Machine configuration management is about making sure that the machines in your cloud and hybrid environments are running correctly and consistently. Configuration management is the backbone of security and compliance. Lack of standardization of tools and centralized visibility leads to fragmented governance with inconsistent policy enforcement, configuration drift, slow remediation, and extended exposure to vulnerabilities.
We are introducing new configuration management capabilities in the operations center within the Azure Portal, enabling a unified approach to managing servers and VMs and improving operations across cloud and on-premises environments at scale. In the configuration blade of the operations center dashboard, you can get a unified view of core capabilities needed to manage servers at scale. It spans Windows and Linux servers running in Azure or connected through Azure Arc, unifying their management under a centralized interface for searching resources, managing inventory, enforcing governance and organizational standards, handling updates, patching, and recommendations to streamline operations. With real-time insights including system health, performance monitoring, patch compliance, and back-up status across the cloud and on-premises environments, day-to-day management becomes more efficient.
Key Features:
Essential machine management: Easily onboard your entire subscription through essential machine management, which includes out-of-the-box set up of key management services for all of your existing and future machines. The set of services includes VM Insights with recommended alerts, Azure Update Management, Change Tracking and Inventory, and Machine Configuration with the Azure Security Baseline policy. These services help you get started with common day-to-day operations to configure, monitor, patch, and secure your machines in the cloud and on-premises. Request for access to the preview here and enroll your machines.
Unified view for configuration and insights: Once the machines are onboarded, the Configuration section will light up with actionable insights such as non-compliant resources, pending Windows and Linux updates, Windows and Linux security baseline compliance, automated and customer managed patches, and machine assignments by compliance state. Having this unified machine management configuration dashboard gives you a single place to view and act on all the important tasks.
Update Management: By bringing the capabilities from Azure Update Manager into the configuration tab, you will be able to govern, manage, and even track Windows and Linux updates on VMs in Azure as well as Azure Arc-enabled servers.
Machine Configuration: Once your machines are enrolled, you can manage the policy definitions and assignments for your Azure VMs and servers. You can view compliance with Azure security baseline rules, track non-compliant machines, and remediate issues. For your Azure Arc-enabled servers you can view windows recovery status across machines. Learn how you can use Azure policies to audit and enable WinRE across a fleet of Azure Arc-enabled windows servers here . Additionally definitions for policies are filtered by those that can help govern data plane based policies on machines to make it streamlined the way you govern on your machines.
Policy Management: We bring the same experience you are familiar with in Azure Policy into the configuration blade of operations center so you can see policy across all resources within the page. For example, you can easily assign policies like Azure Back-up enablement for virtual machines across your Windows and Linux machines with ease. With the ability to use both out-of-the-box policies and the flexibility to create custom policies there is support for enforcing compliance to corporate policies based on organization-specific needs.
Machine change tracking and inventory is enabled when you enroll your machines through essential machine management. This feature can help you keep up with any suspicious changes and unwanted software on your machines. Change tracking can highlight unauthorized package installs and daemon/service changes for hardened security tracking. This capability can help your organization keep track of registry keys, files and software to ensure that no unapproved software is allowed on your machine.
Built on trusted Azure technology and cloud-scale intelligence, this is a step forward in hybrid server management. It takes the tools and practices that organizations already rely on and elevates them within a harmonized, modern experience. Technical leaders can enforce established best practices like consistent configuration management and proactive monitoring, while also unlocking new levels of simplicity and insight through its integrated design. The result is a management experience that is not only consistent and scalable, but also ready to support innovation. As your VM and server landscape grows and evolves, you can use configuration capabilities in operations center to adopt a unified operating model that keeps you in control of governance of your cloud as well as hybrid infrastructure.
This is a first step towards improving configuration and management of machines, we are excited for you to try out the preview for operations center and plan to continue to making improvements to this space to help you manage resources better!
Want more? Dive deeper into related technical sessions
- BRK183 Azure Arc: Extending Azure for hybrid and multi-cloud management
- BRK169 Build secure applications with Azure Policy and Service Groups
Resources:
- Learn more about specialized agents across the entire cloud management lifecycle: Introducing Azure Copilot
- Sign up for the preview of Azure Copilot
Microsoft