SMB over QUIC with Automanage machine best practices

Caution

On 31 August 2024, both Automation Update Management and the Log Analytics agent it uses will be retired. Migrate to Azure Update Manager before that. Refer to guidance on migrating to Azure Update Manager here. Migrate Now.

SMB over QUIC offers an "SMB VPN" for telecommuters, mobile device users, and branch offices, providing secure, reliable connectivity to edge file servers over untrusted networks like the Internet. To learn more about SMB over QUIC and how to configure SMB over QUIC, see SMB over QUIC.

Additionally, SMB over QUIC is integrated with Automanage machine best practices to help make SMB over QUIC management easier. QUIC uses certificates to provide its encryption and organizations often struggle to maintain complex public key infrastructures. Automanage machine best practices ensures that certificates do not expire without warning and that SMB over QUIC stays enabled for maximum continuity of service.

How to get started

Note

For prerequisites on using Automanage machine best practices, see Enable on VMs in the Azure portal.

Note

During the preview phase, you can get started in the Azure portal using this link.

Enable Automanage best practices when creating a new VM

To enable Automanage machine best practices for SMB over QUIC on a VM, follow these steps:

  1. Sign in to the Azure portal using the preview link above.

  2. Create an Azure VM with the Windows Server 2022 Datacenter: Azure Edition image to get the Automanage for Windows Server capabilities, including SMB over QUIC.

  3. In the Management tab, for the Azure Automanage Environment setting, either choose Dev/Test or Production to enable Automanage machine best practices.

    Enable Automanage when creating a VM.

  4. Configure any additional settings as needed and create the VM.

Enable Automanage best practices on existing VMs

You can also enable Automanage machine best practices for a VM you have previously created. Note that the VM must have been created with the Windows Server 2022 Datacenter: Azure Edition image to get the Automanage for Windows Server capabilities, including SMB over QUIC.

  1. Navigate to the VM you have previously created.

  2. Select the Automanage menu, choose either the Dev/Test or Production environment, then click Enable.

    Enable Automanage for an existing VM.

Viewing Automanage best practice compliance

It may take a couple of hours for machine best practices to be configured and then the best practice policies to be assigned and assessed on the VM. Once it is complete, you will see the SMB over QUIC policies and their status as shown below. These policies will continuously be assessed automatically to ensure SMB over QUIC is configured properly and that the certificates used are valid and healthy.

View SMB over QUIC policies for a VM.

Next steps