Azure Arc: Manage on-prem Windows Server VMs with Azure Resource Manager

• Author
• Recent Posts

Brandon Lee

Brandon Lee has been in the IT industry 15+ years and focuses on networking and virtualization. He contributes to the community through various blog posts and technical documentation primarily at Virtualizationhowto.com.

Latest posts by Brandon Lee (see all)

• Install Azure Stack HCI Single-Node Cluster - Mon, Jul 4 2022
• Network management software from Auvik: Cloud-based and easy to use - Thu, Jun 23 2022
• Secure email and privacy in the cloud with Proton for Business - Tue, Jun 21 2022

Azure Automanage enables organizations to automate operations and apply consistent policies across their environments. It enrolls, configures, and monitors the entire lifecycle of dev/test and production VMs and respective Azure services configured for best practice. These include the Azure Security Center, Azure Backup, and VM Insights.

Automanage can onboard servers that have been Arc-enabled, existing on-premises, or even in other public cloud environments. First, we need to Arc-enable an on-premises resource before it can be enrolled in Automanage.

Onboarding Windows Server 2022 in Azure Arc ^

The process of onboarding your on-premises Windows Server 2022 into Azure Arc is relatively straightforward using Microsoft's scripts.

To get started, search for Azure Arc in the Azure portal. Then navigate to Azure Arc > Infrastructure. Under the Infrastructure tab, you have the option to onboard your existing infrastructure, including:

• Servers
• Kubernetes clusters
• SQL Server

Below, we are choosing to Add Servers.

Adding your existing infrastructure to Azure Arc

Next, we have a few options available to add servers with Azure Arc:

• Add a single server
• Add multiple servers
• Add servers from Update Management (preview)

For the simple demonstration of adding a single Windows Server 2022 machine, we click the Generate script button under the Add a single server option.

Add servers with Azure Arc

Next, note the prerequisites for adding a server to Azure Arc. These include:

• HTTPS access to Azure services—The server requires access to port 443 and a set of outbound URLs for the Azure Arc agent to function properly and view outbound URLs.
• Local administrator permission—Onboarding requires local administrator permission on the server.
• Connectivity method— You can connect to the Internet over a public endpoint, a proxy server, or a private endpoint. Using Azure Arc-enabled servers with a Private Link Scope model allows multiple servers to connect with Azure arc resources with a single private endpoint.

Viewing the prerequisites for onboarding a server into Azure Arc

Next, fill in the Resource details for adding a server with Azure Arc. You will need to populate your subscription, resource group, region, operating system, and connectivity method.

Fill in the Azure Arc resource details

With Azure Arc, tags can be important, as you may have Arc-enabled resources in many different geographic regions to track. In addition, you can configure custom tags.

Configure physical location tags

Finally, in the fourth step, you can copy the supplied script to paste into a script file on your server, or you can download the script as a .ps1 file. It is customized for your Azure subscription, tenant ID, and resource IDs to match your environment.

Download and run the Azure Arc onboarding script

Now, you can execute the script, and your server will be onboarded properly. If your authentication token expires before you run the script, you may need to reauthenticate, as directed in the script output.

Once you receive successful output from executing the script, we see our on-premises server appear on the list of Azure Arc resources, verifying that it has been onboarded and is now managed with Azure Arc.

On premises Windows Server 2022 machine available in Azure Arc

Using Automanage with on-premises Windows Server 2022 ^

Now that we have the on-premises Windows Server 2022 onboarded with Azure Arc, we can enable it with Automanage.

Once you find the Automanage blade using the search function, click Automanage machines > Enable on existing machine.

Enable Automanage on an existing machine

There are two configuration profiles available by default with Automanage:

• Azure Best Practices—Production
• Azure Best Practices—Dev/Test

One of the differentiators between production and dev/test is that the latter does not configure Azure Backup. Once you select the configuration profile, you need to click the Select machines link. It allows you to choose the server you want to enable for Automanage.

Select the machines to onboard with Automanage

You will then be able to select the on-premises server using Azure Arc. After the server's verification, you can click the Enable button.

After selecting the Azure Arc enabled Windows Server 2022 to enable Automanage

You should see a message indicating Configuration profile assignment completed successfully.

The configuration profile assignment completes successfully

After a few minutes, the Status of the automanaged Windows Server 2022 should be Conformant.

The Azure Arc enabled Windows Server 2022 is now Automanage conformant

You can view the status report; it will display the Configuration profile and the status of the onboarded machine.

Viewing the status report for the onboarded on premises Windows Server 2022 machine

Wrapping up ^

Using Azure Arc allows extending the Azure Resource Manager control plane to on-premises resources or resources in other public clouds. Once onboarded in Azure Arc, you can enroll servers in other Azure services as if they are native Azure objects.

One of these services is Azure Automanage. It can automatically configure best practices profiles for both dev/test environments and production.