Mahammad Kubaib Azure Virtual Desktop and Active Directory Services

Mahammad Kubaib Azure Virtual Desktop

Topics Mahammad Kubaib Azure active directory Azure Virtual machine service Disks Azure Virtual Network Azure DNS Service and Private Endpoint Azure VPN and Firewall Azure Key vault

Azure Active Directory Mahammad Kubaib Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access management service, which helps your employees sign in and access resources in: External resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications.

Azure MFA Mahammad Kubaib Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form of identification, such as to enter a code on their cellphone

Conditional Policy Mahammad Kubaib Conditional Access is the tool used by Azure Active Directory to bring signals together, to make decisions, and enforce organizational policies https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

Azure AD Connect Mahammad Kubaib Azure AD Connect is a tool for connecting on premises identity infrastructure to Microsoft Azure AD. Integrating your local domain with the Azure Active Directory will allow your users to access azure resources with a unified identity, i.e. a single username and password.

Azure Virtual machine service Mahammad Kubaib Type and benefit of Azure VM over traditional VMs (SLA 99.9%) Availability set (SLA 99.95%) Availability zone (SLA 99.99%) Scale Set Reserved Instance Resizing VM

Disks Mahammad Kubaib Unmanaged (Customer should manage the storage account ) Managed Disk (OS disk and Data Disk) ,SLA 99.99% Temporary disk (Data will be reset during host maintenance ) Note : Restart VM wont delete the Data Stop/Deallocate VM will delete Data on Temp Disk Types of Disk HDD, Standard SSD,Premium and ultra SSD Adding and expanding Disk

Azure Virtual Network Mahammad Kubaib An Azure Virtual Network (VNet) is a representation of your own network in the cloud. It is a logical isolation of the Azure cloud dedicated to your subscription. https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq Address space Subnet Note: By default communication is allowed between subnets in a vnet due to default routing table IP Address Private IP : used for communication within Azure and on premise Pubic IP : used for communication with internet Network Security group (NSG) : A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic Virtual Network Peering :Virtual network peering enables you to seamlessly connect two or more Virtual Networks in Azure.

Virtual Network Peering Mahammad Kubaib Virtual Network Peering :Virtual network peering enables you to seamlessly connect two or more Virtual Networks in Azure. Traffic will flow via azure backbone network You can connect vnet in same region or different region (global vnet peering ) You can connect vnet across different subscription Make sure IP address doesn't conflict between vnets

Routing Mahammad Kubaib Learn about how Azure routes traffic between Azure, on-premises, and Internet resources. Azure automatically creates a route table for each subnet within an Azure virtual network and adds system default routes to the table System routes (default routes) Custom routes (user defined routes) Azure virtual network traffic routing | Microsoft Docs

Mahammad Kubaib

internal.cloudapp.net Azure DNS Mahammad Kubaib Azure DNS is a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records by using the same credentials, APIs, tools, and billing as your other Azure services. Default DNS (internal.cloudapp.net) Custom DNS (your own dns server) Private DNS zone : Azure Private DNS provides a reliable and secure DNS service for your virtual network. Azure Private DNS manages and resolves domain names in the virtual network without the need to configure a custom DNS solution Default dns: Internal.cloudapp.net

Storage account Mahammad Kubaib An Azure storage account contains all of your Azure Storage data objects: blobs, file shares, queues, tables, and disks. Azure Premium Files provides fully managed file services optimized to deliver consistent performance. It s designed for IO intensive enterprise workloads that require high throughput and a single digit millisecond latency. Premium Files stores data on the latest solid-state drives (SSDs), which makes it suitable for a wide variety of workloads like file services, databases Burst IOPS Azure Netapp Files The Azure NetApp Files service is an enterprise-class, high-performance, metered file storage service https://docs.microsoft.com/en-us/azure/azure-netapp-files/azure-netapp-files-understand-storage-hierarchy

Service and Private End points Mahammad Kubaib Service End Points Virtual Network (VNet) service endpoint provides secure and direct connectivity to Azure services over an optimized route over the Azure backbone network. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Azure Private Endpoint is a network interface that connects you privately and securely to a service powered by Azure Private Link. Private Endpoint uses a private IP address from your VNet, effectively bringing the service into your VNet. Note: A service endpoint extends your VNet to the Azure service, whereas the private endpoints extend the service into your VNet (using an IP address in your subnet.)

Azure VPN gateway Mahammad Kubaib A VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet. You can also use a VPN gateway to send encrypted traffic between Azure virtual networks over the Microsoft network. Each virtual network can have only one VPN gateway Types Point-to-Site, Site-to-Site, and ExpressRoute Prerequisites Vnet, Gateway Subnet, Local network Gateway, Public IP address

Azure Firewall Mahammad Kubaib Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. Azure Firewall Premium is a next generation firewall with capabilities that are required for highly sensitive and regulated environments. These capabilities include TLS inspection, IDPS, URL filtering, and Web categories.

Azure Key vault and encryption Mahammad Kubaib Azure Key Vault is a cloud service for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys. Azure Disk Encryption helps protect and safeguard your data to meet your organizational security and compliance commitments. It uses the BitLocker feature of Windows to provide volume encryption for the OS and data disks of Azure virtual machines (VMs), and is integrated with Azure Key Vault to help you control and manage the disk encryption keys and secrets. Platform-managed keys By default, managed disks use platform-managed encryption keys. All managed disks, snapshots, images, and data written to existing managed disks are automatically encrypted-at-rest with platform-managed keys. Customer-managed keys You can choose to manage encryption at the level of each managed disk, with your own keys. Server-side encryption for managed disks with customer- managed keys offers an integrated experience with Azure Key Vault.

Log analytics workspace Mahammad Kubaib Azure Log Analytics Workspace is the logical storage unit where log data is collected and stored. It can be considered as the basic management unit of Azure Monitor Logs. It is used to collect data from various sources such as Azure Virtual Machines, Windows or Linux Virtual Machines, Azure Resources in a subscription, etc. This blog will brief you on what is an Azure Log Analytics Workspace and how to manage it.