Azure Arc Deployment
      Back to home
      1. Sittadel Knowledge Base
      2. Deploy MDE
      3. Azure Arc Deployment

      Azure Arc Onboarding (Windows Server)

      Comprehensive guide for Windows Server Azure Arc onboarding: preparing prerequisites, initiating the Azure Arc Setup wizard, authenticating, configuring the connection to Azure, and confirming successful enrollment.

      Prerequisites

      Before you begin, confirm you have an active Azure subscription, and the right Azure built-in roles are assigned to the resource group to complete different aspects of this onboarding process. (Connected Machine Onboarding or Contributor to onboard | Connected Machine Resource Administrator to manage).

      Register the required resource providers in your subscription to use Azure Arc-enabled servers. (Microsoft.HybridCompute, Microsoft.GuestConfiguration, Microsoft.HybridConnectivity).

      On the server, ensure a supported 64-bit Windows or Linux OS is installed and that you have local admin/root access on the device.

      Allow outbound HTTPS (443) to Azure Arc endpoints (AAD/ARM/Arc identity & guest configuration/notification/extension storage).

      Plan your sign-in method—interactive, device code, or service principal—and pick the Azure region and resource group where the server’s metadata will reside.

      An in-depth Microsoft Resource explaining all the intricacies of the prerequisites can be found here.

      Have questions if you meet the prerequisites? Ask for engineering at Help@Sittadel.com

      Azure Arc Onboarding

      1. There are three ways to initiate the Azure Arc Setup wizard:
        1. Expanding the System Tray and selecting the Azure Arc icon, followed by selecting the Launch Azure Arc Setup action.
        2. Selecting the Launch Setup action available within the Azure Arc Setup Notification displayed in Server Manager.
        3. Selecting the Start Menu and leveraging the Search functionality to look-up the Azure Arc Setup utility.
        Tip: If you don’t see the system tray icon or the Server Manager prompt, confirm that the Azure Arc Setup feature is enabled on the server. The Azure Arc Setup feature only applies to Windows Server 2022 and later. Released in the Cumulative Update of 10/10/2023.
      2. Initiating the Setup Wizard will display the introduction screen, highlighting what you gain by connecting this server to Azure Arc (centralized management, policy, and extensions). When you are ready to continue, select Next.
      3. Within the following section, the wizard will automatically run a prerequisite check for the Azure Connected Machine (AzCM)  agent. If during the check anything shows Action required, follow the guidance, fix the issue, and rerun the check. When all checks Pass, the wizard installs the Azure Connected Machine agent. After the install completes, select Configure to continue.
      4. Initiating the Configuration Wizard will display the configuration screen, highlighting what’s needed to finish setting up the Azure Connected Machine (AzCM) agent. When you are ready to continue, select Next.

        Tip: Have any needed credentials handy. No changes are applied until you continue.

      5. Within the following section, select your Azure cloud (e.g., Azure Global, Azure Government, or Azure China), choose the Sign in to Azure action to initiate a browser window opening where you will Authenticate with your Azure account (MFA may be required).

        Tip: If the server doesn’t have a browser, select the Generate code option below the Sign in to Azure action and access the following link provided in this option on a different device to authenticate.


      6. Once you have successfully authenticated for your Azure account, return to the Configuration Wizard to confirm you’re signed in. When you are ready to continue, select Next.
      7. Within the following section, we will tell Azure where to create the Arc resource and how this server will connect to the cloud environment:
        1. Azure Active Directory Tenant — Select the tenant to use. Ensure the subscription you pick belongs to this tenant.
        2. Subscription — Choose the subscription that will own this Arc resource. Make sure that this subscription has the necessary resources required to use Azure Arc-enabled servers. (Microsoft.HybridCompute, Microsoft.GuestConfiguration, Microsoft.HybridConnectivity). Access the following link to view active Subscriptions in your environment.
        3. Resource Group — Pick the resource group to contain the server’s Arc resource. Make sure the right Azure built-in roles are assigned to the resource group to complete different aspects of this onboarding process. (Connected Machine Onboarding or Contributor to onboard | Connected Machine Resource Administrator to manage). Access the following link to view active Resource Groups in your environment.
        4. Azure Region — Select the region where the Arc resource (metadata) will be stored.
        5. Network Connectivity — Choose how the agent connects:
          1. Public endpoint (default): outbound HTTPS (TCP 443) directly to Azure.
          2. Proxy Server: use if the server reaches the internet through an HTTP/HTTPS proxy; you’ll provide proxy details in the next step.

      8. Once the necessary items above have been correctly configured, select Next to continue.

      9. When configuration finishes and the server is successfully onboarded to Azure Arc, click Finish.

        Tip: If something fails, review the message and select Retry or check the agent logs.

      10. After the Azure Arc Configuration Wizard has been closed, we can verify locally within the Server Manager utility if the onboarding process has successfully completed. Open the Server Manager utility, select the Local Server option, and locate the Azure Arc Management property. Here we are looking for the Enabled state which indicates that the server has been successfully onboarded, anything else would indicate that the server has not been successfully onboarded, and the steps above might need to be carried out again.
      11. Additionally, you can verify if the machine is connected by checking the Azure Arc system tray icon. If the icon has no red badge this is indicative of the agent being successfully installed and the server is actively connected to Azure Arc, if you see a red badge that means that the machine is not connected to Azure Arc indicating that the agent is missing or not running. If the machine is actively connected to Azure Arc, you can select the View machine in Azure action to port directly into the Azure Arc | Machines section of your Microsoft Tenant to view more information. You can also access this link directly to view all Azure Arc Machine Resources.

      Need Assistance?

      Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.