Is your feature request related to a problem? Please describe.
Yes.
With current feature it's impossible to monitor anything

Describe the solution you'd like
A dashboard consisting a collection of IT operation parameters widgets Admin could choose and configure (filter)
Minimum :
top 10 servers with highest cpu load LIVE
top 10 server with highest memory load LIVE
Server network load (packet size transmitted) LIVE
Top 10 servers need (windows) updating
Nework map
Service monitor (list) just on / off
top 10 servers with root drive lowest free space available

Describe alternatives you've considered
On premis QNAP QRM+
On cloud SYSPECTR

Additional context
Needless to say each must be equipped with notification setting.
Minimal email.
IM and SMS would make this killer apps.

Hello,

we're running WAC on a gateway. For daily management of servers I would like only to use the RBAC-Groups provided by WAC.
For Windows Admin Center Administrators we use a group with users. They have as per definition limited access to the administrative environment.
For some reason, the loading time takes almost a minute. Where as if I add the group to local admins (so I can see also PS and Remote and all other features), the page builds up within a few seconds.

Is there a way to improve on that?

When looking at the connections (e.g. Server Connections, All Connections etc.) sorting my "Last connected" sorts the entries in String order rather than date/time order. If the entries where "Last connected" are represented as "Never" are removed from the list the sort order correctly sorts the dates. Dates which show as Never should not break the ability to sort.

I'm using latest version of WAC and its extensions installed on the latest version of Windows Server 2019. Hyper-V has been installed and is running. When I deploy a new Azure IoT Edge for Linux on Windows on host (same PC) using default setting recommended by WAC, I ran into an error of "Error: Installation of virtual switch failed".

I already checked event viewer and below is what it shows:

Log Name:      Microsoft-ServerManagementExperience
Source:        UI
Date:          7/26/2021 12:35:46 PM
Event ID:      2
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      XXX
Description:
sessionId : 52a7f5bc-872c-4e95-ae8f-de9faa105039
eventId : Trace
level : Error
sourceName : Microsoft.AzureIoTEdge
source : EflowCreateWizard
timestamp : 1627295715557
message : DeployStepComponent
stack : 
moreEventData : 
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="UI" />
    <EventID Qualifiers="0">2</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2021-07-26T10:35:46.173052100Z" />
    <EventRecordID>2590</EventRecordID>
    <Channel>Microsoft-ServerManagementExperience</Channel>
    <Computer>XXX</Computer>
    <Security />
  </System>
  <EventData>
    <Data>sessionId : 52a7f5bc-872c-4e95-ae8f-de9faa105039
eventId : Trace
level : Error
sourceName : Microsoft.AzureIoTEdge
source : EflowCreateWizard
timestamp : 1627295715557
message : DeployStepComponent
stack : 
moreEventData : </Data>
  </EventData>
</Event>

When I check Hyper-V manager, I can see that a virtual switch has already been made after I installed Hyper-V. So I don't see any error with Hyper-V. But clearly WAC cannot create a virtual switch that it apparently needs. Would you please help me find the solution?

WAC Version 1.3.2105.24004
Relevant Extension Versions:
Storage - 1.108.0
Cluster Manager - 1.514.0

To Reproduce:

1. Go to HCI Cluster
2. Click on Volumes
3. Select Any Volume
4. See error

Expected Behavior:
Header showing when rebuild was started, Percentage completed, & Time remaining.

Gateway Version: 1.3.2105.24004 (last few updates through auto-update functionality) running on Server2019 with latest patches

Steps to reproduce the behavior:

1. Import CSV file with connections via "Import-Connection" cmdlet (specified Name, Server-Type, no Tags and "global" as groupID) - doesn't matter if -prune is used or not
   The file contains tags that use special characters/mutated vowels (ä, ö, ü, etc.) - those are shown correctly in the CSV itself. Notepad shows CSV is UTF8 formatted.
2. After importing, Tags containing special characters show (?) black squares with question marks in it
3. manually added tags with special characters are shown correctly.
   Maybe an importing issue? I added "-encoding UTF8" in the PS WAC module but no change

Expected behavior
Imported tags with special characters to be shown correctly

Using the latest version of the Files & file sharing extension - 1.240.0 and unable to list server file shares... Others are reporting the issue as well...

Please add print management functionality similar to the MMC Snap-In "Print Management" for print servers.
Thank you!

Gateway Version: 1.3.2103.01006

To Reproduce
Under Settings - Updates, ticking "Schedule Installation" and entering a valid date and time, clicking "Install Updates" I receive the notification "Successfully scheduled the Update." The update never installs. There are no errors.
After the scheduled update time passes, if I reload the admin center, it goes back to having "Automatically update windows admin center" instead of the scheduled installation time.

Expected behavior
I expect the Admin Center to update itself automatically.

Screenshots & Additional context
Confirmation message about scheduled update:

No errors:

After a reload, the scheduled install time clears:

When having to administer multiple connections in a given time period, it would be nice if the filter was persistent after using the back button. For instance, I need to work a group of Production connections, i set the filter to "Production", I choose the machine I want to work on. I go back to work on another machine and the filter is cleared. So I have to open the filter and re-select what I want. Having to do this 20 times becomes frustrating.

It would nice if there was a way to make the filter persistent in the session, or a different way to go back to the connection list without resetting the filter.

1. The Windows Admin Center administrator role cannot manage AD users and DNS resource records.

2. The Windows Admin Center Readers role cannot do anything. What is the significance of this group? WAC is not a monitoring software.

There are multiple administrators in the company. Not every administrator needs the highest authority. They just do some simple management tasks, such as creating an account, resetting passwords, or managing DNS resource records.

WAC has only three role groups, and the granularity of permissions simply cannot meet the needs. WAC looks more like a toy, a semi-finished product. The idea of Web-based RBAC is very good, and I hope Microsoft can increase development efforts as soon as possible.

The CPU Forecast is shown for the CPU Usage in the Parent Partition and DOES NOT include the CPU time the Hypervisor spent using the Logical Processors.
So CPU forecast on a Hyper-V Server is not that useful.
Would be better to have both counters as a forecast.
Attached is screenshots showing the difference.
InsightsCPUForecast.pdf

Gateway Version: Version (1.3.2105.24004)
Extension Version that's been used if it applies

To Reproduce
Steps to reproduce the behavior:

1. I am not able to reproduce the bug anymore.

Expected behavior
Should be able to delete the selected server that was set up in error

Screenshots & Additional context
If applicable, add screenshots to help explain your problem.
Add any other context about the problem here.

Is your feature request related to a problem? Please describe.
Windows Server Core is lacking a GUI for Windows Server Backup. There is no support in Windows Admin Center and the App Compatibility FOD doesn't include wbadmin.msc.

Describe the solution you'd like
I'd like a Windows Server Backup extension for Windows Admin Center. It should allow to create, modify and monitor backup schedules.

Describe alternatives you've considered
Use PowerShell.

Gateway Version 2103.2 Build number 1.3.2105.24004
To Reproduce
Steps to reproduce the behavior:

1. Go to Settings
2. Click on Access
3. Under Allowed Groups click on +
4. Try to enter an AD like ourDomain\Domain Admins
5. Error Only the formats (domain\group name) for domain groups or (group name) for local groups are allowed

Expected behavior
You should be able to enter an AD group with a space in the name, in fact I have been able to in the past but I can no longer do this.

Gateway Version: 1.3.2105.24004
Extension Version 1.82.2

To Reproduce
Steps to reproduce the behavior:

1. Connect to a single node (not WSFC) on Windows Server 2019 and deploy AKS
2. Proceed to Setup and set up the information required to register the Management Cluster.
3. When I click Apply in the Review step, I get the following error
   ======
   Cloud Service IP CIDR is required when using static IP assignment.
   ======

Expected behavior
When trying to create an AKS for a WSFC environment, there is an entry field for Cloudagent IP, but when trying to create an AKS for a Windows Server 2019 standalone environment, the CloudAgent IP field is not visible and cannot be entered.

Screenshots & Additional context

Gateway Version: 1.3.2105.24004
Extension Version : 1.73.0

To Reproduce
Steps to reproduce the behavior:

1. Go to a Server
2. Click on Roles And Features
3. Expand Details to view text: "Please select a role or feature to see its details"
4. Click on Any Non-installed Role or Feature (Not on the checkbox but highlighting the line item
5. Details text does not change to describe Role or feature

Expected behavior
In Step 4, when I highlighted the item, installed or not I expected to see the same text as when the checkbox is toggled.

Screenshots & Additional context
Before Selection Image

After Selection Image

In the [After Selection Image] I expected the details section to change to the details of the Role Selected.

Sorry for the redundancy but I wanted to make sure I gave you everything i could think of.

Thanks
Marcus

Gateway Version: 2103.2

Steps to reproduce the behavior:

1. Install WAC as HA as per guidance on Microsoft site
2. Have owner role change due to failover (auto-update, or ownership failure)
3. Try and reconnect to the WAC, same on multiple browsers
4. See picture inline for error, pointing to cipher suite fine tuning needed.

Expected behavior
Would expect SSL web server settings to persist, but they don't.

Have tried to use IIS Crypto on each member of the cluster, doesn't seem to stick after reboots.

With specifically the HA install, is there a method for doing this fine tuning, as I don't see anything suggested in the install help

Thanks

Gateway Version: 1.3.2105.24004

To Reproduce
Steps to reproduce the behavior:

1. Create link to gateway from another browser app (i.e. SharePoint OnPrem)
2. Click on link
3. See error: Untrusted-host. Attackers might be trying to steal your information....

Expected behavior
See main window of Windows Admin Center

Screenshots & Additional context
TrustedHosts value is set to *

I hope this is the correct place to post this.

We started to use admin center so we can control SCCM Remotely. This works great for sending updates ( Actions ).

However if we klik on software center - options applications we can remotly install programs that need to be manuelly installed.

For most computers this never works. It keeps loading but no data will show. The wierd thing is that the option Installation status will give us data but here we are unable to send installation instructions.

Extra info
This is for multiple source and destination computers, windows 10 fully updated and rebooted multiple times on diffrent days.

The information required to build a custom Azure AD app is missing the details for creating custom roles. Eventually I guessed that the Gateway User role had a value of "user".

https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/azure-integration

WAC version 2103.2 - build 1.3.2105.24004

To Reproduce
Steps to reproduce the behavior:

1. Go to 'WAC'
2. Click on 'Clusters'
3. Scroll down to 'Home Dashboard'
4. See error - Sync cluster with Azure, Successfully synced with Azure for cluster: "mx1020cph1.dklenovodcg.local", but Status in WAC is "Not connected recently". Portal.azure.com and Azure connection shows Connected— a few seconds ago and green light
   rebooting WAC does not solve the issue
   using browser at WAC server itself does not change anything

Expected behavior
Status should show synchronized

Screenshots & Additional context

Is your feature request related to a problem? Please describe.
If you have several connections in the WAC for different customers, it is awful to manually manage the credentials per connection.

Describe the solution you'd like
Managing connections in groups (like customer X, customer Y, domain controllers, etc.) would make it easier to get the connection you want if you have dozents of connections configured.
Additionally this should also support to save credentials for all connections in the group. Some sort of inheritance, where you can override the credentials from the group on a connection-based level should also exists.

Describe alternatives you've considered

Additional context
Take the Remote Desktop Connection Manager as an example. Using the RDCMan, you are able to save credentials on three different levels (global, group, server).
This makes managing hundreds of servers/connections for different customers/domains more easily.

Gateway Version: 1.3.2105.24004
Extension Version 1.150.0

Windows server 2022, with desktop services
Logged in locally as Administrator to the machine with Windows Admin Center installed
Accessing Admin Center in the desktop session (0) on Edge

To Reproduce
Steps to reproduce the behavior:

1. Install container extension to manager docker containers
2. Go to the container tool, be on the overview page or any of the other container tools pages

All the docker commands run by the tool open in a cmd window within the desktop session. This create a lot of recurring command windows opening which take focus away from the user trying to navigate the tool inside Windows Admin Center.

Expected behavior
The docker commands should run the background without showing cmd windows.

Version (1.3.2105.24004)

To Reproduce
Steps to reproduce the behavior:

1. Go to my server
2. Click on update, sign in Azure account, Update Now to
   Centrally manage updates on all of your servers by using Azure Update Management
3. Choose my Azure Subcription, use my log analytics workspace, use my automantion account
4. stuck on loading for my automation account

Expected behavior
I'm try to add local servers in my Azure Update Management from WAC. When I arrive to Automation Account, it stuck at loading. No error message, just looping. We already have 10 local (physical and VM) servers in my Azure Update Management.
I found that we have some UI error in the event log : msft.sme.windows-update
source : appErrorHandler
timestamp : 1631024859385
message : ajax error 400

or

msft.sme.packetmon!main: RemoteException: The term 'pktmon' is not recognized as the name of a cmdlet

and in the dev tool of the browser (Firefox or Edge) we have this :

{"error":{"code":"AuthenticationFailed","message":"Authentication failed. The 'Authorization' header is missing."}}

Screenshots & Additional context

I would love to be able use SAML/OIDC for Windows admin center gateway or have support for MFA.

Gateway Version: 1.3.2105.24004
Extension Version that's been used if it applies

To Reproduce

• New or edit a file share from "files & file sharing"
• Select Active Directory
• Search for any AD group
• "Error: The server is not operational"

Expected behavior
Expected to select an AD group

Screenshots & Additional context
The odd thing is that if I just use "" to search, I do see some results. But adding anything but a "" to the search field errors out.

The one odd issue we have with Windows Admin Center is some of the Names are consistently not correct. We cannot reliably go by Names when connecting to a server - always have to use IP, which is annoying. This seems to be an issue with our image as I don't see others reporting this. All of our servers are Windows Server 2019 Core, customized from the base AWS EC2 AMI using CIS benchmark settings. Any suggestions on what could possibly be causing this would be helpful.

E.g., one of our environments has 7 servers added to WAC. Currently, 2 of them are showing the exact same Name (one of them is incorrect). For 3 other servers, the displayed Name is incorrect for the IP. Some seem to keep changing each time we log in.

Gateway Version: 2103.2

To Reproduce
Steps to reproduce the behavior:

• Install WAC on Azure VM thru Azure portal using the preview option
• Uninstall and install WAC Gateway locally on the VM
• During installation, use an installed SSL thumbprint - I used one from GoDaddy
• After the installation, the site will work properly for some time.
• Shortly after, a certificate is installed and the Azure WAC SSL thumbprint overwrites the thumbprint used during the installation.
• To correct, the installer needs to be run in "Change" mode to put the thumbprint of the 3P CA SSL back in, but shortly after the Azure WAC SSL will overwrite the thumbprint again - this continues endlessly.

Expected behavior
Installing the WAC gateway with a specified thumbprint should suffice and not be overwritten, or there needs to be a [documented] way to tell Azure to not continue to install the certificate/thumbprint as its being used as a gateway - which isn't supported in the Azure portal.

Screenshots & Additional context
If the WAC is installed via the Azure Portal (which is not compatible with WAC Gateway), it seems that the portal continues to install its own SSL cert into the server and set the thumbprint of the local WAC installation, ultimately breaking WAC until the thumbprint is changed back to the originally specified SSL.

Gateway Version: 1.3.2105.24004

To Reproduce
Steps to reproduce the behavior:

1. connection on server
2. select storage
3. error: i see only one disc

Expected behavior
All server registered on this WAC have 2 disks, but I see only one

Screenshots & Additional context
total disk space

I see only one disk
Number of disk devices

I’ve recently started to implement WAC in the organisation I am working for, as a wrapper to common administrative tasks.
I was very pleased to know that WAC uses winrm for remote management, that in my opinion is more “secure” than smb + rpc.
While trying it’s features, I have noticed that downloading and uploading files (including exporting event logs and so) uses smb and not winrm.

WinRM supports copying files from and to a remote session, I would very appreciate if WAC would use that option by default instead of using smb.

Maybe a solution of downgrading to winrm if smb isn’t optional?

Thank you!
Yotam.

There appears to be no way to delete or modify existing Tags for server connections. Maybe someone knows a PowerShell script that can modify or delete existing tags?

Thanks much.

It would be great if Windows Admin Center could provide a single pain of glass for managing Azure Virtual Desktop so that we don't have to use the Azure Portal.

Gateway Version: 1.3.2105.24004
Server version: Windows 2019 Standard 1809
Client version: Windows 10 2004 build 19041.1110
Microsoft Edge version: 92.0.902.67 (not working)
Google Chrome version: 92.0.4515.131 (working)
Mozilla Firefox version: v90.0.2 (working)

To Reproduce
Steps to reproduce the behavior:

1. Run Microsoft Edge as different user
2. Go to https://<host.domain.name>
3. Receive "This page isn’t working right now", "If the problem continues, contact the site owner.", "HTTP ERROR 401"
4. Go to https://
5. Receive logon prompt

Expected behavior
A login prompt when accessing via FQDN

Screenshots & Additional context
I have a WAC installed on Server 2019 that I'm trying to connect to from my Windows 10 client. It's using a cert from our domain CA issued to the server name, with SANs of servername, servername.ADdomain.com, and wac.DNSdomain.com. If I try to log in via Microsoft Edge using the either of the FQDNs, I get the error above. If I log in using https://servername (no domain), it works. However, I can't sign in to Azure as the redirect URL doesn't match.

All three names work in Chrome and Firefox.

I should mention that for all three browsers, I am logged into my computer as my user account, and use "Run as different user" to start the browser as my admin account; this is the browser I use for O365 admin, Azure admin, and other admin tasks. I'm assuming there's some integrated Windows auth getting in the way in Edge? If I start Edge normally, I receive a logon prompt, but it doesn't seem to work in the browser started with "Run as different user".

Gateway Version: 1.3.2105.24004
VMs are running Server 2019

To Reproduce
Steps to reproduce the behavior:

1. run updates on a system
2. let the system auto reboot and finish booting
3. click on the system again and it will list the logged in users as -1
   

Gateway Version: 1.3.2105.24004 (last few updates through auto-update functionality) running on Server2019 with latest patches

Steps to reproduce the behavior:
Import CSV file with connections via "Import-Connection" cmdlet (specified Name, Server-Type, no Tags and "global" as groupID) - doesn't matter if -prune is used or not

Observed Issue

1. PS-imported shared connections show between/as normal "personal" ones in "All Connections" screen
2. PS-imported shared connections do not show in "shared connections" within settings of WAC
3. in "all connections" no differentiation possible between "personal" and "shared connections" that are automatically imported via PS
4. Not an issue if 1-3 is fixed: as they are imported but in between the normal connections, you can delete them but once page is reloaded they reappear
5. Also not an issue if 1-3 is fixed (WAC seetings can be used then): Imported shared connections cannot be reset/deleted currently, importing an empty csv works though.

Additional troubleshooting info: When I set a personal connection in "all connections" and a shared connection in WAC settings and use "export-connection", the personal ones have no groupID and the shared one has tag "global", so export seems to work as expected but import is not differentiated.

Expected behavior

1. PS-imported connections with tag "global" to be shown under the "Shared" dropdown in "All connections" overview
2. PS-imported connections to be shown in "Shared Connections" under settings in WAC
3. PS-imported connections can be deleted just as normal "Shared Connections"

Windows Admin Center

Version
2103.2

Build
1.3.2105.24004

To Reproduce
Steps to reproduce the behavior:

1. Launch Windows Admin Center.
2. Under All connections choose a server from the list.
3. Click on "Manage as"
4. Enter credentials for particular server.
5. Log onto server and perform admin
6. Leave Windows Admin Center and close browser
7. Re-launch
8. Entered credentials are reset

Expected behavior
Manage as credentials should persist.

Screenshots & Additional context
If applicable, add screenshots to help explain your problem.
Add any other context about the problem here.

Gateway Version: Version 2103.2 Build 1.3.2105.24004
Extension Version:
Virtual Machines and switches: 1.487.0

To Reproduce
Steps to reproduce the behavior:

1. Go to 'Cluster Manager'
2. Click on 'Virtual Machine'
3. Select one of the Virtual Machines
4. In Manage menu, Delete is blocked

Expected behavior
Remove virtual machine.

Screenshots & Additional context

Gateway Version: 2103.2

To Reproduce
Steps to reproduce the behavior:

1. Click "Add" button
2. In Servers section, Click "Add" button.
3. Enter server name into the "Server name" field.
4. Select radio button "Use another account for this connection"
5. In the "Username" field: enter username in the UPN format: [email protected]
6. In the "Password" field, enter password.
7. Click on button "Add with credentials"
8. Click on the newly added server.
9. In the left menu, click on "Powershell"
10. When prompted for password, enter password.
11. The error occurs "Access is denied".

Expected behavior
Authentication should succeed.

Screenshots & Additional context
The issue does not occur when using SamAccountName format (Domain\Username) It only occurs when using UPN.

.

Gateway Version: 1.3.2105.24004

To Reproduce
Steps to reproduce the behavior:

1. Enable RBAC on a Server and add Group of users to RBAC Administrators
2. Open Server in WAC as one of the RBAC Group Members, this takes almost a minute to load
3. Add RBAC Administrator Group for that Server also to Local Admins
4. Open Server in WAC again, notice the much faster loading times

Expected behavior
There should be not time difference when loading a Server via WAC as local admin and limited access (RBAC Admin)

Screenshots & Additional context
Hello,

we're running WAC on a gateway. For daily management of servers I would like only to use the RBAC-Groups provided by WAC.
For Windows Admin Center Administrators we use a group with users. They have as per definition limited access to the administrative environment.
For some reason, the loading time takes almost a minute. Where as if I add the group to local admins (so I can see also PS and Remote and all other features), the page builds up within a few seconds.

Is there a way to improve on that?

Gateway Version: 1.3.2105.24004

Requirement to reproduce, have virtual host with 8 network interfaces.

To Reproduce
Steps to reproduce the behavior:

1. Go to 'Virtual Switches'
2. Click on 'New Virtual Switch'
3. Click on 'Switch Type' and Change to External
4. See error below:

"Couldn't load the network adapters. Error: RemoteException: Cannot validate argument on parameter 'Message'. The character length of the 34851 argument is too long. Shorten the character length of the argument so it is fewer than or equal to "32766" characters, and then try the command again."

Disabling a network card resolves the issue.

Expected behavior
See a list of network adapters to select.

Screenshots & Additional context
If applicable, add screenshots to help explain your problem.
Add any other context about the problem here.

Gateway Version: 1.3.2105.24004
Extension Version that's been used if it applies

To Reproduce
Steps to reproduce the behavior:

1. Go to 'Settings --> Updates'
2. Click on 'nothing. Just let it check for updates for the Windows Admin Center product'
3. Scroll down to '....'
4. See error: Couldn't get inventory data of gateway (see image)

Expected behavior
This error should not show? My Windows Admin Center gateway shows up to date though. I have already set web proxy in the application menu

Screenshots & Additional context

When will windows admin center be coming as a native app, or at least a web wrapper, using WebView2 like the way the teams client is migrating to.

This has been a feature request since windows admin center had been announce and the response has always been in the future, but there have been no further updates.

This would also allow for a smaller install on the desktop, allow the Windows admin center to be cross platform/mobile if the WebView2 approach is taken. Also, this would allow for password-less authentication using a YubiKey, Smartcard, or other such device.

Version
2103.2
Build
1.3.2105.24004

To Reproduce

• Run the msi installer "WindowsAdminCenter2103.2.msi"
• Choose the "Change" option
• Select either the "Generate a self-signed certificate" option or "Use an SSL certificate installed on this computer" (paste thumbprint of valid certificate if using latter option)
• Click "Change" button
• Click "Yes" to UAC warning
• Installation fails with message: "Windows Admin Center Setup Wizard ended prematurely"

Expected behavior
I should be able to continue to change my installation of WAC to replace the expired certificate with a new self-signed one, or a newly requested certificate from our internal CA.

I need to be able to replace this expired certificate without uninstalling WAC completely and losing all of our customizations.

Is your feature request related to a problem? Please describe.
Currently, macOS clients connecting to a WAC gateway use NTLM for gateway access authentication. NTLM is a weaker authentication method. If NTLM authentication is prohibited through domain policy, macOS clients would fail to connect to WAC gateways after providing credentials, and the gateway would return a 500 response.

This behavior is irrelevant to the browser used to connect to gateways, whether the client is bound to the domain or not, or the account used to signed in to Microsoft Edge browser.

Describe the solution you'd like
If WAC gateways could support using Kerberos for gateway authentication on macOS clients, the problem would be solved. Today, WAC uses Kerberos to authenticate to the managed devices regardless of the client OS.

Alternatively, a purely AAD-based authentication mechanism can be implemented. Users authenticate to gateways through Azure AD directly, without using either NTLM or Kerberos. Then the users would authenticate to managed devices normally using Kerberos after gaining gateway access.

Describe alternatives you've considered
Use Windows clients exclusively for WAC access.
This circumvents the problem as Windows clients uses Kerberos for gateway authentication on Microsoft Edge.

Disable NTLM denying policies or add the gateway server to the exemption list.
This does circumvent the problem. However, allowing a weak authentication protocol like NTLM can be a security risk, especially for authentication to management gateways.

We have about 12 tags configured in our Shared Connections section. When we add a new server and then Edit Tags, we have to manually deselect all of the tags (as they are all selected by default) except for the ones we want. There should be an option to quickly Deselect All (or Select All) for these tags.

In WAC while setting scheduled reboot for update the calendar shows Sunday as the first day of the week. I couldn't find any place to change this. My system setting is Monday as the first day of the week. This is standard in Germany.

The different settings in WAC are dangerous, because I expect Monday as first day and must be very carefully to set the right day for the reboot. WAC should use the system settings or have it's own settings for this.

Hello! I think one feature that would be really nice in WAC is to see in the list of computers (and in clusters), at a glance (in a sortable/filterable column), which machines have the latest updates applied or not. (My apologies if this has already been suggested; I didn't see it listed here.)

Thank you!

I have WAC installed to manage servers from several domains as well as stand-alone servers in DMZ. As of now auth is not really smooth, NTLM auth to access WAC, saved credentials for servers do not seem to stick and I need to re add credentials from time to time.

• So first a option to use form-based authentication for WAC.
• Second, a more robust system for caching credentials for individual servers.

This is my perspective to the current situation:
WAC includes a gateway service with translates REST API calls at northbound to powershell or WMI calls at the southbound interface.
But it seems to me, that the REST API service at he gateway is only reachable from WAC, not from the outside of WAC.

This is my feature request:
As REST API is the door opener for automation, it will be nice if Microsoft will support REST API for the automation of local environments and of course the necessary documentation for that.

This are my alternative thoughts:
using tools which provides the necessary REST API interface ( powerdns, kea, infoblox, aso... )

what else:
openid support will also be welcome to setup an environment with keycloak dealing with jwt for authentiction and authorization