WHERE TO START AZURE

If you have basic understanding of cloud computing, while new to Azure, I recommend starting with the following:

• Bookmark Azure documentation for finding all published Azure product documents including tutorials, demos, sample scripts/code, etc., if not sure where to start.
• If already with an Azure subscription, use Quickstart Center – Microsoft Azure and select Azure Setup Guide. If not, may test it out with a free trial account.
• Review Azure Architecture Center and explore architectures and guides for different technologies.
• Prepare for cloud adoption – Cloud Adoption Framework
  • Azure setup guide overview – Cloud Adoption Framework
  • A starting point for readiness guidance in the Cloud Adoption Framework

I believe less is more. The above should be sufficient to get you situated.

Azure Landing Zone Document Extracts and Notes

What is an Azure landing zone? – Cloud Adoption Framework

Landing zone implementation options – Cloud Adoption Framework

• Overview of landing zone options
• Deploy a migration landing zone in Azure

“A migration landing zone is an environment that’s been provisioned and prepared to host certain workloads. These workloads are being migrated from an on-premises environment into Azure.”

Deploy a CAF Foundation blueprint in Azure

“The CAF Foundation blueprint does not deploy a landing zone. Instead, it deploys the tools required to establish a governance MVP (minimum viable product) to begin developing your governance disciplines. This blueprint is designed to be additive to an existing landing zone and can be applied to the CAF Migration landing zone blueprint with a single action.”

Get help building a landing zone – Cloud Adoption Framework

“Getting your Azure landing zone (ALZ) done right and on time is important. Working with a certified Azure partner is a great way to get the support you need to build your ALZ.”

• Option 1 – use Azure Migrate and Modernize.
• Option 2 – find a partner offer for a landing zone in our marketplace.

Azure landing zone FAQ

• Which are the recommended accelerators and implementations for Azure landing zones?
• What about our management group hierarchy?

Azure Storage/Files/File Sync/Defenses for Ransomware Attack Document Extracts and Notes

Service	Description	Documentation/Note
Azure Storage Account	An Azure storage account contains all of your Azure Storage data objects: blobs, files, queues, and tables. The storage account provides a unique namespace for your Azure Storage data that is accessible from anywhere in the world over HTTP or HTTPS.	Azure Storage Redundancy Create a storage account Azure Blob Storage pricing SLA for storage
Azure Storage Types	Azure Blobs: A massively scalable object store for text and binary data. Also includes support for big data analytics through Data Lake Storage Gen2. Azure Files: Managed file shares for cloud or on-premises deployments. Azure Elastic SAN (preview): A fully integrated solution that simplifies deploying, scaling, managing, and configuring a SAN in Azure. Azure Queues: A messaging store for reliable messaging between application components. Azure Tables: A NoSQL store for schemaless storage of structured data. Azure managed Disks: Block-level storage volumes for Azure VMs.	Azure Storage data services Azure Blob Storage documentation Azure Files documentation Azure Elastic SAN documentation Azure Queue storage documentation Azure Table storage documentation Azure VM documentation
Access to Azure Storage	By default, every resource in Azure Storage is secured, and every request to a secure resource must be authorized. Understand authorization for data operations	Authorize access to Azure blobs using AAD Authorize with Shared Key (REST API) Grant limited access to Azure Storage with shared access signatures (SAS)
Microsoft Defender for Cloud   Microsoft Defender for Storage	Azure Defender for Cloud is a cloud-native application protection platform (CNAPP) with a set of security measures and practices designed to protect cloud-based applications from various cyber threats and vulnerabilities. Defender for Cloud combines the capabilities of Cloud security operations (DevSecOps), Cloud security posture management (CSPM), and Cloud workload protection platform (CWPP) with specific protections for servers, containers, storage, databases, and other workloads Azure Defender for Storage is a cloud-native security solution that provides malware scanning, threat protection, security alerts, etc. for your data stored in Azure Blob Storage and Azure Files .	Microsoft Defender for Cloud documentation Microsoft Defender for Cloud pricing Microsoft Defender for Storage Malware Scanning in Defender for Storage Microsoft Defender for Storage – Price Estimation Dashboard
Azure Defenses for Ransomware Attack	Ransomware attacks target your data, your backups, and also key documentation and the best way to prevent falling victim to ransomware is to implement preventive measures and have tools that protect your organization from every step that attackers take to infiltrate your systems. Azure features & resources that help you protect, detect, and respond Azure Defenses for Ransomware Attack (eBook) You should assume that at some point in time you will fall victim to a ransomware attack. Steps to take before an attack Steps to take during an attack Post attack or simulation Quickly configure for ransomware prevention in your organization One of the most important steps you can take to protect your data and avoid paying a ransom is to have a reliable backup and restore plan for your business-critical information. Since ransomware attackers have invested heavily into neutralizing backup applications and operating system features like volume shadow copy, it is critical to have backups that are inaccessible to a malicious attacker. Azure backup and restore plan to protect against ransomware | Microsoft Learn FAQ – Protect backups from Ransomware with Azure Backup	Ransomware and extortion Ransomware protection in Azure
Azure Storage Access Tiers	Hot tier An online tier optimized for storing data that is accessed or modified frequently. The hot tier has the highest storage costs but the lowest access costs. Cool tier An online tier optimized for storing data that is infrequently accessed or modified. Data in the cool tier should be stored for a minimum of 30 days. The cool tier has lower storage costs and higher access costs compared to the hot tier. Cold tier An online tier optimized for storing data that is infrequently accessed or modified. Data in the cold tier should be stored for a minimum of 90 days. The cold tier has lower storage costs and higher access costs compared to the cool tier. Archive tier An offline tier optimized for storing data that is rarely accessed and that has flexible latency requirements, on the order of hours. Data in the archive tier should be stored for a minimum of 180 days.	Azure Blob Storage documentation Setting the access tier is only allowed on Block Blobs. They are not supported for Append and Page Blobs. When your data is stored in an online access tier (either hot, cool or cold), users can access it immediately. The hot, cool, and cold tiers support all redundancy configurations.
Azure Files	Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol, Network File System (NFS) protocol, and Azure Files REST API. Azure file shares can be mounted concurrently by cloud or on-premises deployments including: To replace or supplement on-premises file servers For “Lift and shift” applications Containerization	Azure Files documentation Replace your file server with a serverless Azure file share Azure file shares in a hybrid environment Azure Files pricing Azure Files billing
Azure File Sync	Most frequently accessed files are cached on your local server and your least frequently accessed files are tiered to the cloud. With cloud tiering enabled, this feature stores only frequently accessed (hot) files on your local server. Infrequently accessed (cool) files are split into namespace (file and folder structure) and file content. The namespace is stored locally and the file content stored in an Azure file share in the cloud. Azure File Sync is ideal for distributed access scenarios. For each of your offices, you can provision a local Windows Server as part of your Azure File Sync deployment. Changes made to a server in one office automatically sync to the servers in all other offices. Azure File Sync is backed by Azure Files, which offers several redundancy options for highly available storage. Because Azure contains resilient copies of your data, your local server becomes a disposable caching device, and recovering from a failed server can be done by adding a new server to your Azure File Sync deployment.	Azure File Sync documentation Understand Azure File Sync cloud tiering Configure Azure Files and Azure File Sync Implement a hybrid file server infrastructure Extend your on-premises file share capacity using Azure File Sync
Azure NetApp Files	It is an Azure native, first-party, enterprise-class, high-performance file storage service. It provides NAS volumes as a service for which you can create NetApp accounts, capacity pools, select service and performance levels, create volumes, and manage data protection.	Azure NetApp Files documentation Create a NetApp account Azure NetApp Files pricing
Azure Backup Policy	You can use backup policies to define backup schedules and retention policies for your backups. Azure Policy built-in definitions for Azure Backup Soft delete for Azure Backup	Azure Backup documentation Azure Backup pricing
Azure File Alert Settings	You can configure alerts on your file shares to notify you when specific events occur. Monitoring Azure Backup workloads Azure Monitor alerts for Azure Backup Configuring notifications for alerts	Azure Monitor documentation Azure Monitor pricing

Why Azure Arc

For IT decision makers, here’s why it’s pertinent to consider Azure Arc:

• An integrated management and governance solution that is centralized and unified, providing streamlined control and oversight.
• Securely extending your on-prem and non-Azure resources into Azure Resource Manager (ARM), empowering you to:
  • Define, deploy, and manage resources in a declarative fashion using JSON template for dependencies, configuration settings, policies, etc.
  • Manage Azure Arc-enabled servers, Kubernetes clusters, and databases as if they were running in Azure with consistent user experience.
  • Harness your existing Windows and Azure sysadmin skills honed from on-premises deployment.
• When connecting to Azure Arc-enabled servers, you may perform many operational functions, just as you would with native Azure VMs including these key supported actions:
  • Govern
    • Assign Azure Automanage machine configurations to audit settings inside the machine.
  • Protect
    • Secure non-Azure servers with Microsoft Defender for Endpoint, included through Microsoft Defender for Cloud, for threat detection, vulnerability management, and proactive monitoring for potential security threats. Microsoft Defender for Cloud presents the alerts and remediation suggestions from the threats detected.
  • Configure
    • Use Azure Automation and Update Management for your Windows and Linux servers. (Ref: 1, 2)
  • Monitor
    • Keep an eye on OS, processes, and dependencies along with other resources using VM insights. Additionally collect, store, and analyze OS as well as workload logs, performance data, and events. Which may be injected into Microsoft Sentinel real-time analysis, threat detection, and proactive security measures across the entire IT environment.

Extended Security Updates (ESUs) is enabled by Azure Arc. IT can seamlessly deploy ESUs through Azure Arc in on-premises or multi-cloud environments, right from the Azure portal. In addition to providing a centralized management of security patching, ESUs enabled by Azure Arc is flexible with a pay-as-you-go subscription model compared to the classic ESU offered through the Volume Licensing Center which are purchased in yearly increments.

To test it out, follow Quickstart – Connect hybrid machine with Azure Arc-enabled servers.