For me, one of the most impressive announcements at Microsoft Ignite, next to many of the Azure Arc and Azure Stack announcements, was the announcement of the Azure Automanage for virtual machines (VMs) public preview. As you know, Microsoft Azure offers many management services for Azure virtual machines (VMs). However, finding and configured these services can be some work. Azure Automanage for virtual machines helps to address precisely that. Azure Automanage for virtual machines is a service that eliminates the need to discover, know how to onboard, and how to configure certain services in Azure that would benefit your virtual machine.
UPDATE: Azure Automanage now also supports servers running outside of Azure (on-premises or other cloud providers) using Azure Arc. Check out my blog for more details: Azure Automanage for Arc enabled servers
In summary, Azure Automanage provides the following features to reduced cost by automating Windows Server management, improved workload uptime with optimized operations, and implementation of security best practices.
- Intelligently onboards virtual machines to select best practices Azure services
- Automatically configures each service per Azure best practices.
- Monitors for drift and corrects for it when detected.
- Provides a simple experience (point, click, set, forget)
You can find more information on Microsoft Docs.
Azure services used with Azure Automanage
These Azure services are automatically onboarded and configured for you when you use Automanage for virtual machines. These services are configured using best practices from the Cloud Adoption Framework.
- VM Insights Monitoring
Azure Monitor for VMs monitors the performance and health of your virtual machines, including their running processes and dependencies on other resources. Learn more.
Azure Backup provides independent and isolated backups to guard against unintended destruction of the data on your VMs. Learn more. Charges are based on the number and size of VMs being protected. Learn more.
- Azure Security Center
Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers and provides advanced threat protection across your hybrid workloads in the cloud. Learn more. Automanage will configure the subscription where your VM resides to the free-tier offering of Azure Security Center. If your subscription is already onboarded to Azure Security Center, then Automanage will not reconfigure it.
- Microsoft Antimalware
Microsoft Antimalware for Azure is a free real-time protection that helps identify and remove viruses, spyware, and other malicious software. It generates alerts when known malicious or unwanted software tries to install itself or run on your Azure systems. Learn more.
- Update Management
You can use Update Management in Azure Automation to manage operating system updates for your virtual machines. You can quickly assess the status of available updates on all agent machines and manage the process of installing required updates for servers. Learn more.
- Change Tracking & Inventory
Change Tracking and Inventory combines change tracking and inventory functions to allow you to track virtual machine and server infrastructure changes. The service supports change tracking across services, daemons software, registry, and files in your environment to help you diagnose unwanted changes and raise alerts. Inventory support allows you to query in-guest resources for visibility into installed applications and other configuration items. Learn more.
- Azure Automation Account
Azure Automation supports management throughout the lifecycle of your infrastructure and applications. Learn more.
- Log Analytics Workspace
Azure Monitor stores log data in a Log Analytics workspace, an Azure resource, and a container where data is collected, aggregated, and serves as an administrative boundary. Learn more.
Enable Automanage for Azure VMs
Enabling Azure Automanage for Azure virtual machines is very simple and straightforward.
Before you can enable Azure Automanage on your virtual machines, you have several prerequisites to consider.
- Windows Server VMs only (While Azure Automanage is currently available only for Windows Server VMs, it will be extended to Linux VMs in the future.)
- VMs must be running
- VMs must be in a supported region
- User must have correct permissions
- VMs must not link to a log analytics workspace in a different subscription
- Automanage does not support Sandbox subscriptions at this time
If the requirements are met, you can navigate to Automanage in the Azure portal.
Here you can select the virtual machines you want to be automatically managed and different configuration profiles.
Select the machines you want to configure.
Configuration profiles are the foundation of this service. They define precisely which services are onboarded to your machines and, to some extent, what the configuration of those services would be. There are currently two default configuration profiles available.
- Azure virtual machine best practices – Dev/Test configuration profile is designed for Dev/Test machines.
- Azure virtual machine best practices – Production configuration profile is for production.
You can then customize the configuration profile using preferences to set and customize the specific settings for Azure Backup and Microsoft Antimalware.
After a couple of minutes, Azure Automanage is configured.
If you want to configure Azure Automanage for multiple virtual machines, you can also use an Azure Policy.
Azure Automanage is an excellent new service that helps customers easily onboard management services to their Azure virtual machines. If you want to learn more, check out the full documentation on Microsoft Docs. If you have any questions, feel free to leave a comment.Tags: Automanage, Azure, Azure Automanage, Backup, Cloud, IaaS, Machine, Management, Microsoft, Security, Update Management, Virtual, VM, Windows Server Last modified: July 1, 2021
I was interested to see that the log analytics workspace has to be in the same subscription. Isn’t best practice to have one workspace for your whole environment (which at enterprise scale has many subscriptions)?