AZ-800 Administering Windows Server Hybrid Core Infrastructure Exam

Secure and Optimize Remote Shell Access

Securing remote shell access to virtual machines (VMs) in Azure is crucial to maintain infrastructure integrity. Administrators often use PowerShell remoting and Secure Shell Direct (SSH) to manage Windows and Linux VMs. PowerShell remoting leverages the Windows Remote Management (WinRM) service to create encrypted and authenticated sessions. Meanwhile, Secure Shell Direct provides a secure channel for Linux guests without relying on traditional network paths. Together, these tools help ensure that only authorized users can execute commands on remote systems.

PowerShell remoting allows you to run commands on remote Windows VMs over a network. It uses WS-Management protocols to authenticate and encrypt traffic and works well when VMs have network connectivity. In cases where the VM’s network is misconfigured or offline, PowerShell Direct can be used to execute commands from the Hyper-V host directly. This host-based connection bypasses the network stack, making it ideal for troubleshooting and initial setup. Administrators must still apply proper role-based access control to avoid misuse.

For Linux VMs, Secure Shell Direct uses SSH to establish encrypted sessions. You may need to add the Azure CLI extension by running:

• az extension add --name ssh before you start. To strengthen access controls, configure Conditional Access policies that enforce:
• Multifactor authentication
• Device compliance checks
• Risk-based sign-ins
  These measures ensure that only verified and secure devices can connect to your Linux VMs.

Proper firewall and network security rules are essential for safeguarding remote shell access. Only open required ports, such as TCP 5986 for PowerShell remoting over HTTPS and TCP 22 for SSH, and restrict traffic to trusted IP ranges. Use Network Security Groups (NSGs) or Azure Firewall to monitor and log connections. Regularly review these rules to prevent unauthorized access and to respond quickly to potential threats. By combining encrypted connections, conditional policies, and strict network controls, administrators can maintain a robust and secure remote management environment in Azure.

Conclusion

In this section, we explored how to manage Azure VMs securely using both network-based and host-based tools. We saw that PowerShell remoting and PowerShell Direct provide flexible ways to connect to Windows VMs, even when network issues arise. For Linux VMs, Secure Shell Direct delivers encrypted shell access, supported by Conditional Access policies for stronger security. Finally, we emphasized the importance of proper firewall and network configurations to protect all remote management channels. By applying these practices, administrators can effectively and safely manage hybrid server environments.