From bfe88ab3646f33233ea568920d88623de5c62903 Mon Sep 17 00:00:00 2001 From: Laura Nicolas Date: Thu, 25 Sep 2025 11:29:32 +0200 Subject: [PATCH] Update Azure Arc-enabled servers --- .../02_Hybrid_Azure_Arc_Servers/Readme.md | 41 ++++++++++--------- .../walkthrough/challenge-1/solution.md | 28 ++++++------- .../walkthrough/challenge-2/solution.md | 17 ++++---- .../walkthrough/challenge-3/solution.md | 4 +- .../walkthrough/challenge-4/solution.md | 7 +++- .../walkthrough/challenge-5/solution.md | 1 - .../walkthrough/challenge-6/solution.md | 2 - .../walkthrough/challenge-7/solution.md | 7 ++-- 8 files changed, 52 insertions(+), 55 deletions(-) diff --git a/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/Readme.md b/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/Readme.md index 1096a5a3c..1815b6afa 100644 --- a/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/Readme.md +++ b/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/Readme.md @@ -14,7 +14,7 @@ - [Challenge 4 - Microsoft Defender for Cloud integration with Azure Arc](#challenge-4---microsoft-defender-for-cloud-integration-with-azure-arc) - [Challenge 5 - Best Practices assessment for Windows Server](#challenge-5---best-practices-assessment-for-windows-server) - [Challenge 6 - Activate ESU for Windows Server 2012 R2 via Arc (optional)](#challenge-6---activate-esu-for-windows-server-2012-r2-via-arc---optional) - - [Challenge 7 - Azure Automanage Machine Configuration (optional)](#challenge-7---azure-automanage-machine-configuration---optional) + - [Challenge 7 - Azure Machine Configuration (optional)](#challenge-7---azure-machine-configuration---optional) - [**Contributors**](#contributors) @@ -26,11 +26,11 @@ For customers who want to simplify complex and distributed environments across o ![image](./img/AzureArc-01.png) -- Gain central visibility, operations, and compliance Standardize visibility, operationsand compliance across a wide range of resources and locations by extending the Azure control plane. Right from Azure, you can easily organize, govern, and secure Windows, Linux, SQL Servers and Kubernetes clusters across datacenters, edge, and multi-cloud. +- Gain central visibility, operations, and compliance standardize visibility, operationsand compliance across a wide range of resources and locations by extending the Azure control plane. Right from Azure, you can easily organize, govern, and secure Windows, Linux, SQL Servers and Kubernetes clusters across datacenters, edge, and multi-cloud. -- Build Cloud native apps anywhere, at scale Centrally code and deploy applications confidently to any Kubernetes distribution in any location. Accelerate development by using best in class applications services with standardized deployment, configuration, security, and observability. +- Build cloud native apps anywhere, at scale centrally code and deploy applications confidently to any Kubernetes distribution in any location. Accelerate development by using best in class applications services with standardized deployment, configuration, security, and observability. -- Run Azure services anywhere Flexibly use cloud innovation where you need it by deploying Azure services anywhere. Implement cloud practices and automation to deploy faster, consistently, and at scale with always-up-to-date Azure Arc enabled services. +- Run Azure services anywhere flexibly use cloud innovation where you need it by deploying Azure services anywhere. Implement cloud practices and automation to deploy faster, consistently, and at scale with always-up-to-date Azure Arc enabled services. ## MicroHack context @@ -52,13 +52,13 @@ Further resources - Thomas Maurer & Lior Kamrat links * [Customer reference: Wüstenrot & Württembergische reduces patching time by 35 percent, leans into hybrid cloud management with Azure Arc](https://customers.microsoft.com/en-us/story/1538266003319018436-ww-azure-banking-and-capital-markets) * [Introduction to Azure Arc landing zone accelerator for hybrid and multicloud](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/hybrid/enterprise-scale-landing-zone) -💡 Optional: Read this after completing this lab to deepen the learned! +💡 Optional: Read this after completing this lab to deepen what you've learned! ## Objectives After completing this MicroHack you will: -* Know how to use Azure Arc in your environment, on-prem or Multi-cloud +* Know how to use Azure Arc in your environment, on-prem or multi-cloud * Understand use cases and possible scenarios in your hybrid world to modernize your infrastructure estate * Get insights into real world challenges and scenarios @@ -72,11 +72,11 @@ This MicroHack has a few but important prerequisites to be understood before sta * [Azure Evaluation free account](https://azure.microsoft.com/en-us/free/search/?OCID=AIDcmmzzaokddl_SEM_0fa7acb99db91c1fb85fcfd489e5ca6e:G:s&ef_id=0fa7acb99db91c1fb85fcfd489e5ca6e:G:s&msclkid=0fa7acb99db91c1fb85fcfd489e5ca6e) * You need to have 3 virtual machines ready and updated. One with a Linux operating system (tested with Ubuntu Server 24.04), one with Windows Server 2025 and one with Windows Server 2012 R2 (optional). You can use machines in Azure for this following this guide: [Azure Arc Jumpstart Servers](https://azurearcjumpstart.io/azure_arc_jumpstart/azure_arc_servers/azure/) > **Note** - > When using the Jumpstart the virtual machines will already be onboarded to Azure Arc and therefore "Challenge 1 - Azure Arc prerequisites & onboarding" is not needed. + > When using the Jumpstart the virtual machines will already be onboarded to Azure Arc and therefore "Challenge 1 - Azure Arc prerequisites & onboarding" is not needed. Keep in mind that Azure Arc is not supported on an Azure VM, this is only done for educational or testing purposes. * [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) (Hint: Make sure to use the lastest version) * [Azure PowerShell Guest Configuration Cmdlets](https://learn.microsoft.com/en-us/azure/governance/machine-configuration/machine-configuration-create-setup#install-the-module-from-the-powershell-gallery) * It is not possible to run those commands from Azure Cloud Shell - * Please make sure you have at least Version 3.4.2 installes with the following Command: ```Install-Module -Name GuestConfiguration -RequiredVersion 3.4.2``` + * Please make sure you have at least Version 3.4.2 installed with the following Command: ```Install-Module -Name GuestConfiguration -RequiredVersion 3.4.2``` * [Visual Studio Code](https://code.visualstudio.com/) * [Git SCM](https://git-scm.com/download/) @@ -92,7 +92,7 @@ In challenge 1 you will prepare your Azure environemnt for onboarding of existin * Resource Group (Name: mh-arc-servers-rg) * Service Principal (Name: mh-arc-servers-sp) * Enable required Resource Providers -* Prep existing server operating system on-prem +* Prepare existing server operating system on-prem * Onboard existing server to Azure Arc ### Success criteria @@ -104,10 +104,10 @@ In challenge 1 you will prepare your Azure environemnt for onboarding of existin ### Learning resources -* [Plan and deploy Azure Arc-enabled servers](https://learn.microsoft.com/en-us/azure/azure-arc/servers/plan-at-scale-deployment) -* [Prerequisites for Connect hybrid machines with Azure Arc-enabled servers](https://learn.microsoft.com/en-us/azure/azure-arc/servers/learn/quick-enable-hybrid-vm#prerequisites) -* [Connect hybrid machines with Azure Arc-enabled servers](https://learn.microsoft.com/en-us/azure/azure-arc/servers/learn/quick-enable-hybrid-vm#generate-installation-script) -* [Create a service principal for onboarding](https://learn.microsoft.com/en-us/azure/azure-arc/servers/onboard-service-principal#create-a-service-principal-for-onboarding-at-scale) +* [Plan and deploy Azure Arc-enabled servers](https://learn.microsoft.com/en-us/azure/azure-arc/servers/plan-at-scale-deployment) +* [Prerequisites for Connect hybrid machines with Azure Arc-enabled servers](https://learn.microsoft.com/en-us/azure/azure-arc/servers/learn/quick-enable-hybrid-vm#prerequisites) +* [Connect hybrid machines with Azure Arc-enabled servers](https://learn.microsoft.com/en-us/azure/azure-arc/servers/learn/quick-enable-hybrid-vm#generate-installation-script) +* [Create a service principal for onboarding](https://learn.microsoft.com/en-us/azure/azure-arc/servers/onboard-service-principal#create-a-service-principal-for-onboarding-at-scale) ### Solution - Spoilerwarning @@ -117,7 +117,7 @@ In challenge 1 you will prepare your Azure environemnt for onboarding of existin ### Goal -In challenge 2 you will onboard your Windows and Linux virtual machines to Azure Monitor using the Azure Monitoring Agent (AMA) to leverage Azure Update Management, Change Tracking, Inventory and more. Be aware that Microsoft curently shifts from the retiring Log Analytics Agent to Azure Monitoring Agent. By that some of the features used in challange 2 are currently in preview. +In challenge 2 you will onboard your Windows and Linux virtual machines to Azure Monitor using the Azure Monitoring Agent (AMA) to leverage Azure Update Management, Change Tracking, Inventory and more. ### Actions @@ -129,7 +129,6 @@ In challenge 2 you will onboard your Windows and Linux virtual machines to Azure * Enable Change Tracking and Inventory * Enable VM Insights - ### Success criteria * You have a Log Analytics Workspace @@ -158,7 +157,7 @@ In challenge 2 you will onboard your Windows and Linux virtual machines to Azure ### Goal -Managing secrets, credentials or certificates to secure communication between different services is a main challenge for developers and administrators. Managed Identities is Azure's answer to all these challenges and eliminates the need to manage and securely store secrets, credentials or certificates on the virtual machine. In challenge 3 you will leverage Managed Identities via Azure Arc to securely access an Azure Key Vault secret from your Azure Arc enabled servers without the need of managing any credential. +Managing secrets, credentials or certificates to secure communication between different services is a main challenge for developers and administrators. Managed Identities is Azure's answer to all these challenges and eliminates the need to manage and securely store secrets, credentials or certificates on the virtual machine. In challenge 3 you will leverage Managed Identities via Azure Arc to securely access an Azure Key Vault secret from your Azure Arc-enabled servers without the need of managing any credential. ### Actions @@ -185,7 +184,7 @@ Managing secrets, credentials or certificates to secure communication between di ### Goal -* In this challenge, we will integrate your Azure Arc connected machines with Azure Defender for Cloud. After completing the previous challenges, you should now have an Azure subscription with one or more Azure Arc-enabled servers. You should also have an available Log Analytics workspace and have deployed the Log Analytics agent to your server(s). +* In this challenge, we will integrate your Azure Arc-enabled servers with Azure Defender for Cloud. After completing the previous challenges, you should now have an Azure subscription with one or more Azure Arc-enabled servers. You should also have an available Log Analytics workspace and have deployed the Azure Monitor agent to your server(s). You should be able to simulate a security alert on the server that is effectively monitored and alerted by Microsoft Defender for Cloud. ### Actions @@ -194,6 +193,7 @@ Managing secrets, credentials or certificates to secure communication between di ### Success criteria * Open Microsoft Defender for Cloud and view the Secure Score for your Azure Arc-enabled machine(s). +* Simulated a security alert picked up by Microsoft Defender for Cloud. ### Learning resources @@ -260,7 +260,7 @@ In this challenge, you will activate Extended Security Updates (ESU) for Windows [Solution Steps](./walkthrough/challenge-6/solution.md) -## Challenge 7 - Azure Automanage Machine Configuration - optional +## Challenge 7 - Azure Machine Configuration - optional ### Goal @@ -280,7 +280,7 @@ This challenge is about interacting with the client operating system. We will ha ### Learning resources -* [Understand the machine configuration feature of Azure Automanage](https://learn.microsoft.com/en-us/azure/governance/machine-configuration/overview) +* [Understand Machine COnfiguration](https://learn.microsoft.com/en-us/azure/governance/machine-configuration/overview) * [How to setup a machine configuration authoring environment](https://learn.microsoft.com/en-us/azure/governance/machine-configuration/machine-configuration-create-setup) * [How to create custom machine configuration package artifacts](https://learn.microsoft.com/en-us/azure/governance/machine-configuration/machine-configuration-create) * [How to create custom machine configuration policy definitions](https://learn.microsoft.com/en-us/azure/governance/machine-configuration/machine-configuration-create-definition) @@ -303,4 +303,5 @@ Thank you for investing the time and see you next time! * Christian Thönes [Github](https://github.com/cthoenes); [LinkedIn](https://www.linkedin.com/in/christian-t-510b7522/) * Nils Bankert [GitHub](https://github.com/nilsbankert); [LinkedIn](https://www.linkedin.com/in/nilsbankert/) * Alexander Ortha [GitHub](https://github.com/alexor-ms/); [LinkedIn](https://www.linkedin.com/in/alexanderortha/) -* Christoph Süßer (Schmidt) [GitHub](https://github.com/TheFitzZZ); [LinkedIn](https://www.linkedin.com/in/suesser/) \ No newline at end of file +* Christoph Süßer (Schmidt) [GitHub](https://github.com/TheFitzZZ); [LinkedIn](https://www.linkedin.com/in/suesser/) +* Laura Nicolas [GitHub](https://github.com/lanicolas); [LinkedIn](https://www.linkedin.com/in/lauranicolasd/) \ No newline at end of file diff --git a/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-1/solution.md b/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-1/solution.md index c3b264245..83d20e322 100644 --- a/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-1/solution.md +++ b/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-1/solution.md @@ -6,9 +6,9 @@ Duration: 20 minutes ## Prerequisites -Please ensure that you successfully verified the [General prerequisits](../../Readme.md#general-prerequisites) before continuing with this challenge. +Please ensure that you successfully verified the [general prerequisits](../../Readme.md#general-prerequisites) before continuing with this challenge. -### Task 1: Create Azure Resource Group +### Task 1: Create an Azure Resource Group Sign in to the [Azure Portal](https://portal.azure.com/). @@ -16,46 +16,46 @@ Sign in to the [Azure Portal](https://portal.azure.com/). *Please note: At the time of writing this solution, not all Azure Arc features are fully supported in all regions. We tested this solution in region West Europe.* -### Task 2: Create Service Principal +### Task 2: Create Service Principal -* [Create Service Principal](https://learn.microsoft.com/en-us/azure/azure-arc/servers/onboard-service-principal#create-a-service-principal-for-onboarding-at-scale) +* [Create an Azure Service Principal](https://learn.microsoft.com/en-us/azure/azure-arc/servers/onboard-service-principal#create-a-service-principal-for-onboarding-at-scale) ### Task 3: Enable Service providers -* Enable Azure Resource Provider +* Enable Azure Azure Arc's Resource Provider [Azure Arc Azure resource providers](https://learn.microsoft.com/en-us/azure/azure-arc/servers/prerequisites#azure-resource-providers) ### Task 4: Prepare on-prem Server OS -* Have a server, windows or linux ready, perhaps on your own laptop/notebook -* For windows, please use Windows Server 2025 with the latest patch level. 💡 ATTENTION: Use Windows Update to apply the latest patch level!! +* Have a server, Windows or Linux ready, perhaps on your own laptop/notebook +* For Windows, please use Windows Server 2025 with the latest patch level. 💡 ATTENTION: Use Windows Update to apply the latest patch level!! [Supported operating systems @ Connected Machine agent prerequisites - Azure Arc | Microsoft Docs](https://docs.microsoft.com/en-us/azure/azure-arc/servers/prerequisites#supported-operating-systems) - This Server OS could be hosted as a VM on VMware, Hyper-V, Nutanix, AWS, GCP or bare metal. We are focused on-prem. + This server OS could be hosted as a VM on VMware, VirtualBox, Hyper-V, Nutanix, AWS, GCP or bare metal. We are focused on-prem. #### Additional: * These servers should be able to reach the internet and Azure. - * You need to have full access and admin or root permissions on this Server OS. + * You need to have full access and admin or root permissions on this server OS. -* If you need to install and deploy your own server OS from scratch, then, download the following ISO files and save them on your own PC / Environment with your preferred Hypervisor e.g. Hyper-V or Virtualization Client (Windows 10/11 Hyper-V or Virtual Box). +* If you need to install and deploy your own server OS from scratch, then, download the following ISO files and save them on your own PC / Environment with your preferred Hypervisor e.g. Hyper-V or Virtualization Client (Windows 10/11 Hyper-V or VirtualBox). * [Ubuntu](https://ubuntu.com/download) * [Windows Server 2025](https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2025) * Install from the downloaded ISO your preferred OS. #### Using Azure Arc with Azure VMs -* In case you want to use an Azure VM for this MicroHack, you need to follow the guidance +* In case you want to use an Azure VM for this MicroHack, you need to follow the guidance but please note that this should only be done for evaluation and testing purposes as it is not supported in production. * [Evaluate Azure Arc-enabled servers on an Azure virtual machine](https://learn.microsoft.com/en-us/azure/azure-arc/servers/plan-evaluate-on-azure-virtual-machine) -With these prerequisites in place, we can focus on building the differentiated knowledge in the hybrid world with Azure Arc to enable your on-prem, Multi-Cloud environment for the Cloud operations model. +With these prerequisites in place, we can focus on building the differentiated knowledge in the hybrid world with Azure Arc to enable your on-prem, multi-Cloud environment for the cloud operations model. -### Task 5: Onboard Windows Server OS to Azure Arc +### Task 5: Onboard Windows Server to Azure Arc * Onboard the recent installed or prepared Windows Server OS to Azure Arc, by using the documented steps 1. Generate the installation script from the Azure portal [Link](https://learn.microsoft.com/en-us/azure/azure-arc/servers/onboard-service-principal#generate-the-installation-script-from-the-azure-portal) -*Please note: As not all Azure Arc features are implemented in Germany West Central region, we highly recommended to use West Europe region to onboard your VMs at the time of writing!* +*Please note: As not all Azure Arc features are implemented in all regions, we highly recommended to use West Europe region to onboard your VMs at the time of writing!* * Step by step ![image](./img/1.png) diff --git a/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-2/solution.md b/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-2/solution.md index 12af3866d..84132b9c7 100644 --- a/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-2/solution.md +++ b/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-2/solution.md @@ -8,7 +8,6 @@ Duration: 30 minutes Please ensure that you successfully passed [challenge 1](../../Readme.md#challenge-1) before continuing with this challenge. - ### Task 1: Create all necessary Azure Resources (Log Analytics workspace) 1. Sign in to the [Azure Portal](https://portal.azure.com/). @@ -17,14 +16,13 @@ Please ensure that you successfully passed [challenge 1](../../Readme.md#challen ![image](./img/5_CreateLAW.jpg) -***Please note**: For convenience, in this MicroHack create the Log Analytics workspace in the same resource group as you are using for your arc-enabled servers. Reason: The service pricinipal (used for remediation tasks) of the policy will be given the necessary RBAC roles on the scope where the policy is assigned. In this MicroHack we assume that every participant will assign the policy on resource group level. Hence, if the LAW is outside of that scope, you would need to assign the required permissions manually on the LAW.* - +***Please note**: For convenience, in this MicroHack create the Log Analytics workspace in the same resource group as you are using for your arc-enabled servers. Reason: The service principal (used for remediation tasks) of the policy will be given the necessary RBAC roles on the scope where the policy is assigned. In this MicroHack we assume that every participant will assign the policy on resource group level. Hence, if the LAW is outside of that scope, you would need to assign the required permissions manually on the LAW.* ### Task 2: Configure Data Collection Rules in Log Analytics to collect Windows event logs and Linux syslog 1. Navigate to the Log Analytics Workspace and open *Agents* in the left navigation pane. -2. Select *Data Collection Rules* followed by a click on *Create* to create Data collection rules. +2. Select *Data Collection Rules* followed by a click on *Create* to create Data collection rules. ![image](./img/2.2_Create_Data_Collection_Rule.png) @@ -40,7 +38,7 @@ Please ensure that you successfully passed [challenge 1](../../Readme.md#challen 6. Repeat step 4 & 5 for Linux Syslog and accept the defaults. -7. Create the Data Collection Rule. +7. Create the Data Collection Rule. ### Task 3: Enable Azure Monitor for Azure Arc enabled Servers with Azure Policy initiative @@ -53,7 +51,7 @@ Please ensure that you successfully passed [challenge 1](../../Readme.md#challen - Scope: Please select your resource group - Basics: Please search for *Enable Azure Monitor for Hybrid VMs with AMA* and select the initiative. -- Parameters: Please insert the Resource ID of the Data Collection Rule from Task 2. +- Parameters: Please insert the Resource ID of the Data Collection Rule from Task 2. - Remediation: Please select the System assigned identity location according to your resources, e.g. West Europe. Don't check the box for "Create a remediation task" here, as it would only create a remediation task for the first policy within the policy initiative. We will do this in one of the next steps for all policies. - Click *Review + create* and then *Create* @@ -117,7 +115,7 @@ Please ensure that you successfully passed [challenge 1](../../Readme.md#challen ### Task 5: Enable Change Tracking and Inventory -In order to use the built-in policy initiative to enable *Change Tracking and Inventory* feature, we first need to create a special data collection rule. At the time of authoring this solution walkthrough, this is not possible using the Azure portal. But you can use the ARM template here: [/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/resources/ChangeTracking/template-DCR-ChangeTracking.json](../../resources/ChangeTracking/template-DCR-ChangeTracking.json) to create this data collection rule. +In order to use the built-in policy initiative to enable *Change Tracking and Inventory* feature, we first need to create a special data collection rule. For ease of use we provide an ARM template [/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/resources/ChangeTracking/template-DCR-ChangeTracking.json](../../resources/ChangeTracking/template-DCR-ChangeTracking.json) to create this data collection rule. In the custom ARM template, provide the following parameters: | *Parameter* | *Value* | @@ -161,7 +159,7 @@ Check whether the change tracking data collection rule as been created successfu 8. Verify that all remediation were successful. This might take multiple minutes (or even hours). -9. Navigate to Azure Arc, select Servers, followed by selecting your Windows Server. Select Inventory. Please be aware that generating the initial inventory takes multiple Minutes/hours. After a while the white page should show values. +9. Navigate to Azure Arc, select Servers, followed by selecting your Windows Server. Select Inventory. Please be aware that generating the initial inventory takes multiple minutes/hours. After a while the white page should show values. ![image](./img/5.9_Inventory.png) @@ -174,7 +172,7 @@ Check whether the change tracking data collection rule as been created successfu 3. In the *Monitoring Configuration* form, for *Data collection rule* click the *Create New* link 4. Fill in the *Create new rule* form -- Data collection rule name: Provide a name (MSVMI for VMInsights will be appended automatically) - i.e. *DCR-MicroHack* +- Data collection rule name: provide a name (MSVMI for VMInsights will be appended automatically) - i.e. *DCR-MicroHack* - Enable process and dependencies (Map): Check the box - Subscription: Keep the default - Log Analytics workspace: Choose the workspace you created in task 1 @@ -184,7 +182,6 @@ Check whether the change tracking data collection rule as been created successfu 6. Wait for the deployment of the data collection rule to finish. This might take several minutes. - ### Coffee Break of 10 minutes to let the data flow between your Virtual Machines and Azure After your coffee break you should see that the Virtual Machines are reporting their status. You can now check the Update Management for pending updates, verify what software is installed on the machines and get deep insights of the utilization of your Virtual Machines. diff --git a/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-3/solution.md b/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-3/solution.md index 8e46dd58e..716baa777 100644 --- a/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-3/solution.md +++ b/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-3/solution.md @@ -18,7 +18,7 @@ Please ensure that you successfully passed [challenge 2](../../Readme.md#challen ![image](./img/2_KV_settings.jpg) -3. Please wait a few seconds until the creation of the Key Vault is complete. +3. Please wait a few seconds until the creation of the Key Vault is complete. ### Task 2: Create a new secret in your Key Vault @@ -133,6 +133,6 @@ curl 'https://mh-arc-servers-kv0815.vault.azure.net/secrets/kv-secret?api-versio Invoke-RestMethod @Query | Select-Object -ExpandProperty Value | fl * ``` -Congratulations! You retrieved the secret from your Key Vault without providing any credentials. The resulting possibilities are limitless. You can use it for managing certificates or any secret that is necessary to run your on-premises application. +Congratulations! You retrieved the secret from your Key Vault without providing any credentials. The resulting possibilities are limitless. You can use it for managing certificates or any secret that is necessary to run your on-premises application. You successfully completed challenge 3! 🚀🚀🚀 diff --git a/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-4/solution.md b/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-4/solution.md index 49df1f79b..efc8317fa 100644 --- a/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-4/solution.md +++ b/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-4/solution.md @@ -12,7 +12,7 @@ Please ensure that you successfully passed [challenge 3](../../Readme.md#challen ### Task 2: Configure Defender for Cloud * Enable Defender for Server -* Click on Upgrade +* Click on Upgrade ![image](./img/1.png) * Verify ![image](./img/2.png) @@ -27,7 +27,10 @@ Please ensure that you successfully passed [challenge 3](../../Readme.md#challen ![image](./img/7.png) +### Task 4: Simulate alerts on your Azure Arc-enabled servers. + +Once your server is visible in the inventory, you can follow [this guide](https://learn.microsoft.com/en-us/azure/defender-for-cloud/alert-validation) to validate that your system is properly configured and Defender is properly monitoring and responding to security alerts. + Congratulations! You secured any server which is outside of Azure and onboarded via Azure Arc. You successfully completed challenge 4! 🚀🚀🚀 - diff --git a/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-5/solution.md b/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-5/solution.md index 39f7f9cbe..c2155c9bc 100644 --- a/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-5/solution.md +++ b/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-5/solution.md @@ -29,7 +29,6 @@ Please ensure that you successfully passed [challenge 2](../../Readme.md#challen ### - ## Task 2: Start the assessment 1. Click "Go to resource" after the deployment has finished to move back to the Windows Server we're working on diff --git a/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-6/solution.md b/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-6/solution.md index 770d23d64..3cc60a3ef 100644 --- a/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-6/solution.md +++ b/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-6/solution.md @@ -38,8 +38,6 @@ Duration: 15 minutes ![alt text](img/image6.png) - - ### **Congratulations!** You successfully completed the challenge! 🚀🚀🚀 diff --git a/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-7/solution.md b/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-7/solution.md index 05a4ad8b3..09bc92a6e 100644 --- a/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-7/solution.md +++ b/03-Azure/01-03-Infrastructure/02_Hybrid_Azure_Arc_Servers/walkthrough/challenge-7/solution.md @@ -1,4 +1,4 @@ -# Walkthrough Challenge 7 - Azure Automanage Machine Configuration +# Walkthrough Challenge 7 - Azure Machine Configuration Duration: 30 minutes @@ -8,7 +8,6 @@ Duration: 30 minutes ### Setup a Policy that checks if the user "FrodoBaggins" is part of the local administrators group - 1. Please navigate to Azure Policy. 2. Navigate to *Assignments* in the left navigation pane and select *Assign policy* in the top menu. @@ -26,7 +25,7 @@ Duration: 30 minutes ![PolicyAssignmentParameters.png](./img/PolicyAssignmentParameters.png) > **Note** - > This example does not include remediation. If you want to learn more on how to use guest configuration to remediate the state of your servers please refer to [Remediation options for guest configuration](https://docs.microsoft.com/en-us/azure/governance/policy/concepts/guest-configuration-policy-effects). + > This example does not include remediation. If you want to learn more on how to use guest configuration to remediate the state of your servers please refer to [remediation options for guest configuration](https://docs.microsoft.com/en-us/azure/governance/policy/concepts/guest-configuration-policy-effects). 4. On Non-Compliance Message you can create a custom message that may contain additional information like link to internal documentation or just an explaination why this policy is set. @@ -84,7 +83,7 @@ Find it here [AddKey.zip](https://github.com/microsoft/MicroHack/raw/main/03-Azu > **Note** - > You will need at least the *Storage Blob Data Contributor* role to be able to upload the file. + > You will need at least the *Storage Blob Data Contributor* role to be able to upload the file. > **Note** > The expiry date needs be to less than 7 days in the future.