Automate Azure VM Best Practices Configuration Using Azure Automanage
Azure Automanage helps you to make sure your virtual machines (VM) are consistently configured with Microsoft’s best practice recommendations. And that’s a valuable service because Azure is constantly growing and changing, making it hard for IT professionals to keep up with best practice recommendations.
Automanage is currently in preview. It is designed to configure and onboard VMs to Azure services that improve security. The goal is to help organizations reduce costs by automating server management, improving VM uptime, implementing security best practices, and applying configurations at scale.
Windows Server and virtual machine best practice configuration
Services that Automanage can configure include Azure Backup, Security Center, Change tracking, Log Analytics, and more. Automanage also configures Windows according to Microsoft’s baseline OS settings. These settings are usually applied using Group Policy. But that requires Windows to be joined to a Windows Server Active Directory domain. So, Automanage takes much of the heavy lifting out of configuring Windows and VMs to meet security and configuration standards.
Automanage for Linux in Preview
But Automanage doesn’t just configure Windows and VMs as they are initially deployed. Monitoring ensures that any drift from best practice configuration is promptly rectified. Automanage is also now available for Linux VMs in preview.
Azure Automanage Pricing
During the preview phase, Automanage is free. Microsoft will announce pricing for the service once it gets nearer to the end of the preview. Be aware that if you continue using Automanage once the preview has finished, Microsoft will charge you according to the announced rates.
How to Set Up Azure Automanage
Setting up Automanage is relatively easy. Like any other Azure service, you can open Automanage by searching for it in the search box at the top of the Azure Management Portal.
You then add existing VMs to the service. Once you have selected which VMs you’d like to be managed, select a configuration profile to deploy. You get two profiles out of the box. One for dev/test VMs, which provides a suite of services specifically designed for dev/test workloads. And one for production VMs, which has everything in dev/test, along with robust insights and backup.
The Dev/Test profile gets the following services:
- Azure Security Centre
- Microsoft Antimalware (Windows only)
- Update Management
- Change Tracking and Inventory
- Guest Configuration (Linux: Audit only)
- Azure Automation Account
- Log Analytics Workspace
You can modify the out-of-box configuration profiles and create your own profiles. Once you’ve selected a configuration profile, all you need to do is hit Enable.
Let Microsoft manage your security
Microsoft is pushing organizations to let it take care of security. And while that means another monthly subscription fee, allowing Microsoft to handle, and importantly, automate security for your cloud infrastructure could provide more robust systems and reduce costs overall. Microsoft has a wealth of experience in securing large-scale infrastructure and many breaches are down to organizations not following best practices and not understanding how to implement configurations properly.