Configuring Azure Arc-Enabled Windows Servers with Azure VM Extensions

Jimi - Aug 15 - - Dev Community

Introduction

In our final guide for the series we'll walk through the process of configuring Azure Arc-enabled Windows servers using an Azure VM extension. We'll cover essential steps like installing IIS and blocking the legacy Azure Log Analytics agent. Whether you're a system administrator new to Azure Arc or looking to refine your configuration, this post will provide valuable insights.

Step-by-Step Guide

Installing IIS

  1. Log into your Windows VM: Establish a Remote Desktop connection to your Windows VM.
  2. Open PowerShell ISE: Launch Windows PowerShell Integrated Scripting Environment (ISE) with administrative privileges.

    Locating Powershell ISE

  3. Create the installation script:

    • Paste the following script into PowerShell ISE: ```powershell

Install-WindowsFeature -name Web-Server -IncludeManagementTools
Remove-Item -Path 'C:\inetpub\wwwroot\iisstart.htm'
Add-Content -Path 'C:\inetpub\wwwroot\iisstart.htm' -Value "$env:computername"

    ![Pasting script in powershell](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/l6p89wdoaukh6945hiul.jpg)* Save the script as `Install_IIS.ps1` in your Documents folder.

    ![Pasting the script into a text document](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/4960rvls374s7cm5e5y6.jpg)

4. **Create an Azure storage account:**
   * Navigate to the Azure portal and create a new storage account.

    ![Locating storage account](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/z3726rfrod35bteo5zah.jpg)
   * Configure the storage account with your Subscription, Resource Group, and create a globally unique name.
   * Select Locally Redundant Storage (LRS) for redundancy and click "Review + Create".

    ![Configuring Storage Account](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/taynx0kfx1b66483gpci.jpg)
5. **Create a storage container:**
   * Within the storage account, click on "Container" to create a folder for the script.

    ![Creating Storage Container](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/v4zlv4hkdbfme5ljdknb.jpg)
   * Click on "+ Container"

    ![Creating the storage container](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/pemkxohn153jau1hti54.jpg)
   * Create a name for the storage container then click on "Create"
    ![Creating the container](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/xtcmi61pvc3mqoko5k80.jpg)
6. **Upload the script:**
   * Upload the `Install_IIS.ps1` script to the created storage container.
    ![Clicking upload](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/4stqpzxlg98g5ry3rx1t.jpg)
    ![Uploading the created script](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/r28vqnex3jve3audvmdj.jpg)

7. **Configure the Azure VM extension:**
   * In the Azure portal, navigate to your Azure Arc-enabled machine.
   * Underneath "Settings" click on "Extensions"
    ![Finding Extensions](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/zpsqxqqmjzyuiwqcmdjg.jpg)
   * In the Extensions page, search for and add "Custom Script Extension for Windows - Azure Arc."

    ![Searching for the custom extension](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/g3hkzkbqhihdosi2hs0w.jpg)
   * Configure the extension to use the storage account and container containing the script.

    ![Picking the Storage Container](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/dqkvfk0ov3f88w7l9j12.jpg)

    ![Picking the script](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/qadyrill1eyvx9p8ppb8.jpg)

    ![Clicking "Review+Create" to create extension](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/s1fb776o93q5ln1kilf6.jpg)

8. **Verify IIS installation:**
   * Wait for the deployment to complete.
   * Open a web browser and navigate to `https://localhost`. You should see the server's name. Alternatively, check the contents of `C:\inetpub\wwwroot\iisstart.htm`.

#### Blocking the Legacy Azure Log Analytics Agent

1. **Open Command Prompt:** Launch Command Prompt on the Windows VM.

    ![Opening command prompt](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/ok3mfwt19xpfj259ltn8.jpg)
2. **Check current configuration:**
   * Run `azcmagent config list` to view the current configuration.
3. **Block the agent:**
   * Execute `azcmagent config set extensions.blocklist "Microsoft.EnterpriseCloud.Monitoring/MicrosoftMonitoringAgent"` to block the agent.
4. **Verify the change:**
   * Run `azcmagent config list` again to confirm the blocklist entry.

    ![Checking the environment](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/nxll8ocmoch19uyklpa9.jpg)

**Conclusion:**
Congratulations on completing this guide! You've successfully transformed your Windows Server into a managed Azure Arc-enabled machine. By integrating Azure Policy, Microsoft Defender for Cloud, Azure Monitor, and Azure Update Manager, you've established a strong foundation for security, compliance, and management.

To deepen your understanding, explore the Azure portal for detailed insights into your environment. Remember to clean up resources when finished to avoid unnecessary costs.
Enter fullscreen mode Exit fullscreen mode
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .