for all servers 1 Install Azure Arc in your hybrid and multicloud environments Cloud to edge management 2 Streamline configuration management and resiliency Modernize and migrate workloads to be AI-ready 3 Deliver business value faster with intelligent apps on Azure Azure Arc Windows Server management capabilities Azure IaaS, Application, Data, and AI Services
WS SA Redirect investment on security foundation with Defender for Server P1 Extend investment to improve continuous operational security with CSPM and Defender for Server P2 Ongoing Operational Security Management & Govern with Azure Manage all Windows Servers (and their licenses) deployed on-premises, in Azure or third-party clouds with Azure Inventory and Change Tracking Administrate Windows Servers remotely (including RDP) using Windows Admin Center from the Azure Portal Integrate full lifecycle VM management operations for VMware and SCVMM Manage access and permissions across environments using Azure EntraID authentication and Azure RBAC Proactive and actionable insights using Windows Server Assessment Schedule and automate Windows Server updates using Azure Update Manager Security Foundation for Windows Server NextGen antivirus protection and EDR with Defender for Server (from P1) Secure and protect server, detecting vulnerabilities and threats and protecting against malicious attacks with Defender for Server (from P1) Enhance security using Extended Security Updates* as a service for WS2012 Audit and reinforce server settings and desired states configurations with Azure Machine Configuration and Azure Policy Key insights and observability across all Windows Servers (logs, metrics, network, health) with Azure Monitor Enhance operational efficiency through configurable Disaster Recovery with Azure Site Recovery Actionable security insights with hardening assessment using Defender for Server P2 Regulatory compliance and industry benchmarks, risk prioritization, and governance management with Defender CSPM (or Defender for Server P2) Automate many common manageability tasks with Microsoft Copilot for Azure (preview) Delivering Azure management & security to Servers How Azure benefits from Windows Server SA leverages security opportunity * Defender for Server (compatible from WS2012R2+)
across boundaries Cultivate data and insights across physical operations Enabled by Azure Arc Adaptive Cloud Azure Monitor Microsoft Defender for Cloud Microsoft Copilot for Azure Visual Studio Azure Kubernetes Service Machine Learning Microsoft Fabric IoT Operations GitHub
visibility in a single pane of glass to all my existing and future infrastructure and applications.” Compliance “I need to manage security and incident management across my public cloud and datacenter assets.” Inconsistency “I want my on-prem skills to work in the cloud, and my cloud skills to work on-prem.” Regulation “Our DB layer must remain on-premises due to sensitive patient data and data availability needs.” Latency “We can’t take a dependency on the internet. If we lose connectivity, we still want to be able to access the data.” Legacy “Our older systems take too much maintenance. We want evergreen technology and to pay for it like a utility.” Multi-cloud Datacenter Edge
with Azure Arc How to govern and operate across disparate environments? How to ensure security across the entire organization? How to best enable innovation and developer agility? How to meet regulatory requirements and overcome technical hurdles? 100’s–1,000’s of apps Diverse infrastructure Hybrid & Multi-Cloud
Infrastructure Microsoft recognized once again as a Leader for its Ability to execute and Completeness of vision in 2024 Gartner® Magic Quadrant for Distributed Hybrid Infrastructure | Microsoft Azure Blog
for Azure Microsoft Defender for Cloud Azure Monitor Microsoft Sentinel Azure Policy Azure Update Manager Configuration Management Inventory Management Azure Services across your infrastructure Datacenter, multicloud, and edge
and operate hybrid resources as native Azure resources Azure Arc-enabled infrastructure Services Deploy and run Azure services outside of Azure while still operating it from Azure Azure Arc-enabled services Arc Server K8s Windows SQL Server Linux Multi-cloud Datacenter Edge Microsoft Defender Microsoft Sentinel Azure Monitor Update Manager & ESU Azure Policy AVS
with new Azure services from a single pane of glass. Compliance Networking capabilities Security Disaster Recovery Copilot integration Access Management Easy to onboard Manage Govern Secure Updates + hotpatching
non- interactively using Configuration Manager, Group Policy, Ansible with a Azure service principal Autodiscover servers and deploy Arc agent in AWS using Azure Arc multicloud connector* Automatically onboard agent during VM creation on VMWare vSphere and SCVMM using Azure Arc Resource Bridge Requirements: • A local account that is a member of a local administrator group • The following resource providers must be registered in the targeted subscription: Microsoft.HybridCompute, Microsoft.GuestConfiguration, Microsoft.HybridConnectivity, Microsoft.Compute and Microsoft.AzureArcData • Subscription(s) and resource group(s) where servers will be represented. • Service Principal with Azure Connected Machine Onboarding role on the targeted subscription(s) or resource group(s) • Whitelist Azure Arc URLs on proxy or firewall • If private traffic must be reinforced, setup private link scope and private connectivity between Azure and targeted environment * GCP coming soon Onboarding with Azure Arc
enrolled in Windows Server Pay as you Go can access the following capabilities at no additional cost: • Azure Update Manager • Azure Machine Configuration [Policy] • Azure Change Tracking and Inventory* • Best Practices Assessment* • Remote Support • Network HUD • Azure Site Recovery configuration* • Windows Admin Center in Azure for Arc *May incur additional storage, log data ingestion, and compute costs
Public Endpoint Private Endpoint Service tag Private Link Azure Express Route & Site-to-Site VPN Internet Proxy 1. Direct connection (Internet) 2. Connection via Proxy (Internet) 3. Service tag (S2S VPN/ER) 4. Private Link (S2S VPN/ER) Connectivity options – Azure Arc-enabled servers
your machines and their changes • Software • Services/Daemons • Files • Registries • View how many machines have a specific software or version • Updated when a change is detected • View changes when troubleshooting • Alerting on critical changes • Differences in inventory snapshots Requires AMA (Azure Monitor Agent) with Log Analytics workspace
across your Azure, on-premises, and multi-cloud estates from one place • Easily deploy updates to your machines • Schedule one-off or recurring updates • Schedule recurring updates for machine groups • Target systems by name, imported groups, or custom query • Verify update compliance across your environment • Track update deployments across your environment • Audit past deployments
• Operating System settings • App configuration or presence • Environment settings • Advanced reporting through Azure Resource Graph • Ability to create custom packages • Built in configurations for operational and security best practices • OS settings, expiring certificates, networking capabilities • TLS Versions, local user accounts, security baselines • Native to Azure Arc’s Connected Machine Agent
servers from anywhere without a VPN, public IP address, or other inbound connectivity Management, configuration, troubleshooting, and maintenance functionality in a single pane of glass • Virtual machines tool • Event viewer • Remote Desktop • File explorer • ….and much more!
machine remotely Grant consent while controlling access level and duration of access (JIT) on an incident-by- incident basis View detailed transcripts of all executed operations at any time Revoke consent at anytime Access is auto disabled once the consent duration expires
with application insights Correlate issues at infra level with insights for VMs, containers, SQL, network, etc. Operationalize at scale with smart alerts and automated actions Drill down with log analytics for troubleshooting & deeper diagnostics Create visualizations with Azure dashboards & workbooks
generate list of issues and remediation guidance Provide customers with best practices to improve performance of their server infrastructure and features such as deploying applications, software updates, etc… Assesses in the following areas: • Server Baselines • Server Security • Hyper-V • Failover Cluster • IIS (*) : Available in preview
on your machine and associates the replication policy, vault, and Hyper-V site with the agent Ensure business continuity Keeps business apps and workloads running during outages Provides replication and data resilience
re- installing agents Vulnerability assessment built-in with flexibility to use tools like Qualys offering integrated vulnerability scanning for your connected machines Use Just-in-Time VM access to control access to commonly attacked management ports Block malware with adaptive application controls Set guardrails with Azure Policy integration, server owners can view and remediate to meet their compliance Two plans available P1 (5$ per server) & P2 (15$ per server) Microsoft Defender for Cloud On-premises and/or multicloud Azure Arc Azure Arc-enabled servers
users, devices, applications, and infrastructure, both on-premises and in multiple clouds Detect previously uncovered threats and minimize false positives using analytics and threat intelligence from Microsoft Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft Respond to incidents rapidly with built-in orchestration and automation of common tasks
aligning with organizational policies. • Operate: Answer questions, author complex commands, and manage resources. • Troubleshoot: Orchestrate across Azure services to summarize issues, identify causes, and suggest solutions. • Optimize: Improve costs, scalability, and reliability through recommendations tailored to your environment
estate with better observability Single view of all SQL Servers deployed on-premises, in Azure and other clouds Capture key performance metrics with out-of-box monitoring Gain proactive and actionable insights with automated best practices assessment Utilize migration assessment and best- fit recommendation on SQL IaaS/PaaS Enhance business continuity Manage Availability Groups inventory and track real-time health status View Always-on Failover Cluster Instances and protect with Defender Enhance operational efficiency through configurable Automated backups Minimize downtime and operational disruption with Point-in-time restore Govern and protect all SQL estate using Azure Protect your on-premises and multicloud data using Microsoft Defender for Cloud Enhance security using Extended Security Updates as a service and auto patching Central insights and governance across all SQL Servers with Microsoft Purview Unified sign-on experience with Microsoft Entra ID authentication Azure Pay-As-You-Go enabled by Azure Arc for SQL Server anywhere, with simplified onboarding Manage, govern, and protect your SQL Server from Azure
or 3P Clouds Azure Built-in capabilities SQL Server Arc Enabled SQL Server SQL Server Azure VM Pay-as-you-go billing Azure AD auth Best practices assessment Inventory management Auto patching Auto backup Monitoring Defender for SQL Server TDE with Azure Key Vault HA/DR inventory management License compliance management Cluster aware patching and upgrades Purview premium Point-in-time restore Backup long-term retention to Azure
SQL Server estate across on-premises and multicloud environments Use Cases Identify opportunities for performance optimization, improvement on security posture and compliance Perform proactive planning on disaster recovery and high availability Perform more accurate capacity planning on SQL Server resources Key Capabilities 450+ rules to evaluate the configuration of SQL Server estate at scale Provide a prioritized list of the risks detected and step-by-step mitigation guidance Scan in intervals for most up to date results Benefits Improve uptime and performance by mitigating the risks detected Enhance security and compliance posture Increase efficiency of DBA’s routine operation by at-scale assessment Best Practices Assessment for SQL Server enabled by Azure Arc
introduces two new components: • Arc gateway – A common front end for Arc traffic. This Gateway is served on a specific domain, that customers must allow access to. • Arc Proxy – A component that routes all Arc Agentry traffic to its destination in Azure via the Gateway. This Proxy is part of Arc core agentry and runs within the context of an Arc enabled resource.
On-premises infrastructure Arc proxy forwards traffic via on-premises enterprise proxy On-premises single server Arc agentry & extensions use the Azure Arc Proxy as their forward proxy On-premises servers [unique-guid].gw.arc.azure.com Azure endpoint targets gbl.his.arc.azure.com Microsoft Entra ID login.microsoftonline.com Azure Resource Manager (ARM) management.azure.com Microsoft Entra ID traffic routes directly ARM traffic routes directly Target services endpoints reached via Arc gateway using HTTP tunnels over HTTP2 Arc gateway is reached using TLS connection Hybrid Identity Service traffic routes directly Azure Update Manager Arc gateway proxies traffic only to Azure services endpoints
Operate and scale with the power of the cloud Ready for all your apps: VMs and containers alike Flexibility to meet your requirements and budget Extend cloud security to your distributed locations
and APIs Low-spec, low-cost edge servers Simpler, smaller hardware for light computing requirements. NEW PREVIEW Disconnected operations Meet strict data residency regulations with a permanently disconnected option. NEW PREVIEW Connected servers (formerly Azure Stack HCI) Choose from over 100 hyperconverged server platforms from major OEMs. GA Existing customers of Azure Stack HCI will transition seamlessly to Azure Local with the next software update.
Azure Arc Low-cost and rugged Connected servers Disconnected operations Ready for all your apps: VMs and containers alike Flexibility to meet your requirements and budgets Extend cloud security to your distributed locations Operate and scale with the power of the cloud
Identity Monitor Graph Defender Policy Billing Updates Support Management services Foundational services Kubernetes services Virtual machines Storage paths Logical networks App Service Functions Logic Apps Arc-enabled SQL Server Managed instance PostgreSQL Windows and Linux Azure IoT Operations Azure Virtual Desktop Local AI search (preview) Machine Learning Video Indexer NEW Cloud region Distributed location Enabled by Azure Arc
launch Azure Local 1 Requirements at launch Windows Server certified Windows Server certified Min. 2+ machines 1+ machine Min. 4+ disks per machine 1+ SSD per machine 2 Min. 10 Gbps w/ RDMA 1 Gbps/2.5 Gbps Ethernet 3 Active Directory required Doesn’t require AD 4 NEW SuperMicro SYS-E302 Fan-less server Dell MC-4000r/z + MC-4510c Rugged two-sled chassis HPE MicroServer Gen11 Micro tower server Lenovo ThinkEdge SE350v2 Half-width, half-depth 1U Example possible solutions, pending validation 1 : Reduced requirements allowed up to maximum of 3-node cluster 2 : Excludes OS boot disk 3 : Must support Hyper-V virtualization 4 : In preview now, coming 2025
disconnected from the cloud Host backend Azure resource manager, portal, and services in local appliance VM Subset of services available: Portal ARM Registries Key Vaults Policy 2 Local Machines Kubernetes Copilot AVD Defender Others Infrastructure Infrastructure Control plane Workloads Control plane 1 (appliance VM) Workloads Cloud region Distributed location Azure Local (connected) Azure Local 1 : Available only to customers who prequalify based on industry, use case, and other considerations 2 : Partial functionality NEW
michmuch
scarletplover
nagisa53
ysakotch
mochizuki875
shujisado
lycorp_recruit_jp
rssytems
yokawasa
kutsushitaneko
righttouch
tsukuha
goataka
addyosmani
malarkey
irinanazarova
akosma
keathley
shpigford
matthewcrist
gr2m
notwaldorf
chrislema
danielanewman
sferik
