Windows Admin Center in Azure Now Has Azure Active Directory Controls
Azure Active Directory authentication capabilities for IT pros using the Windows Admin Center in Azure management console are now commercially released at the "general availability" stage, per a Thursday Microsoft announcement.
It sounds quite confusing, but Windows Admin Center, Microsoft's browser-based management portal that lets IT pros remotely manage servers, can also be used within the Azure Portal under certain circumstances. Microsoft has a name for this portal-within-portal approach, namely "Windows Admin Center in Azure."
Windows Admin Center in Azure was introduced "last year," according to Alex Weinert, director of identity security at Microsoft, in the Thursday announcement. Microsoft had previewed the ability of Windows Admin Center in Azure to work with Azure Arc-managed infrastructure back in July, Weinert also noted. Azure Arc is Microsoft's multicloud management solution.
To use Window Admin Center in Azure, organizations need to be managing Azure Stack HCI deployments, which is Microsoft's Azure-in-a-box option for customer premises deployments. They can also use Windows Admin Center in Azure when managing Windows virtual machines hosted on Azure or Windows virtual machines hosted on premises but managed with Azure Arc (known as "Arc-enabled servers").
The main benefits of using Windows Admin Center in Azure appear to be that IT pros don't need to remotely access servers. It's also said to improve security. Here's how Microsoft characterized the benefits back in July:
Windows Admin Center in Azure enhances security for your servers and clusters. It allows you to manage your infrastructure without requiring any public IP addresses, VPNs, or inbound connectivity to your systems. Traffic is sent over the existing connection between the Azure Arc agent and Azure -- no extra configuration is required. Communication between you and your systems is end-to-end encrypted, with Secure Socket Layer (SSL) termination occurring directly on your infrastructure.
Windows Admin Center in Azure currently lets IT pros manage Windows virtual machines "using your VM's local administrator password to sign in." Now, with the general availability of Azure Active Directory authentication in Windows Admin Center in Azure, IT shops can use Azure AD credentials to sign into Windows Server virtual machines.
The use of Azure AD credentials with Windows Admin Center in Azure will "reduce reliance on local administrator accounts" and enable single sign-on access, Weinert noted. It's also possible to enforce Azure AD Conditional Access and Identity Protection policies, plus role-based access controls, including granting IT pro management access for specific time intervals.
There are few initial setup steps to use these Azure AD authentication capabilities in Windows Admin Center in Azure. It'll work when managing virtual machines running "Windows Server 2016 or higher," as well as Azure "Arc-enabled servers running on-premises." The servers need to be "workgroup, domain-joined, or Azure AD-joined."
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.