- What’s your ENow AppGov Score? Free Microsoft Entra ID app security assessment - Thu, Nov 30 2023
- Docker logs tail: Troubleshoot Docker containers with real-time logging - Wed, Sep 13 2023
- dsregcmd: Troubleshoot and manage Azure Active Directory (Microsoft Entra ID) joined devices - Thu, Aug 31 2023
As an IT admin, can you say that you do everything according to best practices? While most IT admins attempt to follow best practices according to vendor guidelines, this can be difficult to accomplish with consistency and accuracy. Especially in cloud environments like Microsoft Azure, which is growing, changing, and morphing, it can be difficult to keep up with best practice recommendations, let alone implement them consistently with Azure infrastructure such as virtual machines.
What is Azure Automanage?
Microsoft recently announced Azure Automanage as a preview at the recently Microsoft Ignite virtual conference. So what exactly is Azure Automanage? It is a new service for virtual machines that eliminates the need for you as the customer to discover, configure, and onboard services in Azure that would benefit your virtual machines.
There are certain services that are available in Azure that are considered the best practice for enrollment with existing virtual machines that you may have there. In addition to simply onboarding your Azure virtual machines into the service, the new Azure Automanage service automatically configures those services in accordance with Microsoft's recommended best practices. What are some examples of best practice service recommendations for virtual machines running in Azure? Examples are:
- Azure Security Center
- Update Management
- Azure Backup
- Change tracking
- VM inventory
- Desired state configuration
- Guest configuration
- Automation accounts
- Log analytics
- VM Insights
After onboarding the virtual machine into the services, it automatically configures these services per Azure's own best practice recommendations. In the case of Azure backup, this may mean configuring the virtual machine to have a backup once a day and setting a specific retention period for those backups.
Another really great advantage of the solution is that it automatically configures the guest operating system per Microsoft's own baseline configurations. While these baselines have been available for quite a long time, having these applied automatically for your virtual machines running in Azure will take the heavy lifting out of ensuring the process is handled by manual means or even by custom scripting that must be developed, tested, and implemented.
On top of the automatic configuration of best practices for existing virtual machines, the new service goes even further. It monitors for configuration drift and corrects it when detected. What is configuration drift, and why is it an important element to monitor with your Azure infrastructure?
We all have experienced this in on-premises environments. You build a Windows Server that is pristine, and it has all the custom settings and configuration as set forth by your various business, application, and security requirements. However, over time, as various administrators work with the system, settings can be changed, and configuration deviates from the initial setup.
It is extremely important to monitor and manage configuration drift since it can cause deviations that can introduce both security and compliance risks to the environment. Generally, for organizations to manage configuration drift, they have to install and provision their own configuration management tool, such as Chef, Puppet, Ansible, or some other solution.
With the new Automanage solution, Microsoft again takes the configuration management burden off the shoulders of organizations that enroll in the Automanage platform and offers it as a service. Automanage not only configures virtual machines according to best practices, it also monitors to ensure virtual machines continue to comply throughout the entire lifecycle of the virtual machine. If the configuration does drift, it will automatically correct it and pull it back into compliance per the configured best practices as established with Azure Automanage.
Benefits of Azure Automanage
We have already touched on and alluded to many of the benefits that Azure Automanage brings to the table. However, consider the following benefits of the solution:
- Reduced total cost of ownership—Due to the automatic server management tasks that are carried out with Automanage, you are able to automate tedious and time-consuming tasks such as configuring Azure Backup and Security Center.
- Improve uptime and optimize Windows Server operations in Azure. Automated remediation of configuration drift helps to reduce the administrative workload and ensures consistent operations across the board.
- Insure your organization's virtual machines are configured in line with security best practices—Security is one of the most critically important components of infrastructure today. Making sure virtual machines running in Azure have security best practices applied ensures there are no vulnerabilities introduced due to security misconfiguration or unapplied configuration.
- Apply virtual machine best practices at scale across your organization—When you have only a couple of virtual machines to configure, "by-hand" operations are not too difficult. However, if you have dozens or hundreds of virtual machines running in Azure, it becomes extremely important to have a fully automated solution that does this for you.
- Free solution (for now)—As of now, Microsoft has announced there will be no charges specific to Automanage during the preview, although it appears it will be a paid solution once it is released as GA. However, organizations can get a feel for the features, capabilities, and benefits it can bring to their environment.
Enabling Azure Automanage
Another aspect of Azure Automanage that makes the solution seamless is the ease with which it can be enabled for existing virtual machines. After you have logged into the Azure portal, simply start typing "automanage" in the search box, and you will quickly see the solution listed.
The workflow to enable the service for a virtual machine is extremely intuitive and easy. Click the Enable on existing VM button.
Click the Select machines link to begin choosing which virtual machines you want to enable the service on.
Select the virtual machines you want to enable. Here, you can select a single machine or multiple virtual machines at the same time.
Finally, click the Enable button to enable the service.
The virtual machine status will show as In progress while the recommended best practices and best practice services are configured and provisioned, such as Azure Backup.
After a while, the status of the Automanage configuration is shown as Configured.
The new Azure Automanage solution shows a lot of promise in helping to streamline operations for Azure virtual machines. Not only does the solution configure virtual machines with best practice recommendations from Microsoft, it also monitors the VMs throughout their lifecycle to remediate any configuration drift as it happens in the environment.
Subscribe to 4sysops newsletter!
In addition, it configures the recommended best practice services in Azure for virtual machines you have running, such as Azure Backup and Azure Update Management. This helps to ensure that your VMs are both protected and updated regularly with the latest security patches. While the service is only in preview, it looks to hold a lot of value for organizations that may be managing and configuring virtual machines at scale in Azure. Pricing has not been released yet; however, it will most likely be in line with other Azure service offerings current in GA. Learn more about Azure Automanage here.