You dont have javascript enabled! Please enable it! Manage Windows Server In The Azure Portal With Windows Admin Center - CHARBEL NEMNOM - MVP | MCT | CCSP | CISM - Cloud & CyberSecurity

Manage Windows Server in the Azure Portal with Windows Admin Center

6 Min. Read

Updated on 15/02/2024 – Windows Admin Center for Azure Virtual Machines is now generally available.

Updated on 03/03/2021 – This article was updated to include the latest announcement made by the Windows Admin Center team during Microsoft Ignite 2021.

In this article, we will show you how to natively manage Windows Server VMs in the Azure Portal with the new Windows Admin Center extension.


Windows Admin Center (WAC) is a flexible, locally-deployed, browser-based management platform, and solution. It contains core tools for troubleshooting, configuration, management, and maintenance for Windows Server, Windows Client, Software-Defined Storage (SDS), Software-Defined Network (SDN), Microsoft Hyper-V Server, and more…

Windows Admin Center is not only for managing servers, clusters, hyper-converged infrastructure, and Windows 10 PCs, but it also lets you connect your Windows Server to Azure hybrid services whether they are running on-premises or in a different cloud provider. There are many more hybrid services for Windows Server, which you can leverage with Windows Admin Center.

For the complete list of all Azure hybrid services integration with Windows Admin Center, please check the official documentation from Microsoft here.

At Microsoft Ignite in September 2020, Microsoft announced a new way to natively manage your Windows Server IaaS virtual machines from within the Azure Portal with Windows Admin Center. This is a great capability, which will provide you with granular management, configuration, troubleshooting, and maintenance functionality for managing your Windows Server VMs in the Azure Portal directly without the need to RDP into the VM. The first public preview was closed by the end of September 2020.

Finally, after a long wait, and during Microsoft Ignite in March 2021, the Windows Admin Center team announced the public preview v2 of Windows Admin Center in the Azure Portal broadly.

The Windows Admin Center for Azure Virtual Machines is now generally available since October 2022. This tool allows you to manage the Windows Server Operating System of your Azure Virtual Machines directly within the Azure Portal. You can perform various maintenance and troubleshooting tasks, including managing your files, viewing events, monitoring performance, and launching an in-browser RDP and PowerShell session. With this feature, there will be a reduced need for remote desktop access to your virtual machine for administration purposes, making it easier to deploy and maintain virtual machines with or without a graphical user interface (GUI).

Windows Admin Center in Azure provides a seamless identity experience by using Microsoft Entra ID (formerly, Azure AD) authentication for single sign-on. This means that regardless of whether your virtual machine is on-premises Active Directory joined, Entra ID joined, or not joined to any domain, you can use Windows Admin Center and Entra ID to sign in with a single identity. To access the full suite of management capabilities in the Azure Portal, add your Entra ID identity to the Windows Admin Center Administrator Login Azure role-based access control (RBAC) role. This reduces the need for local administrator accounts when managing Windows Server machines in Azure.

At the time of this writing, Microsoft added the following new features in Windows Admin Center for Azure VMs:

  • Support for connection over a Private IP address besides the support over a Public IP address for added security.
  • Support for VMs with custom images.
  • Support for VMs that are domain controllers.
  • Bug fixes.
  • Performance improvements.


To follow this article, you need to have the following prerequisites:

1) Azure subscription. If you don’t have an Azure subscription, you can create a free one here.

2) Windows Server 2016, Windows Server 2019, or Windows Server 2022 Azure virtual machine. If you don’t have a virtual machine, follow this quick-start guide to create a new Windows Server virtual machine in the Azure Portal.

  • Please note that the VM you create in Azure must have at least 3 GB of RAM or more. This is a requirement for the Windows Admin Center extension to work properly.

3) The management PC or machine that you use to connect to the Azure portal has the following requirements:

  • The Microsoft Edge or Google Chrome browser.
  • You need to have access to the virtual network that is connected to the VM (this is more secure than using a public IP address to connect). For example, if you want to manage the VM in Azure from on-premises using a Private IP address, then you need to have network connectivity over private networks such as site-to-site VPN, point-to-site VPN, or ExpressRoute.

Install Windows Admin Center extension

Log in to the Azure Portal and take the following steps:

1) Select the desired Windows Server virtual machine where you want to install the new extension, and then navigate to the “Windows Admin Center (preview)” tab on the left-hand side of the VM under Settings.

Manage Windows Server in the Azure Portal with Windows Admin Center 1

2) In the Windows Admin Center page, select a public inbound port through which Windows Admin Center will communicate to the VM (you can choose a different port if you want), and then click the Install button.

For security precautions, do NOT select “Open this port for me” which is only recommended for testing purposes, because if you let Azure configure this port for you in the Network Security Group, the port will be open to any source with the highest priority which you don’t want to do for production VMs. If you have blocked all outbound traffic for your virtual machine, then you need to select “Open an outbound port rule for Windows Admin Center to install” as shown in the figure below.

Install Windows Admin Center in the Azure Portal

3) The installation of the extension will take around 5 minutes to complete.

4) If you want to connect to the VM from specific public IP addresses, then you want to navigate to the ‘Networking‘ tab of the VM and add a new inbound security rule as shown in the figure below. Here is an example of what the inbound rule settings look like. You need to set the Source to IP addresses, and the Source IP addresses of all your management system IPs. The Destination is set to Any, and the Destination port ranges to the port you specified in the previous step, and the Protocol is set to Any.

Add inbound security rule

Manage Windows Server in the Azure Portal

Once the inbound security rule is added, you can take the following steps:

1) Switch back to the “Windows Admin Center (preview)” tab on the left-hand side of the VM under Settings. Then specify whether you want to use a Private IP address or a Public IP address, then click on “Connect” as shown in the figure below. The connection will take around one minute, as part of the connection process, Microsoft periodically renews your Windows Admin Center certificate for security purposes.

Connecting to Azure VM using Windows Admin Center in the Azure Portal

2) Then you will be asked to enter your VM’s local administrator credentials. Enter the username and password and click ‘Sign in‘.

Manage Windows Server in the Azure Portal with Windows Admin Center 2

3) Once the credentials are entered, Windows Admin Center will start loading which might take up to 1 minute. The first load time might be a little longer, however, any subsequent load will be just a few seconds.

If you are familiar with Windows Admin Center UI experience, it looks and feels the same. Consistency is Key! Here is a screenshot of accessing my Azure VM through Windows Admin Center natively in the Azure Portal, VM blade.

Manage Windows Server in the Azure Portal with Windows Admin Center 3

That’s it there you have it!

How it works…

When you install the Windows Admin Center extension from the Azure Portal, it installs a lightweight “.msi” package on your Windows Server Azure VM. The extension manages your server using Remote PowerShell and WMI over WinRM.

By opening an inbound security port to the internet, you can access the UI of the Windows Admin Center directly from the Azure Portal directly. This will eliminate the need to install the Windows Admin Center in a dedicated VM in Azure to manage your servers, so less VM is always great to reduce cost.

What about the Azure Bastion management service where you can privately and fully manage RDP and SSH access to your virtual machines?

Windows Admin Center extension does not interact with or impact Azure Bastion in any way. Windows Admin Center has to be deployed on a per-VM basis and requires a public IP address, while Azure Bastion works on Private IPs for all VMs that are part of a single virtual network. Additionally, Azure Bastion is not free and it’s billed per hour, however, Windows Admin Center is free! You have a lot of flexibility and options here.


In this article, we showed you how to get started managing your Windows Servers IaaS VMs in the Azure Portal natively. This will help you reduce the need for Remote Desktop (RDP) in your Azure VM for management. The new Windows Admin Center IaaS extension in Azure will provide you with tools that you are already familiar with, such as Device Manager, Task Manager, Windows Firewall, Hyper-V Manager, and most other MMC tools.

Windows Admin Center is now available to all Windows Server on Azure who are using Windows Server 2016 or a newer version in the public cloud. You can easily create a new virtual machine or deploy Windows Admin Center on your existing infrastructure. By navigating to the Windows Admin Center blade under Settings in the Virtual Machine Azure portal UI, you can start managing your virtual machines in Azure using Windows Admin Center.

Windows Admin Center is a freely available management tool for anyone to use and makes managing a set of Windows servers with or without GUI remotely, very easy, especially for “day-to-day activities” without the need to login into your Azure VM for management, and without complex installation.

Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

Photo of author
About the Author
Charbel Nemnom
Charbel Nemnom is a Senior Cloud Architect with 20+ years of IT experience. As a Swiss Certified Information Security Manager (ISM), CCSP, CISM, MVP, and MCT, he excels in optimizing mission-critical enterprise systems. His extensive practical knowledge spans complex system design, network architecture, business continuity, and cloud security, establishing him as an authoritative and trustworthy expert in the field. Charbel frequently writes about Cloud, Cybersecurity, and IT Certifications.

Import, Export, and Share Workbooks in Microsoft Sentinel – A Comprehensive Guide

Passed AZ-303 Exam: Microsoft Azure Architect Technologies #MicrosoftLearn


2 thoughts on “Manage Windows Server in the Azure Portal with Windows Admin Center”

Leave a comment...

  1. Hello Charbel, I did follow your your instructions as described in this blog article. After installing a new virtual machine in Azure with enough memory, in the left pane under “Settings” no Windows Admin Center (Preview) entry did appear. Do you have any clue why the new feature is missing ??

  2. Hello Rudolf,
    Thanks for the comment.
    Did you signup for the private preview here:
    Once you signup, you will receive the URL to access Windows Admin Center (Preview) in the Azure Portal.
    However, I just noticed that the preview is closed now (Sign up closed on 9/30/2020). Sorry!

Let me know what you think, or ask a question...