ADD Deck - PH Sub PDF

Agenda
Azure Overview
Security
Billing
Identity
Storage
http://aka.ms/azdd
Networking
Compute
Agenda
OMS
Azure App Service
Data Insights
http://aka.ms/azdd
Event Logistics
Start: 9:00 AM
Lunch: 12:00 PM
Break:3:00 PM
Finish: 4:00 PM
What to expect from today
• Lots of Azure Content
• Focused on Infrastructure
• Aimed at Configuration and Setup
6
Cloud Computing Stack
Security & Platform Services Hybrid
Management Operations
Cloud Service API API

Portal Services Fabric Web Apps Azure SDK Azure AD
Apps Management Visual Studio
Connect Health
Azure Active Mobile Logic Notification Azure AD Privileged

Directory Batch Remote App Team Project Application Identity
Apps Apps Hubs Insights Management
What is Azure?
Multi-Factor
Authentication Backup
Automation Storage Biztalk Operational

Queues Services Insights
HDInsight Machine SQL SQL Data
Learning Database Warehouse
Key Vault Hybrid Service Import/Export

Connections Bus
Data Event Redis
Cache Search
Factory Hubs
Store /
Marketplace Site
Recovery
Stream Mobile DocumentDB Tables

VM Image Gallery Analytics Engagement StorSimple
& VM Depot Media Content Delivery
Services Network (CDN)
Infrastructure Services
What is Azure?
The only
Productive for The cloud for The cloud you
consistent
developers intelligent apps can trust
hybrid cloud
Azure compute regions
Azure Site Recovery: Protect VMWare and Physical Servers
in Public Preview
Azure Backup Generally Available
Azure API Management Premium simplifies high availability and
massive scale for APIs
ExpressRoute for Office 365
Azure Active Directory Dynamic Membership For Groups
Automatic Password Change for Social Media Shared Accounts
Compute-Intensive A10 and A11 Virtual Machine Instances
Remote Desktop app for Windows Phone support for Gateway
and Remote Resources
Informatica Cloud Agent availability in Linux and Windows Virtual
Machines
Azure DocumentDB Hadoop Connector
Azure HDInsight support for more VM sizes
Enterprise-Grade Array-Based Replication and Disaster Recovery
with ASR and System Center GA
Azure momentum
>120,000 340 Billion 188 Billion

New Azure customer Azure SQL query requests Hits to websites run on Azure
subscriptions/month processed/day Web App Service
750 Million 1 in 3 >90%

Azure Active Directory Users Virtual Machines Fortune 500 using Azure
run Linux
>18 Billion
Authentications/week
Azure Documentation
https://docs.microsoft.com/en-us/azure/
Estimating Cloud Costs
http://azure.microsoft.com/en-us/pricing/calculator/
How we differentiate.
Hyper-scale
Enterprise Hybrid
grade Cloud
The consistent hybrid cloud
Storage Backup/DR Database App Integration
Azure Site
SQL Database Azure Service
Azure Storage Recovery &
as a Service Bus
Azure Backup
Azure
System Centre
Data SQL Server
StorSimple BizTalk Services
Protection 2016
Manager
On-premises
The consistent hybrid cloud
Identity Management Connectivity Consistency
Virtual
Operations
Azure Active Networks with
Management Azure
Directory ExpressRoute
Suite (OMS)
& VPN
Azure
Active On-premises
System Center Azure Stack
Directory network
On-premises
Power of Azure in your
datacenter
Microsoft Azure Stack is a
new hybrid cloud platform
product that enables
organizations to deliver
Microsoft Azure Stack Azure services from their
own datacenter.
Microsoft’s hybrid cloud platform
Power of Azure in your datacenter
Developers
Portal | PowerShell | Dev-ops tools Portal | PowerShell | Dev-ops tools
One Azure ecosystem

Azure Resource Manager Azure Resource Manager
Unified app development
Azure services in your datacenter Azure IaaS | Azure PaaS
Azure IaaS | Azure PaaS Compute | Networking | Storage
App Service | Service Fabric
Cloud infrastructure Cloud-inspired infrastructure

IT
Microsoft Azure Microsoft Azure Stack

Public Private | Hosted
What can you do in Azure?
SQL Server on Azure Scenarios
SQL Development
Publish
Management Portal “By running our software in the cloud, we can
Compare
help reduce information silos and help doctors
Sync
Import / Export collaborate more easily and quickly.”
VPN Jeanine Banks, GE Healthcare
Register / Unregister Dispersed Teams
Microsoft Azure
SQL Backup/Recovery
Management Portal SQL Backup tool for legacy
Manual Console Backup “We know that if we lost our database, we would
Managed Backups have it back up and running in a few minutes at
VPN / Encrypted Data
most with SQL Server Backup to Azure.”
Fredrik Elmqvist, Saab
Microsoft Azure
SQL Business Continuity

Primary Asynchronous Commit Secondary Disaster Recovery
Backup
VPN Availability Groups
Periodic Snapshots
Geo Replication Powering BI Apps “Recovery times have dropped from minutes to
Console 2014 / Scripts 2012
seconds… We’re seeing almost no data loss.”
Microsoft Azure Bardo Werum, Lufthansa Systems
Azure Data Platform Scenario
On-Premises
Virtual Machines storage blob
Hadoop
MPLS storage table

ExpressRoute
File Data Worker Role
MPP/APS
storage queue
On-Premises VPN Cortana
Enterprise VPN Device Gateway Logic Apps Analytics
Data Suite
HDInsight (Hadoop)
SQL
Transactional
SQL Data Sync
Data Azure Data Lake
Azure Batch
Apps
Data Data
Machine
Log Data Management Management 3rd Party
Azure SQL Database Learning
Gateway Service
IOT Data Factory

Azure SQL Data
Warehouse
Stream Data EventHub

Azure Data
PowerBI
MySQL Database
iOS/ Android
Catalogue
Cloud
Device Data Gateway DocDB Others
Stream Analytics
Web Apps on Azure
Scenario Developer
Cloud App Discovery
Develop secure cloud apps
Using ADAL and Graph API
Azure Right
Management Service
Azure AD Premium Custom sing-on Users see and launch

experience cloud apps
Azure AD Application
Proxy Connectors
HTTP LOB App On Premise User Remote User
Windows Server AD/ADFS

Multiforest
DirSync/AADSync/password writeback
Mobile Apps Scenario
Send Push Notification to
Every Device
Windows Phone (MPNS)
iOS (APNS)
Android (GCM)
Windows Store (WNS)
Store App Data
SQL DB, Table
Storage and 3rd
Notification Hub
party data stores
available in the
Azure Store
Active Directory,
Websites Facebook,
Autoscale Twitter,
Microsoft,
Service Authenticate Google
Service Bus Relay Instances
Mobile Apps
iOS
Android
Windows Phone On Premises
HTML 5 App
WCF Services
SAP on Azure Scenario
SAP certifications
Microsoft Azure is certified for the following SAP products, with full
support from Microsoft and SAP.
http://azure.microsoft.com/en-us/campaigns/sap/
On-Premises Guest Virtual
SAP Product Operating RDBMS Machine
SAP (Dev / Test / UAT) Blob Storage System Types

SQL
Windows Server,
SAP Business Suite Software Windows
Server .vhd file Oracle3,
On-Premises & SAP (C:) SAP ASE4
A5 to A11,
Servers SQL
Shared Server,
D11 to
.vhd file SAP Business All-in-One Windows D14, DS11
Pool (D:) Oracle3,
to DS14,
SAP ASE4
GS1 to GS5
SQL
On-Premises Azure VPN SQL Server SAP NetWeaver Application Server
Windows
Server,
VPN Device Gateway ABAP 1 Oracle3,
Windows SAP ASE4
Server (C:) .vhd file
Shared SAP HANA Developer Edition

.vhd file
Pool (D:) (including the HANA Client
software comprised of SQLDBC, SUSE,
N/A A7, A8
SQL ODBO (Windows only), ODBC, AND Linux
.vhd file JDBC drivers), HANA Studio, and
Server (E:) HANA Database) 2
Virtual Network 1Only NetWeaver 7.00 and later SAP releases of NetWeaver are supported
for deployment in Azure
2Customers can try SAP HANA Developer Edition on Azure using the SAP
Cloud Appliance Library

3Oracle Database 11g R2 Patchset 3 (11.2.04 ), Single Instance
4SAP Adaptive Server Enterprise 16
Azure Security
The Microsoft Cloud - A Cloud You Can Trust
Your content is stored and

The confidentiality, No one is able to use your You have visibility into how
managed in compliance
integrity, and availability of data in a way that you do your data is being handled
with applicable laws,
your data is protected. not approve. and used.
regulations and standards.
30
Securing the Platform
Infrastructure Operational Compliance
security controls security controls
 Security Embedded  Datacenter Security  Prevent & Assume  Strategy

in Planning, Design,  Secure Multi-tenancy Breach Strategy  Certifications
Development, &  Network Protection  Incident Response
Deployment  Access Policy & Controls
 DDoS Defense
 Data Segregation  Threat Detection
 Data Protection  Forensics
Security Development Lifecycle
Education Process Accountability

Establish
Administer and track release Incident
Guide product teams to meet SDL requirements criteria & Response
security training sign-off as (MSRC)
part of FSR
Training Requirements Design Implementation Verification Release Response
Ongoing Process Improvements
Infrastructure security controls Operational security controls Compliance

Datacenter Security
Barriers Fencing
Perimeter
Seismic Security 24X7 Days of

bracing operations center security staff backup power
Building
Two-factor access control:

Cameras Alarms
Biometric readers & card readers
Computer room

Secure Multi-tenancy
Customer
Microsoft Azure
Admin
 Isolates customer
Portal
Customer 1 Customer 2
environments using the Fabric
Smart API
Controller
Guest VM Guest VM Guest VM
Fabric Hypervisor  Runs a configuration-hardened

Controller Host OS version of Windows Server as
the Host OS
Azure
End Storage
Users
SQL
 Uses Hyper-V – a battle tested
Database and enterprise proven
hypervisor

Network Protection
INTERNET Client  Provides logical isolation
while enabling customer
control
Microsoft Azure
Cloud Access
Layer
RDP Endpoint
(password access)  Restricts access from the
Internet, permits traffic
Customer 1 Customer 2 only to endpoints, and
Subnet 1 Subnet 2 Subnet 3 Deployment X Deployment Y
provides load balancing
Corp 1 VPN
and NAT at the Cloud
VLAN-to-VLAN
Access Layer
 Private IP addresses are

isolated from other
DNS Server
Isolated Virtual customers
Networks

DDoS Defense System
Internet
 Azure’s DDoS defense

Routing Updates Profile DB
MSFT Routing Layer system is designed not
Flow Data only to withstand attacks
from the outside, but also
Detection Pipeline
from within.
Attack Traffic
Scrubbed Traffic
 Azure monitors and
detects internally initiated
Scrubbing Array DDoS attacks and
removes offending VMs
SLB from the network
Application

Data Segregation
Customer
Microsoft Azure  Stored data accessible only
Admin
through claims-based IDM &
Customer 1 Customer 2
Portal
Smart API
access control with private key
Guest VM Guest VM Guest VM

 Storage blocks are hashed by the
Hypervisor
Fabric
Controller
hypervisor to separate accounts
Host OS
 SQL Azure isolates separate

End Azure
Users Storage account databases
Access
Control
SQL
Database
 VM switch at the host level blocks
inter-tenant communication

Data
segregation
In-transit
Data
data
destruction
protection
Protecting
your data
Data
Encryption
redundancy
At-rest data
protection
Prevent & Assume Breach
 Prevent Breach is a defensive strategy

• Secure Development aimed at predicting and preventing a
Lifecycle security breach
• Physical security controls
Prevent • Operational security
breach controls  The Assume Breach strategy, unique to
Microsoft, is a key operational practice
that hardens cloud services
 Leverages Microsoft’s vast threat
intelligence
 Includes state of the art security
• Bug Bounty Program
• War game exercises monitoring and response
• Live site penetration testing
Assume
breach

General Availability
Incident Response
DevOps
Engaged
Security Team
Engaged
Event
Detected
Incident
Event Assessment Security Customer
Start Event Customer Process
Confirmed Step 1
Notification
Determine
Affected
Determine Azure
Customers
Customer Impact Customer
 In-depth 9-step incident response process Notification
 Focus on containment & recovery
 Makes contractual commitments regarding
customer notification + provides forensics

Access Policy & Controls
Pre-screened Admin
Microsoft Azure Just-in-Time & requests access

Role-Based
Access
BLOBS DRIVES
TABLES QUEUES
Leadership grants
temporary privilege
Microsoft Corporate Network
 No standing access to the platform and no access to customer Virtual Machines

 Grants least privilege required to complete task; access requests are audited and logged
 Multi-factor authentication required for all administration

Threat Detection
INTERNET End Users
THREAT DETECTION: DOS/IDS Layer

Microsoft Azure
 Provides big data analysis of logs for
Cloud Access & Firewall Layer intrusion detection & prevention for the
platform
Customer Environment
Virtual Network
DOS/IDS Layer  Employs denial of service attack
Application Tier prevention measures for the platform
Corp 1 DOS/IDS Layer
VPN
Logic Tier
 Regularly performs penetration testing
DOS/IDS Layer
Database Tier

Forensics
!
! !  Provides coordination,
analysis of logs and VHD
images in the event of
platform-level incident
 Provides forensic data to

customers when needed

Security Compliance Strategy
• Security goals set in context of
business and industry
requirements Test and Security
• Security analytics & best audit analytics
practices deployed to detect
and respond to threats Security
• Benchmarked to a high bar of Compliance
certifications and accreditations Framework
to ensure compliance Security Risk management
• Continual monitoring, test and benchmark best practices
audit analysis
• Ongoing update of certifications
for new services

Azure Trust Center
https://azure.microsoft.com/en-us/support/trust-center/
Azure covers 54 compliance offerings
Azure has the deepest and most comprehensive compliance coverage in the industry
Global
SOC 1 SOC 2 CSA STAR CSA STAR CSA STAR

ISO 27001 ISO 27018 ISO 27017 ISO 22301 ISO 9001 Type 2 SOC 3
Type 2 Self-Assessment Certification Attestation
US Gov
Moderate High DoD DISA DoD DISA DoD DISA Section

SP 800-171 ITAR CJIS IRS 1075
JAB P-ATO JAB P-ATO SRG Level 2 SRG Level 4 SRG Level 5 FIPS 140-2 508 VPAT
Industry
PCI DSS Shared FISC HIPAA / GxP

FACT IG Toolkit
Level 1 CDSA MPAA Japan HITECH Act HITRUST 21 CFR Part 11 MARS-E FERPA GLBA FFIEC
UK Assessments UK
Regional
New Canada Germany IT

Argentina EU UK China China China Singapore Australia Zealand Japan My ENISA Japan CS Spain Spain India
Privacy Privacy Grundschutz
PDPA Model Clauses G-Cloud DJCP GB 18030 TRUCS MTCS IRAP/CCSL GCIO Number Act IAF Mark Gold ENS DPA MeitY
Laws Shield workbook
Detect and Mitigate Threats
The Azure Portal
Classic Azure Portal (ASM)
Azure Portal
Azure Portal
Demo
Azure Resources Management
• New Portal with dramatically
new capabilities
• ARM Templates and Deployment
• Resource Groups, Resources,
Tags and Role Based Access
Control
• ARM Policy
Subscriptions, Resource Groups and Resources
Resource Group Resource Group Resource Group

Subscription
ARM Templates
Demo
Account Management & Billing
Enterprise Enterprise Administrator
Enrolment
http://ea.azure.com
Department A Department B Department Administrator
Account Owner
Account A Account B Account C
http://account.windowsazure.com/
Subscription 1 Subscription 3 Subscription 4 Service Administrator

Co-Administrator (optional)
http://portal.azure.com/
Subscription 2
60
Enterprise
Enterprise Administrator
Assigns other Enterprise and Department Administrators
Adds Departments or associates Accounts with the Enterprise Enrolment
Views usage and charges across all accounts and subscriptions
Can view the monetary commitment balance associated to the Enterprise Enrolment
Department Administrator
Edit their Department name and Cost Centre
Manage department admins, add / remove accounts from the Enrolment and their Departments
View Department charges (if enabled by the Enterprise Admin)
Non-Enterprise
Account Owner
Add Subscriptions to their Account
Update the Service Administrator and Co-Administrator for an individual Subscription
View usage data for their Account, and view Account charges (if enabled by the Enterprise
Administrator)
Service Administrator
Access and manage Subscriptions and resources within the Azure Management Portal
Enterprise Account Management
Portal Portal Portal
Create EA Departments, Accounts Manage Subscriptions Deploy and host applications
and Subscriptions
Enable Subscription features Download or email invoice
View monetary commit, usage
Update Service Administrators See cost breakdown / burn rate
Download daily usage .csv
Day 0 Day 1 Day 2+
Pricing Calculator Review Estimated Cost Check Cost Breakdown
TCO Calculator Add Resource Tags Check Burn Rate
Check Subscription Access Auto Shutdown VM? Check Azure Advisor
Check Spending Limits Get Invoice & Usage Data
Setup Billing Alerts
Enterprise Agreement Spending Quotas
Demo Links
Day 0 Day 1 Day 2+
Pricing Calculator Estimated Cost (show in creating VM) Cost Breakdown / Burn Rate
TCO Calculator Resource Tags (show RG blade option) Azure Advisor
Subscription Blade Shutdown VM (show RG blade option) Get Invoice
Spending Limits Get Usage Data
Billing Alerts (then Spending Limits link)
Resource Tags
BillTo
Department (or Business Unit)
Environment (Production, Stage, Development)
Tier (Web Tier, Application Tier)
Application Owner
ProjectName
EA Usage
Non-EA Usage
Azure Usage
& Billing Portal
Power BI Enterprise Content Pack
Demo Material EA Dashboard Rolling 6 Months - using AETables.pbit
 Once you open it, you’ll have to do a few edits…

 To edit it for another subscription (I haven’t parameterized this yet) do the following
 Click “Edit Queries”
Click View | Advanced Editor
7th line down is the following.. Change to customer enrollment number (or 100 if you want to use the test
enrollment)
 #"Added Custom" = Table.AddColumn(#"Converted to Table", "AEData", each
Table.PromoteHeaders(Table.FromList(List.Skip(Lines.FromBinary(AzureEnterprise.Contents("https://ea.azure.com
/rest/100/usage-report",Record.AddField([type="detail",fmt="Csv"],"month", [Month]))),2)))),
 Hit “OK” and then go File | Close & Apply
You should be prompted for the Feed Credential (API Billing Key). The Test Tenant key is here:
https://automaticbillingspec.blob.core.windows.net/spec/TestEnrollmentUsageApiKey.txt If you have a key from
a customer, use that..
If you’re not prompted for the key, go Edit Queries | Data Source Settings | Azure Enterprise (Click Edit
Permissions) and then Edit Feed Key and paste the key in there…
Click “Refresh” whenever you want to update….
 This is a rolling 6 months of data… Could be longer if needed. Everything is keyed around the rolling 6
months.. I have report filters, etc.. You may need to clear the filters when you load in other data.
Cloudyn
Cloud Cruiser
Division
Arch & Design
Assembly
Engineering
Materials
Production Eng.
Shipping
Key Components of Azure
Identity and Access Management
Current State
Solution: Azure Active Directory
Windows Server
Active Directory Username
•••••••••••
Other
Directories
SaaS
Azure
Public Office 365

cloud
On-premises Microsoft Azure Active Directory Cloud

One user. One identity. Everywhere.
What is Azure Active Directory?
Azure Active Directory (Azure AD) is Microsoft’s

multi-tenant, cloud based directory and identity
management service. Azure AD is the
centralised directory store used by Azure and
Office 365, containing all the identities of users
inside your organisation.
What is Azure Active Directory?
A comprehensive Identity and Access Management
cloud solution for your employees, partners and
customers.
It combines
 Directory services
 Advanced identity governance
 Application access management
 Rich standards-based platform for developers.
B2E B2B B2C

Azure Active Directory
86%
• Microsoft’s “Identity Management as a Service (IDaaS)” for
organizations.
Azure AD More than
600 M
• Millions of independent identity systems controlled by
of Fortune 500 Directories
>9 M
companies use
enterprise and government “tenants.”
Microsoft Cloud
(Azure, O365, CRM user accounts on
• Information is owned and used by the controlling Online, and PowerBI) Azure AD
organization—not by Microsoft.
1 trillion >80k >1.3

• Born-as-a-cloud directory for Office 365. Extended to
manage across many clouds.
• Evolved to manage an organization’s relationships with its

customers/citizens and partners (B2C and B2B).
Azure AD
authentications
third-party
applications used billion
since the release of with Azure AD authentications every
the service day on Azure AD
each month
Every Office 365 and Microsoft Azure customer uses Azure Active Directory
Azure AD Connect
• Primary tool to onboard to Azure AD

• Express Settings gets customers
connected in a matter of minutes
• Provides install & configuration of
Identity Components
Microsoft Cloud Identity Models
What is the Password Hash Sync?
Password Hash Synchronization is a feature

used to synchronize user password hashes from
an on-premises Active Directory instance to a
cloud-based Azure AD instance.
Synchronized Identity Model
Password hashes
User accounts
Azure AD Sync
On-premises
Sign-on
directory
User
What is a Hash?
• A one way mathematical operation that can never be reversed
Input Hashing Algorithm Output (Digest)
17 Modulus 10 7
187 Modulus 10 7
2,141,347 Modulus 10 7
If all of these inputs generate the output of “7”, is there any way I can get
back to my original input from the Digest of “7”?
Hash and Digest
• Different Input, Different Output
• Different algorithm, Different Output

69359a7dd7c281152664322f48
P@ss1w0rd SHA-1 02cc47ba84793b
1680164318e91781e34bafb625
P@ss1w0rd! SHA-1 7cc18d9b1d08f7
9689ddd234d01d52f7b87e0eef23882b3e
P@ss1w0rd SHA-256 922124036724595f46bda3221704f4
24d5f3ca57617eec1f132ed7ef7d2087152
P@ss1w0rd SHA-256 f0d512d1237a7b3e8900585906b30
Azure AD Connect & Password Hashing
Password
User

69359a7dd7c281152664322f48
P@ss1w0rd SHA-1 02cc47ba84793b
69359a7dd7c281152664322f 8aec465f08a81e72c6d352e4c7b085abe0
4802cc47ba84793b SHA-256 1113d0163c79a2a7aa1acffc860301
What is the Federated Identity Model?
With federation sign-in, you can enable users

to sign in to Azure AD-based services with their
on-premises passwords and, while on the
corporate network, without having to enter
their passwords again.
Federated Identity model
Azure AD Sync
On-premises
directory
Password Sync Backup for Federated Sign-In
Backup Password Hash Sync
User accounts
Azure AD Sync
On-premises
directory
What is Pass Thru Authentication?
Azure Active Directory (Azure AD) Pass-through

Authentication allows your users to sign in to
both on-premises and cloud-based applications
using the same passwords. When users sign in
using Azure AD, this feature validates user
passwords directly against your on-premises
Active Directory.
How does Pass Through Authentication work?
2
Azure AD App
Azure AD Proxy
1 2
8 7
Contoso Corpnet
6
Connector
4
5
GS6
MR15
Considerations for choosing auth options

Consideration Password Hash Synchronization ADFS Pass-through Authentication
Where does the In the cloud On-premises On-premises

authentication happen?
Where does the user In the cloud On-premises (through In the cloud (transmitted securely
enter the credentials? proxy in DMZ) to on-premises agent)
Is there any on-premises No Yes – At least 2 Yes – 1 or more lightweight

infrastructure needed ADFS servers and 2 agents that can be installed
beyond Azure AD proxies in DMZ on any existing servers
Connect? (including DCs) with no DMZ
requirements
Do my users get single Yes with Desktop SSO Yes Yes with Desktop SSO
sign-on to cloud
resources from domain-
joined devices within
company network?
Slide 93
GS6 I don't normally like tables and lots of words in a presentation but these two slides are really good since they
can identify some simple steps for the attendees to help them decide what they should be looking at.
George Smpyrakis, 1/2/2018
MR15 Convert to tick boxes / circles

Mark Rhodes, 1/11/2018
Considerations for choosing auth options
Consideration Password Hash ADFS Pass-through
Synchronization Authentication
What login types does it U/P, Win10/Hello U/P, WIA, Cert-based auth, U/P
support? SmartCard,
What MFA options do I Azure MFA Azure MFA, Azure On-premises Azure MFA
have? MFA, 3 party MFA (RSA, Safenet,
rd
HID Global, Symantec,…)

What Conditional Access Azure AD Conditional Azure AD Conditional Access as Azure AD Conditional
options do I have? Access well as additional on-premises Access
levers
Does it support alternate Yes Yes Not Currently
login ID?
Does it support legacy Yes Yes No
application & EAS clients?
Microsoft Azure
Active Directory
User Identity
synchronization
Pass-through Seamless
authentication SSO
Authentication passed to
Windows Server Active Directory
via Pass-through authentication
Pass-through
authentication agent
Microsoft Azure
Active Directory
User Identity +
Password Hash
synchronization
Azure Active Directory Seamless

authenticates user SSO
How it works
Microsoft Azure
Active Directory
Security
Token
Service
6
1 Token returned to the
User Name 25 Connector returns
notified
user
and or further proofs
password
User (MFA) are initiated
of request
result
Contoso Corpnet
4 DC
3 Connector
returns
result
validates the
credentials
Connector
against AD
How seamless SSO works with Pass-through authentication and Password hash synchronization
Microsoft Azure
Active Directory
Security Token
Service
Contoso Corpnet
5
1
6
2 Token
User returned
sends
enters
401 response toto
ticket
their tothe userAD
Azure
username
get or further
a Kerberos ticket proofs (MFA) are initiated
STS
User 4
3 User
AD returns
requests
Kerberos
a Kerberos
ticketticket
Choosing the User sign-in method for your organization
PHS and
I need to PTA with SSO AD FS
SSO
Sync new user, contact, and group accounts

x x x
from on-premises AD to cloud automatically
Set up my tenant for Office 365 hybrid

x x x
scenarios
Enable my users to sign in and access cloud
x x x
services using their on-premises password
Implement single sign-on using corporate
x x x
credentials
Ensure no passwords are stored in the cloud x* x
Enable on-premises multi-factor
x
authentication solutions
*Through a lightweight connector.
Application Proxy
https://www.contoso.com
Microsoft Azure
Active Directory
DMZ
Corporate
Network
http://intranet
Single sign-on to any app
OTHER DIRECTORIES
Microsoft Azure
Web apps Integrated

SaaS apps
(Azure Active Directory custom apps
Application Proxy)
Access Panel
• Accessed via https://myapps.microsoft.com

• Customisable portal for Azure AD users
• Enables SSO to simplify user access to thousands of cloud applications from any device
• Provides self-service capabilities, such as password reset and group management
Connect Health:
Monitor your Identity Bridge
Monitor:
• The Azure AD Connect sync engine health
• ADFS infrastructure health
• On-premises AD Domain Services health
AAD Connect Health
• Perform forensic analysis on top users with failed logons

• Detect missing hotfixes, misconfigurations, expired certificates
• Troubleshoot with easy access to critical performance counters
• Email notification for critical alerts
B2B: cross-organization collaboration
“I need to let my partners access my company’s apps using their own credentials”
Azure Active Directory B2C
• Consumer identity and
access management in the
cloud
“By using Azure Active Directory B2C we were

able to build a fully customized login page
without having to build custom code.
Additionally, with a Microsoft solution in
place, we alleviated all our concerns about
security, data breaches, and scalability."
- Rafael de los Santos, Head of Digital, Real
Madrid
Azure Active Directory Join for Windows 10
Azure Active Directory Join makes
it possible to connect work-
owned Windows 10 devices to
your company’s Azure Active
Directory Enterprise
State Roaming
• Enterprise-compliant services
Intune/MDM
• SSO from the desktop auto-enrollment
• MDM auto-enrollment
Windows 10 Azure AD
joined devices
• Support for hybrid environments
Azure Active Directory Identity Protection
• Use the power of Identity Protection in PowerBI, SIEM and
other monitoring tools
Infected Leaked
devices Configuration credentials
vulnerabilities
Brute force Suspicious sign-
attacks in activities
Security/Monitoring/Reporting
Notifications Solutions
Data Extracts/Downloads
Reporting APIs
Apply Microsoft learnings to your

existing security tools
Microsoft machine - learning engine
Privileged Identity Management
• Discover, restrict, and
monitor privileged identities
Global Billing Exchange User Password

Administrator Administrator Administrator Administrator Administrator
Privileged Identity Management
• How time-limited activation of privileged roles works
• CLOUD-POWERED PROTECTION SECURITY
ADMIN
Users need to activate their privileges to perform a task

ALERT
MFA is enforced during the activation process Configure Privileged

Identity Management
Alerts inform administrators about out-of-band changes

Identity
ADMIN PROFILES Monitor
verification
Billing Admin
Users will retain their privileges for a pre- Global Admin Audit
configured amount of time Read only
USER MFA Service Admin
Access reports
Security admins can discover all privileged
identities, view audit reports and review everyone
who has is eligible to activate via access reviews
PRIVILEGED IDENTITY MANAGEMENT

Cloud App Discovery
• Discover all SaaS apps in use

within your organization
Monitor and protect access to enterprise
apps
X X X X X
Built-in security features X X X X X
Security reporting that tracks inconsistent

access patterns, analytics, and alerts
Reporting API
X X X X X
Step up to Multi-Factor Authentication

Infrastructure as a Service
Infrastructure as a Service scenarios
Using virtual machines, containers, virtual networks and storage to recreate
the experience of virtualized environments using an on-premises hypervisor
Running virtual
machines
Using networking services to run multiple sites and create

applications and services that are available across multiple locations
Manage network
across sites
Extending available SAN storage from your on-premises network in to

the cloud, especially when related to archive and mass storage scenarios
Extending storage
capacity
Azure Core IaaS Components
Network Storage Compute

Azure IaaS – Core Scenarios
Virtual Machines VM Scale Sets Containers DevTest Labs

Storage
Azure Storage Services
Queues
Reliable queues at
scale for cloud
services
What is a Storage Account?
Azure Storage offloads the heavy

lifting of data centre
management. Azure Storage offers
a range of solutions to suit your
needs, with scalability you won’t
outgrow.
GS9
Blob storage tiers
Hot Cool
Use cases Data that is active in Data that is archived

use, or expected to be and not expected to
accessed frequently be accessed
frequently
Availability 99.9% 99%
Usage charges Higher storage costs, Lower storage costs,

lower access and higher access and
transaction costs transaction costs
Latency milliseconds milliseconds
Slide 120
GS9 Need to add Archival to this Archival is now GA Also the storage names have changed to General purpose V1
and V2
Disk Storage Tiers
Standard Premium
Disk type Hard Disk Drive (HDD) Solid State Drive (SSD)
IOPS per disk 500 120-7500

(based on disk size)
Throughput per disk 60 MB/sec 25-250 MB/sec

(based on disk size)
Maximum disk size 4TB 4TB
Max IOPS per VM 32,000 IOPS 80,000 IOPS

(when using a GS5 VM) (when using a GS5 VM)
Max throughput per 2,000 MB/s 2,000 MB/s

VM (when using a GS5 VM) (when using a GS5 VM)
MR18
Locally Redundant Storage (LRS)
Australia South East Australia East

Slide 122
MR18 LRS / GRS / RAGRS

MR18
Disk Failures

Slide 123

MR18
Geographically Redundant Storage (GRS)

Slide 124

MR18
Read Access Geographically Redundant

Storage (RA-GRS)
Read only

Slide 125

What are Managed Disks?
Azure Managed Disks simplifies

disk management for Azure IaaS
VMs by managing the storage
accounts associated with the VM
disks. You only have to specify the
type and the size of disk you need,
and Azure creates and manages
the disk for you
Premium Storage
SSD based storage

Add up to 64 TB of storage per VM
Capable of >80,000 IOPS per VM
Less than 1ms read latency
Premium storage
SSD based storage Disk Size IOPS per Throughput
disk per disk
Add up to 256 TB of storage P4 32 GB 120 25 MBPS
per VM P6 64 GB 240 50 MBPS
Capable of >80,000 IOPS per P10 128 GB 500 100 MBPS
VM P20 512 GB 2,300 150 MBPS
P30 1024 GB 5,000 200 MBPS

Disk throughput of up to 2,000
P40 2048 GB 7,500 250 MBPS
MB/s
P50 4095 GB 7,500 250 MBPS
Less than 1ms read latency
Cool Storage
Generally Available
Low-cost Blob storage
As low as $0.01 per gigabyte
Archive on-premises data to cloud
HOT TIER
Azure
Folders
Azure Storage (Blob)
Files
Disks StorSimple
COOL TIER
Azure Storage (Blob)

On-premises
Storage Service
Encryption
Encrypt Block and Page Blobs

256-bit AES encryption
Fully managed encryption process
Azure Disk
Encryption
Windows and Linux

Standard and Premium
Import/Export Your Data
Fast data transfer to Azure
Encrypted data transfer
Efficient recovery
COURIER
Office 365 Import Service SERVICE
100 BLOB STORAGE

Terabytes
Bitlockered Bitlockered
HDD HDD
Customer Azure Datacenter

Hybrid Cloud Storage
StorSimple
Azure Backup - Files
• Backups are encrypted

• Efficient use of storage through compression
• Restore to the same server or different
• Integrates with DPM
• Retain data for up to 99 years
Azure Backup – VM’s
• Agentless backup
• No shut down of VM required
• No On-Premises resources required
• Perform scheduled daily or weekly backups
Azure Backup Architecture
Azure
SC DPM/
Azure Backup Server
Azure Backup
(SaaS service)
Windows Hyper-V
Server IaaS VM backup
On premises – built & managed infrastructure Cloud – flexible, remote infrastructure

Azure Site Recovery
Replicate and protect physical, VMware, AWS and Hyper-V VMs to Azure
• Migration cutovers to Azure in as little as minutes
• Automated asset discovery and migration
• On the fly conversion of source VM
• Auto-provisioned target Azure VM’s
• Near zero downtime and data loss
• Failback to VMware infrastructure from Azure
Azure Site Recovery
Azure
Enables recovery of Hyper-V, VMware, and
physical servers to Azure or your
secondary datacenter
Orchestrate the recovery of your apps for

simplified disaster recovery
Achieve zero impact disaster recovery

drills
Minimise app errors and data loss with

application consistent recovery points
Cloud-first disaster recovery
• Democratizing disaster recovery Azure
No infrastructure required—affordable, enterprise-grade

protection for all apps
No need to sacrifice RPO and RTO goals
Supports critical workloads—Exchange, SharePoint, SAP, etc.

Downtime
Works with what you have—Hyper-V, VMware, or bare metal
Easy to manage—automated replication, policy-based

protection, and one-click orchestrated recovery
Premium protection against operational and human errors

with intra-cloud disaster recovery and backup
On-premises/cloud Datacenter
Replication & Migration of workloads
Heterogeneous Platform Support
Migration
DR Service
Replication
Cloud
Physical Servers Virtual Storage
Machines
On Demand Infrastructure for a variety of uses

Disaster Recovery versus Migration
Test Failover
(or Failover)
Create Create Policy Failover

Create Protect
Create Vault Storage (or add to during Failback
vNet(s) Server(s)
Account(s) Policy) disaster
Create Create Policy Failover

Create Protect
Create Vault Storage (or add to
vNet(s) Server(s) (migrate)
Account(s) Policy)
Test Failover
(prior to
migration)
Enhanced capacity
Planning and
Monitoring
 Capacity Planning
 VM readiness for DR and Migration
to Azure
 Churn profiling
 Bandwidth/Throughput
measurement
 Storage, Compute and bandwidth
requirements
 Monitoring
 Enhanced event reporting
 Enhanced replication health
monitoring with Log Analytics
 Enable integration with custom
solutions
Enhancements for
App-Aware DR
 SQL Always-ON Integration
 Discovery and failover
 Available in new Azure portal
 First class support for
 Resource groups
 Availability sets
 NSG, Public IP
 Enhanced support for Internal Load
balancers
Networking
Start Here -> Azure Virtual Networks (VNET)
(10.1.0.0/16)
(10.1.1.0/24) (10.1.2.0/24)
(10.1.3.0/24) (10.1.4.0/24)
Microsoft Confidential
Azure Virtual Networks- Usage Scenarios
• Option 1: As a protected private virtual network in the cloud
• Allows customers to set up secure private IPv4 networks fully
contained within Microsoft Azure
• Option 2: As a virtual data center/Branch office extended in the cloud

• Allows customers to extend their Enterprise Networks into
Microsoft Azure
• Networking on-ramp for migrating existing apps and
services to Microsoft Azure
• Allows customers to run hybrid apps that span the cloud and
their on-premises setup
Hybrid Cloud -Virtual Networks
Network
Network configuration
Admin
CorpOffice
Deployment
IT Admin package
(10.1.0.0/16)
(10.0.0.0/16)
(10.1.1.0/24) (10.1.2.0/24)
GWSubnet (10.1.2.101)
(10.1.5.0/24)
131.57.23.45
GW IP (10.1.3.0/24) (10.1.4.0/24)
65.57.23.45
10.0.0.21 10.0.0.20
Hybrid Networking Scenarios
Cloud Customer Segment & Workloads
Secure point-to-site • Developers

connectivity • Small scale deployments
Virtual network (Point-to-Site) • Connect from anywhere
Secure site-to-site • SMB, Enterprises

VPN connectivity • Connect to Azure compute
Virtual network (Site-to-Site) • IaaS and PaaS workloads
• SMB & Enterprises

Private site-to-site • Mission critical workloads
connectivity • Backup/DR, media, HPC
ExpressRoute
• Connect to all hardware
Site-to-Site Connectivity
• Extend your on-premises to the cloud securely
Windows Azure
• On-ramp for migrating services to the cloud
• Use your on-premises resources in Azure (monitoring, AD, …) <subnet 1> <subnet 2> <subnet 3>
DNS
Server
On-premises VPN
Gateway Virtual Network
Hardware VPN or
Windows RRAS
Your datacenter
Virtual Network and ExpressRoute
Public Public
internet internet
Public
internet
Hybrid Networking Scenarios
Cloud Customer Segment & Workloads
Secure point-to-site • Developers

connectivity • Small scale deployments
Virtual network (Point-to-Site) • Connect from anywhere
Secure site-to-site • SMB, Enterprises

VPN connectivity • Connect to Azure compute
Virtual network (Site-to-Site) • IaaS and PaaS workloads
• SMB & Enterprises

Private site-to-site • Mission critical workloads
connectivity • Backup/DR, media, HPC
ExpressRoute
• Connect to all hardware
GS8
What is ExpressRoute?
Use Azure ExpressRoute to create

private connections between Azure
data centers and infrastructure on
your environment. ExpressRoute
connections don’t go over the
public Internet, and they offer
more reliability, faster speeds and
lower latencies than typical
Internet connections.
Slide 153
GS8 I think the ER peering slide is still one that is needed at this level so people understand the difference between
private and Public peering. https://docs.microsoft.com/en-us/azure/expressroute/expressroute-circuit-peerings
Public, Private and Microsoft peering
What is Azure Network Watcher?
Azure Network Watcher allows you

to monitor and diagnose
networking issues without
logging into your Virtual Machine.
What is Azure DNS
Use Azure DNS to host your DNS

in Azure. Seamlessly integrate
Azure-based services with
corresponding DNS updates and
streamline your end-to-end
deployment process.
What is Traffic Manager
Route incoming traffic for better

performance and availability.
Improve app availability with
multiple automatic failover
options, increase your app’s
responsiveness and distribute your
app traffic equally or with
weighted values.
What about Security? - Network Security Groups (NSG)
• Very similar to Firewall – NSG’s
lets you define
• Inbound rules
&
• Outbound Rules
for traffic to a VM or group of
VMs
• NSG can be associated with:

• A single NIC/ VM in a VNet
• A subnet in a VNet
• A VM and a Subnet
together for added security
• Rules are based on 5-tuple

(source/dest IP/port, protocol)
Network Security Groups (NSG)
VNet Peering
Directly link two
VNETS in same region
Internal Azure
backbone network
No gateway
Hub and Spoke

configuration
High bandwidth,
Low latency
Virtual DMZ
Networking
• Reserved IPs
• Multiple NIC’s
• Forced Tunneling
• Network Security Groups
• Virtual Network Appliances
• Multiple load balanced IPs per VM
• Create virtual networks with private or public IP ranges
• IPv6 in most regions
• Accelerated Networking (Preview)
• High performance S2S VPN gateways (200Mbps vs 100Mbps)
Compute
What are Azure Virtual Machines
Azure Virtual Machines gives you

the flexibility of virtualisation for a
wide range of computing solutions
with support for Linux, Windows
Server, SQL Server, Oracle, IBM,
SAP and more. All current
generation Virtual Machines
include load balancing and auto-
scaling
Virtual Machine Series
A B D E G M
General Memory
Purpose Optimized
F NV NC
Compute
Optimized GPU
L High H
Storage Performance
Optimized Compute
Series and Scale-up options
Highest value Largest scale-up

Small production Compute Large Memory Optimized GPU accelerated CPU intensive
Entry Level and dev/test General Purpose VMs for Storage
Optimized VMs VMs workloads workloads
workloads Workloads
A AV2 D DV2 F G L N H
Nested
Virtualisation in
Azure
Dv3 and Ev3 VM’s
Run a virtual machine within another virtual
machine
Development, testing, training, demonstration
Marketplace images
Microsoft
Windows Server SQL Server SharePoint Dynamics R Server
Open Source
RedHat Ubuntu Oracle Suse CentOS

Hybrid use benefit
Use your on-premises Windows
Server licenses with Software
Assurance to save big on Azure. With
this benefit, we will cover the cost of
the OS (on up to two virtual
machines) for each license, while you
only pay for base compute costs.
Further savings coming soon for SQL

Server and reserved instances
Reserved Instances
Azure Reserved Instances
enable you to reserve
Virtual Machines on a
one- or three-year term,
and provide up to 72%
cost savings versus pay-
as-you-go prices, giving
you price predictability
and help improve your
budgeting and
forecasting.
MR21
Ensuring Availability with Availability Sets

• Availability sets ensure
that groups of servers
will be provisioned to
unique fault domains
• VMs in an availability
set have an uptime SLA
of 99.95%
• Single instance VMs
that use premium
storage will receive an
uptime SLA of 99.9%
Slide 170
MR21 PUt in notes about what we are trying to protect against - eg Rack, Cluster,
VM Availability Sets
• Update domains are honored by host OS updates
Virtual Machine Scale Sets
What are VM Scale Sets
Apply auto-scaling to virtual

machines for high availability.
Create thousands of identical
virtual machines in minutes, rely
on integrated load balancing and
auto-scaling and quickly scale your
big compute and big data
applications
Management models for IaaS
• Resource Manager (V2)
Containers
What are Containers
A container image is a lightweight,

stand-alone, executable package
of a piece of software that includes
everything needed to run it,
including code, runtime, system
tools, system libraries, settings.
Containers vs Virtual Machines
Applicatio Applicatio Applicatio
n n n
Runtime Runtime Runtime
Applicatio Applicatio Applicatio
n n n
Operating Operating Operating
System System System Runtime Runtime Runtime
Hypervisor Container Manager
Operating System Operating System
Bare Metal Bare Metal
Virtual Machines Containers

Azure Container Technologies
What are Azure Container Instances?
Azure Container Instances offers

the fastest and simplest way to
run a container in Azure, without
having to provision any virtual
machines and without having to
adopt a higher-level service.
Azure Containers
Demo
Operations Management Suite
Log Analytics Monitor and analyze the availability
and performance of different
resources including physical and
virtual machines.
Azure Automation Automate manual processes and

enforce configurations for physical
and virtual machines.
Azure Backup Backup and restore critical data.
Operations Management Suite
Azure Site Recovery Provide high availability for critical

applications.
Straddling two worlds: challenges
for modern management
The View From Above – Any Cloud, Any Platform
OMS
Log Analytics
HTTPS
Hybrid
CentOS Oracle Ubuntu
On-Premises Windows OMS Repository
Debian RHEL SLES Events,
Any Cloud Properties,
Performance
184
The View From Above – Azure Services
Activity Log IoT Hub
Application Gateway Key Vault
Application Insights Load Balancer OMS
Automation Logic App
Log Analytics
Office 365
Batch Service Network Security Group
Azure Cognitive Services Search
Containers Service Bus
Data Lake Store Service Fabric Cluster
Event Hubs SQL Database
HDInsight HBase Web App/Farm
HTTPS
Hybrid
Performance
Active Directory Security & Audit

Antimalware Service Map
Solution Capacity & Performance SQL Server
Packs Change & File Tracking Update Management
Network Performance VMWare Monitoring
Operations Manager Wire Data
185
The View From Above – Custom Logs
Log Analytics
Office 365
Event Hubs SQL Database
HTTPS
Hybrid
Performance

Collector API
Ingest logs from
any device or app 186
The View From Above – Extracting Data
Log Analytics
Office 365
Event Hubs SQL Database Alerts

HTTPS
Dashboards
Hybrid
Debian RHEL SLES Events, Power BI
Performance
Excel
Collector API Search API
Ingest logs from Export
any device or app to any app 187
The View From Above – Alert Remediation
Application Insights Load Balancer OMS Email
Log Analytics
Office 365 Webhook
Automation
Event Hubs SQL Database Alerts

ITSM
HTTPS
Dashboards
Hybrid
Debian RHEL SLES Events, Power BI
Performance
Excel
Collector API Search API
Ingest logs from Export
any device or app to any app 188
Azure App Service
and DevOps
What are Azure Web Apps?
Azure App Service Web Apps (or

just Web Apps) is a service for
hosting web applications, REST
APIs, and mobile back ends. You
can develop in your favourite
language, be it .NET, .NET Core,
Java, Ruby, Node.js, PHP, or Python.
Azure Web Apps Pricing & Features
Free Shared Basic Standard Premium Isolated
Web, mobile 10 100 Unlimited Unlimited Unlimited Unlimited

or API Apps
Disk Space 1 GB 1 GB 10 GB 50 GB 250 GB 1 TB
Max 3 10 20 100
Instances
Custom Supported Supported Supported Supported Supported
Domain
Autoscaling Supported Supported Supported
Network Supported
Isolation
Price Free $0.013 $0.15 $0.20 $0.30 $0.40
Azure App Service
What is an Azure SQL Database?
Azure SQL Database is a

relational database-as-a service
using the Microsoft SQL Server
Engine. SQL Database is a high-
performance, reliable, and secure
database you can use to build
data-driven applications and
websites in the programming
language of your choice, without
needing to manage infrastructure.
THE SOLUTION
Azure SQL Database

The developer’s intelligent cloud database
Key benefits Differentiating proof
Self-tuning performance with Index Advisor

Learns and adapts
and real-time Threat Detection
Scales on the fly One click scaling, over 11 performance tiers

with zero downtime
Tenant isolation and automatic management of

Manages 1000s, like one
compute and storage with Elastic Pools
Popular platforms & languages, from Python

Works in your environment
to Ruby to Java to C# to .NET
Built-in HA and data protection with 99.99% SLA,

Secures & protects
Geo-Replication, & Point-in-time-Restore
SQL Azure Feature Comparison
Basic Standard Premium Premium RS
Target workload Development and Development and Development and Workload that can
production production production tolerate data loss up
to 5-minutes due to
service failures
Uptime SLA 99.99% 99.99% 99.99% N/A while in preview
Backup retention 7 days 35 days 35 days 35 days
CPU Low Low, Medium, High Medium, High Medium
IO throughput Low Medium Order of magnitude Same as Premium

higher than
Standard
IO latency Higher than Higher than Lower than Basic Same as Premium
Premium Premium and Standard
SQL Azure Pricing & Features
Basic Standard Premium
Database Transaction Units 5 10-3000 125-4000
Storage 2 GB 250 GB – 1 TB 500 GB – 4 TB
Price $0.0086 / Hour $0.0257-$3.8522 / Hour $0.7961-$27.40 / Hour

Azure App Service
Functions
Web Apps Demo
iOS
Functions
Mobile Apps Demo
Functions
API Apps Demo
Functions
Logic Apps Demo
Before cloud
On-
Premises
Co-Lo
Before cloud
Which packages should
be on my server? How can I increase server utilization?
How I deploy new code to my server?
It takes how long to provision a new server?

How often should
I patch my servers?
Then came IaaS …
It takes how long to provision a new server?

How often should
I patch my servers?
Is it PaaS time?
How often should

I patch my servers?
Is it PaaS time?
How often should

I patch my servers?
Serverless . . .
How can I increase server utilization?
What is Serverless?
Abstraction Event- Sub-second

of servers driven/ billing
instant scale
Benefits of Serverless?
Focus on Reduced Time

Reduced Business
DevOps To Market
Logic
AWS Lambda
Azure
Functions
Google
Cloud
Functions
IBM
OpenWhisk
Google searches for Serverless technologies
Mostly natural or positive Twitter traffic
Strong growth
1) Trigger 2) Input Binding 3) Develop 4) Execute 5) Output Binding
Web
Hooks
App Services
Hosting Plans
Azure Services Azure Services Azure Services
7) Develop Locally
6) Monitor and Improve

Functions Demo
 Hello Functions
 OCR
Azure Functions Demo
Optimize Improve Continuous
resources quality and delivery
availability
Microsoft
Solution
Develop
Developer IDE
Build + Test Build/CI
Release/CD
Deploy
Monitor
Monitor + Learn
Team Collaboration
Test
On-Premises | Hybrid | Cloud

OSS
Tooling
Develop
Developer IDE
Build + Test Build/CI
Deploy
Configuration
Monitor + Learn
Monitor
Team Collaboration
Release
Test
On-Premises | Hybrid | Cloud

Xamarin
test cloud
2,000+ devices
Automate your app testing and run
them on over 2,000 different real
devices. Test everything users do, as
well as any performance problems with
step-by-step memory and performance
tracking.
Real devices,
real quality
• Ensure higher quality by testing on
real devices
• Automate app testing on over 2,000
real devices
• Use C#, Ruby, or Cucumber to build
automated tests
• Integrates with any continuous
integration system
Transform data into intelligent action
Information Big Data Stores Machine Intelligence
Management Learning and People
Data
Sources Analytics
Machine Cognitive
Data Factory Data Lake Store
Learning Services
SQL Data Data Lake Bot Web

Data Catalog Warehouse Analytics Framework
Apps
Mobile
HDInsight
Event Hubs (Hadoop and Cortana Apps
Spark)
Bots
Sensors
and Stream Dashboards &
devices Analytics Visualizations Automated
Systems
Power BI
Data
Data Intelligence Action

Big data analytics made easy
Machine Learning
and Analytics
Machine
Learning Data Lake Analytics
Data Lake
Analytics
HDInsight
(Hadoop and
Spark)
SQL DW SQL DB Data Lake Store Storage Blobs SQL DB in a VM

Stream
Analytics
• Analyze data of any kind and size • Managed and supported with an enterprise-grade SLA
• Develop faster, debug and optimize smarter • Dynamically scales to match your business priorities
• Interactively explore patterns in your data • Enterprise-grade security with Azure Active Directory
• No learning curve—use U-SQL, Spark, Hive, HBase and Storm • Built on YARN, designed for the cloud
Bringing the Power of Big Data to everyone
Information Big Data Stores Machine Learning Intelligence
Data Management and Analytics
People
Sources
Machine Cognitive
Data Factory Data Lake Store
Learning Services
SQL Data Data Lake Bot Web

Data Catalog Warehouse Analytics Framework
Apps HDInsight
(Hadoop and Mobile
Event Hubs Cortana
Spark) Apps
Stream Analytics Bots
Dashboards &
Visualizations
Sensors Automated
and Power BI Systems
devices
Data Intelligence Action

Azure Reliable with an industry leading SLA
HDInsight Enterprise-grade security and monitoring
A Cloud Spark and Productive platform for developers and

scientists
Hadoop service for the
Enterprise Cost effective cloud scale
Integration with leading ISV applications
Easy for administrators to manage
63% lower TCO than deploy your own
Hadoop on-premises*
*IDC study “The Business Value and TCO Advantage of Apache Hadoop in the Cloud with Microsoft Azure HDInsight”
Introducing Azure Data Lake
Data Lake Data Lake HDInsight

Store Analytics
YARN YARN
HDFS
No limits Data Lake Analytics job service Managed Clusters

Cognitive
Services
Give your solutions
a human side
Microsoft hybrid cloud management
Simplified guest and workload management, on-premises and in the cloud
VMWare
HYPER-V HYPER-V
VMWare
Security and Audit
240
What next?
Get started
http://aka.ms/azuredd
(slides)
http://aka.ms/try-azure
(new offer)
https://www.microsoft.com/en-us/azureessentials
Certifications
https://azure.microsoft.com/en-
us/training
Massively Open Online Courses (MOOCs)
Free and easily Build and demonstrate Learn on your Apply and validate
accessible your capability own time your skills
Fundamentals Nov 22 Microsoft Azure Fundamentals Microsoft Azure for AWS Experts
Core IaaS Nov 22 Microsoft Azure Virtual Machines Microsoft Azure Networks Microsoft Azure Identity Microsoft Azure Storage
Dec 15 Microsoft Azure App Services

Deployment
Dec 31 Databases in Microsoft Azure
Securing & Dec 15 Managing Microsoft Azure Workloads

Managing Dec 31 Security and Compliance in Microsoft Azure
Dec 15 Microsoft Azure Automation
Scale and Agility
Dec 31 Microsoft Azure Deployment and Management
Migration Mar 31 Microsoft Azure IaaS Migration
DevOps Q3 Multiple courses

Eligible Azure certification exams
Click on any exam below to get started today!
70-532: Developing Microsoft Azure Solutions
70-533: Implementing Microsoft Azure Infrastructure Solutions
70-534: Architecting Microsoft Azure Solutions
70-473: Designing and Implementing Cloud Data Platform Solutions
70-475: Designing and Implementing Big Data Analytics Solutions
January: Linux Foundation Certified System Administrator (LFCS) exam
Learn more about our new digital badges for certified professionals
Get Started Today!
Explore MOOCs Get Started with Exams Transform
OpenEd Ex Pearson Vue MPN Landing Page

Screen Shot Here Screen Shot Here Screen Shot Here
• Bookmark https://openedx.microsoft.com/ to access • Go to https://azure.microsoft.com/en-us/learn/skills/ • Visit the Azure Skills Readiness Page for detailed
online courses anytime. Check back often – new to learn more and click to purchase the $99 or $279 information, resources and program updates.
courses added monthly! offer.
• Review Gavriella Schuster’s Azure Skills Readiness
• Look for two emails. One for your exam and replay Blog to learn more about why.
voucher and the other for your practice test. Follow
redemption instructions for each.
• Register and schedule your exams, then enter your
voucher code during checkout.
• Learn more about our new certification badges
Get started
Visit azure.microsoft.com
http://aka.ms/azdd
http://aka.ms/try-azure
Thanks!

ADD Deck - PH Sub PDF

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

ADD Deck - PH Sub PDF

Diunggah oleh

Hak Cipta:

Format Tersedia

Agenda

Azure App Service

Cloud Service API API

Azure Active Mobile Logic Notification Azure AD Privileged

Automation Storage Biztalk Operational

Key Vault Hybrid Service Import/Export

Stream Mobile DocumentDB Tables

>120,000 340 Billion 188 Billion

750 Million 1 in 3 >90%

Portal | PowerShell | Dev-ops tools Portal | PowerShell | Dev-ops tools

One Azure ecosystem

Cloud infrastructure Cloud-inspired infrastructure

Microsoft Azure Microsoft Azure Stack

SQL Business Continuity

MPLS storage table

IOT Data Factory

Stream Data EventHub

Azure AD Premium Custom sing-on Users see and launch

HTTP LOB App On Premise User Remote User

Windows Server AD/ADFS

SAP (Dev / Test / UAT) Blob Storage System Types

Shared SAP HANA Developer Edition

Cloud Appliance Library

Your content is stored and

 Security Embedded  Datacenter Security  Prevent & Assume  Strategy

Education Process Accountability

Training Requirements Design Implementation Verification Release Response

Ongoing Process Improvements

Infrastructure security controls Operational security controls Compliance

Seismic Security 24X7 Days of

Two-factor access control:

Infrastructure security controls Operational security controls Compliance

Fabric Hypervisor  Runs a configuration-hardened

Infrastructure security controls Operational security controls Compliance

 Private IP addresses are

Infrastructure security controls Operational security controls Compliance

 Azure’s DDoS defense

Infrastructure security controls Operational security controls Compliance

Guest VM Guest VM Guest VM

 SQL Azure isolates separate

Infrastructure security controls Operational security controls Compliance

 Prevent Breach is a defensive strategy

Infrastructure security controls Operational security controls Compliance

Infrastructure security controls Operational security controls Compliance

Microsoft Azure Just-in-Time & requests access

 No standing access to the platform and no access to customer Virtual Machines

Infrastructure security controls Operational security controls Compliance

THREAT DETECTION: DOS/IDS Layer

Infrastructure security controls Operational security controls Compliance

 Provides forensic data to

Infrastructure security controls Operational security controls Compliance

Infrastructure security controls Operational security controls Compliance

SOC 1 SOC 2 CSA STAR CSA STAR CSA STAR

Moderate High DoD DISA DoD DISA DoD DISA Section

PCI DSS Shared FISC HIPAA / GxP

New Canada Germany IT

Resource Group Resource Group Resource Group

Department A Department B Department Administrator

Subscription 1 Subscription 3 Subscription 4 Service Administrator

 Once you open it, you’ll have to do a few edits…

Public Office 365

On-premises Microsoft Azure Active Directory Cloud

Azure Active Directory (Azure AD) is Microsoft’s