Updated – 09/03/2020 – Azure Security Center integration with Windows Admin Center is now GA!
Table of Contents
Windows Admin Center (WAC) is a flexible, locally-deployed, browser-based management platform and solution. It contains core tools for troubleshooting, configuration, management, and maintenance for Windows Server, Windows Client, Software-Defined Storage (SDS), Software-Defined Network (SDN), Microsoft Hyper-V Server, and more…
Windows Admin Center is not only for managing servers, clusters, hyper-converged infrastructure, and Windows 10 PCs, but it also lets you connect your Windows Server to Azure hybrid services whether they are running on-premises or different cloud providers. There are many more hybrid services for Windows Server, which you can leverage with Windows Admin Center.
- Azure Backup
- Azure File Sync
- Azure Network Adapter
- Azure Site Recovery
- Azure Security Center
- Azure ARC
- And much more…
Microsoft has recently added an ability to onboard on-premises (non-Azure servers) to be protected by Security Center directly from the Windows Admin Center (WAC) experience and view Azure Security Center (ASC) recommendations and alerts as part of the WAC portal.
Azure Security Center is a security management tool that allows you to gain insight into your security state across hybrid cloud workloads, reduce your exposure to attacks, and respond to detected threats quickly. If you are new to Azure Security Center, please check the official documentation from Microsoft.
In this blog post, I will show you how to secure and onboard on-premises servers to Azure Security Center with Windows Admin Center and then view security recommendations and alerts.
The prerequisites are very simple as follows:
1) You need to make sure you are running Windows Admin Center (WAC) Version 1910 or later.
2) Azure subscription. If you don’t have an Azure subscription, you can create a free one here.
3) Azure Security Center – Standard Tier enabled. Please note that you can use the standard tier free for 30 days.
4) Make sure to update to the latest Azure Security Center extension under Settings | Gateway | Extensions. At the time of this writing, I am running the General Availability (GA) version of the Azure Security Center extension (2.0.0). Updated – 21/07/2020 – Version (2.0.6) for the extension is released.
5) The server of which you want to onboard to Azure Security Center should be running Windows Server 2012 R2, Windows Server 2016, or Windows Server 2019.
6) Finally, make sure to connect the Windows Admin Center gateway to Azure. Please check the following article to see how to register Windows Admin Center gateway with Azure.
Once the Windows Admin Center version 1910 is deployed in your environment with all prerequisites mentioned above, you are ready to start.
Onboard On-Premises Servers To Azure Security Center
Launch the Windows Admin Center portal and take the following steps:
1) Choose the desired server, then select the Azure Security Center from the left-hand side under Extensions, and then click Sign in to Azure and set up to begin the set-up process and secure your on-premises Server with Azure Security Center.
2) Once you click on Sign in to Azure and set up, it will display all required information to associate this server with an Azure subscription and workspace (by installing the Microsoft Monitoring Agent on that server) and enable ASC standard protection on the selected workspace and subscription. Please note that all servers and VMs reporting to the selected workspace, and all VMs under the subscription, will be protected by the Azure Security Center standard tier.
3) In the Setup Azure Security Center page, select your desired Azure subscription and/or select Use existing Log Analytics workspace / Create a new one. Click Set up. In less than a minute, the onboarding Azure Security Center on your server will be finished successfully.
4) After onboarding, you will be able to see Alerts and Recommendations for the onboarded server in Windows Admin Center.
5) WAC – ASC Recommendations. You can Refresh to immediately pull any recommendation. In this example, I don’t have any recommendations for this particular server.
6) WAC – ASC Alerts. You can Refresh to immediately pull any alert. In this example, I have a critical alert with High severity. You can click on the alert and it will lead you directly to the alert page in the Azure portal – allowing you to further investigate and remediate this issue.
7) To view security recommendations for all your WAC servers in the Azure Security Center experience – Azure Portal, please go to the Azure Portal and click on “Security Center” → “Compute & apps” → “VMs and Servers” tab → Filter on “Resource type: Server” as shown in the screenshot below.
8) To view security alerts for all your WAC servers in the Azure Security Center experience – Azure Portal, please go to the Azure Portal and click on “Security Center” → “Security alerts” → Click on “Filter” and in “Environment”, make sure only “Non-Azure” is selected” as shown in the screenshot below.
That’s it there you have it!
Azure Security Center in Windows Admin Center is an easy way for you to set up, secure, and onboard on-premises servers into Azure Security Center without logging in to your server or the Azure Portal. Even if you have set up and secured your on-premises servers to Azure, Azure Security Center in Windows Admin Center will show you the security recommendations and alerts in a way that is easy to view without ever leaving the web browser. Behind the scene Azure Security Center extension in Windows Admin Center will do the following:
- Download and install the Microsoft Monitoring Agent (MMA) on your server.
- Connecting and registering your on-premises server to the Log Analytics workspace in Azure.
- Viewing all alerts and recommendations for the onboarded server without leaving the Windows Admin Center portal.
- Microsoft also added deep links, so if you can click on any Web links in the Azure Security Center extension in Windows Admin Center, it will lead you to the alert/recommendation page in the Azure Portal – Azure Security Center blade allowing you to further investigate and remediate the issue.
As you can see, onboarding on-premises servers to Azure Security Center with Windows Admin Center is very simple.
At the time of this writing, Azure Security Center in Windows Admin Center is now generally available (GA), I hope that Microsoft will support Linux machines and add the investigation and remediation workflow, so you can further secure on-premises servers (Windows/Linux) end-to-end without leaving the Windows Admin Center portal. I expect further enhancement to Azure Security Center extension in Windows Admin Center.
Windows Admin Center is a freely available management tool for anyone to use and makes managing a set of servers with or without GUI remotely, very easy, especially for “day-to-day activities”. Download the latest copy of Windows Admin Center from here, deploy it in a failover cluster for high availability, and secure your on-premises servers.
Thank you for reading my blog.
If you have any questions or feedback, please leave a comment.