快速入門:將 Windows 電腦上架到 Azure 資訊安全中心Quickstart: Onboard Windows computers to Azure Security Center

將 Azure 訂用帳戶上架之後,您可以透過佈建 Microsoft Monitoring Agent,為在 Azure 外 (例如,內部部署或其他雲端服務) 執行的資源啟用資訊安全中心。After you onboard your Azure subscriptions, you can enable Security Center for resources running outside of Azure, for example on-premises or in other clouds, by provisioning the Microsoft Monitoring Agent.

本快速入門說明如何在 Windows 電腦上安裝 Microsoft Monitoring Agent。This quickstart shows you how to install the Microsoft Monitoring Agent on a Windows computer.

必要條件Prerequisites

若要開始使用資訊安全中心,您必須有 Microsoft Azure 訂用帳戶。To get started with Security Center, you must have a subscription to Microsoft Azure. 如果您沒有訂用帳戶,可以註冊免費帳戶If you do not have a subscription, you can sign up for a free account.

確認您是使用資訊安全中心的標準定價層之後,再開始按照本快速入門操作。You must be on Security Center’s Standard pricing tier before starting this quickstart. 如需升級指示,請參閱將 Azure 訂用帳戶上架到資訊安全中心標準定價層See Onboard your Azure subscription to Security Center Standard for upgrade instructions. 您可以免費試用資訊安全中心的標準層。You can try Security Center’s Standard at no cost. 若要深入了解,請參閱價格頁面To learn more, see the pricing page.

新增 Windows 電腦Add new Windows computer

  1. 登入 Azure 入口網站Sign into the Azure portal.

  2. 在 [Microsoft Azure] 功能表中,選取 [資訊安全中心]。On the Microsoft Azure menu, select Security Center. [資訊安全中心 - 概觀] 隨即開啟。Security Center - Overview opens.

    資訊安全中心概觀

  3. 在 [資訊安全中心] 主功能表下,選取 [開始使用]。Under the Security Center main menu, select Getting started.

  4. 選取 [開始使用] 索引標籤。Select the Get started tab.

    開始使用

  5. 按一下 [新增非 Azure 電腦] 下方的 [設定]。Click Configure under Add new non-Azure computers. 隨即會顯示 Log Analytics 工作區清單。A list of your Log Analytics workspaces is shown. 清單中顯示啟用自動佈建之後,資訊安全中心為您建立的預設工作區 (如果適用)。The list includes, if applicable, the default workspace created for you by Security Center when automatic provisioning was enabled. 選取此工作區或其他您要使用的工作區。Select this workspace or another workspace you want to use.

    新增非 Azure 電腦

    [直接代理程式] 刀鋒視窗提供下載 Windows 代理程式的連結,以及用於設定代理程式的工作區識別碼金鑰。The Direct Agent blade opens with a link for downloading a Windows agent and keys for your workspace ID to use in configuring the agent.

  6. 選取適用於您電腦處理器類型的 [下載 Windows 代理程式] 連結以下載安裝檔。Select the Download Windows Agent link applicable to your computer processor type to download the setup file.

  7. 在 [工作區識別碼] 的右邊,選取複製圖示並將識別碼貼到記事本中。On the right of Workspace ID, select the copy icon and paste the ID into Notepad.

  8. 在 [主要金鑰] 的右邊,選取複製圖示並將識別碼貼到記事本中。On the right of Primary Key, select the copy icon and paste the key into Notepad.

安裝代理程式Install the agent

接著在目的電腦上安裝下載的檔案。You must now install the downloaded file on the target computer.

  1. 將檔案複製到目的電腦並執行安裝程式。Copy the file to the target computer and Run Setup.

  2. 在 [歡迎] 頁面上,選取 [下一步]。On the Welcome page, select Next.

  3. 在 [授權條款] 頁面上,閱讀授權並選取 [我同意]。On the License Terms page, read the license and then select I Agree.

  4. 在 [目的資料夾] 頁面上,變更或保留預設的安裝資料夾,然後選取 [下一步]。On the Destination Folder page, change or keep the default installation folder and then select Next.

  5. 在 [代理程式安裝選項] 頁面上,選擇將代理程式連線至 Azure Log Analytics,然後選取 [下一步]。On the Agent Setup Options page, choose to connect the agent to Azure Log Analytics and then select Next.

  6. 在 [Azure Log Analytics] 頁面上,貼上您在先前程序中複製到「記事本」中的 [工作區識別碼] 和 [工作區金鑰 (主要金鑰)]。On the Azure Log Analytics page, paste the Workspace ID and Workspace Key (Primary Key) that you copied into Notepad in the previous procedure.

  7. 如果電腦應該向 Azure Government Cloud 中的 Log Analytics 工作區回報,請從 [Azure 雲端] 下拉式清單中選取 [Azure 美國政府]。If the computer should report to a Log Analytics workspace in Azure Government cloud, select Azure US Government form the Azure Cloud dropdown list. 如果電腦需要透過 Proxy 伺服器與 Log Analytics 服務進行通訊,請選取 [進階],然後提供 Proxy 伺服器的 URL 和連接埠號碼。If the computer needs to communicate through a proxy server to the Log Analytics service, select Advanced and provide the URL and port number of the proxy server.

  8. 完成提供必要的組態設定之後,選取 [下一步]。Select Next once you have completed providing the necessary configuration settings.

    安裝代理程式

  9. 在 [安裝準備就緒] 頁面上,檢閱您的選擇,然後選取 [安裝]。On the Ready to Install page, review your choices and then select Install.

  10. 在 [設定成功完成] 頁面上,選取 [完成]On the Configuration completed successfully page, select Finish

完成時,[Microsoft 監視代理程式] 會出現在 [控制台] 中。When complete, the Microsoft Monitoring Agent appears in Control Panel. 您可以在該處檢閱您的設定,並確認代理程式已連線。You can review your configuration there and verify that the agent is connected.

如需安裝及設定代理程式的詳細資訊,請參閱連線到 Windows 電腦For further information on installing and configuring the agent, see Connect Windows computers.

您現在可於同一處監視您的 Azure VM 和非 Azure 電腦。Now you can monitor your Azure VMs and non-Azure computers in one place. 在 [計算] 下,您可以檢視所有 VM 和電腦的概觀及建議。Under Compute, you have an overview of all VMs and computers along with recommendations. 每一欄表示一組建議。Each column represents one set of recommendations. 色彩代表 VM 或電腦目前對於該建議的安全性狀態。The color represents the VM's or computer's current security state for that recommendation. 資訊安全中心也會在安全性警示中顯示針對這些電腦所偵測到的任何項目。Security Center also surfaces any detections for these computers in Security alerts.

[計算] 刀鋒視窗

[計算] 刀鋒視窗上顯示兩個類型的圖示:There are two types of icons represented on the Compute blade:

icon1 非 Azure 電腦Non-Azure computer

icon2 Azure VMAzure VM

清除資源Clean up resources

不再需要時,您可以將代理程式從 Windows 電腦移除。When no longer needed, you can remove the agent from the Windows computer.

移除代理程式:To remove the agent:

  1. 開啟 [ 控制台]。Open Control Panel.
  2. 開啟 [程式和功能]。Open Programs and Features.
  3. 在 [程式和功能] 中,選取 [Microsoft Monitoring Agent],然後按一下 [解除安裝]。In Programs and Features, select Microsoft Monitoring Agent and click Uninstall.

後續步驟Next steps

在本快速入門中,您已在 Windows 電腦上佈建 Microsoft Monitoring Agent。In this quickstart, you provisioned the Microsoft Monitoring Agent on a Windows computer. 若要深入了解如何使用資訊安全中心,請繼續進行設定安全性原則及評估資源安全性的教學課程。To learn more about how to use Security Center, continue to the tutorial for configuring a security policy and assessing the security of your resources.