You have an Azure virtual machine named VM1 that has a private IP address only.
You configure the Windows Admin Center extension on VM1.
You have an on-premises computer that runs Windows 11. You use the computer for server management.
You need to ensure that you can use Windows Admin Center from the Azure portal to manage VM1.
What should you configure?
Click on the arrows to vote for the correct answer
A. B. C. D.B
https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-vmThe scenario in this question involves an Azure virtual machine (VM1) that has only a private IP address and a Windows 11 on-premises computer that will be used for server management. The requirement is to ensure that the Windows Admin Center extension configured on VM1 can be accessed and managed from the Azure portal.
To achieve this requirement, you need to enable a secure and private connection between the on-premises computer and VM1. There are several options available in Azure to achieve this, but the most appropriate one in this scenario is to configure a private endpoint on the virtual network that contains VM1 (Option C).
A private endpoint is a network interface that connects an Azure service to a virtual network privately. When you create a private endpoint for Windows Admin Center, it creates a network interface in your virtual network that uses a private IP address from your subnet range. This private IP address can then be used to connect to the Windows Admin Center extension running on VM1.
Here are the steps to configure a private endpoint for Windows Admin Center:
After you create the private endpoint, you can connect to the Windows Admin Center extension on VM1 using the private IP address associated with the private endpoint. This ensures a secure and private connection between the on-premises computer and VM1.
Option A (Azure Bastion host) and option B ( VPN connection) are not suitable in this scenario because they require public IP addresses to be assigned to VM1, which goes against the requirement for a private IP address only. Option D (NSG rule for port 443) may allow inbound traffic to VM1, but it does not provide a private and secure connection.