Azure Arc Blog articles

Azure Arc Blog articles

https://techcommunity.microsoft.com/t5/azure-arc-blog/bg-p/AzureArcBlog

Azure Arc Blog articles

Secure, scalable, and simple onboarding to Azure Arc-enabled servers using Group Policy

Published

Secure, scalable, and simple onboarding to Azure Arc-enabled servers using Group Policy

Whether its Microsoft Defender for Cloud’s Security Posture Management capabilities or Azure Automanage Machine Configuration’s Guest-OS level governance capabilities or Update Management Center’s patching capabilities, Azure Arc-enabled servers helps customers achieve consistent security and compliance across their hybrid infrastructure. With thousands of servers spread across subsidiaries and environments, it can be challenging to have the asset inventory needed to onboard to Azure Arc. Yet one solution, a favorite among our customers, most often traverses across disparate environments. You guessed it, that solution is Active Directory. Using Active Directory’s Group Policy engine, IT admins can point and click to onboard hundreds or even thousands of servers to Azure Arc.  

 

aurnovcy_0-1675184639582.png

 

Onboarding at scale is simpler than you think. First, set up a service principal, a limited identity restricted to the Azure Connected Machine Onboarding role. Next, prepare a remote share to host the Azure Connected Machine agent installer and configuration file. Finally, identify and develop a landing zone in Azure (region, subscription, etc.) for where the Azure Arc-enabled servers will be onboarded.

 

aurnovcy_1-1675184639588.png

Once you’ve completed the pre-requisites, you can go to Azure portal and under the option to onboard multiple machines, you’ll be provided with the ability to onboarding using Group Policy. Here you’ll be provided with access to a replicable Group Policy Object (GPO) project structure and a pre-populated command that will fill generate a scheduled task with your Azure information. The command handles encryption of the service principal secret, generating a GPO that can be readily applied.

 

aurnovcy_2-1675184639594.png

 

Now that you’ve successfully created the GPO, simply link it to the desired Organizational Units from the Group Policy Management Console (GPMC). Within 10 to 20 minutes, the Group Policy Object will be replicated to the respective domain controllers and the GPO will trigger the scheduled task to onboard servers to Azure Arc. Once onboard to Azure Arc, start deploying Azure services like VM Insights, Windows Admin Center, or Change Tracking for modernized management of your Arc-enabled servers. If you don’t know where to get started, consider using Azure Automanage Machine Best Practices, a service that eliminates the need to discover or configure the right Azure services to secure, monitor, and govern your Arc-enabled servers.

 

aurnovcy_3-1675184639599.png

 

Helping IT administrators see the forest from the trees, Azure Arc’s single pane of glass affords unprecedented visibility. Your seat at the world’s computer is now just a Group Policy away.

Continue to website...

More from Azure Arc Blog articles

Coming Soon: Transition to WS2012/R2 ESUs enabled by Azure Arc for Year 2 and beyond

Coming Soon: Transition to WS2012/R2 ESUs enabled ...

15d

Azure Adaptive Cloud Community Call Relaunch 📢

Azure Adaptive Cloud Community Call Relaunch 📢

23d

Enable Change Tracking and Inventory for Arc Onboarded Machines (Windows and Linux)

Enable Change Tracking and Inventory for Arc Onboa ...

1m

Enable Change Tracking service for Arc Onboarded machines (Windows and Linux)

Enable Change Tracking service for Arc Onboarded m ...

1m

Announcing HCIBox support for Azure Stack HCI 23H2

Announcing HCIBox support for Azure Stack HCI 23H2

2m

Azure Arc-Enabled Kubernetes now available on Azure Marketplace!

Azure Arc-Enabled Kubernetes now available on Azur ...

2m

Windows Server 2012/R2 Extended Security Updates Licensing and Billing

Windows Server 2012/R2 Extended Security Updates L ...

3m

Announcing Preview of Run Command on Arc-enabled servers

Announcing Preview of Run Command on Arc-enabled s ...

4m

Public Preview of the Arc Visual Studio Code Extension

Public Preview of the Arc Visual Studio Code Exten ...

4m

Challenges of Containerized App Portability in Kubernetes

Challenges of Containerized App Portability in Kub ...

4m

Related Posts

How to copy all Azure Storage Queue data between two different Storage Accounts with Python

How to copy all Azure Storage Queue data between t ...

2h

Linux on Microsoft Azure?

Linux on Microsoft Azure?

7h

Apply critical update for Azure Stack HCI VMs to maintain Azure verification

Apply critical update for Azure Stack HCI VMs to m ...

18h

Monitor Azure Stack HCI with Azure Monitor HCI Metrics and Alerts

Monitor Azure Stack HCI with Azure Monitor HCI Met ...

21h

Chat over your data with Azure OpenAI and Teams AI Library

Chat over your data with Azure OpenAI and Teams AI ...

22h

Patient Referral Document Summarization using Azure OpenAI

Patient Referral Document Summarization using Azur ...

2d

Announcing the Public Preview of Azure Change Analysis New Portal Experience

Announcing the Public Preview of Azure Change Anal ...

2d

Harness any IaC framework with the new extensibility model in Azure Deployment Environments

Harness any IaC framework with the new extensibili ...

2d

Develop AI applications safely & innovate with confidence using Microsoft Azure Responsible AI tools

Develop AI applications safely & innovate with con ...

2d

Multi-resource metrics query support in the Azure Monitor Query libraries

Multi-resource metrics query support in the Azure ...

3d