Infrastructure as a Service

I’m hesitant to move to cloud IaaS because my business is beholden to several compliance mandates

Microsoft Azure has the most comprehensive list of compliance certifications of any hyper-scale cloud provider. Azure also has industry-leading capabilities to meet the needs of key compliance requirements. Please visit the Microsoft Trust Center to get a full list of Azure’s certifications and attestations.

I don’t want to increase security risks by migrating to the public cloud.

As a hyper-scale provider, Microsoft can make greater security investments than the majority of companies in the industry. By incorporating automation and machine learning capabilities into the core, Azure is continuously improving its ability to detect, isolate, and remediate potential threats. Moreover, Microsoft adheres to strict industry standards for security and is constantly tested and audited by 3rd party entities. Learn more at the Azure Security Center.

I don’t want to lose control of my company’s sensitive corporate and application data by moving to the cloud.

With Azure, you have ownership of your data—that is, all data, including text, sound, video, or image files and software, that are provided to Microsoft by you,  or on your behalf, through the use of Azure. You can access your data at any time and for any reason without assistance from Microsoft. Microsoft does not use customer data or derive information from it for advertising or data mining.

I’m worried about the cost of transitioning to  a new service delivery model. Won’t these new investments increase my overall operating costs?

Quite the opposite in fact. With the flexibility of cloud, you can spin up the resources you need instantly, scaling up and down based on demand and traffic.  You only pay for what you use. With on-premises infrastructures, you may be stuck with under-utilized resources that require ongoing maintenance and capital  investment to maintain.

Why can’t I just buy Azure infrastructure services directly and deploy it myself?

That is definitely a viable option, albeit much more challenging than you may think. It takes a lot of technical expertise to stand up the environment, right-size  the deployment, and ensure the workload is migrated correctly so there are no setbacks. Additionally, once your workload is in the cloud, your must continually  maintain it to ensure it’s performing optimally. As a Service Provider we are here to offload the burden of maintaining your cloud infrastructure so you can focus  on your strategic initiatives and the things that actually add value to your business.

Disaster Recovery

I already have multiple data centers for disaster recovery purposes, why do I need Azure disaster recovery?

The cost and complexity of managing multiple datacenters can be prohibitively expensive. Additionally, as the amount of applications that need  protection in your organization grows, so to do the requirements for new infrastructure. With Azure, you get near-infinite scalable service, without the  ongoing maintenance requirements.

Will Azure disaster recovery work with my existing technology investments?

You can use Site Recovery to protect most workloads running on a supported VM or physical server. Site Recovery provides support for application-  aware replication, so that apps can be recovered to an intelligent state. It integrates with Microsoft applications such as SharePoint, Exchange,  Dynamics, SQL Server (including Always On) and Active Directory, and works closely with leading vendors, including Oracle (Data Guard), SAP, IBM and  Red Hat.

Can I manage disaster recovery for my branch offices with Site Recovery?

Yes. When you use Site Recovery to orchestrate replication and failover in your branch offices, you’ll get a unified orchestration and view of all your  branch office workloads in a central location. You can easily run failovers and administer disaster recovery of all branches from your head office, without  visiting the branches.

For compliance reasons, even our on-premises metadata  must remain within the same geographic region. Can Site  Recovery help us?

Yes. When you create a Site Recovery vault in a region, we ensure that all metadata that we need to enable and orchestrate replication and failover remains within that region’s geographic boundary.

I want my replicated workloads encrypted. Does Azure  Site Recovery support this?

For virtual machines and physical servers, encryption-in-transit is supported when replicating between on-premises sites. For virtual machines and  physical servers replicating to Azure, both encryption-in-transit and encryption-at-rest (in Azure) are supported.

If I replicate to Azure how do I pay for Azure VMs?

During regular replication, data is replicated to geo-redundant Azure storage and you don’t need to pay any Azure IaaS virtual machine charges,  providing a significant advantage. When you run a failover to Azure, Site Recovery automatically creates Azure IaaS virtual machines, and after that  you’ll be billed for the compute resources that you consume in Azure, while VMs are running.

What charges do I incur while using Azure Site Recovery?

While using Azure Site Recovery you incur charges for the Azure Site Recovery license, Azure storage, storage transactions, and outbound data transfer when protecting workloads in Azure.


I have a lot of data and applications to protect both  on-premises and in the cloud. Azure Security Center  will likely be too expensive for me.

Security Center is offered in two tiers: Free and Standard. The Free tier comes with your Azure subscription and enables you to monitor  the security state of Azure resources and third party solutions, set security policies, as well as, benefit from security alerts, incidents, and  recommendations that help you configure the necessary controls. The Standard tier provides all of the functionality of the Free tier plus advanced capabilities such as threat intelligence, behavioral analysis, crash analysis, and anomaly detection. A free 90-day trail of the Standard  tier is currently available.

Will all my Azure resources benefit from Security Center monitoring?

Currently, Azure monitors both Windows and Linux VMs of varying versions and sizes, Azure virtual networks, Azure SQL service, and any partner-integrated solutions that are currently part of your Azure subscription—such as web application firewalls.

Can Azure’s security really protect my data and  applications? How comprehensive is this protection?

Azure Security Center’s threat intelligence automatically collects, analyzes, and compiles data from your Azure instances, your network, and any  third party security solutions. A security alert is then created if a threat is detected—such as VMs communicating with malicious IP addresses,  advanced malware detection, force attacks against VMs, and security alerts from integrated solutions.

I don’t really have the technical know how  to remediate a threat once it’s detected.

Besides our deep security expertise, Azure Security Center constantly analyzes the security posture of your Azure resources. When potential  vulnerabilities are detected, recommendations are automatically generated. These recommendations—provisioning of anti-malware,  configuring Network Security Groups, and deploying mission system updates—help guide you through improving your security on Azure.

I only want those within my organization monitoring  key usage and controlling the key lifecycle.

Key Vault is purposefully designed to ensure that only you have access to cryptographic keys and secrets used by your cloud apps and services.  Microsoft does not see or extract your keys.

How does Log Analytics protect my cloud-based data?

Log Analytics works through a combination of data security methodologies, including: data segregation, data retention, physical security, incident management, compliance, and security standards certifications.