AZ-800 Administering Windows Server Hybrid Core Infrastructure Exam
Eager to master hybrid server management? Discover how to administer Windows Server Hybrid Core Infrastructure on Azure, setting your path towards the Microsoft Certified: Azure Hybrid Infrastructure Administrator Associate certification!
Practice Test
Intermediate
Practice Test
IntermediateImplement Azure Automation for hybrid workloads
Configure and Secure Hybrid Runbook Workers
Hybrid Runbook Workers in Azure Automation let you run automation tasks on machines both in Azure and on-premises. These workers are part of Azure Automation and ensure you can directly manage local resources without sending data through the cloud. To make the most of this feature, you need to plan for installation, security, and network access.
Microsoft now prefers Extension-based Hybrid Workers over the older Agent-based version. Extension-based workers install via the VM extension framework, which works on both Windows and Linux VMs. This approach offers seamless onboarding, since you no longer need the Log Analytics agent, and integrated governance through ARM identities.
When setting up hybrid workers, your machines must meet basic requirements such as adequate CPU, RAM, and a supported operating system like Windows Server 2019 or Ubuntu. Each machine also needs the Azure Connected Machine agent installed and a system-assigned managed identity enabled. These steps ensure secure communication with Azure services.
Runbooks on hybrid workers can manage files, services, and applications on the local machine or interact with other on-premises resources. To authenticate, use managed identities whenever possible, or provide credentials within the runbook. Keep in mind that runbooks must be tested on the worker machine and designed to handle long-running jobs that might restart.
Networking is critical for hybrid workers. You must allow outbound traffic on TCP port 443 to specific Azure URLs or use a proxy server. For simplicity, apply the GuestAndHybridManagement service tag in your network security groups. This setup helps you enforce consistent and secure network policies.
Conclusion
In this section, you learned how Hybrid Runbook Workers enable automation on both cloud and on-premises machines. You saw why Extension-based Hybrid Workers are preferred for seamless deployment and governance. Key steps include installing required agents, enabling managed identities, and meeting system requirements on supported operating systems.
You also covered best practices for running and authenticating runbooks, ensuring they can handle local tasks and long-running jobs. Finally, you reviewed the network configurations needed to secure outbound connectivity and the common scenarios where hybrid workers shine, such as scheduling tasks and performing maintenance. With this knowledge, you can confidently configure and secure hybrid runbook workers in your Azure environment.