Configuring Windows Admin Center for Azure Portal Management

Prev Question Next Question

Question

You have an Azure virtual machine named VM1 that has a private IP address only.

You configure the Windows Admin Center extension on VM1.

You have an on-premises computer that runs Windows 11. You use the computer for server management.

You need to ensure that you can use Windows Admin Center from the Azure portal to manage VM1.

What should you configure?

Answers

A. an Azure Bastion host on the virtual network that contains VM1.

B. a VPN connection to the virtual network that contains VM1.

C. a private endpoint on the virtual network that contains VM1.

D. a network security group (NSG) rule that allows inbound traffic on port 443.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-vm

The scenario in this question involves an Azure virtual machine (VM1) that has only a private IP address and a Windows 11 on-premises computer that will be used for server management. The requirement is to ensure that the Windows Admin Center extension configured on VM1 can be accessed and managed from the Azure portal.

To achieve this requirement, you need to enable a secure and private connection between the on-premises computer and VM1. There are several options available in Azure to achieve this, but the most appropriate one in this scenario is to configure a private endpoint on the virtual network that contains VM1 (Option C).

A private endpoint is a network interface that connects an Azure service to a virtual network privately. When you create a private endpoint for Windows Admin Center, it creates a network interface in your virtual network that uses a private IP address from your subnet range. This private IP address can then be used to connect to the Windows Admin Center extension running on VM1.

Here are the steps to configure a private endpoint for Windows Admin Center:

Go to the Azure portal and navigate to the virtual network that contains VM1.
Click on "Private endpoints" in the left-hand menu and then click "Add" to create a new private endpoint.
Select the "Windows Admin Center" service and then configure the private endpoint settings, such as the subnet and private IP address.
Click "Review + create" to create the private endpoint.

After you create the private endpoint, you can connect to the Windows Admin Center extension on VM1 using the private IP address associated with the private endpoint. This ensures a secure and private connection between the on-premises computer and VM1.

Option A (Azure Bastion host) and option B ( VPN connection) are not suitable in this scenario because they require public IP addresses to be assigned to VM1, which goes against the requirement for a private IP address only. Option D (NSG rule for port 443) may allow inbound traffic to VM1, but it does not provide a private and secure connection.

Prev Question Next Question