将 Azure 安全中心与 Windows 管理中心集成Integrate Azure Security Center with Windows Admin Center

Windows 管理中心是适用于 Windows 服务器的管理工具。Windows Admin Center is a management tool for your Windows servers. 它在一个位置为系统管理员提供可访问的大部分常用管理工具。It's a single location for system administrators to access the majority of the most commonly used admin tools. 从 Windows 管理中心内可直接将本地服务器加入到 Azure 安全中心。From within Windows Admin Center, you can directly onboard your on-prem servers into Azure Security Center. 然后,可以直接体验在 Windows 管理中心中查看安全建议和警报的摘要。You can then view a summary of your security recommendations and alerts directly in the Windows Admin Center experience.

备注

Azure 订阅和相关的 Log Analytics 工作区都需要启用安全中心的标准层,以便实现 Windows 管理中心集成。Your Azure subscription and the associated Log Analytics workspace both need to have Security Center's standard tier enabled in order to enable the Windows Admin Center integration. 如果之前未在订阅和工作区中使用过标准层,则可在前 30 天内免费使用。The standard tier is free for the first 30 days if you haven't previously used it on the subscription and workspace. 有关详细信息,请参阅定价信息页For more information, see the pricing information page.

成功将服务器从 Windows 管理中心加入到 Azure 安全中心后,你可以:When you've successfully onboarded a server from Windows Admin Center to Azure Security Center, you can:

  • 在 Windows 管理中心查看安全中心扩展中的安全警报和建议View security alerts and recommendations inside the Security Center extension in Windows Admin Center
  • 在 Azure 门户(或通过 API)的安全中心中查看安全状况,并检索 Windows 管理中心托管的服务器的其他详细信息View the security posture and retrieve additional detailed information of your Windows Admin Center managed servers in Security Center within the Azure portal (or via an API)

通过组合使用这两个工具,安全中心可成为查看所有安全信息(任意资源)的单一窗口:保护 Windows 管理中心托管的本地服务器、VM 和其他任何 PaaS 工作负载。By combining these two tools, Security Center becomes your single pane of glass to view all your security information, whatever the resource: protecting your Windows Admin Center managed on-prem servers, your VMs, and any additional PaaS workloads.

将 Windows 管理中心托管的服务器加入到安全中心Onboarding Windows Admin Center managed servers into Security Center

  1. 在 Windows 管理中心中,选择一个服务器,然后在“工具”窗格中选择 Azure 安全中心扩展:From Windows Admin Center, select one of your servers, and in the Tools pane, select the Azure Security Center extension:

    Windows 管理中心中的 Azure 安全中心扩展

    备注

    如果服务器已加入到安全中心,则不会显示“设置”窗口。If the server is already onboarded to Security Center, the set-up window will not appear.

  2. 单击“登录到 Azure 并设置”。Click Sign in to Azure and set up. 将 Windows 管理中心扩展加入到 Azure 安全中心Onboarding Windows Admin Center extension to Azure Security Center

  3. 按照说明将服务器连接到安全中心。Follow the instructions to connect your server to Security Center. 输入必要的详细信息并进行确认后,安全中心会进行必要的配置更改,以确保满足以下所有条件:After you've entered the necessary details and confirmed, Security Center makes the necessary configuration changes to ensure that all of the following are true:

    • 已注册 Azure 网关。An Azure Gateway is registered.
    • 服务器有可报告的工作区以及关联订阅。The server has a workspace to report to and an associated subscription.
    • 安全中心的标准层 Log Analytics 解决方案已在工作区中启用。Security Center's standard tier Log Analytics solution is enabled on the workspace. 此解决方案为所有向此工作区报告的服务器和虚拟机提供安全中心的标准层功能。This solution provides Security Center's Standard tier features for all servers and virtual machines reporting to this workspace.
    • 面向虚拟机的安全中心标准层定价已在订阅上启用。Security Center's standard tier pricing for Virtual Machine is enabled on the subscription.
    • Log Analytics 代理已安装在服务器上并配置为向所选工作区报告。The Log Analytics agent is installed on the server and configured to report to the selected workspace. 如果服务器已向另一个工作区报告,则将其配置为也向新选中的工作区报告。If the server already reports to another workspace, it's configured to report to the newly selected workspace as well.

    备注

    加入后可能需要一些时间才能显示建议。It may take some time after onboarding for recommendations to appear. 事实上,根据服务器活动,你可能不会收到任何警报。In fact, depending on on your server activity you may not receive any alerts. 若要生成测试警报以测试警报是否正常工作,请按照警报验证过程中的说明进行操作。To generate test alerts to test your alerts are working correctly, follow the instructions in the alert validation procedure.

在 Windows 管理中心中查看安全建议和警报Viewing security recommendations and alerts in Windows Admin Center

加入后,可以直接在 Windows 管理中心的 Azure 安全中心区域中查看警报和建议。Once onboarded, you can view your alerts and recommendations directly in the Azure Security Center area of Windows Admin Center. 单击“建议”或“警报”,在 Azure 门户中进行查看。Click a recommendation or an alert to view them in the Azure portal. 接下来,你将获得其他信息并了解如何修正问题。There, you'll get additional information and learn how to remediate issues.

Windows 管理中心中显示的安全中心建议和警报Security Center recommendations and alerts as seen in Windows Admin Center

在安全中心查看 Windows 管理中心托管的服务器的安全建议和警报Viewing security recommendations and alerts for Windows Admin Center managed servers in Security Center

在 Azure 安全中心中:From Azure Security Center:

  • 若要查看所有 Windows 管理中心服务器的安全建议,请打开“计算和应用”并单击“VM 和计算机”选项卡 。按资源“服务器”筛选列表,如下所示:To view security recommendations for all your Windows Admin Center servers, open Compute & Apps and click the VMs and Computers tab. Filter the list by resource "Server" as shown here:

    查看 Windows 管理中心托管的服务器的安全建议View security recommendations for Windows Admin Center managed servers

  • 若要查看所有 Windows 管理中心服务器的安全警报,请打开“安全警报”。To view security alerts for all your Windows Admin Center servers, open Security alerts. 单击“筛选”并确保仅选中“非 Azure” :Click Filter and ensure only "Non-Azure" is selected:

    筛选 Windows 管理中心托管的服务器的安全警报

    查看 Windows 管理中心托管的服务器的安全警报View security alerts for Windows Admin Center managed servers