快速入门:将 Windows 计算机加入安全中心Quickstart: Onboard Windows computers to Azure Security Center

载入 Azure 订阅之后,可以通过预配 Log Analytics 代理为在 Azure 外部(例如,在本地或在其他云中)运行的资源启用安全中心。After you onboard your Azure subscriptions, you can enable Security Center for resources running outside of Azure, for example on-premises or in other clouds, by provisioning the Log Analytics agent.

本快速入门演示如何在 Windows 计算机上安装 Log Analytics 代理。This quickstart shows you how to install the Log Analytics agent on a Windows computer.

先决条件Prerequisites

若要开始使用安全中心,必须具有 Microsoft Azure 订阅。To get started with Security Center, you must have a subscription to Microsoft Azure. 如果你尚无订阅,则可以注册试用帐户If you do not have a subscription, you can sign up for a trial account.

在开始学习本快速入门之前,你必须位于安全中心的“标准”定价层。You must be on Security Center’s Standard pricing tier before starting this quickstart. 有关升级说明,请参阅将 Azure 订阅载入到安全中心标准版See Onboard your Azure subscription to Security Center Standard for upgrade instructions. 可以免费试用安全中心标准版。You can try Security Center’s Standard at no cost. 若要了解详细信息,请参阅定价页To learn more, see the pricing page.

添加新的 Windows 计算机Add new Windows computer

  1. 登录到 Azure 门户Sign into the Azure portal.

  2. Microsoft Azure 菜单上选择“安全中心”。On the Microsoft Azure menu, select Security Center. 此时会打开“安全中心 - 概览”。Security Center - Overview opens.

    安全中心概述

  3. 在“安全中心”主菜单下,选择“入门”。Under the Security Center main menu, select Getting started.

  4. 选择“入门”选项卡。Select the Get started tab.

    入门

  5. 单击“添加新的非 Azure 计算机”下的“配置” 。Click Configure under Add new non-Azure computers. 此时将显示 Log Analytics 工作区的列表。A list of your Log Analytics workspaces is shown. 该列表包含启用自动预配时由安全中心创建的默认工作区(如果适用)。The list includes, if applicable, the default workspace created for you by Security Center when automatic provisioning was enabled. 选择此工作区或要使用的其他工作区。Select this workspace or another workspace you want to use.

    添加非 Azure 计算机

    将打开“直接代理”边栏选项卡,其中包含一个用于下载 Windows 代理的链接,以及在配置该代理时要使用的工作区 ID 的密钥。The Direct Agent blade opens with a link for downloading a Windows agent and keys for your workspace ID to use in configuring the agent.

  6. 选择适用于计算机处理器类型的“下载 Windows 代理”链接,以下载安装程序文件。Select the Download Windows Agent link applicable to your computer processor type to download the setup file.

  7. 在“工作区 ID”右侧选择复制图标,并将该 ID 粘贴到记事本中。On the right of Workspace ID, select the copy icon and paste the ID into Notepad.

  8. 在“主密钥”右侧选择复制图标,并将该密钥粘贴到记事本中。On the right of Primary Key, select the copy icon and paste the key into Notepad.

安装代理Install the agent

现在,必须在目标计算机上安装下载的文件。You must now install the downloaded file on the target computer.

  1. 将该文件复制到目标计算机并运行安装程序。Copy the file to the target computer and Run Setup.

  2. 在“欢迎”页上,选择“下一步”。 On the Welcome page, select Next.

  3. 在“许可条款”页面上阅读许可协议,然后选择“我接受” 。On the License Terms page, read the license and then select I Agree.

  4. 在“目标文件夹”页面上更改或保留默认安装文件夹,然后选择“下一步” 。On the Destination Folder page, change or keep the default installation folder and then select Next.

  5. 在“代理安装选项”页上,选择将代理连接到 Azure Log Analytics,然后选择“下一步”。 On the Agent Setup Options page, choose to connect the agent to Azure Log Analytics and then select Next.

  6. Azure Log Analytics 页上,粘贴在前面步骤中复制到记事本的“工作区 ID” 和“工作区密钥(主密钥)” 。On the Azure Log Analytics page, paste the Workspace ID and Workspace Key (Primary Key) that you copied into Notepad in the previous procedure.

  7. 如果计算机应向 Azure 中国云中的 Log Analytics 工作区报告,请从“Azure 云”下拉列表中选择“Azure 中国” 。If the computer should report to a Log Analytics workspace in Azure China cloud, select Azure China form the Azure Cloud dropdown list. 如果计算机需要通过代理服务器来与 Log Analytics 服务通信,请选择“高级”并提供代理服务器的 URL 和端口号。If the computer needs to communicate through a proxy server to the Log Analytics service, select Advanced and provide the URL and port number of the proxy server.

  8. 提供所需的配置设置后,选择“下一步”。Select Next once you have completed providing the necessary configuration settings.

    安装代理

  9. 在“准备安装”页上检查所做的选择,并选择“安装” 。On the Ready to Install page, review your choices and then select Install.

  10. 在“配置已成功完成”页上,选择“完成” On the Configuration completed successfully page, select Finish

完成后,Log Analytics 代理会显示在“控制面板”中。When complete, the Log Analytics agent appears in Control Panel. 可以在该处检查配置,并验证代理是否已连接。You can review your configuration there and verify that the agent is connected.

有关安装和配置代理的详细信息,请参阅连接 Windows 计算机For further information on installing and configuring the agent, see Connect Windows computers.

现在,可以从单个位置监视 Azure VM 和非 Azure 计算机了。Now you can monitor your Azure VMs and non-Azure computers in one place. 在“计算”下,可以概览所有 VM 和计算机以及建议。Under Compute, you have an overview of all VMs and computers along with recommendations. 每一列代表一组建议。Each column represents one set of recommendations. 颜色表示 VM 或计算机针对该建议的当前安全状态。The color represents the VM's or computer's current security state for that recommendation. 安全中心还会在“安全警报”中显示针对这些计算机的任何检测。Security Center also surfaces any detections for these computers in Security alerts.

“计算”边栏选项卡

有两种类型的图标表示在“计算”边栏选项卡上:There are two types of icons represented on the Compute blade:

icon1 非 Azure 计算机Non-Azure computer

icon2 Azure VMAzure VM

清理资源Clean up resources

如果不再需要使用该代理,可从 Windows 计算机中将其删除。When no longer needed, you can remove the agent from the Windows computer.

若要删除该代理,请执行以下操作:To remove the agent:

  1. 打开“控制面板”Open Control Panel.
  2. 打开“程序和功能”。Open Programs and Features.
  3. 在“程序和功能”中选择“Log Analytics 代理”,单击“卸载”。 In Programs and Features, select Log Analytics agent and click Uninstall.

后续步骤Next steps

在本快速入门中,你已在 Windows 计算机上预配了 Log Analytics 代理。In this quickstart, you provisioned the Log Analytics agent on a Windows computer. 若要详细了解如何使用安全中心,请继续阅读教程,了解如何配置安全策略和评估资源的安全性。To learn more about how to use Security Center, continue to the tutorial for configuring a security policy and assessing the security of your resources.