How to Manage Azure VMs running Windows Server using the Windows Admin Center.

The Windows Admin Center (WAC) is a web portal for managing local or remote servers via a gateway that uses PowerShell Remoting and Windows Management Instrumentation (WMI) over WinRM. WAC will eventually replace Server Manager, and going forwards, is where Microsoft will make future investments in Windows Server GUI management.

WAC gateways can be installed on Windows Server 2016, Windows Server version 1709, Windows Server 2019, and Windows 10. WAC can manage Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, and Windows Server 2012. It can also manage Hyper-V Server, Azure VMs, Azure Backup, highly-converged infrastructures (HCI), and more.

For more information on WAC and how to install it, see Getting Started with the Windows Admin Center and How to Install the Windows Admin Center in Server Core on Petri.

Managing Azure VMs using WAC

There are three ways Azure VMs can be managed using WAC. The first and easiest is to install WAC on a local device and connect it directly to an Azure VM’s public IP address. If your Azure VMs don’t have public IP addresses, you can either set up a VPN between your cloud VNET and the network where the WAC gateway is installed or set up a WAC gateway on a VM connected directly to your Azure VNET.

Whichever method you choose, you’ll will need to manually enable Windows Remote Management (WinRM) on any Azure VMs you want to manage. WinRM is enabled by default in Windows Server but disabled in the gallery images used to deploy Windows Server in Azure. Windows Firewall needs to be configured with an inbound rule to allow port 5985 for WinRM over HTTP. Secondly, depending on how you provision your Azure VMs, you will need to ensure that Azure networking allows inbound traffic on port 5985.

Set Up Windows Remote Management

Let’s start by enabling WinRM in an Azure VM. If you don’t already have an Azure subscription and virtual machine, take a look at Create a Virtual Machine in the Azure Cloud on Petri.

• Log in to the Azure virtual machine with an administrator account.
• Open a PowerShell window.
• Run the two commands shown below and when prompted, type y and press ENTER to make changes to LocalAccountTokenFilterPolicy.

winrm quickconfig

Set-NetFirewallRule -Name WINRM-HTTP-In-TCP-PUBLIC -RemoteAddress Any

The first command enables Windows Remote Management. The second command makes sure that there is an inbound Windows Firewall rule for WinRM over HTTP.

In the Azure management portal, let’s make sure that Azure networking in configured to allow WinRM over HTTP to the virtual machine.

• In the Azure management portal, click Virtual machines in the list of services on the left.
• In the Virtual machines panel, click the virtual machine you want to manage using WAC.
• In the VM panel, click Networking on the left.
• Under INBOUND PORT RULES, click Add inbound port rule.
• In the Add inbound security rule panel, type 5985 in the Destination port ranges box. In the Name field, type WinRM_HTTP and then click Add.
• The new rule will appear in the list of inbound security rules.

Connect WAC to Azure VM

Now that the virtual machine and Azure networking have been configured, let’s connect WAC to the Azure VM.

• Connect to Windows Admin Center. See Getting Started with the Windows Admin Center on Petri for more details on how to use WAC.
• On the Windows Admin Center screen, click + Add under All Connections.
• In the Add Connections panel, click Add Server Connection.
• On the Add Server Connection screen, type the public IP address of the Azure VM you want to manage.

• Under Credentials Needed, check Use another account for this connection.
• Enter the administrator credentials for your Azure VM and then click Submit with Credentials.
• If you get a warning that the server was not automatically discovered, proceed by clicking Submit.
• The Azure VM will now appear in the list of server connections in WAC. To manage the server, click the Azure VM in the list and WAC will connect.

In this article, I showed you how to add an Azure VM to WAC using the VM’s public IP address. In a production environment, I would prefer to connect the WAC gateway to the Azure VNET using a VPN or place the gateway on an Azure VM.