Manage Windows Servers and workloads in a hybrid environment

Chapter summary

  • WAC servers are accessible to administrators over HTTPS. WAC traffic from the WAC instance to target servers uses PowerShell and WMI over WinRM. WinRM connections over HTTP use port 5985, and WinRM connections over HTTPS use port 5986.

  • To update an expired certificate on a WAC gateway server, you’ll need to obtain and install the new certificate, obtain the certificate’s thumbprint, and then rerun Setup and change the certificate used by WAC by specifying the new thumbprint.

  • Constrained delegation can be configured in Active Directory Users and Computers on the Delegation tab of a computer account’s properties or by using the Set-ADComputer cmdlet with the PrincipalsAllowedToDelegate parameter.

  • Onboarding a Windows Server instance requires an Azure AD account that has the Azure Connected Machine Onboarding role. If you are onboarding a large number of Windows Server instances, you can use an Azure AD Service principal that has been assigned this role.

  • Azure Monitor requires that a Log Analytics workspace be present in Azure.

  • To leverage Update Management in Azure Automation, hybrid instances require an Azure Automation account and that the Azure Monitor agent be installed.

  • A Windows Server IaaS instance requires a system-managed identity to use Azure Policy guest configuration.

  • Microsoft Defender for Servers is an element of Microsoft Defender for Cloud that allows you to add threat detection and defense functionality to Windows Server instances located in Azure or hybrid environments.

  • To connect a hybrid Windows Server instance to Microsoft Defender for Cloud to enable Microsoft Defender for Servers, you first need to install and configure the Microsoft Monitoring Agent (also called the Log Analytics Agent) on the instance.

  • State Configuration in Azure Automation allows you to write, manage, and compile DSC configuration for Windows Server instances running as IaaS VMs or hybrid instances connected to Azure.