Share via

Managing Multiple VMs on Azure Similar to Workspace One

razec18 155 Reputation points
2024-11-06T17:44:19.7266667+00:00

Hello,

I currently manage an infrastructure of approximately 100 VMs. I would like to perform activities on Azure such as:

  1. Installing/removing apps
  2. Viewing all installed apps on the VMs
  3. Adding shortcuts to the desktop
  4. Adjusting timezone/date and time

I am looking for a solution that can handle these tasks, similar to what Workspace One does, but for Windows Servers.

How do you currently manage these tasks?

Thank you!

Feel free to post this on the Microsoft forum. If you need any further assistance, let me know!

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,991 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 25,675 Reputation points MVP
    2024-11-06T17:55:04.5166667+00:00

    There are a number of options to consider - here are a few I find most common

    1. Azure Automation with Desired State Configuration (DSC)

    Azure Automation DSC is a robust tool for managing and enforcing the configuration of Windows VMs. Using DSC scripts, you can define and enforce configurations for various tasks across all your VMs.

    Features:

    • Install/Remove Apps: Automate application installation and removal across multiple VMs.
    • View Installed Apps: With custom DSC configurations or PowerShell scripts, you can periodically audit and report installed applications on each VM.
    • Add Shortcuts to the Desktop: You can use DSC to deploy files or shortcuts to user directories on each VM.
    • Adjust Timezone/Date and Time: Configure timezone settings using DSC scripts or Azure Automation Runbooks.

    How It Works:

    • Azure Automation DSC uses PowerShell DSC scripts to specify desired configurations, ensuring they are applied and monitored continuously across your environment.
      • You can create Runbooks for custom tasks, such as querying installed applications or deploying shortcuts.
      • Azure Automation can also trigger actions based on schedules, or you can use it interactively.

    Pros:

    • Integrated with Azure, allowing centralized configuration management and monitoring.
      • Scalable across a large infrastructure.
      • Easy to automate recurring tasks with scheduled runbooks.

    Cons:

    • May require initial setup and testing of DSC configurations and runbooks.
      • Limited GUI for specific tasks, making it more suitable for admins comfortable with PowerShell scripting.
    1. Microsoft Intune (Endpoint Manager) with Windows Server Support

    Microsoft Intune now extends some device management features to Windows Servers, which allows for policy-driven management and configuration similar to what’s available for Windows 10 and Windows 11.

    Features:

    • Application Management: Intune can push applications to managed VMs, though more advanced server app management may still require custom scripts.
    • View Installed Apps: Intune provides reporting for installed apps across managed devices, including servers.
    • Desktop Customization: While limited for server versions, Intune supports certain configurations that can assist with desktop settings.
    • Time and Date Adjustments: You can apply policies or use custom scripts to adjust timezone or date and time.

    How It Works:

    • Intune policies can be configured and applied across servers, allowing for streamlined management.
      • Integration with Entra ID makes it easier to manage access and device compliance policies.
      • You can use Custom PowerShell scripts in Intune for specialized configurations and queries.

    Pros:

    • Centralized, GUI-based management similar to Workspace One.
      • Policies and custom scripts can be applied to Windows Servers.
      • Integrates with the broader Microsoft Endpoint Manager suite.

    Cons:

    • Limited capabilities for server OS management compared to client OS; may need additional configuration for server-specific tasks.
      • Some management capabilities may be less extensive than Workspace One.
    1. Combining Azure Automation and Intune

    For full coverage of the tasks you want to automate and manage, a combination of Azure Automation (for in-depth server configuration) and Intune (for GUI-based management and reporting) can work well. This setup can give you:

    • Flexible configuration management with DSC and PowerShell scripts for server-specific tasks.
    • Centralized app management and visibility through Intune’s GUI.
    • Scheduled or ad-hoc automation for maintenance and configuration.

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

  2. Marcin Policht 25,675 Reputation points MVP
    2024-11-07T11:41:30.2333333+00:00

    Yes, both Intune and Azure Automation Runbook services require licenses or incur costs.

    1. Intune Licensing and Adding Servers
      • Licensing: Microsoft Intune is generally licensed as part of the Microsoft 365 suite or through separate plans that include Endpoint Manager capabilities. Each device requires an Intune license.
      • Adding Servers: Intune traditionally targets devices running Windows 10/11 and mobile OSes for management rather than server OSes like Windows Server. Although Microsoft has added some support for Windows Servers, they may not integrate as smoothly as client OSes. If your server isn't adding to Intune, it could be due to limitations in Intune's support for Windows Server OS versions or specific management policies.
    2. Azure Compute Gallery and VMSS Approach
      • Process: Azure Compute Gallery and Virtual Machine Scale Sets (VMSS) allow you to deploy and manage identical instances, which can be updated by modifying the source image and redeploying instances.
      • Pros: This approach is efficient for large, consistent updates across many VMs, such as patching OS images or updating pre-installed applications. You’d make changes in the master image, publish it to the Compute Gallery, and apply the image to all instances in the VMSS.
      • Cons: However, this method requires you to redeploy the entire VM each time there’s a change, which could disrupt service continuity. While it’s manageable for some types of applications, it’s not ideal for tasks needing minor changes, like adding a desktop shortcut or viewing installed apps. Frequent updates could also increase administrative overhead and redeployment time.

    Comparison

    • Intune + Runbooks: These offer centralized, incremental management for tasks without redeploying entire VMs, and you can automate granular changes (e.g., app installation/removal) without downtime.
    • VMSS with Azure Compute Gallery: Suitable for cases where large-scale, uniform updates are acceptable and temporary disruption is manageable, as with stateless VMs or load-balanced workloads.

    Given your needs, Intune or Runbooks might be the better choice, especially if you need frequent or real-time configuration adjustments across servers. But if your VMs are highly uniform and you’re okay with redeployment, the Azure Compute Gallery and VMSS approach could be a cost-effective solution.

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.