With a new feature called Windows Admin Center in the Azure portal, you can now securely manage your Windows Server machines running as an Azure virtual machine (VM) or running on-premises with Azure Arc, directly from the Azure portal.
Azure provides a lot of different management tools to manage your virtual machines or physical servers at scale. In cases where you need to troubleshoot or directly manage a server interactively, you can now leverage Windows Admin Center in the Azure portal. This works for Azure VMs as well as for servers running on-premises or other cloud providers using Azure Arc-enabled servers.
Windows Admin Center is a browser-based management tool set that lets you manage your Windows Servers. Windows Admin Center gives you full control over all aspects of your server infrastructure and is particularly useful for managing servers on private networks that are not connected to the Internet. Windows Admin Center is the modern evolution of “in-box” management tools, like Server Manager and MMC. Now you can not only install and deploy it locally, but also use it directly from the Azure Portal.
When you want to manage a server running on-premises or at another cloud provider, the only thing you will need to do is install the connect the Azure Arc agent on your Windows Server. After that you can enable Windows Admin Center for this machine. There is no need for a VPN on direct connection to the server.
Enable Windows Admin Center in the Azure Portal for Azure Arc-enabled servers
Enabling Windows Admin Center in the Azure portal for Azure Arc enabled servers running Windows Server is simple. Navigate to the Azure Arc enabled server and click on Windows Admin Center in the menu. Here you can click on “Set up“, this will install the Windows Admin Center extension which can take a couple of minutes.
After this one time set up is done, you also need to provide permissions to the user or group which should be able to use Windows Admin Center for this Azure Arc-enabled server. Under Access control (IAM) can you add a new role assignment called Windows Admin Center Administrator Login, which allows users and groups to connect.
Now when you navigate back to Windows Admin Center, you can see the Connect button.
After clicking on connect, you will be prompted for a local account for that specific server. This can also be an Active Directory account.
Manage Azure Arc-enabled Windows Server using Windows Admin Center in the Azure portal
After the signing in Windows Admin Center will load in the Azure portal and you will be able to directly manage your server from Azure.
Windows Admin Center in the Azure portal for Azure Arc-enabled servers is a fantastic way to securely manage and troubleshoot your Windows Servers running on-premises or at other cloud providers without having direct network access to these servers. If you want to learn more check out the official Microsoft Docs and check out how to SSH access your Linux and Windows Servers running anywhere with Azure Arc!Tags: Azure, Azure Arc, Azure Portal, Azure VM, Cloud, Hybrid Cloud, Manage, Management, Microsoft, Microsoft Azure, multicloud, PowerShell, Server, Virtualization, Windows, Windows Admin Center, Windows Server Last modified: June 16, 2022
Hi Thomas, good day. Are you using the same Intel Nuc hardware that you posted in 2018 or did you perform some upgrades on your hardware lab? Rgds
Hi Alexandre I am still using the NUC from 2018 but I also added a new one recently, check it out here: https://www.thomasmaurer.ch/2021/11/my-windows-server-and-azure-arc-hybrid-cloud-lab-kit/
The new one works with 64GB of memory and doesn’t really make any fan sounds.
Good post, my guess is this feature will really take off. I have however run into an issue with the RBAC “Windows Admin Center Administrator Login”. I cannot get Azure to accept an group assignment inherited from the subscription. Under IAM I see my user has the RBAC permission as part of an AAD group but when I access the Admin Center blade I’m told I need the RBAC permission. Only way for me to get access is to add me to the Windows Admin Center Administrator Login for the server.
Could you maybe check if you have the same problem?
I will check thanks for the feedback. Also to track this correctly, is it possible for you to open a support case?