 Hi everyone, I'm Arnav Chedapadhyay, a PM on Azure Arc Naval Servers. Hello, my name is Trum Tran and I am the PM on Windows Admin Center and we're so excited to be a part of this year's Windows Server Summit. Together, we'll be hosting the session on securing and managing your Windows Server infrastructure anywhere. Let's start with a scenario you're all going to be familiar with. Here, we have a customer who's been using Windows Server for many years as a core part of their data center environment. They're using familiar tools for local management such as system center to manage their data center operations at scale. This includes operations manager for monitoring capabilities, virtual machines manager to manage their Hyper-V infrastructure, as well as data protection manager for backup capabilities. As their business grows, their IT infrastructure not only increases in size, but scales across multiple different locations. Their digital estate now spans across on-prem, Azure, other clouds, and edge locations. The customer is now looking to consistently secure, manage, and govern their Windows Server workloads from anywhere. Let's get after it. We're not going to dive into an example customer scenario with an on-prem Windows Server. We're going to start off in familiar territory with Windows Admin Center before we pivot to Azure Arc and Azure Auto Managed to show how you can leverage the best of Azure Services across hybrid, multi-cloud, and edge environments. If you want more information on system center, including System Center 2022, which is generally available, check out the on-demand session below. So Chung, let's get started with Windows Admin Center. Let's do it. We'll start by opening up Windows Admin Center on our browser. From here, we'll be able to add our on-prem server using its IP address, of course, with our corresponding admin credentials as well. Once Windows Admin Center verifies that it does indeed exist, you'll be able to see it in your Connections page. From here, we'll be able to connect to our on-prem server and immediately get to see the metadata associated with our server as well as real-time data on things such as CPU and memory. Windows Admin Center also offers all the amazing tools that you all know and love for your remote server management needs, such as the firewall tool, where you'll be able to enable, disable, incoming, and outgoing rules, edit them, or create new ones to ensure that your resources are secured. The Events tool for single-point troubleshooting or exporting your logs to run further analysis later, and the Updates tool, so you can always check and install the latest updates for your server. Now, what if you want to use Azure services on your on-premises server? Well, that's where Azure Arc comes in. Azure Arc allows you to extend your Azure services to your servers located outside of Azure. Let me take you through how we can do that. In the Azure Hybrid Services pane, now let's register our Windows Admin Center Gateway with Azure and make sure we're signed into our Azure account. Once we do, the setup option for Azure Arc and all of these other Azure services, such as Azure Monitor, Azure Backup, and File Sync, will populate. Clicking on the setup button will open a context menu where we'll choose our Azure subscription, the resource group, and region to Arc-enable our on-premises server. It'll take a couple minutes, but after we get a successful notification, we can check if our on-prem server is indeed Arc-enabled by going to the Install Services tab as shown here. We're also able to see all of the Azure services that the server has been onboarding to, and we can see that the server is now Arc-enabled. From here, we can select to view this resource in the Azure portal, and by navigating to the Servers tab under Azure Arc, we're able to verify that our on-prem server named Contoso is now Arc-enabled. So Arnav, now that we have a single view of these servers in Azure, do you want to share a little bit more on how to onboard Azure services across these environments? Yeah, absolutely. Let's dive into our Azure portal where we can showcase some security, monitoring, and governance capabilities across our Arc-enabled servers in our Azure VMs too. Here we see our Azure Arc-enabled server in Azure portal, our Contoso Arc server. This was the same Windows server that we used Windows Admin Center to onboard into Azure Arc. Here we see Essentials, details on the metadata collected on this Arc-enabled server. What's notable is that this Arc-enabled server can leverage the same ARM capabilities across policy, resource graph, and inventory capabilities. So for example, suppose you want to tag this Arc-enabled server. We could go ahead here, click to add tags, and suppose you want to tag this as belonging to the company Contoso. We can go ahead here and literally tag this server sitting outside of Azure with its Azure production for our inventory capabilities in the Azure portal view. And voila, we've tagged our Arc-enabled server. But it doesn't stop there. We can leverage virtual machine extensions just like we can use with our Azure VMs with our Arc-enabled servers. So for example here, we have a number of VM extensions that have been deployed across Admin Center capabilities as well as Azure Monitor Agent, AMA, collecting insights on this Arc-enabled server. We can provision these extensions both using portal, point and click, CLI, and Azure Policy at scale. This is all facilitated by the extension management capability inbuilt for the connected machine agent. This is how we can leverage a range of Azure services across security, monitoring, and governance with our Arc-enabled servers. So let's get after it and let's look into the security capabilities of Azure afforded for our Arc-enabled servers. Specifically, let's double click into Defender for Cloud. Here we view the recommendations for our Contoso Arc-enabled server from Defender for Cloud. But let's zoom out because Contoso Arc server is just one part of the broader Defender for Cloud ecosystem within our Azure estate. So as we zoom out into our subscription level view, we view a security posture. This is a continuous assessment that encapsulates our high-level security posture. And this includes both our Azure and our non-Azure infrastructure that has been Arc-enabled. We also get visibility into regulatory compliance and can further drill into workload protection with alerting overtime and inventory view. So for example, let's suppose we want to double-click on regulatory compliance. We can dive into the Cloud security benchmark and see where there is compliance and where there are compliance gaps and get point-and-click remediation steps in terms of where we can resolve. Analogously, from a security posture perspective, we've been afforded prioritized recommendation on gaps of our secure score as well as a breakdown of our secure score by environment. Finally, we can switch into an inventory view and really click into our Contoso server. So here we go into our inventory view and we double-click on Contoso, and we can see its resource health from a security perspective. We have prioritized recommendations with alerting. For example, we can look into this file integrity monitoring recommendation. And we are even provided with direct remediation steps and quick-fix logic in order to better secure our server sitting outside of Azure. That's the power of ARC, Native Integration into Azure's cutting-edge Cloud security capabilities, affording a consistent plane for security and compliance from Cloud to Edge. But let's zoom back into that Contoso server and let's look into the guest configuration capabilities built into the connected machine agent through Azure AutoManage Machine Configuration. Through this, we can actually get into guest OS-level settings configuring through Azure Policy or manually or with system assigned identities as well. So here we have a number of configurations that have been applied to our ARC-enabled server, including this audit secure protocol that's ensuring we're using TLS settings that are appropriate by security standards and we're able to audit and ensure compliance. Similarly, we'd be able to create our custom configuration leveraging DSC or we could go into our policy view and from policy we would have the capability to provision guest OS-level settings. So for example here, we can assign a policy to our ARC-enabled server and we can select a policy to configure time zones and so here we're selecting a time zone policy, configuring time zones on our Windows machines. We can select this. Next, we can ensure that we do include our ARC-enabled servers and set to a desired time zone. Let's suppose we want to use the time zone for coordinated universal time. We can click next and we can create a remediation task and finally we can even set our non-compliance message before we review and create and here we're getting into the guest OS-level settings for our server sitting outside of Azure and configuring those, not just auditing but actually applying correction and remediation using the machine configuration compliance capabilities through the governance engine of Azure policy. And here we're going ahead and applying our policy assignment on our ARC-enabled server. Now let's zoom back. We've seen a couple of security capabilities. We've seen a couple of governance capabilities through Azure policy, but there's a breadth of capabilities across insights, update management center, change tracking that we can leverage with our ARC-enabled server. Here in comes a question. How do we leverage the breadth of Azure's best practices for our ARC-enabled servers? And that's where AutoManage comes in. With AutoManage, you're able to point, click, set and forget choosing from best practice or dev test production configuration profiles or with the ability to create our new profile as well. So here we can create a custom configuration profile, for example a Contoso profile and then we're able to point and click to select exactly which Azure services we want. Let's suppose we want to apply insights monitoring and machine configuration, update management, change tracking and security capabilities and we can go ahead and create. And what that will do is we're creating a configuration profile that's going to ensure that our ARC-enabled server is onboarded to that assigned list of Azure services and if there's actually any drift, it'll configure and remediate for that. Moreover, we'll get visibility into any compliance violations for it as well. This typifies how we can really leverage the best of Azure services across our Azure VMs and ARC-enabled servers in a simplified fashion, making it easy to perform core administrative roles with our servers anywhere. So we've seen some security, we've seen some monitoring, we've seen some VM extensions and we've seen some policy and we've seen the end-to-end to it through Azure Auto Manage. What's so powerful about Azure ARC is the way that ARC-enabled servers are truly afforded a first-class citizenship in the Azure portal, affording consistent security and management from cloud to Edge. And that's a wrap on some of the end-to-end management scenarios with our ARC-enabled servers. Wow, Arnav, that was so quick and easy. Definitely need to give that a try. To end, I'm going to take us back to Windows Admin Center in Azure to show the same servers we've been working with, now all in a single view. Using the same Azure ARC-enabled server that we have, Contoso, I'm now going to set up and install Windows Admin Center on this server. It'll take a couple minutes, but once it's done, all you'll have to do is click the banner to set up connectivity and voila, you'll be able to connect and use Windows Admin Center. So now all the amazing tools and capabilities of Windows Admin Center are now in the Azure portal, accessible to you from anywhere. Tools such as the Firewall tool, Event Viewer and Updates, just to name a few of your favorite remote management tools, are all right here within the Azure portal. In addition to your on-premises servers, we're able to add and manage Azure VMs as well. And as you guessed it, you'll be able to seamlessly set up and use Windows Admin Center to remotely manage these resources as well. So Arnav, we went through a lot in such a short amount of time, but it was really awesome to see all the various ways we can manage Windows Server and leverage Azure capabilities from anywhere. With Windows Admin Center, we were able to remotely manage Windows Server's running, whether it's physical, virtual on-premises in Azure or in a hosted environment. And it was so cool to see how you could use Azure Arc and Auto Manage to quickly and seamlessly deliver the best of Azure services across the hybrid, multi-cloud and edge environments. With that, where can folks go to learn more? Well, if folks want to get wacky and start learning more about these Azure services and capabilities in action, we've put together some resources for Windows Admin Center, Azure Auto Manage and Azure Arc, as well as System Center with the on-demand session below. Thank you.