DEV Community

Cover image for Managing Azure Arc Windows Servers with Azure Policy
Jimi
Jimi

Posted on

Managing Azure Arc Windows Servers with Azure Policy

Introduction

In our previous guide, we explored how to connect your on-premises Windows servers to the Azure cloud using Azure Arc. This integration opens up a world of Azure services and capabilities for your hybrid environment.

This guide will focus on leveraging Azure Policy to manage compliance and configuration for your Azure Arc-enabled Windows servers. We'll demonstrate this by automatically installing the Azure Monitor Agent.

Prerequisites:

  • An Azure account with an active subscription.
  • A Windows VM enabled with Azure Arc.

Step-by-Step Guide

  1. Log in to Azure and your Windows VM.
  2. Create an Azure Policy:

    • Navigate to Azure Policy in the Azure portal. Finding Azure Policy
    • Under Authoring, select Definitions. Finding Policy Definitions
    • Search for "Configure Windows Arc-Enabled machines" and select "Configure Arc-enabled machines to run Azure Monitor Agent". Searching for arc-enabled service
    • Click Assign policy.
    • Select your subscription and resource group as the scope. Defining policy scope
    • Navigate to the Remediation tab and enable "Create a remediation task".
    • Review and create the policy assignment. Creating the Policy
  3. Monitor Policy Compliance and Remediation:

    • Go back to Policy > Definitions and click Compliance. Finding Compliance
    • Locate the policy and verify its non-compliant status. Non compliant policy
    • The remediation task is automatically running. You can verify this in Policy > Remediation > Remediation tasks. Confirming remediation task
  4. Verify Azure Monitor Agent Installation:

    • Navigate to Azure Arc > Machines. Navigating to Arc Machines
    • Select your instance and go to Settings > Extensions. Checking the Arc machine extension
    • Verify that the AzureMonitorWindowsAgent extension is installed. Verifying the extension is downloaded

Conclusion:
Congratulations! You've successfully used Azure Policy to ensure your Azure Arc-enabled Windows VM has the Azure Monitor Agent installed.

Next Steps:
In the next guide, we'll delve deeper into enhancing the security of your Azure Arc-enabled Windows servers using Microsoft Defender for Cloud.

Top comments (0)