Double Revolving field theory-how the rotor develops torque
CC -Unit3.pptx
1.
2. AZURE ARCHITECT
TECHNOLOGIES
• Azure Files -Azure Blob storage-Azure Resource Manager
template (JSON and Bicep)-Virtual Networking- Azure AD
Identity Protection- Azure AD Connect
3. Azure Files
• Azure files are fully managed File shares in the
Cloud.
• When you have a local network, you can attach a
NAS box so that all users in a network can access
the files.
• Inside a cloud service, unfortunately, this is absent.
This need is fulfilled by Azure File Service.
4. Key features of Azure Files
• Replace On Premise file servers or supplement
with Azure File sync
• Lift and shift applications.
• Shared Application settings.
• A Cloud Application can write logs, metrics, crash
dumps on Azure files.
7. Azure File Storage Pros
and Cons
Cons
• Security and access
• Backup
• Performance
• Size limitations
• File system limitations
8. Azure File Sync
• Azure File Sync enables centralizing your
organization's file shares in Azure Files, while
keeping the flexibility, performance, and
compatibility of a Windows file server.
• While some users may opt to keep a full copy of
their data locally, Azure File Sync can turn
Windows Server into a quick cache of your Azure
file shares.
9. Common reasons customers
use Azure File Sync
• Centralize file share backups in Azure to optimize cost
and manageability
• Free up on-premises storage capacity to avoid buying
more storage
• Maintain on-premises file share performance for
frequently used files
• Migrate on-premises file shares to Azure Files
• Provide low latency, multi-site access for file shares
10.
11. Key Features of Azure File
Sync
• Company with multiple offices having a need to share files
with all offices.
• Branch Office backup of files. In real world, the files of
branch offices rarely get backed up.
• Disaster Recovery Solution in case File Server goes down.
• New Branch Office setup. You can setup new Server and
connect to same Azure Storage.
• Move old data automatically to Azure. This is Cloud Tiering.
The non-used data will move to Azure. The files will have
greyed icons with an offline O file attribute to tell user that
this file is only on Azure.
12. Azure blob storage
• Azure Blob storage is a sub-service or sub-resource
underneath Azure storage accounts.
• Blob storage is the only object-based storage
solution (data storage architecture for handling
large amounts of unstructured data) among the
storage sub-services found inside our storage
accounts.
14. Azure Blob Storage
Architecture
Azure blob storage account: This is our blob service inside of our
storage account, and this is that sub-service that gives us that
object-based storage solution.
Blob containers: these are the actual instances of the blob service
that we create, where we can store our blobs. We can think of these
containers as our buckets or our storage bins, where we can drop
off our actual blobs.
Blob: They are the data that we're storing inside these containers
like the video files, the text files, the log files, and the virtual hard
disks.
16. Block Blobs
• Block Blobs are optimized for sequential accessing of the
data
• These are going to store things like images or videos that
are best suited for streaming.
• The process for uploading the file is to break the file into
smaller blocks and then upload the blocks concurrently.
• Once the blocks have been uploaded to the storage
account, they are committed into a single file.
• That “commitment” is basically the creation of the
metadata surrounding the ordering and location of the blocks
that belong to this particular file.
17. Append blobs
• Block blobs are used for streaming and storing;
append blobs fulfil the same task with the addition that
they are optimized for append operations.
• Updating an append blob can only be done by adding
a new block to the end.
• An append blob's field of application consists of
logging, in which data has to be written to the end of the
blob.
• These are going to best for append operations like
uploading log files.
18. Page blobs
• Page Blobs are optimized so that the data in the blob can be accessed
randomly.
• This is in contrast to reading and writing data sequentially from start
to finish (as is found in Block Blobs)
• There are some limitations on the size of a Page Blob. They can be up
to 1 TB in size, divided up into 512-bytes on each page.
• This category of blobs is going to be best for random access memory
for read/write operations for virtual machine hard disks.
• Odds are pretty good that if you use some of the more advanced
Windows Azure features, you’ll use Page Blobs (that use is indirect)
• For example, the persisted disks that are part of Windows Azure
Virtual Machines use Page Blobs to store both the data and operating
system drives
19. Blob access control/Container
access levels
• We have 3 container access levels:
Private: In this case, we do not provide anonymous access
to any of our blob resources.
Blob: This provides anonymous access to all the blobs
inside of a container, but not the container data itself.
Container access level: This is the most open access level
category and provides anonymous access to a container and
all the blobs it contains within it.
20. Azure Resource Manager
template (JSON and Bicep)
• ARM stands for Azure Resource Manager, which is
Microsoft’s deployment and management service
for Azure.
• Can use the ARM management layer for creating,
updating, and deleting Azure resources.
• ARM templates are a form of infrastructure as
code, a concept where you define the infrastructure
you need to be deployed.
31. Functions
When defining a user function, there are some restrictions:
• The function can't access variables.
• The function can only use parameters that are defined in the
function. When you use the parameters function within a
user-defined function, you're restricted to the parameters for
that function.
• The function can't call other user-defined functions.
• The function can't use the reference function.
• Parameters for the function can't have default values.
35. Azure AD Identity
Protection
Identity Protection allows organizations to accomplish three
key tasks:
• Automate the detection and remediation of identity-based
risks.
• Investigate risks using data in the portal.
• Export risk detection data to other tools.
36. Detect risk
Identity Protection detects risks of many types, including:
•Anonymous IP address use
•Atypical travel
•Malware linked IP address
•Unfamiliar sign-in properties
•Leaked credentials
•Password spray
•and more...
37. Remedy
The risk signals can trigger remediation efforts such as
requiring:
• perform multifactor authentication,
• reset their password using self-service password reset,
• or block access until an administrator takes action.
38. Investigate risk
Identity Protection provides organizations with three reports
they can use to investigate identity risks in their environment.
These reports are the
• risky users,
• risky sign-ins, and
• risk detections.
39. Navigating the reports
Each report launches with a list of all detections for the period
shown at the top of the report. Each report allows for the
addition or removal of columns based on administrator
preference. Administrators can choose to download the data in
.CSV or .JSON format.
The three reports are found in the Azure
portal > Azure Active Directory > Security.
40. Risky users
Each report launches with a list of all detections for the period
shown at the top of the report. Each report allows for the
addition or removal of columns based on administrator
preference. Administrators can choose to download the data in
.CSV or .JSON format.
The three reports are found in the Azure
portal > Azure Active Directory > Security.
41. Risky users
With the information provided by the risky users report,
administrators can find:
• Which users are at risk, have had risk remediated, or have
had risk dismissed?
• Details about detections
• History of all risky sign-ins
• Risk history
42. Risky users
Administrators can then choose to take action on these events.
Administrators can choose to:
• Reset the user password
• Confirm user compromise
• Dismiss user risk
• Block user from signing in
• Investigate further using Azure ATP
44. Risky sign-ins
The risky sign-ins report contains filterable data for up to the past 30 days (one
month).With the information provided by the risky sign-ins report,
administrators can find:
• Which sign-ins are classified as at risk, confirmed compromised,
confirmed safe, dismissed, or remediated.
• Real-time and aggregate risk levels associated with sign-in attempts.
• Detection types triggered
• Conditional Access policies applied
• MFA details
• Device information
• Application information
• Location information
Administrators can then choose to take action on these events.
Administrators can choose to:
• Confirm sign-in compromise
• Confirm sign-in safe
46. Risk detections
The risk detections report contains filterable data for up to the
past 90 days (three months).
With the information provided by the risk detections report,
administrators can find:
• Information about each risk detection including type.
• Other risks triggered at the same time
• Sign-in attempt location
• Link out to more detail from Microsoft Defender for Cloud
Apps.
Administrators can then choose to return to the user's risk or
sign-ins report to take actions based on information gathered.
47. Export risk data
• Azure AD stores reports and security signals for a defined
period of time. When it comes to risk information, that may
not be long enough.
• Organizations can choose to store data for longer periods by
changing diagnostic settings in Azure AD. They can choose
to send data to a Log Analytics workspace, archive data to a
storage account, stream data to Event Hubs, or send data to a
partner solution.
48. Azure AD Connect
Azure AD Connect (now referred to also as Azure AD Connect
“Classic”) is a Microsoft brand that is mostly about presenting
on-premises Active Directory and Azure Active Directory in a
seamless way, in particular giving users the experience of single
sign-on, or at least same sign on. It includes a number of
technologies:
• Azure AD Connect Sync
• Azure AD Connect Health
• ADFS (Active Directory Federation Services)
• The PHS/PTA/SSSO Provisioning Connector
49. Azure AD Features
Azure AD Connect provides the following features:
• Password hash synchronization - A sign-in method that
synchronizes a hash of a users on-premises AD password
with Azure AD.
• Pass-through authentication - A sign-in method that allows
users to use the same password on-premises and in the cloud,
but doesn't require the additional infrastructure of a federated
environment.
• Federation integration - Federation is an optional part of
Azure AD Connect and can be used to configure a hybrid
environment using an on-premises AD FS infrastructure. It
also provides AD FS management capabilities such as
certificate renewal and additional AD FS server
deployments.
50. Azure AD Features
Azure AD Connect provides the following features:
• Synchronization - Responsible for creating users, groups,
and other objects. As well as, making sure identity
information for your on-premises users and groups is
matching the cloud. This synchronization also includes
password hashes.
• Health Monitoring - Azure AD Connect Health can provide
robust monitoring and provide a central location in the Azure
portal to view this activity.
52. Why use Azure AD Connect?
Users and organizations can take advantage of:
• Users can use a single identity to access on-premises
applications and cloud services such as Microsoft 365.
• Single tool to provide an easy deployment experience for
synchronization and sign-in.
• Provides the newest capabilities for your scenarios. Azure
AD Connect replaces older versions of identity integration
tools such as DirSync and Azure AD Sync.