Quickstart: Onboard Windows computers to Azure Security Center
After you onboard your Azure subscriptions, you can enable Security Center for resources running outside of Azure, for example on-premises or in other clouds, by provisioning the Microsoft Monitoring Agent.
This quickstart shows you how to install the Microsoft Monitoring Agent on a Windows computer.
To get started with Security Center, you must have a subscription to Microsoft Azure. If you do not have a subscription, you can sign up for a free account.
You must be on Security Center’s Standard pricing tier before starting this quickstart. See Onboard your Azure subscription to Security Center Standard for upgrade instructions. You can try Security Center’s Standard at no cost for the first 60 days.
Add new Windows computer
- Sign into the Azure portal.
On the Microsoft Azure menu, select Security Center. Security Center - Overview opens.
Under the Security Center main menu, select Onboarding to advanced security.
Select Do you want to add non-Azure computers.
On Add new non-Azure computers, a list of your Log Analytics workspaces is shown. The list includes, if applicable, the default workspace created for you by Security Center when automatic provisioning was enabled. Select this workspace or another workspace you wish to use.
The Direct Agent blade opens with a link for downloading a Windows agent and keys for your workspace ID to use in configuring the agent.
Select the Download Windows Agent link applicable to your computer processor type to download the setup file.
On the right of Workspace ID, select the copy icon and paste the ID into Notepad.
On the right of Primary Key, select the copy icon and paste the key into Notepad.
Install the agent
You must now install the downloaded file on the target computer.
- Copy the file to the target computer and Run Setup.
- On the Welcome page, select Next.
- On the License Terms page, read the license and then select I Agree.
- On the Destination Folder page, change or keep the default installation folder and then select Next.
- On the Agent Setup Options page, choose to connect the agent to Azure Log Analytics and then select Next.
- On the Azure Log Analytics page, paste the Workspace ID and Workspace Key (Primary Key) that you copied into Notepad in the previous procedure.
- If the computer should report to a Log Analytics workspace in Azure Government cloud, select Azure US Government form the Azure Cloud dropdown list. If the computer needs to communicate through a proxy server to the Log Analytics service, select Advanced and provide the URL and port number of the proxy server.
Select Next once you have completed providing the necessary configuration settings.
On the Ready to Install page, review your choices and then select Install.
- On the Configuration completed successfully page, select Finish
When complete, the Microsoft Monitoring Agent appears in Control Panel. You can review your configuration there and verify that the agent is connected.
For further information on installing and configuring the agent, see Connect Windows computers.
Now you can monitor your Azure VMs and non-Azure computers in one place. Under Compute, you have an overview of all VMs and computers along with recommendations. Each column represents one set of recommendations. The color represents the VM's or computer's current security state for that recommendation. Security Center also surfaces any detections for these computers in Security alerts.
There are two types of icons represented on the Compute blade:
Clean up resources
When no longer needed, you can remove the agent from the Windows computer.
To remove the agent:
- Open Control Panel.
- Open Programs and Features.
- In Programs and Features, select Microsoft Monitoring Agent and click Uninstall.
In this quickstart, you provisioned the Microsoft Monitoring Agent on a Windows computer. To learn more about how to use Security Center, continue to the tutorial for configuring a security policy and assessing the security of your resources.