Cloud Reference

Towards Identity as a Service (IDaaS)

Organizations of any size require a single way to do identity, whether it will be for employees, partners, consumers, devices, “things”, etc. As of today, anything must be able to have a digital relationship – and connect – to anything else. After reviewing the main industry trends organizations have to cope with, the document explores the reasons why organizations of any size will increasingly use and rely on cloud services to solve cloud era problems, and thus why a new service-based model will emerge for identity combining more advanced capabilities with externalization of operations to achieve reduction in risk, effort and cost. As such, through the analysis of both the business-to-employees (B2E), business-to-business (B2B), and business-to-consumers (B2C) scenarios, and their main characteristics as far as identity is at least concerned, the document discusses why Identity as a Service (IDaaS) – a service combining identity, security (and privacy), personalization and directory – will require that we move beyond the models of identity management that have guided our thinking to date, along with the possible (technical) paths. IDaaS will eventually manage everything from employees and customers to the Internet of Things (IoT).

Leverage Azure Multi-Factor Authentication with Azure AD

With escalating IT security threats and a growing number of users, Software-as-a-Service (SaaS) applications, and devices, multi-factor authentication is becoming the new standard for securing access and how businesses ensure trust in a multi-device, mobile, cloud world. Passwords not enough strong can be easily compromised, and the consumerization of IT along with the Bring-Your-Own-Device (BYOD) trend have only increased the scope of vulnerability. Regulatory agencies agree and have mandated its use across a broad range of industries. Azure Multi-Factor Authentication (Azure MFA) helps reduce organizational risk and enable regulatory compliance by providing an extra layer of authentication in addition to a user’s account credentials. For that purpose, it leverages for additional authentication a convenient form factor that the users already have (and care about): their phone. During sign in, users must also authenticate using the mobile app or by responding to an automated phone call or text message before access is granted. An attacker would need to know the user’s password and have in their possession of the user’s phone to sign in. As a solution for both cloud-based and on-premises applications, Azure MFA can notably be used as part of the Azure Active Directory (Azure AD) authentication.

Leverage Azure MFA Server with AD FS in Windows Server 2012 R2

With escalating IT security threats and a growing number of users, Software-as-a-Service (SaaS) applications, and devices, multi-factor authentication is becoming the new standard for securing access and how businesses ensure trust in a multi-device, mobile, cloud world. Passwords not enough strong can be easily compromised, and the consumerization of IT along with the Bring-Your-Own-Device (BYOD) trend have only increased the scope of vulnerability. Regulatory agencies agree and have mandated its use across a broad range of industries. Azure Multi-Factor Authentication (Azure MFA) helps reduce organizational risk and enable regulatory compliance by providing an extra layer of authentication in addition to a user’s account credentials. For that purpose, it leverages for additional authentication a convenient form factor that the users already have (and care about): their phone. During sign in, users must also authenticate using the mobile app or by responding to an automated phone call or text message before access is granted. An attacker would need to know the user’s password and have in their possession of the user’s phone to sign in. As a solution for both cloud-based and on-premises applications, Azure MFA can notably be used as part of the Azure Active Directory authentication.

Leverage Azure AD for modern business applications

Identity management, provisioning, role management, and authentication are key services both on-premises and through the (hybrid) cloud. With the “Bring Your Own Apps” (BYOA) for the cloud and Software as a Service (SaaS) applications, the desire to better collaborate a la Facebook with the “social” enterprise, the need to support and integrate with social networks, which leads to a Bring Your Own Identity (BYOI) trend, identity becomes a service where identity “bridges” in the cloud talk to on-premises directories or the directories themselves move and/or are located in the cloud. Active Directory (AD) is a Microsoft brand for identity related capabilities. In the on-premises world, AD provides a set of identity capabilities and services and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). Azure Active Directory (Azure AD) is AD reimagined for the cloud, designed to solve for you the new identity and access challenges that come with the shift to a cloud-centric, multi-tenant world. Azure AD can be truly seen as an Identity Management as a Service (IdMaaS) cloud multi-tenant service for modern business applications. This document is intended for system architects, and developers who are interested in understanding the various options for using identities in their applications based on the Azure AD foundation and how to leverage the related capabilities.

Introducing Azure Active Directory B2B collaboration

Azure AD, the Identity Management as a Service (IDaaS) cloud multi-tenant service with proven ability to handle billions of authentications per day, extends its capabilities with a feature for simply and securely sharing corporate applications with your business partners: Azure AD B2B (business-to-business) collaboration. This feature, in public preview, helps secure business-to-business collaboration with the partner organizations that you work with every day. It provides simplified management and security for partners and other external users accessing your in-house resources using Azure AD as the control plane. This includes access to popular cloud applications such as Salesforce, Dropbox, Workday, and of course, Office 365 – and all of this is in addition to your mobile, cloud, and on-premises claims-aware corporate applications. Azure AD B2B collaboration is easy to configure and easy to maintain. This document is intended for IT professionals, system architects, and developers who are interested in understanding how Azure AD B2B collaboration helps supporting your cross-company relationships by enabling partners to selectively access your corporate applications and data using their self-managed identities, and how to leverage the related capabilities.

Azure AD & Windows 10: Better Together for Work or School

The document demonstrates how Azure AD and Windows 10 can enable together the most frequent and relevant CoIT scenarios. With the consumerization of IT (CoIT) along with the Bring Your Own Device (BYOD) trend, organizations of all sizes are facing growing needs to protect and control corporate sensitive information whilst being pressured to provide a seamless access to it from an end-user perspective. Thinking about CoIT indeed necessarily leads to some security and management challenges. It’s all the more so with the move the Cloud to save cost and bring agility as a result of the modernization of IT, the explosion of information with dispersed enterprise data, the Social Enterprise and its applications enabling new collaboration, etc. Microsoft has enabled CoIT through many technologies for many years and now helps IT professionals face security, compliance and compatibility issues they might deal with and give users access to corporate intellectual property from ubiquitous devices, both managed and unmanaged. With the availability of Windows 10, Microsoft continues the above investments to provide even more compelling experiences for end users whilst bringing additional and richer controls for IT professionals to master the company assets thanks to Azure AD.

An overview of Azure Active Directory B2C

Azure AD, the Identity Management as a Service (IDaaS) cloud multi-tenant service with proven ability to handle billions of authentications per day, extends its capabilities to manage consumer identities with a new service for Business-to-Consumer: Azure AD B2C. Azure AD B2C is a comprehensive, cloud-based, consumer identity and access management solution for your consumer-facing applications that can be integrated in any platform and accessed from any device. Azure AD B2C enables social as well as arbitrary email address/username and password login, customized self-service sign-up, and self-service password reset for consumers of your application, and even more. This increases convenience for your consumers while reducing load on your developers, and Azure AD B2C is a highly available global service that can support hundreds of millions of consumer identities. This document is intended for IT professionals, system architects, and developers who are interested in understanding how Azure AD B2C help managing identities for their consumer-facing application in their (hybrid) cloud environment and how to leverage the related features.

An overview of Azure Active Directory

Identity management, provisioning, role management, and authentication are key services both on-premises and through the (hybrid) cloud. With the Bring Your Own Apps (BYOA) for the cloud and Software as a Service (SaaS) applications, the desire to better collaborate a la Facebook with the “social” enterprise, the need to support and integrate with social networks, which leads to a Bring Your Own Identity (BYOI) trend, identity becomes a service where identity “bridges” in the cloud talk to on-premises directories or the directories themselves move and/or are located in the cloud. Active Directory (AD) is a Microsoft brand for identity related capabilities. In the on-premises world, AD provides a set of identity capabilities and services and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). Azure Active Directory (Azure AD) is AD reimagined for the cloud, designed to solve for you the new identity and access challenges that come with the shift to a cloud-centric, multi-tenant world. Azure AD can be truly seen as an Identity Management as a Service (IdMaaS) cloud multi-tenant service. This document is intended for IT professionals, system architects, and developers who are interested in understanding the various options for managing and using identities in their (hybrid) cloud environment based on the Azure AD offerings and how to leverage their related capabilities.

Active Directory from on-premises to the cloud

Identity management, provisioning, role management, and authentication are key services both on-premises and through the (hybrid) cloud. With the Bring Your Own Apps (BYOA) for the cloud and Software as a Service (SaaS) applications, the desire to better collaborate a la Facebook with the “social” enterprise, the need to support and integrate with social networks, which lead to a Bring Your Own Identity (BYOI) trend, identity becomes a service where identity “bridges” in the cloud talk to on-premises directories or the directories themselves move and/or are located in the cloud. Active Directory (AD) is a Microsoft brand for identity related capabilities. In the on-premises world, AD provides a set of identity capabilities and services and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). Azure Active Directory (Azure AD) is AD reimagined for the cloud, designed to solve for you the new identity and access challenges that come with the shift to a cloud-centric, multi-tenant world. Azure AD can be truly seen as an Identity Management as a Service (IDaaS) cloud multi-tenant service. This goes far beyond taking AD and simply running it within a VM in Azure. This document is intended for IT professionals, system architects, and developers who are interested in understanding the various options for managing and using identities in their (hybrid) cloud environment based on the AD foundation. AD, AD in Azure and Azure AD are indeed useful for slightly different scenarios.

Azure AD/Office 365 Single Sign-On with Shibboleth 2

Through its support for the SAML 2.0 protocol, Internet2 Shibboleth 2 provides claims-based web single sign-on (also known as identity federation) with Azure Active Directory and related services such as the Microsoft Office 365 offering and its web and e-mail rich client applications like Outlook. Building on existing documentation, this document is intended to provide a better understanding of the different single sign-on deployment options for Azure AD/Office 365, and to describe how to enable single sign-on using corporate credentials and the Shibboleth 2 Identity Provider to Azure AD/Office 365, and the different configuration elements to be aware of for such deployment. This document is intended for system architects and IT professionals who are interested in understanding the basics of the single sign-on feature of Azure AD/Office 365 with Shibboleth 2 along with planning and deploying such a system in their environment.

Azure AD/Office 365 seamless sign-in – Understand and implement PTA and seamless SSO

Azure AD pass-through authentication (PTA) provides a simple solution for having password validation for Azure AD/Office 365 performed against the organization’s Active Directory infrastructure, without the need for complex network infrastructure or for the on-premises passwords to exist in the cloud in any form. Moreover, the seamless single sign-on (SSO) feature allows end-users to only need to type their username and not their password to sign in to Azure AD/Office 365 or other cloud apps and services when they are on their corporate machines and connected on the organization’s corporate network. In addition to the first part, which is intended to provide a better understanding of the multiple seamless sign-in deployment options provided by Azure AD/Office 365, this document more specifically discusses how to enable PTA and seamless SSO using corporate Active Directory credentials to access Azure AD/Office 365, and the different configuration elements to be aware of for such deployment, this document provides a complete end-to-end walkthrough to rollout a fully operational configuration in Azure. By following the steps outlined in this document you should be able to successfully configure your environment to deploy the PTA and seamless SSO features, and start using it within your organization to provide a seamless sign-in experience for end-users accessing Azure AD/Office 365 resources.

Azure AD/Office 365 seamless sign-in – Understand and implement PHS and seamless SSO

Password hash synchronization (PHS) is a feature to synchronize user passwords from an on-premises Active Directory to a cloud-based Azure AD tenant. This feature enables end-users to sign into Azure AD services, such as Office 365, Microsoft Intune, CRM Online, and Azure AD Domain Services, using the same password they’re using to sign in to their organization’s on-premises Active Directory. Moreover, the seamless single sign-on (SSO) feature allows end-users to only need to type their username and not their password to sign in to Azure AD/Office 365 or other cloud apps and services when they are on their corporate machines and connected on the organization’s corporate network. In addition to the first part, which is intended to provide a better understanding of the multiple seamless sign-in deployment options provided by Azure AD/Office 365, this document more specifically discusses how to enable PHS and seamless SSO using corporate Active Directory credentials to access Azure AD/Office 365, and the different configuration elements to be aware of for such a deployment. This document provides a complete end-to-end walkthrough to rollout a fully operational configuration in Azure. By following the steps outlined in this document you should be able to successfully configure your environment to deploy the PHS and seamless SSO features, and start using it within your organization to provide a seamless sign-in experience for end-users accessing Azure AD/Office 365 resources.

Azure AD/Office 365 seamless sign-in – Implement single sign-on (SSO) with AD FS in Windows Server 2016

Through its support for standard protocols, Active Directory Federation Services (AD FS) provides claims-based (Web) single sign-on (also known as identity federation) with Azure Active Directory (Azure AD), and related services such has the Microsoft Office 365 offering and its Web application and rich client applications. In addition to the third part, which is intended to provide a better understanding of the different single sign-on deployment options with Azure AD/Office 365, how to enable single sign-on using corporate Active Directory credentials and AD FS to Azure AD/Office 365, and the different configuration elements to be aware of for such deployment, this document provides a complete end-to-end walkthrough to rollout a fully operational configuration in Azure. By following the steps outlined in this document you should be able to successfully configure your environment to deploy AD FS, setup Azure AD/Office 365 single sign-on, and start using it within your organization to provide a seamless sign-in experience for end-users accessing Azure AD/Office 365 resources.

Azure AD/Office 365 seamless sign-in – Implement single sign-on (SSO) with AD FS in Windows Server 2012 R2

By following the steps outlined in this document you should be able to successfully configure your environment to deploy AD FS, setup Azure AD/Office 365 single sign-on, and start using it within your organization to provide a seamless sign-in experience for end-users accessing Azure AD/Office 365 resources.

Azure AD/Office 365 seamless sign-in – Understand single sign-on (SSO) with AD FS in Windows Server 2012 R2

This document is intended for system architects and IT professionals who are interested in understanding the basics of the single sign-on feature of Azure AD/Office 365 with AD FS along with planning and deploying such a deployment in their environment.

Azure AD/Office 365 seamless sign-in – Build a base configuration for an evaluation environment

By following the steps outlined in this document you should be able to successfully deploy a base configuration for a test lab environment that will allow you evaluate the various deployment options offered by Azure AD/Office 365 to provide seamless sign-in experiences for end-users accessing Azure AD/Office 365 resources.

Azure AD/Office 365 seamless sign-in – Choose the best option to fulfill your requirements

This document is intended for system architects and IT professionals who are interested in understanding the basics of the seamless sign-in features of Azure AD/Office 365 along with planning and deploying such a deployment in their environment.

Organizational Security & Compliance in Office 365 – Exchange Online

Technical Guidance on using Organizational Security & Compliance features in Office 365 – Exchange Online

Share protected content with Azure Rights Management

This document provides information about the Rights Management sharing applications to share protected content on all important devices and the Rights Management for individuals to enable anyone to share protected content.

Leverage the Rights Management Connector for your premises

This document provides information about the Microsoft Rights Management connector and how it can be used to provide information protection within existing on-premises deployments that use Exchange Server, Office SharePoint Server or operating systems such as Windows Server 2008 R2 or Windows Server 2012. By following the steps outlined in this document you should be able to successfully prepare your environment to deploy the Azure Rights Management service (Azure RMS), install and configure the Rights Management connector, and start using it within your organization to create and consume protected content.

Leverage the Mobile Device Extension for AD RMS

This document provides information about the Mobile Device Extension for AD RMS, and how it can be deployed on top of existing Windows Server 2012 and Windows Server 2012 R2-based AD RMS clusters to support the important devices with mobile RMS-enlightened applications.

Information Protection and Control (IPC) in Office 365 with Azure Rights Management

This document is intended to help you previewing and evaluating the Azure Rights Management service technology. For that purpose it contains, as an introduction, a brief information on IPC and the Azure Rights Management service that helps you understand what it is, and how it differs from on-premises Active Directory Rights Management Services (AD RMS). It provides step-by-step information on how to configure and use the Azure Rights Management service to perform rights protection on your corporate content, as well as other details and requirements you would need to successfully evaluate the Azure Rights Management service technology in your environment.

Security Incident Management in Microsoft Dynamics 365

This document describes how Microsoft handles security incidents in Dynamics 365. The Dynamics 365 Security team and various service teams work jointly and take the same approach to security incidents: Preparation; Detection and Analysis; Containment, Eradication, and Remediation; and Post-Incident Activity.

Get Usage Logs from Azure Rights Management

By following the steps outlined in this document you should be able to successfully prepare your environment to leverage this capability, enable it, and monitor the usage of your Azure Rights Management service’s tenant over the time, and thus start using the service within your organization to create and consume protected content in compliance with your own security and IT policies in place

Configuring Azure RMS with federation on-premises for Office client applications

This document is intended to help you evaluating this newly introduced capability. For that purpose, it provides step-by-step information on how to configure and use Azure RMS to perform content protection on your corporate Office document in conjunction with federation on-premises, as well as other details and requirements you would need to successfully evaluate Azure RMS in a federated environment like this.

Protect and control your key information assets through information classification

In this context, this document discusses information classification as the foundation of the cross-organization effort, the suggested approach to sustain such an effort and thus to handle and manage information assets on that basis, as well as the Microsoft services, products, and technologies to consider in this context to implement a relevant information classification and enforcement infrastructure, which constitutes the starting point for an effective Information Protection (IP) system.

Content Encryption in Microsoft Office 365

This document provides an overview of the various encryption technologies that are currently available or recently announced for Office 365, including features deployed and managed by Microsoft and by customers.

To Public Cloud or Not to Public Cloud? 5 Questions the C-Suite Wants Answered

This white paper addresses five key questions to consider.

Active Directory Federation Services with Hosted Applications

Technical Guidance for deploying Active Directory Federation Services for Cloud Solution Provider (CSP) partners hosting tenant domains in a single forest infrastructure.

Office 365: An Introductory Guide

In this white paper, we will explore how one kind of public cloud system, Office 365, works.

Managing Software-Defined Networks whith Autonomic IT

This whitepaper explores the benefits of incorporating network topology and traffic-matrix information in VM placement decisions, as well as the challenges preventing organizations from doing so today.

Top Challenges in Storage Virtualization (and how to overcome them)

This white paper explores the challenges of controlling the data center's virtualized storage infrastructure.

The State of Latency, Containers & Microservices

Survey Methodologies & Results

Top Four Considerations When Choosing Your SoftLayer Data Center Location

In this white paper, we will discuss the business and technical reasons to choose a specific data center, or at least narrow down the list to a few that are all equally suitable.

Tips and Tricks to Speed AWS Deployment

What pitfalls exist, and how can you avoid them? How can you best save time and money?

Introduction to Amazon Relational Database Service (Amazon RDS)

This paper describes how you can set up Amazon RDS and use it as a drop-in replacement for traditional DBMS, with all the cost, scaling, and agility advantages of deploying software in the cloud.

Legal Issues of Cloud Forensics

Many companies have entered the cloud without first checking the weather forecast or performing a risk analysis.

A Practical View of NIST’s Cloud Definition

The National Institute of Standards and Technology (NIST) has created a robust, comprehensive cloud definition that has been well-accepted across the IT industry. In this paper we explore the center core of NIST's cloud definition, which has been well accepted throughout the IT industry across vendors, service suppliers, IT organizations, and customers.

Cloud Computing: What It Is and What It Can Do for You

The cloud is a great marketing term, with lots of hype behind it. This white paper will define cloud computing using a commonly accepted definition to get past the hype.

Capacity Management in the Modern Data Center

IT infrastructure-capacity-management tools can generate infrastructure capacity-related reports, are able to perform historical data analysis and capacity-related analytics, and have IT and business scenario-planning abilities.

Virtualization and Cloud Computing: Does One Require the Other?

This white paper examines the relationship between cloud computing and virtualization. Many people believe that cloud computing requires server (or desktop) virtualization. But does it? We will look at using virtualization without cloud computing, cloud computing without virtualization, and then look at using both together. In each case, we’ll look at where each deployment might be most useful, some use cases for it, and some limitations.

Software Problems and How Docker Addresses Them

Docker allows software systems to be packaged and maintained in images. Images are templates that describe the software in the package, and, if needed, the software infrastructure (for example, libraries, configuration files, etc.) needed for the software to run.

Backing Up Servers to the Microsoft Cloud

By far the easiest way to get an initial experience with Azure, "the Microsoft cloud," is by using it to back up one or more Windows servers. The procedure, while more involved than you might think, goes fairly quickly when you have a handy guide nearby.

What to Consider When Implementing Software as a Service (SaaS)

In this white paper will first examine your options as a SaaS provider, which include Platform as a Service (PaaS) and Infrastructure as a Service (IaaS).

What to Consider When Implementing Platform as a Service (PaaS)

PaaS cloud computing is the middle ground between Infrastructure as a Service (IaaS) and Software as a Service (SaaS).

What You Need to Know Before Implementing Infrastructure as a Service (IaaS)

IaaS clouds provide the infrastructure (physical or virtual servers, networking, and storage) in a manner very similar to what was and is done in a typical data center deployment with traditional applications.

License Management Using SmartCloud Control Desk

SmartCloud Control Desk is used regularly to retrieve the details of the software installed on the managed PCs. This helps us to keep track of the licenses of the commercial software and to be compliant.

SDN and Cloud Computing

In this white paper, we’ll review Software-Defined Networking (SDN) and briefly touch on its close cousin Network Functions Virtualization (NFV).

12 Advantages of Agile Software Development

Come explore 12 ways in which the Agile methods are valuable. I'll bet that you will find more than a few that could be valuable for you!

Microsoft Exchange Performance in Virtualized and Cloud Environments

This ebook discusses the particular challenges that administrators face when managing Exchange in a virtualized environment, the traditional approaches that exacerbate these challenges, and the key requirements for achieving and maintaining a Desired State in virtual and cloud environments.

Data in a PaaS World — A Guide for New Applications

PaaS provides a higher-level foundation that hides irrelevant details. Building on PaaS lets development teams focus on what they really care about—their application—rather than on managing infrastructure.

Understanding Azure – a Guide for Developers

This guide is an introduction to the Azure application platform. It will provide the guidance and direction you need to start building new applications or moving your existing applications to the cloud.

Introduction to Amazon Auto Scaling

This paper describes what Amazon Auto Scaling is, when to use it, and provides an example of setting up Auto Scaling.

It’s About Getting Back Up and Running

Keeping the business running doesn't just mean recovering data. It means recovering the application that runs that data.

Demystifying Five Myths of Virtualization Management

In this white paper, we discuss the five common myths of virtualization management. We highlight, why these are myths and replace them with five truths of virtualization management.

Are You Ready for Microsoft SQL Server 2016?

In this white paper we will examine three key new features that show how SQL Server 2016 provides automatic end-to-end security, seamless generation of business analytics, and elastic integration of data in the cloud.

Types of Cloud Deployments

This white paper will discuss the basics of cloud computing, including a brief discussion on the location of the resources, followed by a review of the characteristics of cloud computing and the types (models) available.

Twelve Steps to Bring Your Own Device (BYOD) Success

The opportunities and challenges BYOD represents are real. Enterprises must make their network infrastructure BYOD-ready to meet the onslaught.

10 Ways Cloud is Changing the World

Let's look at 10 ways the cloud will (and to a large degree already has) changed the world.

10 Security Concerns for Cloud Computing

Cloud computing gets its name from the drawings typically used to describe the Internet. Cloud computing is a new consumption and delivery model for IT services. The concept of cloud computing represents a shift in thought, in that end users need not know the details of a specific technology. The service is fully managed by the provider. Users can consume services at a rate that is set by their particular needs. This ondemand service can be provided at any time.

How to Build a Disaster Recovery Plan

This 4-step DR planning framework – Business Impact Assessment, Risk Assessment, Risk Management, and Recovery Testing.

Deploying highly available and secure cloud solutions

This paper showcases examples for deploying robust cloud solutions to maintain highly available and secure client connections. In addition, it uses real-world examples to discuss scalability issues. The goal of this paper is to demonstrate techniques that mitigate the impact of failures, provide highly available services, and create an optimal overall user experience.

Developing High-Performance, Scalable, Cost-Effective Storage Solutions with Intel Cloud Edition Lustre and Amazon Web Services

Designed specifically for high performance computing, the open source Lustre parallel file system is one of the most popular, powerful, and scalable data storage systems currently available.

Problem management for reliable online services

This paper introduces problem management and the benefits organizations may derive from implementing a robust problem management framework.

Unified DCIM: Achieving Data Centre Efficiency Beyond IT

Effective data center infrastructure management strategy can propel the efficiency, utilization, and availability of data center assets and services.

The Practical Guide to Enterprise DevOps and Continuous Delivery

This book approaches DevOps from a software/application engineering and deployment perspective, but there are a number of other key disciplines that need to be part of any major DevOps initiative.

Memory Management Fundamentals

Why Today’s Virtual & Cloud Environments Demand a New Understanding of the Data Center.

Ransomware: A Survival Guide

In this e-book, you will learn about ransomware, how to defend yourself and your users against it, and how to respond should you fall victim to it. At the end of this guide you will also find additional resources and material to learn more.

7 Backup Appliance Myths Busted

While backup appliances are positioned as an easy-to-implement alternative to traditional backup, appliances come with their own set of deployment and management complexities. Organizations need to be fully aware that the category doesn't always stack up as promised. Here are seven myths and facts about backup appliances to keep in mind.

AWS Storage Solutions 101

In this white paper, we will discuss the variety of storage solutions available from Amazon Web Services (AWS).

An Introduction to AWS Security

In this white paper, we aim to close that gap quicker and more reliably by explaining the most important aspects of AWS security and what that means to the enterprise.

An Introduction to Amazon Redshift

Like any "big data" initiative, deploying and operating a data warehouse of any size used to be limited to only large enterprises with deep budgets for proprietary hardware and multi-year software licenses. Pay-as-you-go cloud products like Google's BigQuery and AWS's Amazon Redshift change all of that, putting a fully blown, fully managed data warehouse within reach of even the smallest business.

Amazon Web Services: An Overview

Getting a clear understanding of what Amazon Web Services (AWS) is and how it can help your business can be a daunting task.

Introducing Amazon RDS for Aurora

The following document provides an overview of one of the latest offerings from cloud leader Amazon Web Services (AWS). It's a product that will enable powerful, massively scalable relational databases in Amazon's cloud environment.

Aligning ALM and Cloud strategies

This paper is written for software architects, technical decision makers and companies that want to increase the quality and maturity of their ALM processes.

Capacity Planning Fundamentals

Support Business Growth with a Better Approach to Scaling Your Data Center

Public Cloud Guide

This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap. It discusses the challenges that must be recognized and questions that must be considered in order to succeed in this new cloud era.

Microsoft Advanced Threat Analytics

A simple, fast security solution that helps you focus on what’s important.

Move Backup To The Cloud (ROI Brief)

Eliminate Expensive Legacy Systems To Achieve Unprecedented Cost Savings

Privacy in Office 365

Microsoft remains committed to protecting the privacy of its customers. We understand that strong privacy protections are essential for building trust in the cloud and helping cloud computing reach its full potential. That's why we built Office 365 with strong data protection in mind with a dedicated team of privacy professionals.

Data Resiliency in Office 365

This document describes data resiliency in Microsoft Office 365 from two perspectives: How Microsoft prevents customer data from becoming lost or corrupt in Exchange Online, SharePoint Online, and Skype for Business; and How Exchange Online, SharePoint Online, and Skype for Business protect customer data from malware and ransomware.

Controlling Access to Office 365 and Protecting Content on Devices

This document describes the Conditional Access (CA) features in Microsoft Office 365 and Microsoft Enterprise Mobility + Security (EMS), and how they are designed with built-in data security and protection to keep company data safe, while empowering users to be productive on the devices they love. It also provides guidance on how to address common concerns around data access and data protection using Office 365 features.

Defending Office 365 Against Denial-of-Service Attacks

This document talks generally about different types of attacks and how Microsoft defends Office 365 and its network against those attacks.

Mapping of Cloud Security Alliance Cloud Control Matrix

In this document, Microsoft provides a detailed overview of how Office 365 maps to the security, privacy, compliance, and risk management controls defined in version 3.0.1-11-24-2015 of the Cloud Security Alliance (CSA) Cloud Control Matrix (CCM).

Auditing and Reporting in Office 365

This document describes the various auditing and reporting features available in Office 365 and Microsoft Azure Active Directory (Azure AD). This document also provides an overview of internal logging that is available to authorized Microsoft engineers for detection, analysis, troubleshooting, and providing Office 365 services.

Security Incident Management in Microsoft Office 365

This document describes how Microsoft handles security incidents in Office 365. The Office 365 Security team and the various service teams work jointly and take the same approach to security incidents: Preparation; Detection and Analysis; Containment, Eradication, and Remediation; and Post-Incident Activity.

Tenant Isolation Microsoft Office 365

This document describes how Microsoft implements logical isolation of customer data in a tenant within the Office 365 multi-tenant environment.

DCIM For Dummies

This book explains the importance of DCIM, describes the key components of a modern DCIM system, guides you in the selection of the right DCIM solution for your particular needs, and gives you a step-by-step formula for a successful DCIM implementation.

Containerized Docker Application Lifecycle with Microsoft Platform and Tools

This guide provides end-to-end guidance on the Docker application development lifecycle with Microsoft tools and services while providing an introduction to Docker development concepts for readers who might be new to the Docker ecosystem.

Surveying the State of IT for the Enterprise

Discovering the key trends that affect the way IT does business. Learning why flash storage and hyperconverged infrastructure have revolutionized the datacenter. Finding out how the public cloud can enable IT but creates new challenges to overcome.

Why Enterprise Cloud?

Understanding why the public cloud is the absolute right choice for all your workloads. Understanding why the private cloud is the absolute right choice for all your workloads. Recognizing why neither one of these is the right answer and why you need an architecture based on characteristics rather than labels.

What Is an Enterprise Cloud?

Discovering the components that define the enterprise cloud. Understanding how public cloud characteristics are associated with your enterprise cloud environment. Finding out how traditional infrastructure can fail to meet modern application needs.

Building an Enterprise Cloud

Learning why you should embrace shadow IT. Discovering why the 80/20 rule should no longer apply. Learning how to prepare your people for the new paradigm. Finding out how enterprise cloud affects economics and the replacement cycle.

Ten Reasons Why Enterprise Cloud Is the Future of IT

Enterprise cloud has a bright future in IT, and for good reasons. Here’s a look at ten reasons why enterprise cloud is the future of IT.

SaaS Security Best Practices: Minimizing Risk in the Cloud

To support Intel business groups’ increasing demand for software-as-aservice (SaaS) applications, Intel IT has developed several best practices that can help enhance SaaS security and protect Intel’s intellectual property.

3 Strategies for Moving SAP Applications to Microsoft Azure

Companies running mission-critical SAP applications are moving to the Microsoft Azure cloud in record numbers to leverage many of the advantages gained by hosting these applications in the cloud.

DataCore Lowers Server and Storage Costs with Parallel I/O Processing Technology

Following the introduction of server virtualization, servers continued to grow in processing capability, fueled by ever-faster CPU clock speeds.

Troubleshooting Hyper-V 5 common issues

This eBook has been written in an effort to help Hyper-V administrators to diagnose various problems with the hypervisor and Hyper-V virtual machines.

Building High Performance Infrastructure For Databases

This paper looks at the impact of I/O latency on the performance of databases and their dependent applications and suggests an affordable option for surmounting the problems at a reasonable cost.

SQL Server 2016 Exploring Contained Databases

Microsoft SQL Server is an enterprise class relational database management platform and is an integral and indispensable component in most computing environment today with a significant application ecosystem. With the advent of hosted cloud computing and storage, the opportunity to offer a Microsoft SQL Server as an outsourced service is gaining momentum.

SQL Server 2016 Reference Architecture for Contained Databases

This document describes the following: Contained Database Migration Scenarios, Users, Security, High Availability, Backup and Restore.

SQL Server 2016 Deeper Insights

The following sections explain these capabilities and also enumerate considerations that the Hosting Service Provider (HSP) database administrator has to keep in mind while implementing the Deeper Insights offer.

SQL Server 2016 Dynamic Data Masking Demonstration Script

The demo uses the standard tools that accompany Windows Server 2012 R2, SQL Server 2016 and Microsoft Azure.

SQL Server 2016 Dynamic Data Masking Hands-on Lab

Dynamic data masking limits sensitive data exposure by masking it to non-privileged users. It's a data protection feature that hides the sensitive data in the result set of a query over designated database fields, while the data in the database is not changed. Dynamic data masking is easy to use with existing applications, since masking rules are applied in the query results.

SQL Server 2016 Dynamic Data Masking and Row-Level Security - Deployment Guide

Deployment Guide for Dynamic Data Masking and Row-level Security

SQL Server 2016 Highly Efficient and Performant Database

SQL Server 2016 supports a number of capabilities that enable real-time reporting and dashboarding on a high performance, low latency, HADR OLTP database. With these capabilities hosting service providers can offer a high performance database to their customers.

Hybrid Hyperscale using SQL Server 2016

In this document, detailed technical guidance is provided in the context of a customer scenario on how to implement a hyper-scale database offering. For the implementation, the following SQL Server 2016 capabilities are leveraged: Stretched database and Azure Stretch database service, AlwaysOn Availability Groups with asynchronous replica in Azure, In-Memory ColumnStore, Temporal Database.

Reference Architecture for SQL Server 2016 In-Memory Columnstore

This document describes the following: Managing in-memory columnstore index and their reference architecture implementation guidance, Getting better performance with in-memory columnstore index.

Reference Architecture for SQL Server 2016 In-Memory OLTP

This document describes the following: Managing in-memory tables and indexes in memory and in storage and their reference architecture implementation guidance, Getting better performance with natively compiled stored procedures and concurrency, when accessing memory-optimized table.

Deployment Guide for SQL Server 2016 In-Memory OLTP and In-Memory Columnstore

This document talks about implementation of SQL Server 2016's In-memory OLTP technology as of SQL Server 2016 CTP3. Using In-memory OLTP, tables can be declared as 'memory optimized' to enable In-Memory OLTP's capabilities. We're using SQL Server 2016 CTP3 installed on Database server.

SQL Server 2016 Real-Time Operational Analytics - Deployment Guide

SQL Server 2016 introduces Real-time operational analytics, the ability to run both analytics and OLTP workloads on the same database tables at the same time. Besides running analytics in real-time, you can also eliminate the need for ETL and a data warehouse. Real-Time Operational Analytics enables running analytics queries directly on your operational workload using Columnstore indexes thereby eliminating any data latency.

SQL Server 2016 Real-Time Operational Analytics - Reference Architecture

Reference Architecture for SQL Server 2016 Real-Time Operational Analytics.

Secure Database using SQL Server 2016

SQL Server 2016 introduces a number of major capabilities which enable native database level support for centralized implementation and audit of data security policies. With these capabilities hosters can offer Secure database implementations to their customers.

Backup and Restore using Azure Blob Storage – Technical Guidance for CSP Partners

This technical guidance is for CSP (Cloud Solution Provider) partners who have a need to use the Microsoft Azure Blob storage for backing up on-premises SQL Server databases. This document covers how to leverage CSP APIs to create an integrated backup and restore offerings for their customers using Azure Blob storage. The approach used in this document is an example to enable such an offering. This document is not intended to provide a final solution as-is, and also not intended to be the only way to implement a solution to enable backup and restore offering using CSP and Azure Blob storage.

Enabling Power BI for CSP Partners (Deployment Guide)

This document details the tasks necessary to implement Microsoft Power BI as a Cloud Services Provider (CSP) partner offering. It describes, in detail, technical requirements and best practices for designing and implementing business intelligence (BI) solutions using a combination of Microsoft Power BI, Cloud Services, hosted, and on-premises data sources.

SQL Server 2014 Dev\Test Scenarios Hands-On Lab

Develop and Test are key areas where CSP Partners have an opportunity to not only reduce costs, but also significantly improve time to market, as a SQL Server instance in a Microsoft Azure Virtual Machine can be provisioned in minutes, versus days/weeks on-premises depending on resource availability and hardware procurement policy. The primary purpose of this lab is to help Partners quickly understand the key scenarios that will help them deliver Dev\Test solutions tailored to their customers.

SQL Server 2014 Networking Lab – Configuration of Site-to-Site Link

This technical guidance is for Cloud Solution Provider (CSP) partners, who would like to leverage this documented installation and configuration of the site-to-site connectivity needed to connect to Tenant subscriptions from an on-premises environment. This document covers both the manual installation and configuration of a site-to-site link using a provided script that creates the Gateway needed and configures the on-premises RRAS server.

SQL Server 2014 Disaster Recovery Lab

The Microsoft Hybrid Cloud High Availability and Disaster Recovery strategy includes the Add Azure Replica option within SQL Server Management Studio. This extension offers Cloud Solution Provider (CSP) customers the opportunity to increase the resilience of their data center operations. Their SQL Server AlwaysOn Availability Group can be extended to the Microsoft Azure Public cloud by provisioning one or more secondary replicas within Microsoft Azure using a subscription.

Getting Started with Mobile Device and Application Management for Cloud Solution Providers

This document provides guidance on how to gather necessary information from clients to facilitate the initial setup of Microsoft Intune and Azure AD Join services for mobile device and application management. It also provides step by step instructions on how to configure its various features.

Getting Started with Azure Active Directory with Single Sign-On for Cloud Solution Providers

This document provides guidance to support the setup and implementation of the Cloud App Discovery service, and enabling single sign-on with Microsoft Online Services. There are two goals with this document. The first is to help CSP Partners to configure and deploy the Cloud App Discovery service for their end customers. This enables the end customers to discover cloud (SaaS) applications that are used by the employees within the organization. The second goal is to help CSP Partners to quickly implement federated identity with Azure Active Directory, enabling the single sign-on solution for their customers.

Getting Started with Azure Multi-Factor Authentication for Cloud Solution Providers

This document provides guidance to support the setup and implementation Azure Multi-Factor Authentication (MFA) with Microsoft Online Services. The goal of this document is to help CSP organizations to quickly implement Azure Multi-Factor Authentication, part of the Enterprise Mobility Suite (EMS), as a solution for their clients.

Getting Started with Azure Active Directory Premium for Cloud Solution Providers

This document provides guidance on how to gather necessary information from clients to facilitate the initial setup of Azure Active Directory Premium. It also provides step by step instructions on how to configure its various features.

Getting Started with Office 365 and EMS for Microsoft Cloud Solution Providers

The goal of this document is to help CSP partners to quickly implement Enterprise Mobility Suite (EMS) solutions for clients who have Office 365 E3/E5 or Office 365 Business Premium. This document provides guidance to support the extension for CSPs looking to enable clients with subscriptions.

Using Windows Intune with ConnectWise

This document shows how Managed Services Providers (MSPs) can use Windows Intune™ in conjunction with a professional services automation (PSA) tool such as ConnectWise to create a seamless and efficient workflow.

Using Windows Intune with Autotask

This document shows how Managed Services Providers (MSP) can use Windows Intune™ in conjunction with a professional services automation (PSA) tool such as the Autotask platform to create a seamless and efficient workflow.

Enterprise Mobility Hero Demo Guide

This demo guide contains 3 key scenarios – each demonstrating different value propositions of the Enterprise Mobility Suite. Each scenario can be performed independently. Prior to running through these demo scenarios, please ensure the one-time demo environment and device requirements are met.

Using Azure Site Recovery (ASR) to protect Hyper-V workloads managed by System Center Virtual Machine Manager (SC-VMM)

This document is a step by step guide to configuring Azure Site Recovery Services (ASR) for Cloud Solution Provider (CSP) partners. The purpose is to help service provider administrators become familiar with the process required to setup and configure the Microsoft Azure, System Center Virtual Machine Manager (VMM), and Hyper-V (HV) environment to utilize the capabilities found within the ASR service.

Cloud Platform Integration Framework (CPIF) Business Continuity and Disaster Recovery Planning Framework

The Cloud Platform Integration Framework (CPIF) provides workload integration guidance for onboarding applications into a Microsoft Cloud Solution. CPIF describes how organizations, Microsoft Partners and Solution Integrators should design and deploy Cloud-targeted workloads utilizing the hybrid cloud platform and management capabilities of Azure, System Center and Windows Server.

SQL Server 2014 High Availability & Disaster Recovery in Azure Guidance for Cloud Solution Provider Program (CSP) Partners

This document outlines the recommended guidance that partners can leverage to successfully set up High Availability and Disaster Recovery scenarios using either SQL Server 2014 Enterprise or SQL Server 2014 Standard editions in an Azure subscription being managed via the CSP Program.

Azure SQL DB - Technical deployment

This document is a step by step guide to creating an Azure SQL DB within the context of an Azure Cloud Solution Provider (CSP) subscription for a customer by the CSP reseller. The purpose is to help service provider administrators become familiar with the process (and the variety of mechanisms available) to create an Azure SQL DB.

Azure Dev/Test Lab Automation – Technical Guide

This solution helps customers take advantage of Microsoft Azure’s scale, elasticity, and per-minute billing to provide more agile and cost effective dev and test labs. In it, Microsoft helps you design a lab solution that lets you balance developer self-service and productivity with standardization and operational control.

Azure Security Center helps Microsoft IT take control of cloud security

Microsoft IT uses Microsoft Azure Security Center to assess and help protect our Azure resources. It gives us prioritized, analytics-based alerts about malicious and suspicious activity, and tips to help us prevent and respond to incidents in real time. This intelligence gives us visibility into our security state, and it gives our DevOps teams that manage cloud deployments deep security know-how.

Deploying Cloud Services for IoT - Quick Start

This paper provides an overview of how Cloud Solution Provider (CSP) program partners can utilize various capabilities of Azure IoT Services to provide high value managed services like monitoring and analyzing the usage, performance, and uptime of customer devices in the field.

Business Guidance of Analytics Managed Practices for CSP partners

This document provides business guidance on how Cloud Solution Provider (CSP) program partners can integrate various capabilities of Microsoft Data Platform to build end-to-end solutions to enable various industry vertical scenarios.

Whitepaper for Azure SQL Database in CSP leveraging Analytics Solutions

This paper provides an overview of how Cloud Solution Provider (CSP) program partners can utilize various capabilities of Azure SQL database to provide high value managed services like deploying and managing high scale Azure Web Applications with SQL Database as the data tier.

Technical Guidance for Analytics managed services for CSP partners

This document provides technical guidance on how Cloud Solution Provider (CSP) program partners can integrate various capabilities of Microsoft Data Platform to build end-to-end solutions to enable various industry vertical scenarios. This document is an addendum to the “Business Guidance” document that highlights business opportunities and enlists scenarios around various industry sectors for creating effective sales offers.

Get Started With Microsoft Cloud Solution Provider Integration

The purpose of this document is to provide guidance for assisting Microsoft Cloud Solution Providers to get started for integrating their business processes and backend systems with Microsoft Cloud Solution Provider program related services and processes.

Azure Reference Architecture

The goal of the Azure Reference Architecture is to help organizations quickly develop and implement Microsoft Azure-based solutions while reducing complexity and risk. The Azure Reference Architecture combines Microsoft software and recommended compute, network, and storage guidance to support the extension of their datacenter environment through the use of Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) constructs.

Create Azure VM - Step by Step Guide for CSP

This document covers the steps for creating a basic Virtual machine in Azure for a customer by a CSP reseller.

Automating cloud infrastructure management with Azure Resource Manager

Microsoft IT used Microsoft Azure Resource Manager to build modular templates, scripts, and interfaces that automate cloud infrastructure. It helped us ensure consistent deployment and configuration operations and reduced error-prone manual processes.

System Center Management Packs

System Center SCOM/SCSM Management Pack Catalog