Azure Arc is a management tool provided by Microsoft Azure that allows users to manage servers, Kubernetes clusters, and applications across multiple cloud and on-premises environments. It enables users to apply Azure management capabilities to resources that are not running in Azure, giving users the ability to manage all their resources in a single, consistent way.
With Azure Arc, you can manage resources running in your on-premises environment.To onboard your onpremise servers to Azure Arc, go to azure portal and search for Azure Arc and select Servers-Azure Arc
This will take you to the servers page, click the add button to add your on-premise server
Here you will get multiple options for onboarding the servers, in our case we will select the add a single server option to generate the script required to onboard the server to azure arc
On the add a server page, read through some of the details provided and click next
We will onboard a windows server, fill in the details as required and make sure on the operating system section windows is selected and click next
On the tag sections, fill in the tags details of your preference or leave it like that and click next to get the onboarding script.
Copy or download the script and transfer it to the on-premises server that we are onboarding to azure.
On the server, run PowerShell as administrator and paste the script there and run it. Once the script runs, you will be prompted to login with your admin credentials to authenticate.
Once you authenticate, you will get a “connected machine to azure” message
If we go back to azure portal on our list of Azure Arc servers, we can now see the newly onboarded server with a status of connected.
You have now successfully onboarded your on-premise server to Azure. This means that you can easily monitor and secure your on-premise server directly from azure portal.
You can view security alerts and server perfomance details such as CPU and memory usage from the portal
Microsoft Defender for Cloud enables you to monitor and respond to security alerts coming from the on-premise servers with the help of Azure Arc. To enable Microsoft Defender for Cloud across your resources, search for and select Microsoft Defender for Cloud
You will be prompted to enable it if you are yet to enable defender for cloud in your environment. In my case I have enabled it and we can see the alerts coming from the different resources being monitored- this include the on-premise servers as they are now monitored like normal azure resources
Click on the security alerts tab to see some of the alerts coming in. For our case we can see some alerts coming from the onpremise servers
Upon opening one of the alerts from on-premise repositories, the alerts details page gives more info about the alert and its entities and an option to take action on the alert
This gives you more details on how to resolve the identified threat
On the prevent future attacks option, you will get a list of security recommendations for the server
Selecting one of the recommendations give you more details about the recommendation and how to resolve it. This enables you also to quickly fix the onpremise server from azure portal as if you are fixing a cloud server
With just a single click you can implement the suggested security recommendation for the on-premise server
