Windows Server Summit | Azure Arc - the "Intune for Servers"
Krähe mit HutWSUS has been discontinued and Intune does not work for servers. How can I manage my servers now?
Endlich hat Microsoft eine Antwort darauf: Azure Arc! Den Dienst gibt es schon seit einiger Zeit, aber mittlerweile mausert er sich zum "Intune for Servers". Dies wird klar, wenn man sich vor allem die Funktionen anschaut, die kürzlich hinzugekommen oder für dieses Jahr geplant sind. Microsoft platziert Azure Arc mittlerweile als "SCCM/MECM modernization".
Die folgenden Funktionen sind nur ein Ausschnitt - die Planungen (Stichworte: Softwareverteilung, Anwendungspatching, Tasksequenzen...) machen klar, wo die Reise hingeht.
Modernize server management and connectivity with Azure Arc
Azure Arc gateway
For customers who do not want their servers to have direct internet connectivity, there is a proxy service available for Azure Arc that can be deployed locally.
Azure Machine Configuration
Azure offers a service called Azure Policy, which can be used to distribute security and compliance policies to systems in accordance with common standards such as ISO 27001 and NIST. Azure Arc also allows these policies to be applied to locally deployed systems and automatic remediation to be performed.
Azure Update Manager
Update Manager is used to manage and distribute monthly updates for Windows Server. Accordingly, this service should be seen as a replacement for the classic Windows Server Update Services (WSUS), which Microsoft recently discontinued.
Azure Change Tracking and Inventory
This area allows you to view changes to the systems in an overview and to view an inventory list of all systems.
Azure Run Command
This feature allows scripts to be run on systems integrated with Azure Arc (both Windows and Linux).
Azure-arc enabled management and pay-as-you-go for Windows Server
Pay as you go
With Windows Server 2025, there is now another licensing option in addition to traditional volume licenses and CSP subscriptions: pay-as-you-go. The cost is $33.58 per core per month ($0.046 per core per hour), with the first 7 days free of charge. The use of Windows Insider Builds will also be free of charge.
To do this, the server must be integrated into Azure Arc. This can be done either during installation or at a later date. This is helpful in the following scenarios, for example:
- Temporary installations
- New Windows Server 2025 VM on older Windows Server host (when using Hyper-V)
- Physical servers
Management features
The following features are all included in Software Assurance and Pay-as-you-go, so there are no additional costs in these cases.
Windows Admin Center in Azure Arc
Those who are already familiar with Windows Admin Center from a local installation will quickly find their way around here—the features of WAC are integrated into the Azure Arc portal.
Remote Support
Known as “Remote Assistance” for Windows clients, this approach has been further developed for Windows Server and integrated into Azure Arc.
Network HUD
This feature provides an overview of the local network and is designed to offer optimization and troubleshooting support.
Best Practices Assessment
Who is familiar with the Best Practices Analyzer from Windows Server? While the local version is fairly static, recommendations are constantly being added and revised in Azure Arc.
Azure Site Recovery configuration
This feature prepares servers for use with Azure Site Recovery (a service for backing up local servers to Azure and deploying them in Azure in the event of a disaster). However, it is still necessary to deploy and configure Azure Site Recovery itself in Azure.
Hotpatching and update management for Windows Server with Azure Arc
Time and again, monthly updates cause beads of sweat to form on our foreheads—will the server start up normally again after the restart…? Admittedly, this problem is not solved, but at least the intervals between maintenance windows are getting longer—with hot patching!
Hot patching works on a quarterly basis—baseline updates are provided in the first month of a quarter (basically the classic update with restart). In the following two months, only security updates are provided and installed in such a way that no restart is necessary.
However, there is one sticking point – virtualization-based security must be enabled for the server, which requires a TPM (or a virtual TPM). This may not be easily possible in every environment.
In addition, hot patching is subject to a fee if the server is not running in Azure or Azure Local: $1.50 per core per month. Incidentally, hot patching will be available in Azure (Local) starting with Windows Server 2022, but only locally starting with Windows Server 2025.
Additional information
Official videos:
Modernize server management and connectivity with Azure Arc - Windows Server Summit
Azure Arc-enabled management and pay-as-you-go for Windows Server - Windows Server Summit
Hotpatching and update management for Windows Server with Azure Arc - Windows Server Summit
Overview of all articles: Windows Server Summit in a nutshell
Liked this article? Share it!
One thought on “Windows Server Summit | Azure Arc - the "Intune for Servers"”