Microsoft Advanced Threat Analytics



Microsoft Advanced Threat Analytics is a great tools which analyses the active directory traffic and take advantage of Machine learning technology in-order to understand the behavior of traffic or requests coming to active directory and give a red flag in case of any anomalies detected or observed.

There are 2 Major components in the Advanced Threat Analytics solution, which are:

1. ATA Center
2. ATA Gateway or ATA Light weight Gateway 

ATA Light weight gateway is a new release with lighter version of Agent  which can be deployed directly on the Domain controller, so that their is no need of maintaining a dedicated server ATA Gateway Application.

Here are some of the important docs to start with Microsoft Threat Analytics, Happy Learning.



High Availability Solution - Azure

                          High Availability - Azure 


When designing a solution, we always think "If our application is designed to be high available and High Resilience". 

Microsoft have  come up with checklist to help the IT Teams whenever they are designing a solution to cross check and question them self if the Application is going to meet high available and high resilience. 

Here are some of the important articles for your reference:


Azure itself having so many tools and services to leverage a high resilience and high available solution, but to make sure we are on right track with our design we can go through this checklist and question us if we are going to with stand any disaster and make our application working with less or no downtime.



How to Restore Azure Virtual Machine using Powershell - Azure IaaS VM Backup


Azure Virtual Machine which are in Load Balancing can be backed up by Azure IaaS Backup ? , Answer is Yes.

Microsoft recently anounces support for Load balanced Virtual Machines on Azure, Please refer the below article.
https://azure.microsoft.com/en-us/blog/azure-backup-supports-loadbalancer-cloudlink-virtualmachines/

Currently their are limitation with respect to restore, The restore should be performed whenever Virtual machines are configured in a special networking configuration.

For restoring the Virtual machines in the special networking configuration, then you should the powershell approach where it will allow you to restore the VM disk to a storage account and from where you can go ahead and configure the Virtual machine using existing disk in the special networking configuration as needed.

You further explore this in the below Microsoft article
https://azure.microsoft.com/en-us/documentation/articles/backup-azure-vms-automation/#restore-an-azure-vm

Below are the sequence of powershell commands that can be used for restoring the VM disk from the Azure Backup Vault.


Get-AzureRmBackupVault

Name               ResourceGroupName  Region             Storage
----               -----------------  ------             -------
Backupnow          RecoveryService... centralus          GeoRedundant


Get-AzureRMBackupVault –ResourceGroupName “RecoveryServices-BYDEFLG5BESPTOIGSYROZJR5V6ZCINXVYA6SZIUXICQVCHKR5IH
Q-Central-US”

Name               ResourceGroupName  Region             Storage
----               -----------------  ------             -------
Backupnow          RecoveryService... centralus          GeoRedundant


$backupvault = Get-AzureRMBackupVault –ResourceGroupName “RecoveryServices-BYDEFLG5BESPTOIGSYROZJR5V6ZCINXVYA6S
ZIUXICQVCHKR5IHQ-Central-US”

 $backupvault

Name               ResourceGroupName  Region             Storage
----               -----------------  ------             -------
Backupnow          RecoveryService... centralus          GeoRedundant



$joblist = Get-AzureRMBackupJob -Vault $backupvault -Status InProgress

$joblist = Get-AzureRMBackupJob -Vault $backupvault -Status Completed
$joblist[0]

WorkloadName    Operation       Status          StartTime              EndTime
------------    ---------       ------          ---------              -------
vm2             Backup          Completed       2/5/2016 2:23:22 AM    2/5/2016 2:42:36 AM


$backupitem = Get-AzureRMBackupContainer -Vault $backupvault -Type AzureVM -name "VM1" | Get-AzureRMBackupItem
Get-AzureRMBackupRecoveryPoint -Item $backupitem

RecoveryPointId    RecoveryPointType  RecoveryPointTime      ContainerName
---------------    -----------------  -----------------      -------------
27578974793839     FileSystemConsi... 2/5/2016 2:26:13 AM    iaasvmcontainer;highavailablevm;vm1


$rp =  Get-AzureRMBackupRecoveryPoint -Item $backupitem
$rp

RecoveryPointId    RecoveryPointType  RecoveryPointTime      ContainerName
---------------    -----------------  -----------------      -------------
27578974793839     FileSystemConsi... 2/5/2016 2:26:13 AM    iaasvmcontainer;highavailablevm;vm1


$restorejob = Restore-AzureRMBackupItem -StorageAccountName "Azurestoragerestorenow" -RecoveryPoint $rp

$restorejob

WorkloadName    Operation       Status          StartTime              EndTime
------------    ---------       ------          ---------              -------
vm1             Restore         InProgress      2/5/2016 2:03:45 PM


$restorejob

WorkloadName    Operation       Status          StartTime              EndTime
------------    ---------       ------          ---------              -------
vm1             Restore         Completed       2/5/2016 2:03:45 PM   2/5/2016 2:23:17 PM