- What’s your ENow AppGov Score? Free Microsoft Entra ID app security assessment - Thu, Nov 30 2023
- Docker logs tail: Troubleshoot Docker containers with real-time logging - Wed, Sep 13 2023
- dsregcmd: Troubleshoot and manage Azure Active Directory (Microsoft Entra ID) joined devices - Thu, Aug 31 2023
Windows Admin Center continues to evolve as Microsoft extends it with many useful new features, especially since the release of Windows Admin Center 1910. One of the great things about Windows Admin Center is its extensibility. It is highly modular, enabling the addition of new extensions.
Over the past several weeks and months, Microsoft has introduced many great new extensions that replace legacy extensions. They have also introduced new extensions for use with Windows Admin Center. In case you haven't heard already, they recently released a new Security extension that can be installed and accessed via Windows Admin Center. What is the new Security extension? What features does it provide for security-related tasks within Windows Admin Center?
New Security extension
The new Security extension for Windows Admin Center allows you to interact with Windows Defender on your local server or on remote servers. This is especially interesting in terms of interacting with remote Windows Server Core installations and running security scans on those boxes.
You can also use the new Security extension to schedule security scans on your local or remote Windows machines. This will be an excellent tool, especially for Windows Server Core installations, to run quick, ad-hoc security scans as well as scheduled security scans. Imagine having this centralized security tool to run scans across your environment, as opposed to remoting into servers and running security scans in a “sneakernet” fashion.
Installing Windows Admin Center Security Extension
Before installing the new Security extension, you need to make sure you are running the latest Windows Admin Center. To download the latest version, go to the Microsoft Windows Admin Center download page. This ensures the new extensions will be compatible with the version of Windows Admin Center you are running.
Once you have the latest Windows Admin Center, how do you get the new Windows Admin Center Security extension? It is extremely easy and is done the same way you get any other extension in Windows Admin Center. It is available through the Settings > Extensions area of Windows Admin Center. Microsoft presents available extensions as available for download instead of requiring users to download a package and have it presented to Windows Admin Center. The Security extension is currently available in Preview mode, which means that development is still underway and it is meant for "test drive" purposes only at this point.
Highlight the extension and click the Install button.
Once the Security extension is installed, you can access it by connecting to a server, either your local Windows Server or a remote Windows Server managed by Windows Admin Center, and navigate to Tools > Security. You will notice several things about the Security module. There are Summary and Protection History tabs as well as various actions in the dashboard. These include starting a New scan, scheduling a scan, and refreshing the status of the information displayed in the dashboard. Additionally, from this screen, you can turn real-time protection on or off.
When you click the New scan option, an overlay is launched from the side of the Windows Admin Center Security screen. The scan type options are to run a Quick Scan or Full scan.
Another nice feature is the ability to schedule a security scan on your local or remote Windows Server. When you click Schedule, an overlay called Scan Schedule pops out from the side. Choose the Quick or Full scan option, as well as a Scan day. Currently, you can only select a day and not a weekly or monthly interval. You can also set the scan schedule to Never. So the scan schedule options are fairly basic at this point. However, I am sure these options will be greatly extended in the future for more powerful features and functionality.
The Protection History tab shows you any security-related events caught by the real-time malware scanning and protection offered by Windows Defender. There is also a Search field that will allow you to find a specific event on your Windows Server if more than one exists. This can be helpful if you are using the tool for forensics to note specific events and details.
One of the great things about Windows Admin Center is that it finally gives administrators the tool they need to manage the Windows Server Core operating system effectively. No longer do IT admins need to cobble together a number of tools to perform the various tasks needed to manage their Windows Server Core installations. In the realm of security scanning, have you ever wondered how you could effectively scan a Windows Server Core installation remotely? Now you can with Windows Admin Center security extension. Note below, a Widows Server Core installation is managed with Windows Admin Center. You can effectively use the new Security extension to scan your remote Windows Server Core installation for malware!
Subscribe to 4sysops newsletter!
The new Windows Admin Center security module is going to be a great addition to the new extensions available for Windows Admin Center. This module makes it easy to scan and monitor servers remotely, including Windows Server Core installations. Be sure to download and install the new Security extension for your Windows Admin Center installation. Download the latest version of Windows Admin Center here.