The cloud has simplified and reduced the operational expense (OpEx) and management burden in numerous areas of IT. Many systems that previously ran on-premises and were complex to maintain are now simple ‘point & click’ services in the cloud.
Likewise, running virtual machines (VMs) in Microsoft Azure opens the door to a wealth of convenient services that simplify and automate day-to-day operational requirements in areas such as security, anti-malware, compliance, disaster recovery, etc. We also provide best practices guidance outlining the services that we recommend you onboard your VMs to including each service’s respective configuration. You can find this actionable guidance in the Microsoft Cloud Adoption Framework for Azure.
A new service known as Azure Automanage reduces the OpEx burden for VMs further by automating the guidance mentioned above. Through its virtual machine best practices capability, select services are discovered, onboarded, and configured across the entire lifecycle of both dev/test and production VMs. You can add VMs individually or do so at scale safe in the knowledge that if your VMs deviate from best practices, Azure Automanage will detect and automatically correct it.
Specifically, the VM best practices capability of Azure Automanage does the following five things:
Intelligently onboards to select best practices Azure services
Automatically configures each service per Azure best practices
Configures guest operating system per Microsoft baseline configuration
Automatically monitorsfor drift and corrects for it when detected
Simple experience: Point, click, set, forget -> done
The capabilities of Azure Automanagetranslate into the following customer benefits:
Reduced cost by automating Windows Server management
Improved workload uptime with optimized operations
Implementation of security best practices
How does it work?
Azure Automanage uses configuration profiles to determine what Azure services will be enabled for that VM. At launch, there are two configuration profiles:
Azure virtual machine best practices –Production
Azure virtual machine best practices – Dev/Test
Each profile onboards a set of services that fit the workload type. For example, dev/test VMs will not be onboarded to Azure Backup since dev/test VMs are typically short-lived and of low or no direct business impact. Hence, paying for backup storage is unnecessary. On a production VM, however, Azure Backup is configured. For more details about configuration profiles and the services they automatically configure, see the detailed documentation here.
NOTE: While Azure Automanage is currently available only for Windows Server VMs, it will be extended to Linux VMs in the future.
You can assign a configuration profile to a VM using any of the methods:
Some of the services that the configuration profiles onboard VMs to support a variety of best practice configurations. For example, Azure Backup best practices might require a daily backup with a 6-month retention. However, a twice daily backup with a 3-month retention still conforms to best practices. In scenarios like these, configuration profile preferences provide a way to override the default best practices.
Like configuration profiles, preferences are Azure resources and are assigned to a VM the same way configuration profiles are.
An Automanage account is an Azure System Managed Service Identity (MSI) under which Automanage operations are performed on VMs. You must have at least one Automanage account before you can assign a configuration profile to a VM. When using the Azure portal, an Automanage account will be automatically created if one does not already exist; existing Automanage accounts will be used if permitted for the logged-on user.
You can assign a configuration profile to both new and existing VMs.
To begin using Azure Automanage VM best practices, visit the Azure portal and search for Automanage as shown below:
For new VMs, after the deployment is complete, you will see this recommended next step to enable Automanage.
For more information, please take a look at the full documentation here.