This allowed us to effectively design and deliver end-to-end service offerings at lower cost. Our organization was restructured to form teams that optimize service and infrastructure. These teams learn new skills, work harmoniously with engineering, and reduce waste. We embraced a growth mindset, learned new skills, built new capabilities, and found new ways to work.
It became our mission to define, deliver, and transform how we work by helping engineers build solutions tailored to the hybrid cloud world. Services optimization.
This team helps our business partners to provision and manage their own IT services. We have improved operational agility and reliability, which has resulted in specific benefits:.
We elevated our teams by training people and hiring others with the engineering skills we need. Our goal is to gradually transition people from operational skills to service engineering skills. A deeper analysis of our operational model also revealed redundant processes in service design, service transition, and service operations. After careful consideration, we reduced process overhead by eliminating or automating some processes.
This restructuring presents a business opportunity to consolidate vendor teams. Many of our sustained workloads will decrease year over year, as on-premises infrastructure shrinks. Infrastructure Optimization. This team eliminates duplicate infrastructure, reduces our footprint, and modernizes infrastructure for our business partners by reducing hosting costs.
Key outcomes of this work include:. When teams started working together to optimize infrastructure, they found duplicate projects with similar goals. After we cut redundant projects, people were freed up to learn project management skills and to engage with our business partners. This team took a program-based delivery approach with start and end dates.
After provisioning was automated, we worked with our business partners so they could use new self-service tools to take ownership of their infrastructure. The new self-service features helped our business partners identify and decommission unused servers. Self-service planning eliminates manual handoffs, and enables our business partners to manage risks, issues, and blockers. Our business partners also found that they no longer needed vendors to manage hand-offs.
To reinvent ourselves, we needed to change. We stopped managing processes and began trusting our business partners and empowering engineers. We defined our new mindset and goals to:.
Combined, all the changes we made produced tangible results. We improved our agility and enabled our Microsoft business partners to deploy services faster with less work at a reduced cost. We were able to:. To effectively harness the benefits of Azure, we migrated 90 percent of our IT infrastructure to Azure and then balanced the business need for innovation with efficient operation.
We decided to use native cloud solutions, phase out customized IT tool sets, and decentralize and simplify operations processes as we adopt the DevOps model. DevOps is a work model that integrates software developers and IT operations. Prerequisites None. Modules in this learning path. Control and organize Azure resources with Azure Resource Manager. Build a cloud governance strategy on Azure.
Design a holistic monitoring strategy on Azure. October 21, Microsoft operations evolve with Azure Read case study. October 20, Microsoft uses a scream test to silence its unused servers Read blog. October 15, Microsoft moves IT infrastructure management to the cloud with Azure Read case study.
September 21, Transforming how Microsoft manages its corporate real estate data Read blog. September 02, New trade screening tool boosts Microsoft Read blog. August 23, Journey to the cloud via Microsoft Azure and lessons learned along the way Watch video.
These primarily provide operational data for the environment. Each time the wizard is invoked, a timestamped trace log file is created. The trace log can be imported into Sentinel or other 3 rd party security information and event management SIEM tools for analysis. Some operations initiate a PowerShell script to capture logging information.
To collect this data, you must make sure script block logging in enabled. Therefore, monitoring and auditing of the log files associated with configuration should be included in your monitoring and auditing strategy.
Specifically, include the following tables in your monitoring and alerting strategy. For Microsoft Sentinel, see Connect to Windows servers to collect security events. If passwords are not synchronizing as expected, the synchronization might affect a subset of users or all users. Use the following to help verify proper operation or troubleshoot issues:. Information for checking and troubleshooting hash synchronization, see Troubleshoot password hash synchronization with Azure AD Connect sync.
For more information on logging PowerShell script operations, refer to Enabling Script Block Logging , which is part of the PowerShell reference documentation. Seamless SSO provides your users with easy access to your cloud-based applications without needing any additional on-premises components.
Monitoring single sign-on and Kerberos activity can help you detect general credential theft attack patterns. Monitor using the following information:.
The following links provide details to help you understand various monitoring techniques, including where each service logs information and how to report on the use of Azure AD Password Protection.
The domain controller DC agent and proxy services both log event log messages. The DC agent software does not install a PowerShell module. Detailed information for planning and implementing on-premises password protection is available at Plan and deploy on-premises Azure Active Directory Password Protection. On each domain controller, the DC agent service software writes the results of each individual password validation operation and other status to the following local event log:.
The DC agent Admin log is the primary source of information for how the software is behaving. By default, the Trace log is off and must be enabled before data is logged. To troubleshoot application proxy problems and error messages, detailed information is available at Troubleshoot Azure Active Directory Application Proxy. Information for these events is logged in:. Azure AD security operations overview.
Security operations for user accounts. Security operations for privileged accounts.
0コメント