Updated on 03/03/2021 – This article was updated to include the latest announcement made by the Windows Admin Center team during Microsoft Ignite 2021.
In this article, I will share with you how to natively manage Windows Server VMs in the Azure Portal with the new Windows Admin Center extension (public preview).
Windows Admin Center (WAC) is a flexible, locally-deployed, browser-based management platform, and solution. It contains core tools for troubleshooting, configuration, management, and maintenance for Windows Server, Windows Client, Software-Defined Storage (SDS), Software-Defined Network (SDN), Microsoft Hyper-V Server, and more…
Windows Admin Center is not only for managing servers, clusters, hyper-converged infrastructure, and Windows 10 PCs, but it also lets you connect your Windows Server to Azure hybrid services whether they are running on-premises or in a different cloud provider. There are many more hybrid services for Windows Server, which you can leverage with Windows Admin Center.
- Azure Backup
- Azure File Sync
- Azure Network Adapter
- Azure Site Recovery
- Azure Security Center
- Azure ARC
- And much more…
At Microsoft Ignite in September 2020, Microsoft announced a new way to natively manage your Windows Server IaaS virtual machines from within the Azure Portal with Windows Admin Center. This is a great capability, which will provide you with granular management, configuration, troubleshooting, and maintenance functionality for managing your Windows Server VMs in the Azure Portal directly without the need to RDP into the VM. The first public preview was closed by the end of September 2020.
Finally, after long waiting, and during Microsoft Ignite in March 2021, the Windows Admin Center team announced the public preview v2 of Windows Admin Center in the Azure Portal broadly.
What’s new in Public Preview V2
At the time of this writing (March 2021), Microsoft added the following new features:
- Support for connection over a Private IP address besides the support over a Public IP address for added security.
- Support for VMs with custom images.
- Support for VMs that are domain controllers.
- Bug fixes.
- Performance improvements.
To follow this article, you need to have the following prerequisites:
- Azure subscription. If you don’t have an Azure subscription, you can create a free one here.
- Windows Server 2016 or Windows Server 2019 Azure virtual machine. If you don’t have a virtual machine, you can follow this quick start guide to create a new Windows Server virtual machine in the Azure Portal.
- Please note that the VM you create in Azure must have at least 3 GiB of RAM or more. This is a requirement for the Windows Admin Center extension to work properly.
- The management PC or machine that you use to connect to the Azure portal has the following requirements:
- The Microsoft Edge or Google Chrome browser.
- You need to have access to the virtual network that is connected to the VM (this is more secure than using a public IP address to connect). For example, if you want to manage the VM in Azure from on-premises using a Private IP address, then you need to have network connectivity over private networks such as site-to-site VPN, point-to-site VPN, or ExpressRoute.
Install Windows Admin Center extension
Log in to the Azure Portal and take the following steps:
- Select the desired Windows Server virtual machine where you want to install the new extension, and then navigate to the “Windows Admin Center (preview)” tab on the left-hand side of the VM under Settings.
- In the Windows Admin Center page, select a public inbound port through which Windows Admin Center will communicate to the VM (you can choose a different port if you want), and then click the Install button. For security precautions, do NOT select ‘open this port for me‘ which is only recommended for testing purposes, because if you let Azure configure this port for you in the Network Security Group, the port will be open to any source with the highest priority which you don’t want to do for production VMs.
- The installation of the extension will take around 5 minutes to complete.
- If you want to connect to the VM from specific public IP addresses, then you want to navigate to the ‘Networking‘ tab of the VM and add a new inbound security rule as shown in the figure below. Here is an example of what the inbound rule settings look like. You need to set the Source to IP addresses, and the Source IP addresses of all your management system IPs. The Destination is set to Any and the Destination port ranges to the port you specified in the previous step, and the Protocol is set to Any.
Connect to Windows Admin Center in Azure
Once the inbound security rule is added, you can take the following steps:
- Switch back to the “Windows Admin Center (preview)” tab on the left-hand side of the VM under Settings. Then specify whether you want to use a Private IP address or Public IP address, then click on “Connect” as shown in the figure below. The connection will take around one minute, as part of the connection process, Microsoft periodically renews your Windows Admin Center certificate for security purposes.
- Then you will be asked to enter your VM’s local administrator credentials. Enter the username and password and click ‘Sign in‘.
- Once the credentials are entered, Windows Admin Center will start loading which might take up to 1 minute. The first load time might be a little longer, however, any subsequent load will be just a few seconds.
If you are familiar with Windows Admin Center UI experience, it looks and feels exactly the same. Consistency is Key! Here is a screenshot of accessing my Azure VM through Windows Admin Center natively in the Azure Portal, VM blade.
That’s it there you have it!
How it works…
When you install the Windows Admin Center extension from the Azure Portal, it installs a lightweight .msi package on your Windows Server Azure VM. The extension manages your server using Remote PowerShell and WMI over WinRM.
By opening an inbound security port to the internet, you can access the UI of the Windows Admin Center directly from the Azure Portal directly. This will eliminate the need to install the Windows Admin Center in a dedicated VM in Azure to manage your servers, so less VM is always great to reduce cost.
What about the Azure Bastion management service where you can privately and fully manage RDP and SSH access to your virtual machines?
Windows Admin Center extension does not interact with or impact Azure Bastion in any way. Windows Admin Center has to be deployed on a per-VM basis and requires a public IP address, while Azure Bastion works on Private IPs for all VMs that are part of a single virtual network. Additionally, Azure Bastion is not free and it’s billed per hour, however, Windows Admin Center is free! You have a lot of flexibility and options here.
In this article, I showed you how to get started managing your Windows Servers IaaS VMs in the Azure Portal natively. This will help you reduce the need to Remote Desktop (RDP) into your Azure VM for management. The new Windows Admin Center IaaS extension in Azure will provide you tools that you are already familiar with, such as Device Manager, Task Manager, Windows Firewall, Hyper-V Manager, and most other MMC tools.
At the time of this writing, the Windows Admin Center extension in the Azure Portal is in public preview V2. I would expect further enhancement and additional features to be added in the near future.
Windows Admin Center is a freely available management tool for anyone to use and makes managing a set of Windows servers with or without GUI remotely, very easy, especially for “day-to-day activities” without the need to login into your Azure VM for management, and without complex installation.
Thank you for reading my blog.
If you have any questions or feedback, please leave a comment.