 Welcome to a other episode of our Learn Live, Azure Hybrid Cloud Study Hall on Learn TV. It's awesome. In this one, we are actually kicking off the series for Azure Arc. We're going to have today in this one hour, one hour and a half, we're going to talk about the introduction module to Azure Arc. My name is Thomas Maurer. I'm a Senior Program Manager for Azure Hybrid, and I'm joined here by Amy. Hi. Amy Collier, a Senior Cloud Advocate at Microsoft. I used to work with Thomas for a short time, but we still hang out, right? Absolutely. We were teammates because there's a couple of weeks or months until we moved around. Exciting. For everyone who joins us, we're going to talk a little bit about the Learn Live concept, and I will explain to you also a bit about Microsoft Learn and what we're going to do. But you can obviously not just follow us here on that stream. You can also open up the Learn module, which we're going through today, and you can do it by yourself. You can do this right now, but you also can do that later on after the video as well, depending on how you want to do this. I highly encourage you to actually join us here for this specific module. Again, this is the first Azure Arc module we will have in our show. Again, you can scan the QR codes, or you can take that link here on the top, and you will open up that specific Microsoft Learn module. Now, I mentioned that this is all about Azure Arc, and our introduction to Azure Arc today. We're going to explain what Azure Arc is, and how it can help you in your hybrid environment. But Amy, why don't you share a little bit what we're actually going to have a look at in that specific Learn module? Sure. We're really going to lay the foundation for Azure Arc, so what does it mean to have an Azure Arc-enabled servers enabling Kubernetes with Azure Arc, so really how it bridges the gap from your on-premises environment, or maybe a VM in another Cloud, how it can all be under one single pane of class in the Azure portal. That's awesome. Again, we're going to show you some really awesome stuff today, and I hope that will make your life much easier, especially if you're in a hybrid or multi-Cloud environment. I also see we already have a couple of people on the stream, so feel free to also ask your questions or say hi, and we will obviously make sure that we can answer that. If we have enough time, we'll look out. I can see that Andrew from the UK is here. We also have Ratan joining us and a couple of other people, so awesome. Keep it coming. Hi to everyone. Let's just jump right in and go to the Learn module. All right. Before Amy and I are going to talk a little bit about this specific Learn module, I know that not everyone of you is familiar with Microsoft Learn. Microsoft Learn really is our free learning platform where you can dive in into different topics, not just Azure Arc, but also other Azure and other Microsoft topics, like Microsoft 365, Power Platform, Dynamics, and many, many more. We offer something what we call the Learning Paths. This is like a path you can take on. For example, we have this one is called Managed Hybrid Infrastructure with Azure Arc, and then you have different modules within that. Today, we're going again through that module called Introduction to Azure Arc. Internally, we compete with the XP, so I see you're at level 12, and I got to catch up to you because I haven't done it yet. That's actually a good point. It's also a little bit of gamification here. You can get points the more you do, the more you learn, the more you go through these Learn modules, you will get more points. I encourage you. If anyone is a master here in Microsoft Learn, please feel free to share your level and your experience on your current behalf. I know there are some really good people out there who went through a lot of these. Again, as Amy described, we're going to have a look especially today on Arc-enabled servers and Arc-enabled Kubernetes. Now, we will also give you a little bit of a very high-level overview of the rest of Azure Arc, because I think it's very important to understand what is Azure Arc and what you can do with it. You can also see that these Learn modules usually also give you some information about the prerequisites of that. Obviously, you should have some basic knowledge of what an operating system is, and understand a little bit of the fundamentals of Cloud computing. But I think if you're here, don't go too hard on yourself on the prerequisites. We will see that. Obviously, we describe all these things. Again, if there are questions, feel free to ask them in the chat. We want to really make this an interactive experience. And you can also see the different introductions here, or I should say units, which you go through again with the different titles. What I also want to highlight here at the end, we will go through the knowledge check. So many of these modules have at the end or even during the module some knowledge checks. So to make sure that we actually understand what we just learned. And so you can then also join us interactively and vote with us on these knowledge checks. So that's going to be absolutely awesome. So Amy, what do you think? Should we go to the introduction part and start talking about Azure Arc and Hybrid Cloud? Yeah, definitely. And I really think if you're a sysadmin in general, you'll relate to a lot of this. I mean, I think I was living under a rock when I didn't hear about Azure Arc. And now I'm like, oh my God, this is great. So Azure Arc, I mean, we all thought we'd be running maybe on-premises for a while with our virtualization or maybe one cloud only. But now a lot of people are saying, I have Azure, I have Google, I have AWS, I have VMware. I have stuff on-premises that I can't move. So I have to keep this data here or I'll get in big trouble. So Azure Arc actually, as the name implies, kind of bridges that gap where you can bring it all into one pane of glass in the Azure portal. So you can use like Azure services to manage your on-premises, VMware environment or your Google Cloud VM or applications. So it's a really neat product. I'm really excited about it that you can enable, because the environment is so complex and now you're simplifying the management. So you don't want like three tools to monitor everything and I'm used to that. And this, it just simplifies your life as a sysadmin or if you turn into a cloud admin after this, so it's a great, great solution. Oh, absolutely. So I think you hit the very interesting point here. And that is like you end up today, I think what we realize is we end up having different environments, right? You have your on-premises environment and then you have your cloud environment in Azure maybe and then you mentioned probably also other cloud providers in the mix and usually what happens or what happened before Azure Arc was that you have some management tools and deployment tools where like you would actually go and manage and deploy your applications on-prem using a certain tool and then you have another tool in Azure and then you have one tool for the other cloud provider. And so you ended up in having that like all these different tools and you did not have the single control plane, you don't have the view on it. And now with Azure Arc, we can really address this. So on a high level, we're gonna dive into what Azure Arc is. But again, we wanna talk obviously a little bit about what the challenges are. And I wanna highlight, like before we go into this is like what we have ink at Microsoft, right? And I always quote Jason Sanders here. He was basically the engineering lead of all the Azure services directly under Scott Guthrie. And he did the keynote at Microsoft Ignite 2019 in Orlando which was basically the last big in-person event when we still had in-person events back then. And he basically was talking directly in the keynote after Satya about hybrid, right? And especially about Azure Arc. And he made a very good comment there which I always bring up. It's really like he said, basically we at Microsoft we know that hybrid is going to be an end state for many of our customers and not just the in-between state until everything is moved to the cloud. Right. And I think that is always important because that shows how serious we take hybrid, right? It's not just that we actually gonna set things up and then we like, okay, well, there are some offerings but actually you should actually move to the cloud. That's my great. Okay. And the other thing is what I also wanna say Azure is really built from the ground up to be hybrid. Like we had hybrid services before Arc, right? We had, for example, if you look at Azure Active Directory together with on-premise Active Directory. If you think about Windows Server and if you think about SQL Server and other stuff there were many, many tools which you already had in this hybrid space. But I think what is important to understand is like I mentioned that hybrid is obviously going to be an end state for many of these customers. So Amy, why would a company actually be in a hybrid environment? Why would they not move everything to the cloud? Well, I think I mentioned it before but that data sovereignty, maybe you have to keep it in a certain location, certain sensitive data. I know there's legacy apps. I worked at a company, it was built in the 70s and we still relied on it and that wasn't going anywhere. So that would be another example of what would stay on-premises. So it could be, there's some workloads you can't migrate but you do wanna manage them and engage those Azure services like Azure Monitor for it. There's also, it could be the first step in your migration, maybe you don't have the skill set yet or you at least wanna get started. All right, I'm gonna start using Azure as my kind of control plane to monitor everything and then slowly migrate. So it could be a step in migrating and then also if you have like, you could even have multiple apps or apps and multiple clouds. So maybe you have a, this one runs better in Google, this one runs better in Azure. I wanna monitor all of it again. So you can use Azure Arc to keep that all under a single pane of glass. Yeah, yeah. No, I think that absolutely sums it up greatly and I think one of them, I just talked to a customer very recently who has like factories and retail stores all over the place, right? And he basically can use like Azure for their applications and stuff like that. But he said, well, like if the internet connectivity from one of my locations, like a factory or a retail store goes down, like the factory basically stands still because the app is running somewhere else. So we need to be able to run a part of the app in that factory. So even if like we don't rely on the internet connectivity, right? So that was very important. But then you can still take the power of the cloud by then in the background, uploading like data or whatever he needs to do, but the important part of he's can really run where they are needed. Same thing for the retail stores as well. Like if the internet is gone, if you have a point of sale system, you definitely want that to keep on running and you'll be able to make sales even though you don't have internet connectivity, right? And so that is another thing. And again, I also work with customers, as you mentioned, where they have a lot of data sovereignty challenges where they just are not allowed to store data, for example, outside of their country. And if we don't have an Azure region there, they need to keep it somewhere in their data center. And that is obviously can be challenging because you have that great cloud environment which helps you a lot. Then you still need to do it there. Right. We do have a question from YouTube. I don't know if you can answer, Thomas. How does SQL Server benefit from Azure Arc? That's an excellent question. And I think we're gonna show that in a quick demo later on. Okay, great. But obviously, there are multiple things you can do with SQL Server there. One thing we can take advantage, and I'm gonna throw that just out there, we can take advantage of Microsoft Defender for cloud, for example, to actually check if your SQL Server is configured securely, if all the settings are correct. And we can actually get that and we can make recommendations on what you should do. And again, little bit later on, I do a quick demo and I can actually show you how that looks like. But there's way more you can do. So there's definitely a lot of benefits on the SQL Server site. Now, one thing which we won't talk so much today is the other part of Azure Arc where you can go out and for example, deploy Azure SQL on premises, right? Instead of using the classic Microsoft SQL Server, you can bring services like Azure SQL into your data center. And we're gonna highlight that on the next page a little bit and just make sure that people understand that Azure Arc is not just about connecting infrastructure, but also helping developers and cloud architects to actually take advantage of cloud services. So yeah, I think there's a lot of interesting things we're going to talk about. So should we dive into the next unit? Which says, describe Azure Arc. So as I just mentioned, I wanna quickly highlight one thing. And again, we're going to have a look as the learning path says, we're going to do a lot of talk about the hybrid infrastructure pieces. Meaning, as you can see here, Windows and Linux servers and Kubernetes clusters. And I know that this is not everything. Amy is also gonna talk a little bit about what else is there because we just announced very recently something very, very cool. I will give you that in just a second. So that is what we call the Azure Arc-enabled infrastructure pieces, right? We can actually extend the Azure management, the Azure control plane and add services and resources, again, like servers and clusters to the Azure control plane and then take advantage of Azure resource manager and these management services. That is the one side. The other side, which we have, by the way, in other modules coming later up is the Azure Arc-enabled services piece. And that allows you to deploy Azure services on-premises or other cloud providers. Now, think of that for a second. Now, if you're a cloud architect or developer or IT program, you need to design an application. You obviously want to take advantage of these past services, right? Because they add a lot of benefit, less management for you, better performance in many cases, better resiliency and all that. But then, probably someone says, well, our requirement is to run that application, not just in Azure, but maybe also on-prem or maybe even at another cloud provider. Now, before Azure Arc, you did not have the chance to run really these Azure services on-prem or run them even at other cloud providers, right? So you actually were falling back to either use containers or maybe even VMs and to build basically a classic application architecture you did before that, just because these Azure services were not available anywhere. And that is something we can dress with Azure Arc. So for example, people tell us, I mentioned Azure SQL, they told us, hey, Azure SQL is fantastic and we love Azure SQL and we would use it for everything, but we have this one location or we have multiple locations, again, where we do not have a good reliable internet connectivity or too much latency or again, we have data sovereignty challenges, but we want to use Azure SQL. So what we do with Azure Arc is if a customer cannot use the Azure service in an Azure region, we are bringing the Azure service to the customer. And I think that is a pretty cool scenario too. And again, we have all the learn modules and all the learn live sessions where we go into that into details. But now let's, Amy, let's talk a little bit about the Arc-enabled infrastructure pieces. Again, it mentions here, Windows Server, Linux servers and Kubernetes clusters, but there is also more, right? Yeah, my favorite. The VMware environments are now Arc-enabled. It's in preview, I believe. So again, like you don't have, maybe you don't have a VPN client, you're in a coffee shop, you need to reboot a VM, you just log in in your Azure portal and you can reboot a VM, you can resize a VM. So it's like some basic tasks, but it's pretty cool that now you can Arc-enable your vSphere environment. Yeah, that's pretty cool. I think that's an example you just brought up with like managing your VMs on a VMware infrastructure from a coffee shop, right? Through the Azure management experience. What's when stuff breaks, you're taking a break, you're at the gym, someone texts you, messages you call you and you're like, okay, I'll reboot it. So it's good to have. Absolutely. And so in the learn module, you also find this graphic and I wanna quickly highlight a little bit what that means. I think it's a pretty good graphic. So if we start from the left side, so if we are a like IT Pro developer, cloud architect, security engineer, if you are responsible for compliance, like we actually go in and we manage stuff on Azure, right? And we usually do that using like the Azure portal, the CLI, our DevTools and so on. And usually that's great for managing Azure resources. Now with this Azure Arc service, we can now connect things which are outside of Azure. So you see on the right side, you see multi-cloud, right? So you see like stuff which runs at other cloud providers, edge locations. So if you're thinking about factories, retail stores or mentioned that or other on-premises stuff, for example, in your own data center where you can connect things like as we talked about, like as Amy said, servers, but also VMware and Azure Stack and so on. And we can connect that and manage that and get some visibility in that. Right, it could be a physical server or virtual server, so. Yeah, absolutely. So Amy, do we wanna dive in a little bit on like the Azure management pieces? So we talked about you can manage stuff, but what does it actually mean? For someone who hasn't probably used Azure to manage like like stuff in Azure or even stuff outside of Azure, what do we have there? Well, in order, I mean, what I like is you can still use the tools you're used to and Azure Arc just kind of enhances your tool set. Like you're still gonna use Wireshark, you're still gonna use Bash and Linux, but we're not replacing any of those tools. We're just enhancing them with the Azure portal where you can now manage it and create Azure policies, governance, use, you know, RBAC within the Azure portal and use the Azure resource manager for, you know, sorry. It'll show up next to your normal Azure VMs, which is real, like for me, that was mind blowing too. Like that's a physical server. Now it's in my portal and I can manage it with the tools that I have within Azure. And then that allows you, you know, you can start, you know, using DevOps practices and enable your team to go even further with your environments. Now, I think you brought something up really, really cool here that you actually see your resources, which are like servers, which are running outside of Azure next to your stuff, which runs in Azure. And I think you brought this, this is perfect. We can actually have a quick look on how that actually looks like. So if I quickly switch to my demo environment here, if I go to my Azure portal, and again, by the way, this is not just a portal thing, right? This is really behind in a degree inside Azure resource manager. So even if you use CLI, if you use PowerShell, if you use APIs, you will get the same results. So if I go on the all resources page, as Amy said, here I can really see all my Azure resources. And if you're not familiar with this, like everything in Azure is basically a resource or an object from a virtual machine, from a database, from a virtual network card, from a virtual network, even down to even an IP address, all these things are objects and they usually have a type. If I zoom in here, you can see here, different types. They're part of a resource group. They're basically deployed into a location. You're part of a subscription. And then you can use things like tagging. And now what Amy said, and I think that is a pretty cool thing to show. If you're now a server admin, and again, we're going to show that with servers, but obviously that also works with Kubernetes clusters and other things too. So if I wanna have a view on all my servers here, so what I can do here is I can actually just filter and select a couple of types. So I'm obviously gonna select all my Azure VMs, but then at the same time, I also wanna see the servers, which I have already connected, which are running, for example, here underneath my desk in my own lab for another edge location or in your case, maybe in your own data center. So you select server, Azure Arc. That means those are servers I connected to the Azure control plane, and they now show up as an Azure resource, right? So they're not in Azure, but they show up as an Azure resource. So if I hit apply, you can now see, I can see now all my servers in Azure, outside of Azure, running at all the cloud providers on-premises, all in one place. I think what's really cool too, if you click on one, it'll tell you it's a Google VM or it's a on-premises server. So I thought that was really neat too. So you're like, where's this coming from? Click on it. Yep, yeah, there's some cool stuff. If it's running a lot of cloud provider, we can actually identify this. And you can see here, I can then obviously use also tag into two specific things if I zoom in here. Like I did, for example, a cost center tag add that to my servers. I also have a data center tag and I can actually see like, for example, there's Tom's home. So that's actually running really, that server is running at my home. And I can now- It's not an Azure Active Directory service, you know? Nope, nope, that doesn't sound like that. That's how it sounds like something Tom could do. So you could now go out and use these tags. Obviously, if you're not familiar with it, you could actually go out and filter. So what I usually do is like, hey, how easy can I now find all of my servers from a specific cost center? And so what I can do here, very simple, I select the cost center tag and I like to set the specific value. So I wanna see all the servers running cost center 1002 and then apply that. And now it just filters by this. And this is really done because this is part of the Azure Resource Manager now, right? The data running on these machines is still on-prem or is still at the other cloud provider. We do not replicate data from these machine without like you wanting it. It's really staying on-premises or again, like a cloud provider. I know I'm repeating myself here, but that's very important part. It's only like metadata we put in here. So you get that single control plane, that visibility and so on. And if you have a question from YouTube, Kappa asks, does Azure Arc rely on the Azure service bus? So I hope I understand this correctly. So Azure Arc necessarily doesn't need like service bus or has dependencies on it. Like on the service side, on the infrastructure side, so Azure Arc enabled infrastructure, what we do is, you basically download a Azure Arc agent. You install that on the machine or on the communities cluster and this one then connects outbound using port 443 to the Azure control plane. So that is one thing. And then so it's using either like you go directly over the internet encrypted using port 443 or you can also set it up behind the proxy or what you also can do is, you can actually use a private link which allows you to use VPN or express route to do the connections through Azure. So if you haven't set that set up and don't wanna have every server connecting outside, you can also leverage that. That's on the Arc enabled infrastructure side. Now on the Azure Arc enabled services side, what you need to deploy like Azure SQL, for example, what we call Azure Arc enabled data services, you need to run a Kubernetes cluster. And that I'm gonna show you how that looks like. It's actually then an Azure Arc enabled Kubernetes cluster and then you can deploy your Azure SQL Manus instance on top of that. So there's no need for that specifically. So we can also look at, okay, what can I do with Azure Arc? Now, this is really about the different pieces we can work with and there are a couple of services and we're gonna have a look at that in the next unit from that module. But the module explains a little bit what you can actually do, right? I mean, the visibility is one thing I just showed you but there's even more interesting pieces like Azure policy guest configuration and we will dive into that a little bit later on but think about it if you wanna audit your servers, your environment to see if they are configured securely matter where they're running, you can use Azure policy. Think about it as group policies on steroids. Right. And then there are others, Amy, right? There are like other capabilities too. Right, sorry, I was distracted for a second. So, oh, Azure Monitor. Yes, integrating with Azure Monitor is really important and that's great because yeah, you have that Azure monitoring, your on-premises environment, your VMs as well. And then you can use log analytics. So, and then I also like the inventory of assets. So you can tag everything. So we always, what's under, what do we have inventory wise? What's the cost center number? So it really again is like reducing all that management that you overhead that you had to do with the complexity. So tags come in handy as your monitor to make sure everything's behaving and then the inventory of assets. So... It's absolutely again, there's by the way much, much more we're gonna show you that I think in the next unit. So again, Azure Arc, I just wanna sum this up. Azure Arc is not just limited to servers and Kubernetes clusters. Again, it can also do other things. And we're gonna have a look at like specifically about servers and Kubernetes clusters in this module, but there are other modules. If you go into our Learn Live, Azure, Hybrid Cloud Study Hall series, you can actually go out and see other modules. We will air them at other different days and you can actually join these as well if there is more interest into that. So let's have a look at Azure Arc enabled servers then. So as Amy mentioned, this is not just for Windows servers or stuff like that. It's really about like, hey, Windows and Linux servers, running on-premises and virtual machines or even physical machines or at other cloud providers. And so I think that's a pretty cool thing to do. As long as the OS is supported, I know there's a list of OS is supported. I think down to Windows 2008, R2 maybe. That's actually a fantastic point by the way. I think the module here has it covered. So I would recommend, by the way, and you're absolutely right. So we go down on like, the module obviously is written in a certain time, but you're always adding new operating system versions, which are supported. So definitely go to the documentation page as the single source of truth to find out which types of documentation if that server is supported. Because again, we're adding those more and more, also depending on customer requests. So there's definitely some awesome stuff going on there as well. It's always changing, I'm sure. Yeah, yeah. So Amy, shall we have a quick look how we actually add a server to Azure? Yeah, that would be great. I know there's an agent involved, right? Yep, anybody actually can do with it. I think that would be pretty interesting. So let me switch back here to my demo environment. Here I'm in the Azure portal again, as you hopefully know. And if you wanna do stuff with Azure Arc, I think the one place you should go is obviously Azure Arc, what we call the Azure Arc Center internally. That is really the place you do all of your Azure Arc stuff, not just the infrastructure stuff, but also the stuff for Azure Arc enabled services. And so here you do basically start your journey when it comes to a hybrid environment. Yeah, it's actually a service running, right? Yes, I think that is also very important. It's nothing you need to basically install to make the management capabilities ready for you. That's basically the only thing you need to is connect that server using the agent. That is the one thing you need to install on your machines or clusters, but not something you need to set up. You don't need to set up a management server and stuff like that. So that's pretty cool. So you can see here, we talked about a couple of things and you can see here the infrastructure part I wanna quickly highlight. You can see here that we can manage servers, VMware, ReCenter, as Amy just told us about. Kubernetes clusters, Azure Stack HCI and also SQL servers. And because the question came up, we will obviously dive into this as well. So you can actually see what else we have there and what we can offer. But then on the bottom, I wanna quickly just highlight this. There's also things like data services and application services. So what you can do here is again, Azure Postgres, SQL managed instance, API management, app service, event grid, function, logic apps, those are all things you can not just deploy in Azure now, but also on-premises or other cloud providers, which is, if you think about it, it's pretty cool. Yeah. So let's go and add a server, shall we? Yes. So if I click on servers here, and again, we're taking this as an example because it works very similar with all the other stuff as well. You can see here, I have all the servers running in my environment and to add one, I have this add button. Now this add button provides me then different wizards which I can leverage. So I can have a wizard to just add a single server and you can see here, if you read the text, it will help you generate a script which you can run on your target server, right? So that really give you the script which downloads the agent, installs the agent and then runs the command to connect that agent to the Azure control plane with your credentials, to your subscription and all that good stuff. And then you also have like the chance I will not go too deep into this because we have other sessions coming up. If you want to add obviously hundreds or 200 of servers, you don't want to log in on each of these servers and actually like put in your Azure credentials, you probably want to just run a script very automated and you can do that too. And then we have other features like how you can take advantage of this using update management or Azure migrate as well. But let's jump in and generate the script for a single server because then we can also have a look at the prerequisites we have. So as you can see here, we have what we need is really connection to Azure, right? So HTTPS access to the Azure service. And you can see we have a link here which documents the outbound or the URLs which you need to be able to access from your server as well. I'm also going to quickly mention here then quickly jump to this one. I mentioned that, okay, not everyone wants to have every server directly connected even though it's secure and I use it for all of my servers. Sometimes you're behind the proxy. That's also a possibility. Or if you can have a VPN or express route to Azure, you can also use the Azure Arc private link as well. We don't want to use, yeah, you don't want to use a VPN. You can use Azure private link. Is that how it? No, if you want to use a VPN. Oh, okay. If you want to use it. Like using direct like, usually the agent is completely the way that it directly goes to the public endpoints of Azure. Gotcha. With this one, if you set this up, you actually go use this private link so that the traffic goes over VPN or express route. So it basically have double encryption. And in case of express route, it doesn't even go through the public internet, if you will. Oh, it's great. Because that's a private link, a real private link then with VPN. Obviously it still goes through the internet, but it's like an encrypted tunnel. Right. Okay. And there's another question from you two. While using Azure Arc to manage servers outside of Azure, how do we maintain data privacy? That's a very, very good question. So as I mentioned, like by default, we're not moving data from that server into Azure, right? The only thing we are doing is basically metadata, like the server name, for example, and stuff like that we need to do. And you can also configure that a little bit. If you think about locks, you obviously need certain locks. We will see you what you can do with it. But for monitoring, for example, we need to obviously upload the monitoring data, but the actual data, like if you think about a SQL server, the database never leaves the server, right? It still stays there. We don't have inbound access in that. So that's also something which is important. It's really one connection from that agent to the Azure port, or to the Azure endpoints, I should say. Right. I hope that answers the question. I'm also super happy to take this offline to have a look a little bit more. We also have very good documentation pages on that topic as well, because that's not a question we don't see. We get that a lot, obviously, because people are interested and they obviously want to know how that is handled, which is absolutely a great point. So that is definitely something you can check out on the docs pages where they have a good explanation on what is actually going through Azure and what is like the rest, obviously, is not. So good. And then the last important, I think, would say prerequisite is actually that you obviously, when you install the agent, you need to have local administrative rights, right? So you have to have like, because you install the agent and it needs to have permissions. So you need to set that up. And then this wizard helps you to set up the script. Basically, it really generates a script. So you would obviously select the subscription. You want to join that server and also select the resource group. So for example, let's do, I have one here for Arc-enabled servers. Again. Yeah, go ahead. Sorry. When I was getting up to speed on Azure Arc, it did recommend creating a resource group as a requirement. So because resource groups, it's kind of like a folder in your group policies, where like all of those resources might have the same life cycle or if you want to do Arc VMs, dev, and have everything in that container per se, it's a good way to have it in the same environment because you do have all those little bits, the NIC, the IP and everything, and it looks crazy until you get into a resource group. Yeah. No, that makes absolutely, that's a great point. Because again, we're creating basically now like an Azure resource, if you will. Again, it's going to make a representation of that server in Azure. We need to obviously have like the same things we have for every Azure deployment. And resource groups, as you just mentioned, are a great way of organizing things. And it's also mandatory, right? So that's for sure. Well, you can also then just select the region. Now the region is to which Azure region is now that agent connecting, right? So in my case, obviously if I have servers in Europe, I want to select the data center exposed in Europe, but you could actually, in theory, you can select any region you want to connect to. That's also, by the way, where the metadata is stored. Again, only the metadata, not the data of the server itself. And then to connect the server, you would like you need to run the script. And on the Windows side, we run a PowerShell script. And on the Linux side, obviously you would run a Bash script or Shell script. And so that is important just to generate the script and obviously which agent file should we download and look for that. Right, and Windows what? It would be like an MSI package and then Linux like a, what RPM, I forget the distro for. Yeah, depending on the distro, yeah, absolutely. Yeah, exactly. And then here, that's what we talked about. And we weren't really stressed this enough because people always say, well, it's only public endpoints. And so no, it's not. You can also go through a private or through a proxy or a private endpoint as well. And if I've selected that, we can then go out and do some tagging. Again, you can also do that later on. But again, you can, for example, say, okay, where in which data center is that server running? We give you a couple of recommendations here, but you can also add your own custom tags as well, depending on what you want to achieve, right? Like the cost center, for example, and stuff like that. It's nice if you have charge back, cost center. Whose team work? Yeah, absolutely. You have a lot of use cases with billing stuff and so on. Right. Hey, Christoph. Oh, yeah, it's Christoph. That's nice. Good to see you, my friend. So we have just Christoph. Many of you know him probably when you talk about identity, Azure AD, and stuff like that. So he is on the YouTube stream as well, so welcome. Again, everyone, we are obviously looking at the comments. So please feel free to ask your questions. But back to now what we have here. We now have this script, we can download that, or we can just copy paste it, and then we run that on the local machine we want to connect to. And now we get, by the way, Amy, this is something I get a lot, it's like the question is, okay, on the Windows side, is this just for servers or is this also for Windows 10 clients? Now, on the Windows 10 side, sorry, on the Windows client side, like I was going to say Windows 10, obviously Windows 11 and others, that we would not really target this. Because for that we would use Microsoft Intune, which have better capabilities for client management. But then we're really focusing Azure Arc enabled service really is focusing on the server side for that. I also see Chris Black. He is also a great Azure Stack guy out there. He does a lot of work on Azure Stack and Azure Hybrid. So great to have him on the stream as well. And then we can actually do that and run that script. And I, again, I did that already. I'm not gonna bore you with that. I'm not gonna bore you with that. I think here it's kind of cool to point out too, is in that script, you just log in locally. If you're doing multiple, you have to have that service principle set up, right? Which is, again, in another module, but if you're doing a one-off, it's easy if you know the local admin password, but... Yes, that's a very good point. I think that you covered a very important part. When I run this script, it asks for my credentials if I do single server onboarding, right? So I need to log in with my Azure ID account and I obviously need to permissions for that. But again, that doesn't work when you have hundreds of machines or thousands of machines. So you would create the service principle to onboard that. And that is a great, actually, session coming up, Learn Live with you and John Joyner, where you go into all the details about how that is gonna work there. But that's awesome to create. So now when we have a server here, the question is, what can we do with that server, right? I mean, except for just seeing it. Right. Great, I can see it. Now what? Exactly. So let's have a good look. And the first thing Amy, you can see, I think is that it looks like an Azure resource, right? It looks like something which is really natural to Azure, even though it's running outside of Azure. So if I look at the left side here, I have things like role-based access control. So I can use the Azure RBAC to say, hey, Amy, you should be able to access that and manage that server. But maybe Laurel, who's our producer, he should not be able to that because he's not the application administrator on that server. So he should not have access and not see that server, right? And then obviously we have the activity log where we can actually see who did what to that specific server. Like we have with all the Azure resources. And I think that is already pretty cool. And if we move to the middle here, you can see here the resource group, the subscription area where we are part of. And the bottom, you can see the tags I added to that server. But if you go all the way to the right, you can actually see that some special information about that server. So you can see I'm running Windows Server 2019 data center edition here. And fun fact, this server, as you can see, is joined to a local domain, tailwindtraders.local. Now, I have to highlight this because I get this question also a lot. A server doesn't need to be domain joined. So you can use Azure Arc enabled servers without a domain, like if there's a service in a work group, or you can use it across multiple domains if you have that scenario. There's no dependencies on a specific domain when it comes to Azure Arc. So on the left side, before we go on, and we have a couple of things we want to talk a little bit later on, but one thing I want to highlight because this I find so extremely cool is the security feature. So obviously in Microsoft Azure, we have something called Microsoft Defender for Cloud, which really helps us to secure our resources and so on. And as you can see here, it also works now for Azure Arc enabled servers which are running on premises or at other cloud providers. And it enables Microsoft Defender for service as well, and it can actually manage that through the Azure control plane. And you can see here, gives me immediately recommendations on what I should do, right? It gives me a little bit of priority here. So there's definitely something I should do and make sure that I configure my servers in the correct way. And on the bottom here, luckily nothing pops up, which is a little bit the same for the demo, but it's good because I don't have a security incident or an alert from that server. So as soon as, like if I'm a security admin now, if I go now to Microsoft Defender for Cloud and I log in, I don't just get alerts for my servers and services running in Azure, but also for all the stuff which is running outside. And so that I find pretty cool as well. Well, security always comes up. Everyone's worried about security and rightly so. So it's great that you can extend that built, I mean, Azure security is amazing. So to extend it to your on-premises environment. Absolutely, thank you. That's cool. So some other things I want to show, and Amy and I go going through, like for example, like the monitoring blocks, we will just have a look a little bit later on in the module as well as the policy part. But what I also will highlight is now can enable change tracking. So if I hit change tracking, I can actually see all the changes which are happening on that specific server. You can see when there was like a service restart or a service changed, if you will. If there was a software package installed, I can see and filter all of that. And they can obviously look at different timelines here, which I find is pretty handy. I mean, Amy, you have a lot of experience doing these things on-premises as well, right? Like you were- Right. Yeah, and when you're- Yeah, digging through logs or, I mean, you do sometimes get the, I didn't do that and then, well, actually you did, you logged in at 2 a.m. And not to like, it's okay, we'll remediate, but yeah. Or it's good so you can go back to a point in time where your server was working, maybe you have a good backup or snapshot. So it's nice to have the logs. I did have a question for you, just popped it in my head, because when I was going over the Azure Arc Training, it says you need a separate log analytics workspace. Like if you already have a log analytics workspace set up, do you need to set up a separate one for Azure Arc-enabled VMs? Oh, that's a good question. No, I actually don't need that. You can actually use your existing log analytics workspace. If you don't have one, you will obviously need to set up one. But if you have one, you can use like your existing log analytics workspace. For those who are like, the log analytics workspace is like where the agent sends all the logs we need, for example, for change tracking, monitoring and all that, also for the security stuff, that is the place where we actually sent this to in Azure and actually store. So what you create is a log analytics workspace. And when you onboard the server and these services, it will help you. Now, Amy, why I actually ask you about like, why you can like, how do you do this? How long would it, like, I remember that time too, right? I worked on premises. To have something like change tracking inventory, like I'm not even speaking about the security features we have, to have that on-prem, it's not that easy to do, right? Like if you're a small company, you probably have the tools in place to actually get that. Well, right. And even just your inventory of servers, I remember we had an embarrassing spreadsheet, Excel, and then eventually maybe you get a service now, for example, where you can create inventory of all your servers. But yeah, it depends where you're starting, where you're at. I might be an Excel spreadsheet, but here at least now you can create an inventory in Azure and it's definitely probably more accurate if someone leaves and that spreadsheet dies, so well. I love that it just, again, you don't have to be migrating to the cloud, but you're bringing all these Azure capabilities to your on-premises environment. So you can stay, you stay on-premises, but use the cloud to control everything and bring it like newer security to your environment versus doing it all on-prem. Yeah, and the great thing is it works for you if you have like two servers, three servers, or if you have a thousand servers, right? You can take immediately, because the costs are really like paper use. So obviously it's not something, if you add an arc-enabled server and you don't enable like special things like change tracking and monitoring and security, you just want to show that server, there's no cost in that. It's actually free of charge. So I will show you that in just a bit, but you can actually connect that server and you see it in Azure and you can do a couple of things like tagging and all that, free of charge. And then if you need something like the change tracking, you go to enable this and then you start paying for that ingestion, for example, and that service in that case. Something else, obviously, we also have inventory. So you can also see the software inventory of that server, like all the patches of a software. So I know that this server has, for example, something installed, let me see if that's true. So we have Windows Admin sent on that server. Yep, we do. So you can see here that this software is installed and again, you get all that as well. And last but not least, one thing I find super cool and Amy, I want to have your take on that one. Oh, sure. Update management. Right, you can get rid of WSUS and handle update management through Azure. And I know I was actually talking to John Joyner where they're updating 1,000 on-prem VMs through Update Manager and it's like 40 bucks a month or something. So it's really just a cost effective way to make sure all your updates are coming from one place. And again, handling your on-premises workloads and your Azure workloads or wherever they may be, your Arc-enabled workloads. Yeah, so I also want to quickly, before we go and I show you a little bit more about that, there are two questions I want to talk about. The first one is really the question was, let me quickly go and go back here. Can we use Azure Functions in Azure Arc to perform tasks on server outside, meaning I guess outside of Azure? So the idea is probably to run like scripts or code snippets on-premises or in other places against specific servers. And the answer is yes, absolutely you can do that. Like with Azure Arc-enabled services, you deploy Azure Functions on-premises and then you can actually run these also on-premises in your own network to address these. So that is pretty cool. And then I have another question which was interesting because we just talked about change tracking. So the question was, do we have any like lag or time between obviously something in change tracking shows up? And the answer is yes, there are a couple of minutes I think depending on when the locks are updated because not everything is like instant because we also want to be obviously respectful of your internet bandwidth. So there are certain intervals where we sent these locks to Azure. So, but I think it's like somewhere in a minute space. I don't know the exact number. Maybe you do know Amy, but no. Yeah, there's like some couple of minutes and it's very well documented but I'm not aware of like the exact time but it's a little bit behind obviously. If you're lucky it can obviously happen that the interval is directly after the change and then it will pretty much show up pretty much then but there's a certain amount that again we're speaking probably about five to 15 minutes or something like that in that timeframe if I'm right here. So what I can do with update management, you can see here, I can see old updates missing on that server and that's pretty like bad of me. I have a couple of security updates I should actually install. So what I can do here, I can actually go and schedule an update deployment. I can give that a name. Let's call this whack because that's the name of the server. I can actually configure that. I can select like it automatically detected that this is a Windows server. I can now also basically say, okay what are my reboot options? So you can say never reboot always reboot or reboot if required. I think that is also my favorite option there which makes a lot of sense. Only if necessary. Exactly, exactly. It's like, but in some cases you probably want to restart like anyway maybe like you think maybe it's good. And then when do you actually want to start that deployment? Now I can say update now which would mean like five to 10 minutes from now it would actually install this which is probably not super handy. Well, Amy and I here are on life, learn life. Let's schedule this for another time and I can actually select the time and cool the cool way here. I can also make this recurring. So I can say instead of all the time figuring out what patches do I need to install and then go out and schedule it I can make this a recurring task and say let's do like every Tuesday or every Tuesday in one month or whatever whatever my preferred schedule is and then time it. And I can also Sorry. Again, working on the customer side we always had a change control window especially depending on the server every server is super important can only be touched at 2 a.m. or 3 a.m. Whenever you want to sleep so scheduling now would be great so you're not just having to wake up and babysit it. Absolutely yeah. Yeah exactly. And that's a great thing, right? I can now go out and easily do that and use the same thing as I would use for my Azure VMs I use this also now for my on-prem servers or servers running outside of Azure. I can also select okay what updates I want to install I can even do inclusion and exclusion of certain updates I can run a pre and a post script if I need to and at the end I would just have that job and I could create that. Now you probably tell me now okay suppose this is great but I have 200 or 1000 servers gonna manage I don't want to do that for all my servers like manually, right? So if you look at this window here like if you are in your arc enabled server, right? That is the one you actually have access to. You have permissions as an admin that's a server I can manage. Now if you have enough permissions you also have this button here which says manage multiple machines and this will take you to the automation account where we actually have update management and if you have enough permissions you now see all the servers which are actually update management enabled. So we have some here like again on our Azure servers which are arc enabled and then you have even here on the bottom we can see our Azure VM which is also in the same update management and I can then schedule an update deployment here and the only difference I have here is I can then instead of selecting just one server I can select a group of servers and schedule that for a specific group. That's great. Yeah, normally you test on Dev make sure Dev didn't break and then you go to... Exactly. And a fun story I had too is I worked at a place where we had... When we had to do is when Windows updates we had to be on-site on-premise and I was like, really? Updating servers, I have to watch it update. Oh, wow. You come a long way from that. Yeah, that's crazy. Yeah. That's crazy. Another question. Once we have the metadata on Azure for an on-prem server can we configure dashboard and execute Kusto queries? Oh, this is fantastic. That's a great question. This is a fantastic question. Thank you very much for asking this because I want to quickly show you this. Now, you're absolutely right. The answer is simply yes, but I want to quickly for those who are probably not familiar with Kusto or the keyword query language KQL. If you want to do some cool stuff here we go to the... What is it called again? The... I think it's called the resource graphic model, exactly. Like sometimes I've got like we have so many services and I forget about this. So this allows me to run queries in the Azure environment for in the Azure resource manager, right? So instead of showing something to GUI and like filter through it I can programmatically basically do that. And I think our, your teammate Rob, Rob's friend would be probably super proud of me right now or maybe not because my queries are not that good. So if I want to have a list for example of all my ARC servers, I have a query here already prepared just to show you. So if I zoom in here a little bit this is the query, this is the keyword query language and we use that in many different places. This is not ARC specific. This is really something we can do in Azure resource manager. So I can run that query and this will go through the Azure resource manager and you can see here now all the ARC machines, right? So because it does use the Microsoft dot hybrid dot compute machines, that's the type of ARC machine. So it shows me all these servers and it gives me that list. Now that's cool, but if I want to, for example, do a list of all my servers. So I have a query for that which basically says, hey, the same thing with Microsoft dot hybrid compute but also include servers which run in Azure which is Microsoft dot compute slash virtual machines. So I'm running that query and guess what? I can now see all my servers. That is basically the same thing as we just showed earlier on when we showed it on the page in Azure like the old resources page. Now, obviously, if you deal now, if someone asks you now, okay, how many servers do I have in ARC and how many or how many servers do I have outside of Azure and how many do I run in Azure? So like if management asked you that you could now go and actually count these or we could simply do another query. So I have one where we actually go and group ARC-enabled servers and Azure VM. So this is the query, super simple again. It does exactly the same resources but at the end I do a count by type. It's gonna run this query. I get the different numbers here as an output. So I can see, right? I have 16 ARC machines and 26 Azure virtual machines here. And if you want to make this more management friendly, as I call it, you can also look at charts and then you select what do you want, like a map or a bar chart. Let's take a donut chart because I'm getting hungry a little bit. So you can now see this nice little chart here where you can see how many percent of servers are running in Azure and how many of them are running outside of Azure, right? And you can do sorts of stuff here. You can also like, again, switch to the bar chart and to the point that you can actually pin this to a dashboard. So you can actually add this to your start side of your Azure portal and look at it and they always see if there are any difference in your Azure environment. Yeah, maybe you have like a migration path. I know these track how many, like, well, when we were doing server updates actually. So how many 2008 servers do we have? How many have upgraded now? We'd keep track, you know? So we probably need to get back on track. I think we have about 30 minutes. So I just want to... Absolutely. So we spend a lot of time now on the Arc-enabled servers. Again, there is a ton of stuff you can do. We showed you a couple of things and we'll talk about more in just a bit. But if we go to the next page, we mentioned Kubernetes a couple of times, right? Now customers do not have just service anymore. They also have Kubernetes environments where they run their containers. And obviously they can do that really great with Azure Kubernetes service running in Azure as a managed service. But then again, you have the reason to run these things also on-premises or at other cloud providers, but you probably want to manage them in a similar way. So that is where Azure Arc-enabled Kubernetes comes in. Should we quickly have a demo at this as well? Sure, if you think we can pull it off, you know? Absolutely. There's always time for demos. So if I go back to Azure Arc, we can go to like in the list, not just select server this time, but what Kubernetes clusters. And you can see here, I already added a couple of Kubernetes clusters here, which I'm running, those are all running outside of Azure, right? Those are not AKS clusters. These are really like clusters which are on-prem and some of them even that other cloud providers similar as the servers. So what I can do if I have a look at this cluster here, again, it looks like an Azure resource. You also get all the good stuff like monitoring, logs, policies. Again, we will talk about that a little bit later. And security as well, so we give that information. But then one thing I wanna highlight is we have a GitOps integration, which is pretty cool. So for example, in this case, I deployed an application using the GitOps configuration. Now, for those who are not familiar with how that works is I basically store my application configuration in a Git repo. Can be a GitHub, can be somewhere else, a public service, can be also in a private repo, can be in on-premise GitHub environment. The only thing that the Kubernetes cluster obviously needs to have access to this. So what we do here is with this Hello Arc application, I tell this application to go into my Git repo and pull that every three seconds, which in production is probably way too hard, but because of the demo, you gotta say thank you because we don't need to wait the half an hour. And so here's the link to the Git repo. So that's where my application is stored. And it does now a pull every three seconds if you have any changes. Now, let's have a look at what the application actually looks like. So that is the application. I'm very proud of it, by the way. That's beautiful. Yeah, thank you. You're the first one to say that. Well, it took all the web design skills, right? But now the thing is, there's an error. It should not say hello Azure, it should say hello, learn live. So we wanna do that change. And I'm now going to that Git repo where that code is stored. And here you can see here my help chart where I actually give the configuration of that server. And one thing we do is actually that message is a value which we can ingest into the application, right? So usually what you now would do, you would obviously go through a approval step and developer would check in code and you would have a code review and you would make sure everything is correct. And then you would like do that and check that into your main branch and then it would get deployed. Now I'm a crazy admin now. I need to fix this immediately. So what I'm gonna do here and don't do that at home, right? This is now really something which you should not do. So let's do hello, learn live. And I directly do that change. Well, at least I do a message, right? The commit message here. But I check this in directly in my main branch and to commit on that. Again, don't do this at home, usually would go and have your own branch and then merge it and make sure that some of them. And if I switch back here again, you can see here, I wanna highlight that again. We configured now on that Kubernetes cluster that it looks for changes every three seconds. And if I talk now long enough and I go to that application and I hit the refresh button, you see now it's changed to hello, learn live, right? Which is pretty cool. I think usually I get applause, but obviously because it doesn't work. But think about this for a second. If you have one Kubernetes cluster, probably people would have told me, why did you not just go and change the application on that Kubernetes cluster itself? And we would say, yeah. But I would say, well, with the Git, I can at least see all the changes. Who made the changes? And everything would be locked. That's one advantage. But think about it for a second if you have hundreds of these Kubernetes clusters with the same application. It would take me literally three seconds to basically update that application on all of these. And so that is pretty cool. Pretty simple management. Thank you, Christos, for clapping in the chat. Thank you very much. Appreciate it. So that is pretty cool. And again, we don't have enough time to talk more, but it's very similar to the things we showed you with monitoring and stuff like that for Kubernetes clusters as well. And they're also, by the way, I just need to mention that that this is also now a great base to then deploy Azure Arc enabled services on top of it. Now, Amy, we have one more unit to go before we actually knowledge check. So let's go into that. And that's about Azure Policy and Azure Monitor. Right. So let me get Mr. Sippor here. So let's start with Azure Monitor first. And I know that you're gonna tell us a little bit how that actually works. So I'm gonna connect our environment here and go back to one of our servers here. Which we have here. And if I scroll down, I have logs and I have obviously insights, which is monitoring piece. Right. And yeah, it's basically showing you, you're gonna see your CPU utilization, your C drive space. You can alert on that. This guy ops, that's always important. So basically, you know, what you would see under task manager, but now you're bringing it into the Azure Monitor space. So I think you mentioned it, but it was really quick for me. Can I also like, obviously I'm interested to look at this, but I'm obviously not gonna look at this at two o'clock in the morning. Can I set up an alert for this as well? Like if the CPU threshold is too high for what? Yeah, definitely. So you hit a certain threshold email or I don't know what you can probably page out too if you'd like. Yeah. So it's basically similar to like what I can do in Azure. It is Azure Monitor. So it's everything which I can do in Azure Monitor. So that's pretty cool. And then something is what I always find very cool is the map of you, right? Yeah, that's really cool. So with that dependency mapping agent, and it maps out all the ports that's all those processes are talking to, which URLs, oh, it's yeah, it's really neat. Like port 443, you're gonna probably see Azure Arc, right? Yeah, sorry if I go through. So these are all the end points basically that server connect through, right? Mm-hmm. Okay, pretty cool. And this is only public end points or do we also have like internal end points as well? Is that only for internet end points or? No, we can do private as well. Oh yeah, I see something here. Yeah, 445. It's our domain controller, probably DNS, yeah. Yeah, perfect, perfect. So that is pretty cool. So no, that is awesome. Like I love what we can do. And now we can obviously also have that single view in like Azure monitor for all our servers depending on where they're running. And again, also that also by the way is available for Kubernetes clusters as well. And there it's obviously more focused on the Kubernetes side so you can monitor single containers, ports and so on. Pretty cool stuff there. But in terms of time, I wanna go very, very quick on one thing. And that's Azure policy. Now Azure policy probably is like something which you're probably familiar with to configure your Azure environment and lock down that Azure environment. So you can only deploy certain sizes of VMs and stuff like that. But there's a ton of things you can also do with Azure guest configuration policy. And I wanna show you how you would actually assign this. I mentioned earlier that this is kind of like group policies on steroids, right? So I can assign a initiative which is basically just a group of policies. And I would obviously select where do I assign these? Now we mentioned that like they have subscriptions and group policies. And now this align allows us to do this management pieces. And you said nicely, the life cycle management of servers and resources we can do with like subscriptions and group resource groups. So in my case, let's just select the subscription. And then I'm going through and gonna select one of these initiatives. Now we offer you a couple of built-in ones. And you can see some of them are technical like check out the Azure monitoring agent and stuff like that. But you can also see a couple of them on industry specific things. Like UK official, UK NHS, PCI, FedRAM, ISO, and so on. And that helps you really not just for the Azure environment but also for the operating systems running inside these VMs. Now one thing I wanna show you is this one. All the machines for insecure password settings. I can select this. And I think that's handy, right? That's it. So I could go to next and this is new. So I can now go and say, hey, should I include Azure Arc-enabled servers? And obviously I wanna say true because I wanna know that for not just service in Azure but also for service running outside. And I would now go through and do some additional configuration and at the end it would hit deploy. And that would then obviously take a while to audit all of these machines. So like in a good cooking show, I already prepared something here. On the compliance, you can see now a couple of things. You can now see that first of all, I do a horrible job when it comes to compliance. You would not have an audit. Exactly, don't tell my manager. But so what you can also see is that I can have here already that deposit deployed. So all the machines are being secure password settings. You can see here that I have one machine which is compliant with that. And all the rest does have some settings, which is wrong. Are your passwords, I love Arc or, you know? Don't tell my password. To change it now. Now I have to go out and change everything. But you can see here all the policies which actually gonna check like password age and password length and how complex it needs to be and all that for my service, right? So that's a good thing. But more interestingly, as a now compliance administrator or security administrator, I wanna see which resources are not compliant. So I can actually go in and I can now see here, if I look at my service here, you can see if I look at the type, some of them are Microsoft.computed virtual machines. All the ones are Microsoft.hybrid compute machines. So again, I can run these policies against all my servers, which is pretty cool. That's cool. And isn't that, that's the registration provider when you use Azure Arc, when you... Yes. Okay. Yes, absolutely, yes. So there's obviously a ton more you can do, but I think it's time for the knowledge check for us. So I'm gonna switch quickly. Just give me a second here. I'm gonna switch to the... To the environment. So now we can actually talk people anything or if we just kind of... Yeah, let's figure out if we actually know the answers. That's a good one. So I'm gonna switch to that. So the knowledge check. And again, that is where you now can join us. So you can also join us and vote here and we can actually see how you're doing. So you can scan that QR code or you can just go to aka.ms slash polls. And so the first question really is, what must an administrator do to register Windows Server with Azure Arc? And that's actually a good one and good one that we actually showed that. So it's about Arc-enabled server because it's not about the Kubernetes cluster. So let's go into the possible questions. So is it A, install the log analytics agent on the server for onboarding? So that is one thing. B, install the helm free on the server for onboarding. Is it C, the administrator must install the Azure connected machine agent on the server for onboarding? So... I don't think you can install log analytics unless it was already onboarded, so... That's a tricky one and you're absolutely right. I agree with that. Because you can onboard service which already connected through log analytics, like we did that before Azure Arc, then you can do that too. But I think the question really is about, okay, what if a server is not onboarding yet and it's not connected in any way? It doesn't say that it's connected anyway. So I think... Helm usually, that's something which has to do with Kubernetes clusters. So I would definitely say it's not B. And so I think it must be C. Are you agreeing? I'm feeling good about C. Yeah, me too. And guess what, we are correct. So thank you very much for the help here. You want to take the next question? Sure. All right. Which of the following Azure services must an organization implement to manage and evaluate compliance of its on-premises window server computers? Could it be A, Azure Policy, B, Azure Arc, or C, Azure Monitor? So we're managing and evaluating compliance, but they're on-premises. This is where I'm like, are they onboarded yet? I don't, you know... Yeah, that... I think that's a very tricky question. Tricky question, yeah. This is a very tricky question. I think it's fair to say that it's not C. Right. Azure Monitor would not... I think we can go by that. But I would say it would be A and B, right? Because you would need Arc, and you would need Popsicle. Yeah. Yeah, absolutely. I would say the same. Now, let's do that. It would be a Microsoft exam. It's like, what would you do first? What would you do first to use Azure Policy with on-premise server? We obviously need Azure Arc first to enable that server with Azure Arc. Right. I don't like that question. I agree with that. I also don't know, like our audience, what they are voting for. Yeah, Azure Arc, Azure Policy. Yeah, that's a tricky question. So if you have that not right, don't worry, it's a difficult one. But, yeah, it's Azure Arc, right? So that's the thing. Again, I would tell that this is the first step. You need to do Azure Arc first to assign policies to on-premise server which are not Azure Arc enabled. So that I would explain that. But again, it's a little bit of a mean thing. Right. So the question free, I will take that one. Sure. Which of the following can an administrator use Azure Policy for when auditing an Azure Arc resource? Is it, A, configuring the time zone on a Windows operating system? Is it, B, validating the settings such as configuration of the operating systems, applications and environment settings? Is it, C, restricting access to log analytics data based on permissions to the corresponding Azure resource? So again, tricky question I would say, not easy one to answer. So I would, let's go with C first. C is really about that log access and the draw based access control I was quickly mentioning. Right. So in the past, you needed to actually if you want to give someone access to the logs, you would need to give access to the log analytics workspace. That meant he was able to see all the logs in that log analytics workspace and get access to it. Not really a good thing in many cases, but with Azure Arc, we can actually get that draw based access control so when you look at the logs only on your server, you only have access to the logs from your server. Even though they are stored in the same log analytics workspace, you only get these logs. But I think that does not, well, I'm sure it has nothing to do with Azure Policy. And one thing you can definitely do, I would say, is validating settings such as configurations of the operating system applications and environment settings such as I showed you, for example with the passwords, right? And then we have A which is actually configuring something. Now, fun fact when this question was designed we do not have like every capabilities. So now we have even more capabilities and we do settings on these machines. So we can actually set configurations on the machines. So if you say A and B, both of them are correct, but for the question for the sake of the thing when that was written it was actually B, right? So you can validate settings and configuration operating systems and applications and environment settings. Yeah, it's great that you can remediate now too Oh, this is messed up and I can't fix it as well. Yeah, I think you bring up a very good point to do another session on that one. You want to take the next one? No, sure. Which window server extension could an administrator use through Azure Arc to enable Azure modern insights on servers? So another kind of tricky one because A custom script extension, I mean I would be running custom scripts B, log analytics agent see Microsoft dependency agent again tricky but we did have to use, you know, to see those dependencies on that monitoring page we had that dependency agent installed. So I'm leaning towards that, but then there's that log analytics agent I don't know. Yeah, no good point definitely. So I know what the custom and I think many of you also know what the custom script extension is. I think it's fair to say that this allows us to run a custom script against the server which I think again we definitely have to do differently when it comes to Azure monitoring. So I would definitely like say A is not an option. So we have B and C and again monitoring is based on logs but then as you said we needed the dependency agent to that. Right. So we would definitely say what do you, what do you say would you go for? I think C. Okay. With agent. I agree with that one. I would also take this one. Yeah. What does our audience say by the way? Oh, a kind of split. Also for log analytics three for dependency one for custom script. It's again a very neat question. Yeah, it's not again you were joining today and you were selected now a couple of wrong answers. Don't question yourself. Those are really tricky questions. And I have to say I did not make these questions up. I just want to take no responsibility. Maybe it was Laurel on our but no, it was also not him. It's like tricky questions. So let's see what it is. And it's dependency agent. So that was good. So with that introduction course, those are hard questions. Absolutely. Absolutely. But that is why we were here to do this learn life session right and help with that. So let's do a quick summary. Amy, what did we learn today? Wow. I think we went above and beyond even but we enabled a server we deployed that script to onboard one server that was on promises and then we enabled Kubernetes and you ran that beautiful script to update your server but really describing what it takes to plan and what Azure Arc brings to your environment whether you're just going to stay on promises or you just want to use Azure capabilities or do you want to eventually migrate or just bring in those services closer to you and then again you want the private endpoint link so it's not exposed to the internet. There are so many options to secure the environment so it was a really great learning experience. I think it was a ton of stuff in that module. But I think I would focus especially on the fundamentals. I know there are more modules coming up which go into more details in all the things we just showed you but I think it's important to understand at a very high level that with Azure Arc you can do two main things you can connect Azure Arc enabled infrastructure meaning servers, Kubernetes clusters VMware vSphere environments Azure Stack HCI and others to the Azure control plane so you can actually manage them as an Azure resource and on the other hand which we didn't dive in too much but we mentioned it the Arc enabled services piece which allows you to run Azure services outside of Azure. Doesn't matter again same thing for the Arc enabled infrastructure doesn't matter if it's running on-prem or at other cloud providers you can do that as well. So if you want to learn more you obviously have a link here again you have a QR code and link where you can go out and discuss these topics and modules and go through this again. I also recommend by the way we have something called the Azure Arc Jumpstart project which is Lee are doing by the way he also has an upcoming session or maybe even multiples in this learn live series about Azure Arc so definitely join that one as well and so the Azure Arc Jumpstart project really helps you to like test these things like if you don't have an environment you can connect it can be tough right so with Azure Arc Jumpstart you can actually you get automation scripts to build these scenarios so you can use that for POCs or demos but you can also in a period you can do that and take it and take these scripts to actually enable stuff on your production side as well so definitely check that out there's a ton of different things around the jumpstart project pretty cool stuff as well. And then obviously again go through the learn module now if you just watch this we did not read all the text and we did not hit all the points this learn module makes so we highly recommend and you go out by yourself and you go through this learn module also by the way like Amy said to get the experience that is very valid as well so definitely go out and check that out and that sets you up for the next module right I mean yep absolutely and then that is what we're looking at so we have coming sessions in this Microsoft Learn Life Azure Hybrid Cloud Study Hall I'm going to laugh at the title every time I'm sorry I apologize it's a muffle but again there are more sessions one of these learn life sessions coming up we have the next one scheduled for April 21 it's like one in the we have one in the European time zone which is focused on ASTECH HCI technologies but then we also have one again in the evening or in the morning of PST time zone so you can actually go out and again there's another ARC one on this topic and if you can't make it to all of these by the way they're also recorded they're available on demand similar as this session as well and Amy you have another session coming up as well right you have another learn life session about Azure ARC Yes at the plan and deploy Azure ARC enabled servers at scale so instead of just installing on one we'll be showing how to deploy at scale which will be really cool because John is really enthusiastic about Azure too so it's fun working with them I definitely recommend that you check this out and again you really have a little bit more insights into Azure ARC and how you deploy at age and on Azure ARC enabled servers to hit the surface for all of that so with that I would say thank you very much Amy for joining today it was great to have you on the learn life on Microsoft Learn Life Azure Hybrid Cloud Study Hall on Learn TV and also thank you very much for everyone watching again thank you very much for everyone who asked the questions and so on we recommend us joining the next one and again hit the subscribe button on our channel thank you very much and ask more questions I love answering questions awesome thank you