Managing Azure VMs with System Center Virtual Machine Manager

System Center Virtual Machine Manager (VMM) has long been a solution for managing Hyper-V hosts and virtual machines, but it can also be used to manage VMs within the Azure cloud. While VMM does not yet have everything needed to act as a complete replacement for the Azure Web Portal, System Center 2019 Virtual Machine Manager does provide basic Azure VM management and update capabilities.

Managing Azure VMs: Linking an Azure subscription

Before you will be able to use VMM to manage your Azure virtual machines, you will need to link VMM to your Azure account. Thankfully, this is a simple process.

Begin by opening the VMM administrative portal and going to the Library workspace. Next, right-click on the Azure Profiles container and then select the Create Azure Profile menu option, as shown in the screenshot below. If you don’t see the Azure Profiles container, then make sure that you are running the 2019 version of VMM.

Managing Azure VMs
At this point, VMM will launch the Create Azure Profile wizard, which you can see in the screenshot below. The first thing that you will need to do is to enter a name and a description for the profile that you are creating. Next, choose the Public Azure option from the cloud provider option, and set the Profile Usage to Azure VM Management. There is also an option to create an Azure VM Update profile, but this is beyond the scope of this article. Finally, enter your Azure subscription ID into the Subscription ID field and click Next. Incidentally, you can find your subscription ID by logging into the Azure Portal, going to the Home screen, and then clicking the Subscriptions option.

Managing Azure VMs
You will be taken to the Azure VM Management screen, shown in the screenshot below. This screen gives you a choice between using Azure AD authentication and management certificate-based authentication. Either option will work, but I strongly recommend using the Azure AD authentication option, because certificate-based authentication only allows for the management of classic VMs.

As you can see in the screenshot, you are required to provide three pieces of information including a Directory ID, an Application ID, and a key.

To find the Directory ID, go to the Azure Portal and then choose the Azure Active Directory option from the list of services. The resulting directory overview screen should list a Tenant ID. The Tenant ID is your Directory ID.

The next piece of information that you will need is the application ID. The application ID and the corresponding key do not exist by default. You will have to create them. Fortunately, it’s an easy process.

From within the Azure Portal, go to the list of services and click on the All Services option. When you get to the All Services screen, type App Registrations into the All Services search box, and then click on App Registrations, as shown in the next screenshot.

Managing Azure VMs
When you arrive at the App Registrations screen, click on the New Registration icon. This will bring up the Register an Application screen. The first thing that you will need to do on this screen is to provide a name for the application that you are registering. I recommend using SCVMM or something similar. Next, choose which directories are able to access the application (the current directory or a multi-tenant environment). Next, set the application type to Web and then set the sign-on URL to the URL used by your VMM server (it’s OK if the URL isn’t publicly accessible). Click the Register button to register the application. When you do, the resulting screen should display the Application ID.

Now that you have the Directory ID and the Application ID, the next thing that you need is the key. Click on the display name for the app that you just registered. Next, click on the Certificates & Secrets link, and then click the New Client Secret button.

Enter a friendly name into the Description field, pick an expiration period, and then click the Add button. When you do, you will be returned to the Client Secrets screen and a value will be shown for the secret. Copy the value and paste it into VMM’s Key field. Click Next, followed by Finish to complete the process.

Chances are that when you click Finish, you will get an error message stating that VMM is unable to communicate with Azure. If that happens, you can fix the problem by making a role assignment. Click the Back button a couple of times so that you will have the opportunity to retry the operation later on. Important: You won’t be able to retrieve the key again, so don’t close the wizard!

Now, switch over to the Azure Portal, go to the Home screen and click on the Subscription link. Next, click on your subscription. When you arrive at the subscription overview screen, click on the Access Control (IAM) tab, and then click Add Role Assignment. Set the role to Owner, and set the Assign Access option to Azure AD User, Group, or Service Principal. Enter the name of your app into the Select box. You should see the app appear just below Select, as shown in the screenshot below.

Click on the app to move it to the Selected Members list at the bottom of the screen. Finally, click Save. Now, switch back over to VMM. It should now be able to connect to Azure.

A good tool for lightweight tasks

As previously noted, you will be able to use VMM to perform lightweight virtual machine management tasks. For anything beyond that, however, you will have to use the Azure Portal. It is worth noting that there is a link to the portal on the VMM toolbar in the VMs and Services workspace.

Featured image: Shutterstock

2 thoughts on “Managing Azure VMs with System Center Virtual Machine Manager”

  1. Very good article. But when I get to the end of the wizard, I get the message “Virtual Machine Manager: Not able to authenticate subscription. Verify Azure end point is reachable from the machine, and valid authentication details were given” ID: 22836

    I think this is because I log in to VMM using a local A.D Domain Admin account, but Azure knows nothing about this account.

    How do you specific valid authentication details?!?

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top