates.

December Updates for Windows Server Core 20H2

Updates Installed Successfully 🙂

Azure Hybrid Services

Azure Hybrid Services

You can extend on-premises deployments of Windows Server to the cloud by using Azure hybrid services. These cloud services provide an array of useful functions, both for extending on-premises into Azure, and for centrally managing from Azure. Think of :

  • Azure Backup Services
  • Azure Monitoring Services
  • Disaster Recovery
  • Azure File Sync Services
  • Azure Security Center / Azure Defender Services

Here you find more information about Azure Hybrid Services

Conclusion

Windows Admin Center is a must have when you have to manage Windows Server Core versions, you don’t have to worry about all the Commands of Windows Server Core. With Windows Admin Center it becomes easy to do the complete installation of the server and this include also all features of Windows Server Core 202H2 Build 10.0.19042. It becomes really powerful when you use it in a Hybrid way by connecting to Microsoft Azure Cloud Services. Earlier I wrote a blogpost about Windows Admin Center and Azure Security Center

I Hope this is useful for you, and start your journey with Windows Admin Center & Windows Server Core versions 😉

JOIN the Windows Admin Center Community Group on LinkedIn


Leave a comment

Azure Arc Security remediation on Azure Stack HCI Cluster #Azure #Security #ASC #AzureStackHCI

Azure ARC Services

Microsoft Azure Arc enables you to manage your entire environment, with a single pane of glass, by projecting your existing resources into Azure Resource Manager. You can now manage virtual machines, Kubernetes clusters, and databases as if they are running in Azure. Regardless of where they live, you can use familiar Azure services and management capabilities. Azure Arc enables you to continue using traditional ITOps, while introducing DevOps practices to support new cloud native patterns in your environment.

IT Management with Azure ARC

With Microsoft Windows Admin Center I Build a Microsoft Azure Stack HCI Cluster and the Nodes are connected with Azure Arc Services. In the following steps you will see a security feature of Microsoft Azure Arc Services with remediation of the Risks on the Azure Stack HCI Cluster On-premises.

Azure Arc Security Remediation

Here you see the Azure Arc Servers with Azure Stack HCI

On Skywalker01 Node we have two Security Risks

When you click on the risk, you see the description and the remediation steps to solve this risk issue. Here you can also see the remediation script:

Automatic Remediation Script. 

Select the Azure workspace ID and when you don’t have one you can Create new Workspace in Azure.
Select the resource, in my case Skywalker01
Click on remediate resource.

Remediation in progress

The Microsoft Azure Monitor Agent extension in Azure Arc is successfully installed.

Done.

I did the same for Skywalker02 Azure Stack HCI Cluster Node.

The Next Medium Risk is a Vulnerability assessment on the Azure Stack HCI Cluster nodes. Just follow the steps of the wizard.

Azure Arc Security Vulnerability Assessment with Azure Defender

Click on remediate.

This one will use Qualys in Azure Defender.

Click on remediate resource.

The vulnerability scanner included with Azure Security Center is powered by Qualys. Qualys’ scanner is one of the leading tools for real-time identification of vulnerabilities. It’s only available with Azure Defender for servers. You don’t need a Qualys license or even a Qualys account – everything’s handled seamlessly inside Security Center.

Here you find more information about Azure Defender’s integrated vulnerability assessment solution for Azure and hybrid machines

Azure Arc Insights Monitor

Azure Arc Insights of the Azure Stack HCI Cluster Node

Because we have installed the Microsoft Azure Monitor extension in Azure Arc on this Azure Stack HCI Node Server, telemetry and analytics will do his job for Monitoring in Azure and data will be collected. In Azure maps you see the connectivity of the Server.

 

Here you can see the Fired Alerts by severity and Investigate 🙂

You can monitor the Traffic

Here you find more information about Insights and Maps for your Servers

Conclusion

Here you see the power of Hybrid IT management via Microsoft Azure Arc services and get Azure Cloud services for your On-premises Servers. You have the Free Microsoft Windows Admin Center Tool and integration with Azure Arc for all the innovative tools like Azure Monitor, Azure Security Center, Azure Defender, Update management and more. I hope you see the benefits too, Get started Today !

JOIN the Microsoft Azure Monitor & Security for Hybrid IT Community

 


Leave a comment

Being a Windows Insider is Awesome ! #Windows10 #WIMVP #WindowsInsiders

Windows Insiders Build 20246

Windows Insider Program

I Love being the first to see what’s next for Windows in the Windows Insider Program. For me It’s a way of Life to support Microsoft by giving feedback, suggestions and ideas for Windows 10 New innovations and improvements. I feel I’m building together with the Microsoft Product Team and Community to make a better product every week. It’s awesome too see that Microsoft is solving your feedback issue or your idea is coming in the next Windows Insider Build Release 🙂 I’m a Windows Insider MVP but also a Cloud and Datacenter Management MVP for the Community sharing New Microsoft Technologies.
You can join the Microsoft Windows Insider Program too and work with the newest Windows Insider Preview Builds of Microsoft.

Windows Insider Feedback Hub

Windows Insider Program

When you joined the Windows Insider program, you only have to activate the right Windows Insider Channel in your Windows10 Operating system. Go to Settings and Click on Windows Insider Program.

Windows Insider Program

First you login with your Windows Insiders Registration email address to get connection with the Windows Insiders Preview Build version. Then you have to select in which Windows Insiders Channel you want :

Here you see the Windows Insiders Channels.

I’m using all the Channels on different Machines as a MVP

When you select your Windows Insiders Channel, then you go to Windows Updates and get the latest Windows Insiders Preview Build of your Channel to download and Install.

Downloading Windows Insider Preview Build 20251 in the Dev Channel.

After downloading, rebooting, installing the new Windows Insiders Preview Build, you can test Windows 10 with the newest features of Microsoft and give your feedback and ideas in the Feedback Hub on your Machine.
Here you find the Microsoft Windows Insider Blogpost about this Preview Build 20251

Here you find all the Windows Insiders Preview Blogposts

When you found a new Issue in Windows Insider Preview Build or you want to give your idea to Microsoft, open the Windows Insiders Feedback Hub on your local machine here:

Click here on Give Feedback.

Summarize your feedback and Explain in more details

Select at Category if it’s a problem or Suggestion
and the category recommendations.
Click on Next

Find Similar Feedback Click Next

Add More Details.

For the Microsoft Windows Insider Engineers It’s important to get Screenshots and the data. Start recording and show Microsoft your issue in this Windows Insider Preview Build. Save the recordings ! and Send your feedback to Microsoft.

You can support Microsoft by giving feedback when something is fixed for you.

Here I report that the File Explorer issue is solved in Build 20251.

In the Feedback Hub you find more like Quests, Achievements, and Announcements from Microsoft Windows Insider Program.

Windows Insider Achievements

For the work you do free because you like to test the newest Microsoft Windows features, you can earn Microsoft Badges.

Microsoft Windows Insider Quests

With Microsoft Windows Insider Quests, Microsoft ask you to test new features and give your feedback about it.
They explain the feature and the steps so you can try it yourself. I love these quests, because then you learn about the new features and innovation you try out.

here you see the Microsoft Windows Insider Announcements to keep you Up-to-Date

Windows Insider Community

Being a Windows Insider in the Community is Awesome, you make friends on social media who share the same technology interest, asking questions and keep each other posted on new updates. Microsoft Windows Insiders program is really active on Twitter with handler @windowsinsider 

We use Hashtag’s : #WindowsInsiders #WIMVP #Windows10

 

#WIMVPBenelux every week in Teams is FUN 

 @aavdberg

Follow the Microsoft Windows Insider Team :
Who to Follow on Twitter:

Jen Gentleman : @JenMsft
Amanda Langowski : @amanda_lango
Jason Howard : @NorthFaceHiker
Eddie Leonard : @DJ_EddieL
Brandon LeBlanc : @brandonleblanc

Conclusion

When you like to work with the Newest Microsoft Windows Insider Preview Build versions to test and explore New innovated features in Windows 10 or Windows Server, then JOIN the Windows Insider Program.
I really like this program and being connected with Microsoft Product Group, giving feedback and working Together with the Community to make a better product every time. For me It’s a way of life, It’s a Great Hobby for me but also my Work 😉
Have Fun with the Windows Insider Program, and Learn on the Job !