Microsoft announced Thursday that the Azure Active Directory authentication feature for IT professionals using Windows Admin Center in the Azure management console will be commercially available in the “general availability” stage.
As confusing as it sounds, Windows Admin Center, Microsoft’s browser-based administration portal that allows IT professionals to remotely manage servers, can also be used within the Azure portal under certain circumstances. Microsoft has named the portal approach within this portal “Windows Admin Center in Azure”.
In Thursday’s announcement, Microsoft’s director of identity security, Alex Weinert, said Windows Admin Center in Azure was introduced “last year.” Microsoft previewed the ability of Azure’s Windows Admin Center to work with Azure Arc-managed infrastructure in July, Weinert said. Azure Arc is Microsoft’s multi-cloud management solution.
To use Windows Admin Center in Azure, your organization must manage an Azure Stack HCI deployment. This is Microsoft’s Azure-in-a-box option for customer on-premises deployments. You can also use Windows Admin Center in Azure when managing Windows VMs hosted in Azure, or Windows VMs hosted on-premises but managed by Azure Arc (known as “Arc-enabled servers”).
A key advantage of using Windows Admin Center in Azure is that IT personnel don’t need remote access to the server. Security should also improve. Here’s how Microsoft characterized the benefits in his July.
Windows Admin Center in Azure improves server and cluster security. This allows you to manage your infrastructure without the need for public IP addresses, VPNs, or inbound connectivity to your system. Traffic is sent over the existing connection between Azure Arc Agent and Azure. No additional configuration is required. Communication between you and your system is end-to-end encrypted and Secure Socket Layer (SSL) termination is done directly on your infrastructure.
Windows Admin Center in Azure now allows an IT person to manage her Windows virtual machine by “login using the VM’s local admin password”. With the general availability of Azure Active Directory authentication in Windows Admin Center in Azure, IT departments can now use their Azure AD credentials to sign in to Windows Server virtual machines.
Using Azure AD credentials with Azure’s Windows Admin Center “reduces reliance on local administrator accounts” and enables single sign-on access, Weinert said. You can also apply Azure AD policies for conditional access and identity protection, as well as role-based access control, such as granting administrative access to IT professionals for specific time intervals.
To use these Azure AD authentication features with Windows Admin Center in Azure, there are some initial setup steps. This works when managing virtual machines running “Windows Server 2016 or later” and Azure “Arc enabled servers running on-premises”. The server must be workgroup, domain-joined, or Azure AD-joined.