1
00:00:01,140 --> 00:00:07,010
We begin here on the home page of Microsoft Azure portal. I have our machine

2
00:00:07,010 --> 00:00:10,340
that is Arc enabled right here, and I'm going to click on it.

3
00:00:10,340 --> 00:00:13,100
It gives us an overview, tells us the resource group,

4
00:00:13,100 --> 00:00:14,500
the operating system,

5
00:00:14,500 --> 00:00:19,420
our subscription, and here we have the FQDN a of the machine.

6
00:00:19,420 --> 00:00:22,550
Now I want to explain this. We have the name up here.

7
00:00:22,550 --> 00:00:26,880
This is because I've changed the name since enabling Arc server on

8
00:00:26,880 --> 00:00:31,200
this. So there is the discrepancy between this name for the

9
00:00:31,200 --> 00:00:33,700
computer name and then the resource name,

10
00:00:33,700 --> 00:00:34,830
which is right here.

11
00:00:34,830 --> 00:00:39,140
If I would have changed the name before I enabled Arc server,

12
00:00:39,140 --> 00:00:40,610
then these would match.

13
00:00:40,610 --> 00:00:45,380
On the left‑hand side, we have all the things that we can do to this server.

14
00:00:45,380 --> 00:00:49,380
This is a little bit different than your normal Azure virtual machine.

15
00:00:49,380 --> 00:00:53,660
We don't have all the features of a normal Azure virtual

16
00:00:53,660 --> 00:00:56,340
machine on here, but we have quite a few.

17
00:00:56,340 --> 00:00:57,990
Let's go through these one by one.

18
00:00:57,990 --> 00:01:02,060
We have the activity log. We haven't had any activities on this

19
00:01:02,060 --> 00:01:06,240
server since installing it for Arc capabilities.

20
00:01:06,240 --> 00:01:09,890
But if we did, our activity log would show up here.

21
00:01:09,890 --> 00:01:15,710
This is something interesting, access control, or IAM. With this,

22
00:01:15,710 --> 00:01:20,910
we can take our Azure Active Directory users and groups and

23
00:01:20,910 --> 00:01:25,000
assign them access to this on‑premises machine.

24
00:01:25,000 --> 00:01:28,740
If we want to do that, we come right down here to Add role assignment,

25
00:01:28,740 --> 00:01:30,040
click on it.

26
00:01:30,040 --> 00:01:33,840
These roles are a little bit different than an Azure VM.

27
00:01:33,840 --> 00:01:38,840
We have the usual Owner, Contributor, and Reader, and as I scroll down, we

28
00:01:38,840 --> 00:01:42,390
can see all the different roles that we have here. We're going to come up

29
00:01:42,390 --> 00:01:46,050
and pick one, Reader here, and then click Next.

30
00:01:46,050 --> 00:01:50,840
Here's where we can select what users have this particular role.

31
00:01:50,840 --> 00:01:52,630
I'm going to come up here to where it says Select

32
00:01:52,630 --> 00:01:55,750
members, and there are our members.

33
00:01:55,750 --> 00:02:00,740
Audra Costa. We have a group, FrancePartners. We have

34
00:02:00,740 --> 00:02:04,340
individual accounts and groups inside of here.

35
00:02:04,340 --> 00:02:08,040
So if I wanted to assign this to Audra, I click right here,

36
00:02:08,040 --> 00:02:12,850
say Select, and then click Next. As simple as that, say Review +

37
00:02:12,850 --> 00:02:19,920
assign, and we've just added an Azure AD account to a role on our

38
00:02:19,920 --> 00:02:22,610
on‑premises server. Coming a little further down,

39
00:02:22,610 --> 00:02:23,990
we have Tags.

40
00:02:23,990 --> 00:02:27,240
If we wanted to assign tags, we can do it right here.

41
00:02:27,240 --> 00:02:32,480
Going down to Diagnose and solve problems, I have one problem inside of here.

42
00:02:32,480 --> 00:02:36,000
This machine was shut off for a little while, and Azure

43
00:02:36,000 --> 00:02:39,170
couldn't contact it, so it says Unavailable.

44
00:02:39,170 --> 00:02:43,800
I can download the report here, and it asks me, Did you resolve this issue?

45
00:02:43,800 --> 00:02:45,150
I'm going to just say Yes.

46
00:02:45,150 --> 00:02:49,370
So with the Azure Arc through Microsoft Azure portal,

47
00:02:49,370 --> 00:02:52,640
we can actually see some of the problems that we had on here.

48
00:02:52,640 --> 00:02:55,950
I'm going to come down to Security, click on it, and this

49
00:02:55,950 --> 00:02:57,340
is going to be a little bit different.

50
00:02:57,340 --> 00:03:01,270
We need the Microsoft Defender for Cloud in order for this to work.

51
00:03:01,270 --> 00:03:06,590
This is not your normal Microsoft Defender that we have locally on the machine.

52
00:03:06,590 --> 00:03:10,650
We have some extensions, and if we wanted to add an extension,

53
00:03:10,650 --> 00:03:15,470
we could do so here by clicking on Add, which gives us the

54
00:03:15,470 --> 00:03:18,740
option of a Custom Script Extension,

55
00:03:18,740 --> 00:03:23,590
Log Analytics Agent, or an SQL Server Extension, which

56
00:03:23,590 --> 00:03:27,340
furthers the capability of Azure Arc.

57
00:03:27,340 --> 00:03:29,240
We're going to come back to our server,

58
00:03:29,240 --> 00:03:34,550
go down to Properties, and what I want to highlight here is the resource

59
00:03:34,550 --> 00:03:39,590
ID. Within Microsoft Azure, we've got a resource ID.

60
00:03:39,590 --> 00:03:44,290
This is treated as a resource on Microsoft Azure,

61
00:03:44,290 --> 00:03:46,140
but we're in a hybrid environment.

62
00:03:46,140 --> 00:03:49,040
Its on‑premises. A lock.

63
00:03:49,040 --> 00:03:52,430
If you're unfamiliar with this, you have two types of lock,

64
00:03:52,430 --> 00:03:54,680
read only and do not delete.

65
00:03:54,680 --> 00:03:59,190
What this is meant to do is protect our resource from somebody coming in

66
00:03:59,190 --> 00:04:03,990
here and deleting it or making changes to it. Scrolling down a little bit

67
00:04:03,990 --> 00:04:09,020
further, we have Policies. We're 100% compliant because we don't have any

68
00:04:09,020 --> 00:04:11,040
kind of policies inside of here.

69
00:04:11,040 --> 00:04:12,780
If we wanted to assign a policy,

70
00:04:12,780 --> 00:04:16,180
we come right here to Assign policy and click on it.

71
00:04:16,180 --> 00:04:20,440
Our policy definitions can be accessed by clicking on this button, and

72
00:04:20,440 --> 00:04:23,830
it gives us allowed locations and a whole bunch more.

73
00:04:23,830 --> 00:04:29,370
You can see there's 874 at this recording. I'm going to click on Cancel

74
00:04:29,370 --> 00:04:34,560
and we're going to move on by clicking on here and going back to our

75
00:04:34,560 --> 00:04:40,420
servers. Update management is something that requires an automation

76
00:04:40,420 --> 00:04:45,630
account. For an automation account, we don't have one at this time, so

77
00:04:45,630 --> 00:04:46,900
we're going to create one.

78
00:04:46,900 --> 00:04:48,940
We come up here to Home,

79
00:04:48,940 --> 00:04:52,520
I have accessed it before, so it's right here, Automation Accounts, but I'll

80
00:04:52,520 --> 00:04:57,280
show you how to search for this. Type in auto, Automation Accounts right here.

81
00:04:57,280 --> 00:05:00,610
Create automation account in order to create this.

82
00:05:00,610 --> 00:05:02,960
It doesn't require very much information.

83
00:05:02,960 --> 00:05:07,640
We're going to put it in our resource group for Arc servers.

84
00:05:07,640 --> 00:05:10,340
We're going to enter a name,

85
00:05:10,340 --> 00:05:14,640
just my name, garygrudzinskas. I'm going to click on Next, and

86
00:05:14,640 --> 00:05:16,620
we're going to assign this through the system.

87
00:05:16,620 --> 00:05:19,660
We can also assign it through the user. Click on Next,

88
00:05:19,660 --> 00:05:23,410
which states how do we contact this server,

89
00:05:23,410 --> 00:05:24,840
public or private?

90
00:05:24,840 --> 00:05:28,990
We're going to take the default here of Public access. Skip over

91
00:05:28,990 --> 00:05:36,280
Tags, and then say Create. It takes just a little bit, and we can

92
00:05:36,280 --> 00:05:41,010
see it's complete. And once we go to our automation account, we

93
00:05:41,010 --> 00:05:43,040
can access it right here.

94
00:05:43,040 --> 00:05:46,980
If we wanted to turn on Update Management for this particular account,

95
00:05:46,980 --> 00:05:49,300
we select this, Update management.

96
00:05:49,300 --> 00:05:53,940
We can create a new workspace and enable it right here.

97
00:05:53,940 --> 00:05:56,800
It takes just a little bit to deploy this.

98
00:05:56,800 --> 00:06:01,200
The deployment has succeeded, so we're going to come back to our

99
00:06:01,200 --> 00:06:05,070
server and then come down here to Inventory.

100
00:06:05,070 --> 00:06:06,320
If we need inventory,

101
00:06:06,320 --> 00:06:10,190
we go back to our automation account and enable change tracking,

102
00:06:10,190 --> 00:06:13,440
and this will come down here to change tracking,

103
00:06:13,440 --> 00:06:17,680
which will keep track of any changes we've made to our machine.

104
00:06:17,680 --> 00:06:20,550
Last thing to show you is this Resource health,

105
00:06:20,550 --> 00:06:25,840
which tells us okay, this machine is healthy, this machine is not healthy,

106
00:06:25,840 --> 00:06:36,000
So there is a general overview of how you use Azure Arc in order to control your on‑premises Windows Server 2022.