News Ticker

[ March 4, 2025 ] Migration to Azure: Patterns and Anti-patterns Azure
[ February 9, 2025 ] The case: Issues with switching organizations in Microsoft Teams client Productivity
[ January 8, 2025 ] How to Leave an Organization in Microsoft Teams (Personal Account) Productivity
[ November 25, 2024 ] SharePoint Online: Root site, Home site and Hub site – Explained Business
[ September 13, 2024 ] Areas of focus to achieve greater Azure operational efficiency Azure
[ April 24, 2024 ] Global Azure Skopje 2024: A Pivotal Event for Tech Enthusiasts and Professionals Azure
[ October 26, 2023 ] Cloud Migration and/or/vs. Cloud Transformation Business
[ July 10, 2023 ] Userware Launches XAML for Blazor Programming
[ May 7, 2023 ] Azure Announcements (April 2023) Azure
[ March 8, 2023 ] Azure Spring Clean 2023: A customer journey to the cloud starts … Here! Azure
[ February 23, 2023 ] Improve Your Product, Interview Your Customers Business
[ February 20, 2023 ] Azure FinOps: What it is and Why it matters Business
[ February 15, 2023 ] How to use Azure Load Testing Service to optimize your app performance Azure
[ February 6, 2023 ] Excel Quick Access toolbar customization tip Productivity
[ March 3, 2025 ] Productive and focused with Shorter Meetings! Productivity
[ January 10, 2025 ] Sensitivity Label Maze: Avoiding Common Pitfalls Productivity

Azure Automanage (The Fallout)

October 23, 2020 Dimitar Grozdanov Azure, Cloud 0

Last week I did a overview of Azure Automanage for Virtual Machines, but left the service run for few days.

Just a quick memory refresh, this is a bundle of services that enable management and monitoring of virtual machines.

The service configures the virtual machines based on best practices, evolving around governance, security and operations principles.

For more information check out the previous article here

Test environment

The environment had two virtual machines deployed – DemoServer1 (Windows Server 2019) and jumphostvm1 (Windows 10 Pro).

Test virtual machines on-boarded in Azure Automanage

There is a Log analytics workspace inside the omseasyazure resource group. All data from Azure Security Center is there. Consequently, this group, contains the automation account as well.

My Security Center policy is configured, to automatically install management and monitoring agent on all newly created virtual machines. As far as the agent deployment goes, the “confusion” relates to the underlying OS on the virtual machines. This does not apply to Windows 10 operating system.

Azure Virtual Machine best practices – Production configuration profile is used to configure the virtual machines.

Configuration profile deployed – Production

Already deployed Recovery Services Vault was ignored. Even worse, the Automanage service created two additional Vaults, and placed each machine in separate ones.

I double check the status of both virtual machines. In both Recovery Vaults, the machines were backed up regularly. At the end, this is part of the Production configuration profile. The Dev/Test one does not include backup.

Assigned Recovery Services vault per machine (jumphostvm1)

Disabing automanagement

Off-boarding machines is fairly easy process. You just need to go to the service, select the machines and press the Disable automanagement button. The process is fast.

As the picture above states, that the underlying services are not disabled. For this, you will need to visit each machine separately, and disable the services.

For this, I had to go to each Recovery Services Vault, and disable the backup.

I had to remove the machines from both Log analytics workspace where they were attached.

Disconnecting a virtual machine from log analytics workspace

For larger number of virtual machines, run a script.

Last, but not least, check out the Azure Policy section. there will be couple of policies left behind. you will need to do some clean-up there, as well

Conclusion

In conclusion, the service is useful and has potential, but also has flaws, and documentation is scarce.

The capability of customizing the configuration script, in more details, would be beneficial. Choosing between deployed and configured services, is a big perk.

The best practices relate to Azure services only. Most of Enterprise environments already have systems and tools in place. It would be useful to have more customization and selection options there.

The off-boarding process is tricky. Even in test scenarios, document everything. This will help you with the clean up process.

About Dimitar Grozdanov 39 Articles

Engineer. 25+ years “in the field”. Cloud Solution Architect. Cloud Security MVP. Trainer. Co-founder/Supporter of Tech Communities. Speaker. Blogger. Parent. Passionate about craft beer and hanging out with family and friends.

ITuziast

Bits and Bytes of Technology

Be the first to comment

Leave a Reply Cancel reply

Test environment

Disabing automanagement

Conclusion

Related Articles

Azure Announcements (December 2022)

Azure Spring Clean 2023: A customer journey to the cloud starts … Here!

Global Azure Skopje 2024: A Pivotal Event for Tech Enthusiasts and Professionals

Be the first to comment

Leave a Reply Cancel reply