Integrating on-premises environments has never been easier using Azure Arc. Azure Arc provides a bridge between Azure base resources on on-premises. This is now the 1st recommended step after configuring Azure Hybrid Services in Windows Admin Center.
1.Logon to TMWAC01 (Windows Admin Center server) as Administrator.
2. Open Edge and browse to https://localhost
3. Click Advanced and accept the Security Warnings to continue.
4. Click on TMWAC01.
5. Click on Azure Hybrid Center.
6. Click on Setup Azure Arc.
7. On the Setup Azure, Arc window choose your Azure Subscription.
8. On Resource Group, select Create new.
9. In Resource Group type TMAdvancedCyberSecurity.
10. In Azure Region, choose Canada Central.
11. Click on Set up.
12. You can view the status of the setup by viewing the notification bell.
13. You will see the silent deployment of the Azure Connected Machine Agent (AZURE ARC AGENT).
14. You don’t need to do anything. Just let the installation complete.
15. Ensure that everything is configured correctly by checking the notification bell.
16. You should see a green check mark by Setup Azure Arc for Servers.
17. Login to Portal.Azure.com to validate that the Servers have been onboarded to Azure Arc.
18. Click on Azure Arc under Azure Services. If it isn’t displayed here, search for Azure Arc in the Search box.
19. In Azure Arc, select Servers and ensure TMWAC01 is listed.
20. Click on TMWAC01.
21. From TMWAC01, Click on Update Management.
22. You will see a dialog box. For this server, please enable ‘Update Management’ from your Automation Account. To know more, click this banner.
23. Click the banner.
24. For this lab, we will create a new Log Analytics workspace. From the Azure Portal search type, Log Analytics Workspaces.
25. Then click Create.
26.In the Create Log Analytics Workspace, select your Azure Subscription
27.Select the resource group that we created earlier TMAdvancedCyberSecurity
28.In the Instance Details Name type TMAdvancedCyberSecurityLogAnalyticsWorkspace
29.In Region, choose Canada Central and click Review and Create.
30.Then click Create
31.It will take a few minutes to create the Log Analytics Workspace go grab a coffee.
32.Once completed, click on Go to Resource.
33. Click on Automation Account.
34. An error message is displayed that This log analytics workspace is not linked to an Automation Account.
35. For this lab we will create a new automation account.
36.In the Azure Portal, type Automation Accounts in the search box.
37.Click on Create.
38.In the Create Automation Account, select your Azure Subscription
39.On Resource Group Choose TMAdvancedCyberSecurity
40.On the Automation Acccount Name type TMAdvancedCyberSecurityAutomationAccount
41.In Region type Canada Central
42.Click on Review and Create and the Create
43. Click on Go to Resource.
44.Click on Update Management
45.In the Log Analytics Workspace, choose TMAdvancedCyberSecurityLogAnalyticsWorkspace
46.Click Enable.
47.It will take a few minutes for this task to complete
48.Click off update management and then back on update management.
49. Now you will see update management Enabled.
50. Click on Manage Machines and ensure that Enable on all Available and future machines is selected.
51. Click on Change Tracking and click Enable.
52. Click on Inventory and click Enable.
53.Click on Change Tracking and click Manage and select Enable on all available machines and future machines and then click Enable
54.Note in the screen shot it should be the 2nd radio button
55.Repeat the steps on Inventory.
56. On TMWAC01, click Security and Select View Additional Recommendations in Defender for Cloud.
57. Select Enable Endpoint Protection and then select Log Analytics agent should be installed on your Windows-Based Azure Arc Machines.
58. On Log Analytics agent should be installed on your Windows-based Azure Arc Machines click Fix.
59. On Fixing Resources Workspace ID, select TMAdvancedCyberSecurityLogAnalyticsWorkspace and click Fix 1 Resource.
60. In the notification bell, we can see remediation in the process.
61.On TMWAC01, we can see Microsoft. Enterprise cloud.Monitoring.MicrosoftMonitoringAgent is now deployed
62.It took about 5 minutes for this to complete.
63.Now that we can see Azure Arc working correctly let’s configure the rest of the Azure Hybrid Services from Windows Admin Center on TMWAC01
64.Notice how Azure Update Management is no longer showing up in this list. Because we manually configured it above.
65.NOTE – This process could have been automated with Windows Admin Center, but we wanted to show the backend configuration for the purposes of the lab.
Hope you enjoy this post.
Dave Kawula