JimiIntroduction
In our previous guide, we explored how to connect your on-premises Windows servers to the Azure cloud using Azure Arc. This integration opens up a world of Azure services and capabilities for your hybrid environment.
This guide will focus on leveraging Azure Policy to manage compliance and configuration for your Azure Arc-enabled Windows servers. We'll demonstrate this by automatically installing the Azure Monitor Agent.
Prerequisites:
- An Azure account with an active subscription.
- A Windows VM enabled with Azure Arc.
Step-by-Step Guide
- Log in to Azure and your Windows VM.
-
Create an Azure Policy:
- Navigate to Azure Policy in the Azure portal.
- Under Authoring, select Definitions.
- Search for "Configure Windows Arc-Enabled machines" and select "Configure Arc-enabled machines to run Azure Monitor Agent".
- Click Assign policy.
- Select your subscription and resource group as the scope.
- Navigate to the Remediation tab and enable "Create a remediation task".
- Review and create the policy assignment.
- Navigate to Azure Policy in the Azure portal.
-
Monitor Policy Compliance and Remediation:
- Go back to Policy > Definitions and click Compliance.
- Locate the policy and verify its non-compliant status.
- The remediation task is automatically running. You can verify this in Policy > Remediation > Remediation tasks.
- Go back to Policy > Definitions and click Compliance.
-
Verify Azure Monitor Agent Installation:
- Navigate to Azure Arc > Machines.
- Select your instance and go to Settings > Extensions.
- Verify that the AzureMonitorWindowsAgent extension is installed.
- Navigate to Azure Arc > Machines.
Conclusion:
Congratulations! You've successfully used Azure Policy to ensure your Azure Arc-enabled Windows VM has the Azure Monitor Agent installed.
Next Steps:
In the next guide, we'll delve deeper into enhancing the security of your Azure Arc-enabled Windows servers using Microsoft Defender for Cloud.
