Azure Storage/Files/File Sync/Defenses for Ransomware Attack Document Extracts and Notes

Service	Description	Documentation/Note
Azure Storage Account	An Azure storage account contains all of your Azure Storage data objects: blobs, files, queues, and tables. The storage account provides a unique namespace for your Azure Storage data that is accessible from anywhere in the world over HTTP or HTTPS.	Azure Storage Redundancy Create a storage account Azure Blob Storage pricing SLA for storage
Azure Storage Types	Azure Blobs: A massively scalable object store for text and binary data. Also includes support for big data analytics through Data Lake Storage Gen2. Azure Files: Managed file shares for cloud or on-premises deployments. Azure Elastic SAN (preview): A fully integrated solution that simplifies deploying, scaling, managing, and configuring a SAN in Azure. Azure Queues: A messaging store for reliable messaging between application components. Azure Tables: A NoSQL store for schemaless storage of structured data. Azure managed Disks: Block-level storage volumes for Azure VMs.	Azure Storage data services Azure Blob Storage documentation Azure Files documentation Azure Elastic SAN documentation Azure Queue storage documentation Azure Table storage documentation Azure VM documentation
Access to Azure Storage	By default, every resource in Azure Storage is secured, and every request to a secure resource must be authorized. Understand authorization for data operations	Authorize access to Azure blobs using AAD Authorize with Shared Key (REST API) Grant limited access to Azure Storage with shared access signatures (SAS)
Microsoft Defender for Cloud   Microsoft Defender for Storage	Azure Defender for Cloud is a cloud-native application protection platform (CNAPP) with a set of security measures and practices designed to protect cloud-based applications from various cyber threats and vulnerabilities. Defender for Cloud combines the capabilities of Cloud security operations (DevSecOps), Cloud security posture management (CSPM), and Cloud workload protection platform (CWPP) with specific protections for servers, containers, storage, databases, and other workloads Azure Defender for Storage is a cloud-native security solution that provides malware scanning, threat protection, security alerts, etc. for your data stored in Azure Blob Storage and Azure Files .	Microsoft Defender for Cloud documentation Microsoft Defender for Cloud pricing Microsoft Defender for Storage Malware Scanning in Defender for Storage Microsoft Defender for Storage – Price Estimation Dashboard
Azure Defenses for Ransomware Attack	Ransomware attacks target your data, your backups, and also key documentation and the best way to prevent falling victim to ransomware is to implement preventive measures and have tools that protect your organization from every step that attackers take to infiltrate your systems. Azure features & resources that help you protect, detect, and respond Azure Defenses for Ransomware Attack (eBook) You should assume that at some point in time you will fall victim to a ransomware attack. Steps to take before an attack Steps to take during an attack Post attack or simulation Quickly configure for ransomware prevention in your organization One of the most important steps you can take to protect your data and avoid paying a ransom is to have a reliable backup and restore plan for your business-critical information. Since ransomware attackers have invested heavily into neutralizing backup applications and operating system features like volume shadow copy, it is critical to have backups that are inaccessible to a malicious attacker. Azure backup and restore plan to protect against ransomware | Microsoft Learn FAQ – Protect backups from Ransomware with Azure Backup	Ransomware and extortion Ransomware protection in Azure
Azure Storage Access Tiers	Hot tier An online tier optimized for storing data that is accessed or modified frequently. The hot tier has the highest storage costs but the lowest access costs. Cool tier An online tier optimized for storing data that is infrequently accessed or modified. Data in the cool tier should be stored for a minimum of 30 days. The cool tier has lower storage costs and higher access costs compared to the hot tier. Cold tier An online tier optimized for storing data that is infrequently accessed or modified. Data in the cold tier should be stored for a minimum of 90 days. The cold tier has lower storage costs and higher access costs compared to the cool tier. Archive tier An offline tier optimized for storing data that is rarely accessed and that has flexible latency requirements, on the order of hours. Data in the archive tier should be stored for a minimum of 180 days.	Azure Blob Storage documentation Setting the access tier is only allowed on Block Blobs. They are not supported for Append and Page Blobs. When your data is stored in an online access tier (either hot, cool or cold), users can access it immediately. The hot, cool, and cold tiers support all redundancy configurations.
Azure Files	Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol, Network File System (NFS) protocol, and Azure Files REST API. Azure file shares can be mounted concurrently by cloud or on-premises deployments including: To replace or supplement on-premises file servers For “Lift and shift” applications Containerization	Azure Files documentation Replace your file server with a serverless Azure file share Azure file shares in a hybrid environment Azure Files pricing Azure Files billing
Azure File Sync	Most frequently accessed files are cached on your local server and your least frequently accessed files are tiered to the cloud. With cloud tiering enabled, this feature stores only frequently accessed (hot) files on your local server. Infrequently accessed (cool) files are split into namespace (file and folder structure) and file content. The namespace is stored locally and the file content stored in an Azure file share in the cloud. Azure File Sync is ideal for distributed access scenarios. For each of your offices, you can provision a local Windows Server as part of your Azure File Sync deployment. Changes made to a server in one office automatically sync to the servers in all other offices. Azure File Sync is backed by Azure Files, which offers several redundancy options for highly available storage. Because Azure contains resilient copies of your data, your local server becomes a disposable caching device, and recovering from a failed server can be done by adding a new server to your Azure File Sync deployment.	Azure File Sync documentation Understand Azure File Sync cloud tiering Configure Azure Files and Azure File Sync Implement a hybrid file server infrastructure Extend your on-premises file share capacity using Azure File Sync
Azure NetApp Files	It is an Azure native, first-party, enterprise-class, high-performance file storage service. It provides NAS volumes as a service for which you can create NetApp accounts, capacity pools, select service and performance levels, create volumes, and manage data protection.	Azure NetApp Files documentation Create a NetApp account Azure NetApp Files pricing
Azure Backup Policy	You can use backup policies to define backup schedules and retention policies for your backups. Azure Policy built-in definitions for Azure Backup Soft delete for Azure Backup	Azure Backup documentation Azure Backup pricing
Azure File Alert Settings	You can configure alerts on your file shares to notify you when specific events occur. Monitoring Azure Backup workloads Azure Monitor alerts for Azure Backup Configuring notifications for alerts	Azure Monitor documentation Azure Monitor pricing